RubyGems - google-apis-networksecurity_v1beta1 - Versions diffs - 0.37.0 → 0.39.0 - Mend

google-apis-networksecurity_v1beta1 0.37.0 → 0.39.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +9 -0
data/lib/google/apis/networksecurity_v1beta1/classes.rb +2195 -710
data/lib/google/apis/networksecurity_v1beta1/gem_version.rb +3 -3
data/lib/google/apis/networksecurity_v1beta1/representations.rb +644 -0
data/lib/google/apis/networksecurity_v1beta1/service.rb +2288 -209
metadata +4 -4

data/lib/google/apis/networksecurity_v1beta1/classes.rb CHANGED Viewed

@@ -194,88 +194,68 @@ module Google
         end
       end
-      # The request message for Operations.CancelOperation.
-      class CancelOperationRequest
-        include Google::Apis::Core::Hashable
-        def initialize(**args)
-           update!(**args)
-        end
-        # Update properties of this object
-        def update!(**args)
-        end
-      end
-      # Specification of a TLS certificate provider instance. Workloads may have one
-      # or more CertificateProvider instances (plugins) and one of them is enabled and
-      # configured by specifying this message. Workloads use the values from this
-      # message to locate and load the CertificateProvider instance configuration.
-      class CertificateProviderInstance
+      # `AuthzPolicy` is a resource that allows to forward traffic to a callout
+      # backend designed to scan the traffic for security purposes.
+      class AuthzPolicy
         include Google::Apis::Core::Hashable
-        # Required. Plugin instance name, used to locate and load CertificateProvider
-        # instance configuration. Set to "google_cloud_private_spiffe" to use
-        # Certificate Authority Service certificate provider instance.
-        # Corresponds to the JSON property `pluginInstance`
+        # Required. Can be one of `ALLOW`, `DENY`, `CUSTOM`. When the action is `CUSTOM`,
+        # `customProvider` must be specified. When the action is `ALLOW`, only requests
+        # matching the policy will be allowed. When the action is `DENY`, only requests
+        # matching the policy will be denied. When a request arrives, the policies are
+        # evaluated in the following order: 1. If there is a `CUSTOM` policy that
+        # matches the request, the `CUSTOM` policy is evaluated using the custom
+        # authorization providers and the request is denied if the provider rejects the
+        # request. 2. If there are any `DENY` policies that match the request, the
+        # request is denied. 3. If there are no `ALLOW` policies for the resource or if
+        # any of the `ALLOW` policies match the request, the request is allowed. 4. Else
+        # the request is denied by default if none of the configured AuthzPolicies with `
+        # ALLOW` action match the request.
+        # Corresponds to the JSON property `action`
         # @return [String]
-        attr_accessor :plugin_instance
-        def initialize(**args)
-           update!(**args)
-        end
-        # Update properties of this object
-        def update!(**args)
-          @plugin_instance = args[:plugin_instance] if args.key?(:plugin_instance)
-        end
-      end
-      # ClientTlsPolicy is a resource that specifies how a client should authenticate
-      # connections to backends of a service. This resource itself does not affect
-      # configuration unless it is attached to a backend service resource.
-      class ClientTlsPolicy
-        include Google::Apis::Core::Hashable
-        # Specification of certificate provider. Defines the mechanism to obtain the
-        # certificate and private key for peer to peer authentication.
-        # Corresponds to the JSON property `clientCertificate`
-        # @return [Google::Apis::NetworksecurityV1beta1::GoogleCloudNetworksecurityV1beta1CertificateProvider]
-        attr_accessor :client_certificate
+        attr_accessor :action
         # Output only. The timestamp when the resource was created.
         # Corresponds to the JSON property `createTime`
         # @return [String]
         attr_accessor :create_time
-        # Optional. Free-text description of the resource.
+        # Allows delegating authorization decisions to Cloud IAP or to Service
+        # Extensions.
+        # Corresponds to the JSON property `customProvider`
+        # @return [Google::Apis::NetworksecurityV1beta1::AuthzPolicyCustomProvider]
+        attr_accessor :custom_provider
+        # Optional. A human-readable description of the resource.
         # Corresponds to the JSON property `description`
         # @return [String]
         attr_accessor :description
-        # Optional. Set of label tags associated with the resource.
+        # Optional. A list of authorization HTTP rules to match against the incoming
+        # request. A policy match occurs when at least one HTTP rule matches the request
+        # or when no HTTP rules are specified in the policy. At least one HTTP Rule is
+        # required for Allow or Deny Action. Limited to 5 rules.
+        # Corresponds to the JSON property `httpRules`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRule>]
+        attr_accessor :http_rules
+        # Optional. Set of labels associated with the `AuthzPolicy` resource. The format
+        # must comply with [the following requirements](/compute/docs/labeling-resources#
+        # requirements).
         # Corresponds to the JSON property `labels`
         # @return [Hash<String,String>]
         attr_accessor :labels
-        # Required. Name of the ClientTlsPolicy resource. It matches the pattern `
-        # projects/*/locations/`location`/clientTlsPolicies/`client_tls_policy``
+        # Required. Identifier. Name of the `AuthzPolicy` resource in the following
+        # format: `projects/`project`/locations/`location`/authzPolicies/`authz_policy``.
         # Corresponds to the JSON property `name`
         # @return [String]
         attr_accessor :name
-        # Optional. Defines the mechanism to obtain the Certificate Authority
-        # certificate to validate the server certificate. If empty, client does not
-        # validate the server certificate.
-        # Corresponds to the JSON property `serverValidationCa`
-        # @return [Array<Google::Apis::NetworksecurityV1beta1::ValidationCa>]
-        attr_accessor :server_validation_ca
-        # Optional. Server Name Indication string to present to the server during TLS
-        # handshake. E.g: "secure.example.com".
-        # Corresponds to the JSON property `sni`
-        # @return [String]
-        attr_accessor :sni
+        # Specifies the set of targets to which this policy should be applied to.
+        # Corresponds to the JSON property `target`
+        # @return [Google::Apis::NetworksecurityV1beta1::AuthzPolicyTarget]
+        attr_accessor :target
         # Output only. The timestamp when the resource was updated.
         # Corresponds to the JSON property `updateTime`
@@ -288,39 +268,38 @@ module Google
         # Update properties of this object
         def update!(**args)
-          @client_certificate = args[:client_certificate] if args.key?(:client_certificate)
+          @action = args[:action] if args.key?(:action)
           @create_time = args[:create_time] if args.key?(:create_time)
+          @custom_provider = args[:custom_provider] if args.key?(:custom_provider)
           @description = args[:description] if args.key?(:description)
+          @http_rules = args[:http_rules] if args.key?(:http_rules)
           @labels = args[:labels] if args.key?(:labels)
           @name = args[:name] if args.key?(:name)
-          @server_validation_ca = args[:server_validation_ca] if args.key?(:server_validation_ca)
-          @sni = args[:sni] if args.key?(:sni)
+          @target = args[:target] if args.key?(:target)
           @update_time = args[:update_time] if args.key?(:update_time)
         end
       end
-      # Request used by the CloneAddressGroupItems method.
-      class CloneAddressGroupItemsRequest
+      # Conditions to match against the incoming request.
+      class AuthzPolicyAuthzRule
         include Google::Apis::Core::Hashable
-        # Optional. An optional request ID to identify requests. Specify a unique
-        # request ID so that if you must retry your request, the server will know to
-        # ignore the request if it has already been completed. The server will guarantee
-        # that for at least 60 minutes since the first request. For example, consider a
-        # situation where you make an initial request and the request times out. If you
-        # make the request again with the same request ID, the server can check if
-        # original operation with the same request ID was received, and if so, will
-        # ignore the second request. This prevents clients from accidentally creating
-        # duplicate commitments. The request ID must be a valid UUID with the exception
-        # that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
-        # Corresponds to the JSON property `requestId`
-        # @return [String]
-        attr_accessor :request_id
+        # Describes properties of one or more sources of a request.
+        # Corresponds to the JSON property `from`
+        # @return [Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleFrom]
+        attr_accessor :from
-        # Required. Source address group to clone items from.
-        # Corresponds to the JSON property `sourceAddressGroup`
+        # Describes properties of one or more targets of a request.
+        # Corresponds to the JSON property `to`
+        # @return [Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleTo]
+        attr_accessor :to
+        # Optional. CEL expression that describes the conditions to be satisfied for the
+        # action. The result of the CEL expression is ANDed with the from and to. Refer
+        # to the CEL language reference for a list of available attributes.
+        # Corresponds to the JSON property `when`
         # @return [String]
-        attr_accessor :source_address_group
+        attr_accessor :when
         def initialize(**args)
            update!(**args)
@@ -328,38 +307,32 @@ module Google
         # Update properties of this object
         def update!(**args)
-          @request_id = args[:request_id] if args.key?(:request_id)
-          @source_address_group = args[:source_address_group] if args.key?(:source_address_group)
+          @from = args[:from] if args.key?(:from)
+          @to = args[:to] if args.key?(:to)
+          @when = args[:when] if args.key?(:when)
         end
       end
-      # Specification of traffic destination attributes.
-      class Destination
+      # Describes properties of one or more sources of a request.
+      class AuthzPolicyAuthzRuleFrom
         include Google::Apis::Core::Hashable
-        # Required. List of host names to match. Matched against the ":authority" header
-        # in http requests. At least one host should match. Each host can be an exact
-        # match, or a prefix match (example "mydomain.*") or a suffix match (example "*.
-        # myorg.com") or a presence (any) match "*".
-        # Corresponds to the JSON property `hosts`
-        # @return [Array<String>]
-        attr_accessor :hosts
-        # Specification of HTTP header match attributes.
-        # Corresponds to the JSON property `httpHeaderMatch`
-        # @return [Google::Apis::NetworksecurityV1beta1::HttpHeaderMatch]
-        attr_accessor :http_header_match
-        # Optional. A list of HTTP methods to match. At least one method should match.
-        # Should not be set for gRPC services.
-        # Corresponds to the JSON property `methods`
-        # @return [Array<String>]
-        attr_accessor :methods_prop
-        # Required. List of destination ports to match. At least one port should match.
-        # Corresponds to the JSON property `ports`
-        # @return [Array<Fixnum>]
-        attr_accessor :ports
+        # Optional. Describes the negated properties of request sources. Matches
+        # requests from sources that do not match the criteria specified in this field.
+        # At least one of sources or notSources must be specified.
+        # Corresponds to the JSON property `notSources`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleFromRequestSource>]
+        attr_accessor :not_sources
+        # Optional. Describes the properties of a request's sources. At least one of
+        # sources or notSources must be specified. Limited to 1 source. A match occurs
+        # when ANY source (in sources or notSources) matches the request. Within a
+        # single source, the match follows AND semantics across fields and OR semantics
+        # within a single field, i.e. a match occurs when ANY principal matches AND ANY
+        # ipBlocks match.
+        # Corresponds to the JSON property `sources`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleFromRequestSource>]
+        attr_accessor :sources
         def initialize(**args)
            update!(**args)
@@ -367,69 +340,83 @@ module Google
         # Update properties of this object
         def update!(**args)
-          @hosts = args[:hosts] if args.key?(:hosts)
-          @http_header_match = args[:http_header_match] if args.key?(:http_header_match)
-          @methods_prop = args[:methods_prop] if args.key?(:methods_prop)
-          @ports = args[:ports] if args.key?(:ports)
+          @not_sources = args[:not_sources] if args.key?(:not_sources)
+          @sources = args[:sources] if args.key?(:sources)
         end
       end
-      # A generic empty message that you can re-use to avoid defining duplicated empty
-      # messages in your APIs. A typical example is to use it as the request or the
-      # response type of an API method. For instance: service Foo ` rpc Bar(google.
-      # protobuf.Empty) returns (google.protobuf.Empty); `
-      class Empty
+      # Describes the properties of a single source.
+      class AuthzPolicyAuthzRuleFromRequestSource
         include Google::Apis::Core::Hashable
+        # Optional. A list of identities derived from the client's certificate. This
+        # field will not match on a request unless mutual TLS is enabled for the
+        # Forwarding rule or Gateway. Each identity is a string whose value is matched
+        # against the URI SAN, or DNS SAN or the subject field in the client's
+        # certificate. The match can be exact, prefix, suffix or a substring match. One
+        # of exact, prefix, suffix or contains must be specified. Limited to 5
+        # principals.
+        # Corresponds to the JSON property `principals`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleStringMatch>]
+        attr_accessor :principals
+        # Optional. A list of resources to match against the resource of the source VM
+        # of a request. Limited to 5 resources.
+        # Corresponds to the JSON property `resources`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleRequestResource>]
+        attr_accessor :resources
         def initialize(**args)
            update!(**args)
         end
         # Update properties of this object
         def update!(**args)
+          @principals = args[:principals] if args.key?(:principals)
+          @resources = args[:resources] if args.key?(:resources)
         end
       end
-      # Represents a textual expression in the Common Expression Language (CEL) syntax.
-      # CEL is a C-like expression language. The syntax and semantics of CEL are
-      # documented at https://github.com/google/cel-spec. Example (Comparison): title:
-      # "Summary size limit" description: "Determines if a summary is less than 100
-      # chars" expression: "document.summary.size() < 100" Example (Equality): title: "
-      # Requestor is owner" description: "Determines if requestor is the document
-      # owner" expression: "document.owner == request.auth.claims.email" Example (
-      # Logic): title: "Public documents" description: "Determine whether the document
-      # should be publicly visible" expression: "document.type != 'private' &&
-      # document.type != 'internal'" Example (Data Manipulation): title: "Notification
-      # string" description: "Create a notification string with a timestamp."
-      # expression: "'New message received at ' + string(document.create_time)" The
-      # exact variables and functions that may be referenced within an expression are
-      # determined by the service that evaluates it. See the service documentation for
-      # additional information.
-      class Expr
+      # Determines how a HTTP header should be matched.
+      class AuthzPolicyAuthzRuleHeaderMatch
         include Google::Apis::Core::Hashable
-        # Optional. Description of the expression. This is a longer text which describes
-        # the expression, e.g. when hovered over it in a UI.
-        # Corresponds to the JSON property `description`
+        # Optional. Specifies the name of the header in the request.
+        # Corresponds to the JSON property `name`
         # @return [String]
-        attr_accessor :description
+        attr_accessor :name
-        # Textual representation of an expression in Common Expression Language syntax.
-        # Corresponds to the JSON property `expression`
-        # @return [String]
-        attr_accessor :expression
+        # Determines how a string value should be matched.
+        # Corresponds to the JSON property `value`
+        # @return [Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleStringMatch]
+        attr_accessor :value
-        # Optional. String indicating the location of the expression for error reporting,
-        # e.g. a file name and a position in the file.
-        # Corresponds to the JSON property `location`
-        # @return [String]
-        attr_accessor :location
+        def initialize(**args)
+           update!(**args)
+        end
-        # Optional. Title for the expression, i.e. a short string describing its purpose.
-        # This can be used e.g. in UIs which allow to enter the expression.
-        # Corresponds to the JSON property `title`
-        # @return [String]
-        attr_accessor :title
+        # Update properties of this object
+        def update!(**args)
+          @name = args[:name] if args.key?(:name)
+          @value = args[:value] if args.key?(:value)
+        end
+      end
+      # Describes the properties of a client VM resource accessing the internal
+      # application load balancers.
+      class AuthzPolicyAuthzRuleRequestResource
+        include Google::Apis::Core::Hashable
+        # Determines how a string value should be matched.
+        # Corresponds to the JSON property `iamServiceAccount`
+        # @return [Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleStringMatch]
+        attr_accessor :iam_service_account
+        # Describes a set of resource tag value permanent IDs to match against the
+        # resource manager tags value associated with the source VM of a request.
+        # Corresponds to the JSON property `tagValueIdSet`
+        # @return [Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleRequestResourceTagValueIdSet]
+        attr_accessor :tag_value_id_set
         def initialize(**args)
            update!(**args)
@@ -437,73 +424,72 @@ module Google
         # Update properties of this object
         def update!(**args)
-          @description = args[:description] if args.key?(:description)
-          @expression = args[:expression] if args.key?(:expression)
-          @location = args[:location] if args.key?(:location)
-          @title = args[:title] if args.key?(:title)
+          @iam_service_account = args[:iam_service_account] if args.key?(:iam_service_account)
+          @tag_value_id_set = args[:tag_value_id_set] if args.key?(:tag_value_id_set)
         end
       end
-      # Message describing Endpoint object
-      class FirewallEndpoint
+      # Describes a set of resource tag value permanent IDs to match against the
+      # resource manager tags value associated with the source VM of a request.
+      class AuthzPolicyAuthzRuleRequestResourceTagValueIdSet
         include Google::Apis::Core::Hashable
-        # Output only. List of networks that are associated with this endpoint in the
-        # local zone. This is a projection of the FirewallEndpointAssociations pointing
-        # at this endpoint. A network will only appear in this list after traffic
-        # routing is fully configured. Format: projects/`project`/global/networks/`name`.
-        # Corresponds to the JSON property `associatedNetworks`
-        # @return [Array<String>]
-        attr_accessor :associated_networks
+        # Required. A list of resource tag value permanent IDs to match against the
+        # resource manager tags value associated with the source VM of a request. The
+        # match follows AND semantics which means all the ids must match. Limited to 5
+        # matches.
+        # Corresponds to the JSON property `ids`
+        # @return [Array<Fixnum>]
+        attr_accessor :ids
-        # Output only. List of FirewallEndpointAssociations that are associated to this
-        # endpoint. An association will only appear in this list after traffic routing
-        # is fully configured.
-        # Corresponds to the JSON property `associations`
-        # @return [Array<Google::Apis::NetworksecurityV1beta1::FirewallEndpointAssociationReference>]
-        attr_accessor :associations
+        def initialize(**args)
+           update!(**args)
+        end
-        # Required. Project to bill on endpoint uptime usage.
-        # Corresponds to the JSON property `billingProjectId`
-        # @return [String]
-        attr_accessor :billing_project_id
+        # Update properties of this object
+        def update!(**args)
+          @ids = args[:ids] if args.key?(:ids)
+        end
+      end
-        # Output only. Create time stamp
-        # Corresponds to the JSON property `createTime`
-        # @return [String]
-        attr_accessor :create_time
+      # Determines how a string value should be matched.
+      class AuthzPolicyAuthzRuleStringMatch
+        include Google::Apis::Core::Hashable
-        # Optional. Description of the firewall endpoint. Max length 2048 characters.
-        # Corresponds to the JSON property `description`
+        # The input string must have the substring specified here. Note: empty contains
+        # match is not allowed, please use regex instead. Examples: * ``abc`` matches
+        # the value ``xyz.abc.def``
+        # Corresponds to the JSON property `contains`
         # @return [String]
-        attr_accessor :description
-        # Optional. Labels as key value pairs
-        # Corresponds to the JSON property `labels`
-        # @return [Hash<String,String>]
-        attr_accessor :labels
+        attr_accessor :contains
-        # Immutable. Identifier. name of resource
-        # Corresponds to the JSON property `name`
+        # The input string must match exactly the string specified here. Examples: * ``
+        # abc`` only matches the value ``abc``.
+        # Corresponds to the JSON property `exact`
         # @return [String]
-        attr_accessor :name
+        attr_accessor :exact
-        # Output only. Whether reconciling is in progress, recommended per https://
-        # google.aip.dev/128.
-        # Corresponds to the JSON property `reconciling`
+        # If true, indicates the exact/prefix/suffix/contains matching should be case
+        # insensitive. For example, the matcher ``data`` will match both input string ``
+        # Data`` and ``data`` if set to true.
+        # Corresponds to the JSON property `ignoreCase`
         # @return [Boolean]
-        attr_accessor :reconciling
-        alias_method :reconciling?, :reconciling
+        attr_accessor :ignore_case
+        alias_method :ignore_case?, :ignore_case
-        # Output only. Current state of the endpoint.
-        # Corresponds to the JSON property `state`
+        # The input string must have the prefix specified here. Note: empty prefix is
+        # not allowed, please use regex instead. Examples: * ``abc`` matches the value ``
+        # abc.xyz``
+        # Corresponds to the JSON property `prefix`
         # @return [String]
-        attr_accessor :state
+        attr_accessor :prefix
-        # Output only. Update time stamp
-        # Corresponds to the JSON property `updateTime`
+        # The input string must have the suffix specified here. Note: empty prefix is
+        # not allowed, please use regex instead. Examples: * ``abc`` matches the value ``
+        # xyz.abc``
+        # Corresponds to the JSON property `suffix`
         # @return [String]
-        attr_accessor :update_time
+        attr_accessor :suffix
         def initialize(**args)
            update!(**args)
@@ -511,76 +497,77 @@ module Google
         # Update properties of this object
         def update!(**args)
-          @associated_networks = args[:associated_networks] if args.key?(:associated_networks)
-          @associations = args[:associations] if args.key?(:associations)
-          @billing_project_id = args[:billing_project_id] if args.key?(:billing_project_id)
-          @create_time = args[:create_time] if args.key?(:create_time)
-          @description = args[:description] if args.key?(:description)
-          @labels = args[:labels] if args.key?(:labels)
-          @name = args[:name] if args.key?(:name)
-          @reconciling = args[:reconciling] if args.key?(:reconciling)
-          @state = args[:state] if args.key?(:state)
-          @update_time = args[:update_time] if args.key?(:update_time)
+          @contains = args[:contains] if args.key?(:contains)
+          @exact = args[:exact] if args.key?(:exact)
+          @ignore_case = args[:ignore_case] if args.key?(:ignore_case)
+          @prefix = args[:prefix] if args.key?(:prefix)
+          @suffix = args[:suffix] if args.key?(:suffix)
         end
       end
-      # Message describing Association object
-      class FirewallEndpointAssociation
+      # Describes properties of one or more targets of a request.
+      class AuthzPolicyAuthzRuleTo
         include Google::Apis::Core::Hashable
-        # Output only. Create time stamp
-        # Corresponds to the JSON property `createTime`
-        # @return [String]
-        attr_accessor :create_time
-        # Optional. Whether the association is disabled. True indicates that traffic won'
-        # t be intercepted
-        # Corresponds to the JSON property `disabled`
-        # @return [Boolean]
-        attr_accessor :disabled
-        alias_method :disabled?, :disabled
-        # Required. The URL of the FirewallEndpoint that is being associated.
-        # Corresponds to the JSON property `firewallEndpoint`
-        # @return [String]
-        attr_accessor :firewall_endpoint
+        # Optional. Describes the negated properties of the targets of a request.
+        # Matches requests for operations that do not match the criteria specified in
+        # this field. At least one of operations or notOperations must be specified.
+        # Corresponds to the JSON property `notOperations`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleToRequestOperation>]
+        attr_accessor :not_operations
+        # Optional. Describes properties of one or more targets of a request. At least
+        # one of operations or notOperations must be specified. Limited to 1 operation.
+        # A match occurs when ANY operation (in operations or notOperations) matches.
+        # Within an operation, the match follows AND semantics across fields and OR
+        # semantics within a field, i.e. a match occurs when ANY path matches AND ANY
+        # header matches and ANY method matches.
+        # Corresponds to the JSON property `operations`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleToRequestOperation>]
+        attr_accessor :operations
-        # Optional. Labels as key value pairs
-        # Corresponds to the JSON property `labels`
-        # @return [Hash<String,String>]
-        attr_accessor :labels
+        def initialize(**args)
+           update!(**args)
+        end
-        # Immutable. Identifier. name of resource
-        # Corresponds to the JSON property `name`
-        # @return [String]
-        attr_accessor :name
+        # Update properties of this object
+        def update!(**args)
+          @not_operations = args[:not_operations] if args.key?(:not_operations)
+          @operations = args[:operations] if args.key?(:operations)
+        end
+      end
-        # Required. The URL of the network that is being associated.
-        # Corresponds to the JSON property `network`
-        # @return [String]
-        attr_accessor :network
+      # Describes properties of one or more targets of a request.
+      class AuthzPolicyAuthzRuleToRequestOperation
+        include Google::Apis::Core::Hashable
-        # Output only. Whether reconciling is in progress, recommended per https://
-        # google.aip.dev/128.
-        # Corresponds to the JSON property `reconciling`
-        # @return [Boolean]
-        attr_accessor :reconciling
-        alias_method :reconciling?, :reconciling
+        # Describes a set of HTTP headers to match against.
+        # Corresponds to the JSON property `headerSet`
+        # @return [Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleToRequestOperationHeaderSet]
+        attr_accessor :header_set
-        # Output only. Current state of the association.
-        # Corresponds to the JSON property `state`
-        # @return [String]
-        attr_accessor :state
+        # Optional. A list of HTTP Hosts to match against. The match can be one of exact,
+        # prefix, suffix, or contains (substring match). Matches are always case
+        # sensitive unless the ignoreCase is set. Limited to 5 matches.
+        # Corresponds to the JSON property `hosts`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleStringMatch>]
+        attr_accessor :hosts
-        # Optional. The URL of the TlsInspectionPolicy that is being associated.
-        # Corresponds to the JSON property `tlsInspectionPolicy`
-        # @return [String]
-        attr_accessor :tls_inspection_policy
+        # Optional. A list of HTTP methods to match against. Each entry must be a valid
+        # HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It only
+        # allows exact match and is always case sensitive.
+        # Corresponds to the JSON property `methods`
+        # @return [Array<String>]
+        attr_accessor :methods_prop
-        # Output only. Update time stamp
-        # Corresponds to the JSON property `updateTime`
-        # @return [String]
-        attr_accessor :update_time
+        # Optional. A list of paths to match against. The match can be one of exact,
+        # prefix, suffix, or contains (substring match). Matches are always case
+        # sensitive unless the ignoreCase is set. Limited to 5 matches. Note that this
+        # path match includes the query parameters. For gRPC services, this should be a
+        # fully-qualified name of the form /package.service/method.
+        # Corresponds to the JSON property `paths`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleStringMatch>]
+        attr_accessor :paths
         def initialize(**args)
            update!(**args)
@@ -588,35 +575,24 @@ module Google
         # Update properties of this object
         def update!(**args)
-          @create_time = args[:create_time] if args.key?(:create_time)
-          @disabled = args[:disabled] if args.key?(:disabled)
-          @firewall_endpoint = args[:firewall_endpoint] if args.key?(:firewall_endpoint)
-          @labels = args[:labels] if args.key?(:labels)
-          @name = args[:name] if args.key?(:name)
-          @network = args[:network] if args.key?(:network)
-          @reconciling = args[:reconciling] if args.key?(:reconciling)
-          @state = args[:state] if args.key?(:state)
-          @tls_inspection_policy = args[:tls_inspection_policy] if args.key?(:tls_inspection_policy)
-          @update_time = args[:update_time] if args.key?(:update_time)
+          @header_set = args[:header_set] if args.key?(:header_set)
+          @hosts = args[:hosts] if args.key?(:hosts)
+          @methods_prop = args[:methods_prop] if args.key?(:methods_prop)
+          @paths = args[:paths] if args.key?(:paths)
         end
       end
-      # This is a subset of the FirewallEndpointAssociation message, containing fields
-      # to be used by the consumer.
-      class FirewallEndpointAssociationReference
+      # Describes a set of HTTP headers to match against.
+      class AuthzPolicyAuthzRuleToRequestOperationHeaderSet
         include Google::Apis::Core::Hashable
-        # Output only. The resource name of the FirewallEndpointAssociation. Format:
-        # projects/`project`/locations/`location`/firewallEndpointAssociations/`id`
-        # Corresponds to the JSON property `name`
-        # @return [String]
-        attr_accessor :name
-        # Output only. The VPC network associated. Format: projects/`project`/global/
-        # networks/`name`.
-        # Corresponds to the JSON property `network`
-        # @return [String]
-        attr_accessor :network
+        # Required. A list of headers to match against in http header. The match can be
+        # one of exact, prefix, suffix, or contains (substring match). The match follows
+        # AND semantics which means all the headers must match. Matches are always case
+        # sensitive unless the ignoreCase is set. Limited to 5 matches.
+        # Corresponds to the JSON property `headers`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicyAuthzRuleHeaderMatch>]
+        attr_accessor :headers
         def initialize(**args)
            update!(**args)
@@ -624,44 +600,29 @@ module Google
         # Update properties of this object
         def update!(**args)
-          @name = args[:name] if args.key?(:name)
-          @network = args[:network] if args.key?(:network)
+          @headers = args[:headers] if args.key?(:headers)
         end
       end
-      # The GatewaySecurityPolicy resource contains a collection of
-      # GatewaySecurityPolicyRules and associated metadata.
-      class GatewaySecurityPolicy
+      # Allows delegating authorization decisions to Cloud IAP or to Service
+      # Extensions.
+      class AuthzPolicyCustomProvider
         include Google::Apis::Core::Hashable
-        # Output only. The timestamp when the resource was created.
-        # Corresponds to the JSON property `createTime`
-        # @return [String]
-        attr_accessor :create_time
-        # Optional. Free-text description of the resource.
-        # Corresponds to the JSON property `description`
-        # @return [String]
-        attr_accessor :description
-        # Required. Name of the resource. Name is of the form projects/`project`/
-        # locations/`location`/gatewaySecurityPolicies/`gateway_security_policy`
-        # gateway_security_policy should match the pattern:(^[a-z]([a-z0-9-]`0,61`[a-z0-
-        # 9])?$).
-        # Corresponds to the JSON property `name`
-        # @return [String]
-        attr_accessor :name
-        # Optional. Name of a TLS Inspection Policy resource that defines how TLS
-        # inspection will be performed for any rule(s) which enables it.
-        # Corresponds to the JSON property `tlsInspectionPolicy`
-        # @return [String]
-        attr_accessor :tls_inspection_policy
-        # Output only. The timestamp when the resource was updated.
-        # Corresponds to the JSON property `updateTime`
-        # @return [String]
-        attr_accessor :update_time
+        # Optional. Delegate authorization decision to user authored extension. Only one
+        # of cloudIap or authzExtension can be specified.
+        # Corresponds to the JSON property `authzExtension`
+        # @return [Google::Apis::NetworksecurityV1beta1::AuthzPolicyCustomProviderAuthzExtension]
+        attr_accessor :authz_extension
+        # Optional. Delegates authorization decisions to Cloud IAP. Applicable only for
+        # managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not
+        # compatible with Cloud IAP settings in the BackendService. Enabling IAP in both
+        # places will result in request failure. Ensure that IAP is enabled in either
+        # the AuthzPolicy or the BackendService but not in both places.
+        # Corresponds to the JSON property `cloudIap`
+        # @return [Google::Apis::NetworksecurityV1beta1::AuthzPolicyCustomProviderCloudIap]
+        attr_accessor :cloud_iap
         def initialize(**args)
            update!(**args)
@@ -669,75 +630,21 @@ module Google
         # Update properties of this object
         def update!(**args)
-          @create_time = args[:create_time] if args.key?(:create_time)
-          @description = args[:description] if args.key?(:description)
-          @name = args[:name] if args.key?(:name)
-          @tls_inspection_policy = args[:tls_inspection_policy] if args.key?(:tls_inspection_policy)
-          @update_time = args[:update_time] if args.key?(:update_time)
+          @authz_extension = args[:authz_extension] if args.key?(:authz_extension)
+          @cloud_iap = args[:cloud_iap] if args.key?(:cloud_iap)
         end
       end
-      # The GatewaySecurityPolicyRule resource is in a nested collection within a
-      # GatewaySecurityPolicy and represents a traffic matching condition and
-      # associated action to perform.
-      class GatewaySecurityPolicyRule
+      # Optional. Delegate authorization decision to user authored extension. Only one
+      # of cloudIap or authzExtension can be specified.
+      class AuthzPolicyCustomProviderAuthzExtension
         include Google::Apis::Core::Hashable
-        # Optional. CEL expression for matching on L7/application level criteria.
-        # Corresponds to the JSON property `applicationMatcher`
-        # @return [String]
-        attr_accessor :application_matcher
-        # Required. Profile which tells what the primitive action should be.
-        # Corresponds to the JSON property `basicProfile`
-        # @return [String]
-        attr_accessor :basic_profile
-        # Output only. Time when the rule was created.
-        # Corresponds to the JSON property `createTime`
-        # @return [String]
-        attr_accessor :create_time
-        # Optional. Free-text description of the resource.
-        # Corresponds to the JSON property `description`
-        # @return [String]
-        attr_accessor :description
-        # Required. Whether the rule is enforced.
-        # Corresponds to the JSON property `enabled`
-        # @return [Boolean]
-        attr_accessor :enabled
-        alias_method :enabled?, :enabled
-        # Required. Immutable. Name of the resource. ame is the full resource name so
-        # projects/`project`/locations/`location`/gatewaySecurityPolicies/`
-        # gateway_security_policy`/rules/`rule` rule should match the pattern: (^[a-z]([
-        # a-z0-9-]`0,61`[a-z0-9])?$).
-        # Corresponds to the JSON property `name`
-        # @return [String]
-        attr_accessor :name
-        # Required. Priority of the rule. Lower number corresponds to higher precedence.
-        # Corresponds to the JSON property `priority`
-        # @return [Fixnum]
-        attr_accessor :priority
-        # Required. CEL expression for matching on session criteria.
-        # Corresponds to the JSON property `sessionMatcher`
-        # @return [String]
-        attr_accessor :session_matcher
-        # Optional. Flag to enable TLS inspection of traffic matching on , can only be
-        # true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
-        # Corresponds to the JSON property `tlsInspectionEnabled`
-        # @return [Boolean]
-        attr_accessor :tls_inspection_enabled
-        alias_method :tls_inspection_enabled?, :tls_inspection_enabled
-        # Output only. Time when the rule was updated.
-        # Corresponds to the JSON property `updateTime`
-        # @return [String]
-        attr_accessor :update_time
+        # Required. A list of references to authorization extensions that will be
+        # invoked for requests matching this policy. Limited to 1 custom provider.
+        # Corresponds to the JSON property `resources`
+        # @return [Array<String>]
+        attr_accessor :resources
         def initialize(**args)
            update!(**args)
@@ -745,57 +652,45 @@ module Google
         # Update properties of this object
         def update!(**args)
-          @application_matcher = args[:application_matcher] if args.key?(:application_matcher)
-          @basic_profile = args[:basic_profile] if args.key?(:basic_profile)
-          @create_time = args[:create_time] if args.key?(:create_time)
-          @description = args[:description] if args.key?(:description)
-          @enabled = args[:enabled] if args.key?(:enabled)
-          @name = args[:name] if args.key?(:name)
-          @priority = args[:priority] if args.key?(:priority)
-          @session_matcher = args[:session_matcher] if args.key?(:session_matcher)
-          @tls_inspection_enabled = args[:tls_inspection_enabled] if args.key?(:tls_inspection_enabled)
-          @update_time = args[:update_time] if args.key?(:update_time)
+          @resources = args[:resources] if args.key?(:resources)
         end
       end
-      # Specification of certificate provider. Defines the mechanism to obtain the
-      # certificate and private key for peer to peer authentication.
-      class GoogleCloudNetworksecurityV1beta1CertificateProvider
+      # Optional. Delegates authorization decisions to Cloud IAP. Applicable only for
+      # managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not
+      # compatible with Cloud IAP settings in the BackendService. Enabling IAP in both
+      # places will result in request failure. Ensure that IAP is enabled in either
+      # the AuthzPolicy or the BackendService but not in both places.
+      class AuthzPolicyCustomProviderCloudIap
         include Google::Apis::Core::Hashable
-        # Specification of a TLS certificate provider instance. Workloads may have one
-        # or more CertificateProvider instances (plugins) and one of them is enabled and
-        # configured by specifying this message. Workloads use the values from this
-        # message to locate and load the CertificateProvider instance configuration.
-        # Corresponds to the JSON property `certificateProviderInstance`
-        # @return [Google::Apis::NetworksecurityV1beta1::CertificateProviderInstance]
-        attr_accessor :certificate_provider_instance
-        # Specification of the GRPC Endpoint.
-        # Corresponds to the JSON property `grpcEndpoint`
-        # @return [Google::Apis::NetworksecurityV1beta1::GoogleCloudNetworksecurityV1beta1GrpcEndpoint]
-        attr_accessor :grpc_endpoint
         def initialize(**args)
            update!(**args)
         end
         # Update properties of this object
         def update!(**args)
-          @certificate_provider_instance = args[:certificate_provider_instance] if args.key?(:certificate_provider_instance)
-          @grpc_endpoint = args[:grpc_endpoint] if args.key?(:grpc_endpoint)
         end
       end
-      # Specification of the GRPC Endpoint.
-      class GoogleCloudNetworksecurityV1beta1GrpcEndpoint
+      # Specifies the set of targets to which this policy should be applied to.
+      class AuthzPolicyTarget
         include Google::Apis::Core::Hashable
-        # Required. The target URI of the gRPC endpoint. Only UDS path is supported, and
-        # should start with "unix:".
-        # Corresponds to the JSON property `targetUri`
+        # Required. All gateways and forwarding rules referenced by this policy and
+        # extensions must share the same load balancing scheme. Supported values: `
+        # INTERNAL_MANAGED` and `EXTERNAL_MANAGED`. For more information, refer to [
+        # Backend services overview](https://cloud.google.com/load-balancing/docs/
+        # backend-service).
+        # Corresponds to the JSON property `loadBalancingScheme`
         # @return [String]
-        attr_accessor :target_uri
+        attr_accessor :load_balancing_scheme
+        # Required. A list of references to the Forwarding Rules on which this policy
+        # will be applied.
+        # Corresponds to the JSON property `resources`
+        # @return [Array<String>]
+        attr_accessor :resources
         def initialize(**args)
            update!(**args)
@@ -803,69 +698,974 @@ module Google
         # Update properties of this object
         def update!(**args)
-          @target_uri = args[:target_uri] if args.key?(:target_uri)
+          @load_balancing_scheme = args[:load_balancing_scheme] if args.key?(:load_balancing_scheme)
+          @resources = args[:resources] if args.key?(:resources)
         end
       end
-      # Specifies the audit configuration for a service. The configuration determines
-      # which permission types are logged, and what identities, if any, are exempted
-      # from logging. An AuditConfig must have one or more AuditLogConfigs. If there
-      # are AuditConfigs for both `allServices` and a specific service, the union of
-      # the two AuditConfigs is used for that service: the log_types specified in each
-      # AuditConfig are enabled, and the exempted_members in each AuditLogConfig are
-      # exempted. Example Policy with multiple AuditConfigs: ` "audit_configs": [ ` "
-      # service": "allServices", "audit_log_configs": [ ` "log_type": "DATA_READ", "
-      # exempted_members": [ "user:jose@example.com" ] `, ` "log_type": "DATA_WRITE" `,
-      # ` "log_type": "ADMIN_READ" ` ] `, ` "service": "sampleservice.googleapis.com",
-      # "audit_log_configs": [ ` "log_type": "DATA_READ" `, ` "log_type": "DATA_WRITE"
-      # , "exempted_members": [ "user:aliya@example.com" ] ` ] ` ] ` For sampleservice,
-      # this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also
-      # exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com`
-      # from DATA_WRITE logging.
-      class GoogleIamV1AuditConfig
+      # The request message for Operations.CancelOperation.
+      class CancelOperationRequest
         include Google::Apis::Core::Hashable
-        # The configuration for logging of each type of permission.
-        # Corresponds to the JSON property `auditLogConfigs`
-        # @return [Array<Google::Apis::NetworksecurityV1beta1::GoogleIamV1AuditLogConfig>]
-        attr_accessor :audit_log_configs
-        # Specifies a service that will be enabled for audit logging. For example, `
-        # storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special
-        # value that covers all services.
-        # Corresponds to the JSON property `service`
-        # @return [String]
-        attr_accessor :service
         def initialize(**args)
            update!(**args)
         end
         # Update properties of this object
         def update!(**args)
-          @audit_log_configs = args[:audit_log_configs] if args.key?(:audit_log_configs)
-          @service = args[:service] if args.key?(:service)
         end
       end
-      # Provides the configuration for logging a type of permissions. Example: ` "
-      # audit_log_configs": [ ` "log_type": "DATA_READ", "exempted_members": [ "user:
-      # jose@example.com" ] `, ` "log_type": "DATA_WRITE" ` ] ` This enables '
-      # DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from
-      # DATA_READ logging.
+      # Specification of a TLS certificate provider instance. Workloads may have one
+      # or more CertificateProvider instances (plugins) and one of them is enabled and
+      # configured by specifying this message. Workloads use the values from this
+      # message to locate and load the CertificateProvider instance configuration.
+      class CertificateProviderInstance
+        include Google::Apis::Core::Hashable
+        # Required. Plugin instance name, used to locate and load CertificateProvider
+        # instance configuration. Set to "google_cloud_private_spiffe" to use
+        # Certificate Authority Service certificate provider instance.
+        # Corresponds to the JSON property `pluginInstance`
+        # @return [String]
+        attr_accessor :plugin_instance
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @plugin_instance = args[:plugin_instance] if args.key?(:plugin_instance)
+        end
+      end
+      # ClientTlsPolicy is a resource that specifies how a client should authenticate
+      # connections to backends of a service. This resource itself does not affect
+      # configuration unless it is attached to a backend service resource.
+      class ClientTlsPolicy
+        include Google::Apis::Core::Hashable
+        # Specification of certificate provider. Defines the mechanism to obtain the
+        # certificate and private key for peer to peer authentication.
+        # Corresponds to the JSON property `clientCertificate`
+        # @return [Google::Apis::NetworksecurityV1beta1::GoogleCloudNetworksecurityV1beta1CertificateProvider]
+        attr_accessor :client_certificate
+        # Output only. The timestamp when the resource was created.
+        # Corresponds to the JSON property `createTime`
+        # @return [String]
+        attr_accessor :create_time
+        # Optional. Free-text description of the resource.
+        # Corresponds to the JSON property `description`
+        # @return [String]
+        attr_accessor :description
+        # Optional. Set of label tags associated with the resource.
+        # Corresponds to the JSON property `labels`
+        # @return [Hash<String,String>]
+        attr_accessor :labels
+        # Required. Name of the ClientTlsPolicy resource. It matches the pattern `
+        # projects/*/locations/`location`/clientTlsPolicies/`client_tls_policy``
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # Optional. Defines the mechanism to obtain the Certificate Authority
+        # certificate to validate the server certificate. If empty, client does not
+        # validate the server certificate.
+        # Corresponds to the JSON property `serverValidationCa`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::ValidationCa>]
+        attr_accessor :server_validation_ca
+        # Optional. Server Name Indication string to present to the server during TLS
+        # handshake. E.g: "secure.example.com".
+        # Corresponds to the JSON property `sni`
+        # @return [String]
+        attr_accessor :sni
+        # Output only. The timestamp when the resource was updated.
+        # Corresponds to the JSON property `updateTime`
+        # @return [String]
+        attr_accessor :update_time
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @client_certificate = args[:client_certificate] if args.key?(:client_certificate)
+          @create_time = args[:create_time] if args.key?(:create_time)
+          @description = args[:description] if args.key?(:description)
+          @labels = args[:labels] if args.key?(:labels)
+          @name = args[:name] if args.key?(:name)
+          @server_validation_ca = args[:server_validation_ca] if args.key?(:server_validation_ca)
+          @sni = args[:sni] if args.key?(:sni)
+          @update_time = args[:update_time] if args.key?(:update_time)
+        end
+      end
+      # Request used by the CloneAddressGroupItems method.
+      class CloneAddressGroupItemsRequest
+        include Google::Apis::Core::Hashable
+        # Optional. An optional request ID to identify requests. Specify a unique
+        # request ID so that if you must retry your request, the server will know to
+        # ignore the request if it has already been completed. The server will guarantee
+        # that for at least 60 minutes since the first request. For example, consider a
+        # situation where you make an initial request and the request times out. If you
+        # make the request again with the same request ID, the server can check if
+        # original operation with the same request ID was received, and if so, will
+        # ignore the second request. This prevents clients from accidentally creating
+        # duplicate commitments. The request ID must be a valid UUID with the exception
+        # that zero UUID is not supported (00000000-0000-0000-0000-000000000000).
+        # Corresponds to the JSON property `requestId`
+        # @return [String]
+        attr_accessor :request_id
+        # Required. Source address group to clone items from.
+        # Corresponds to the JSON property `sourceAddressGroup`
+        # @return [String]
+        attr_accessor :source_address_group
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @request_id = args[:request_id] if args.key?(:request_id)
+          @source_address_group = args[:source_address_group] if args.key?(:source_address_group)
+        end
+      end
+      # CustomInterceptProfile defines the Packet Intercept Endpoint Group used to
+      # intercept traffic to a third-party firewall in a Firewall rule.
+      class CustomInterceptProfile
+        include Google::Apis::Core::Hashable
+        # Required. The InterceptEndpointGroup to which traffic associated with the SP
+        # should be mirrored.
+        # Corresponds to the JSON property `interceptEndpointGroup`
+        # @return [String]
+        attr_accessor :intercept_endpoint_group
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @intercept_endpoint_group = args[:intercept_endpoint_group] if args.key?(:intercept_endpoint_group)
+        end
+      end
+      # CustomMirroringProfile defines an action for mirroring traffic to a collector'
+      # s EndpointGroup
+      class CustomMirroringProfile
+        include Google::Apis::Core::Hashable
+        # Required. The MirroringEndpointGroup to which traffic associated with the SP
+        # should be mirrored.
+        # Corresponds to the JSON property `mirroringEndpointGroup`
+        # @return [String]
+        attr_accessor :mirroring_endpoint_group
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @mirroring_endpoint_group = args[:mirroring_endpoint_group] if args.key?(:mirroring_endpoint_group)
+        end
+      end
+      # Specification of traffic destination attributes.
+      class Destination
+        include Google::Apis::Core::Hashable
+        # Required. List of host names to match. Matched against the ":authority" header
+        # in http requests. At least one host should match. Each host can be an exact
+        # match, or a prefix match (example "mydomain.*") or a suffix match (example "*.
+        # myorg.com") or a presence (any) match "*".
+        # Corresponds to the JSON property `hosts`
+        # @return [Array<String>]
+        attr_accessor :hosts
+        # Specification of HTTP header match attributes.
+        # Corresponds to the JSON property `httpHeaderMatch`
+        # @return [Google::Apis::NetworksecurityV1beta1::HttpHeaderMatch]
+        attr_accessor :http_header_match
+        # Optional. A list of HTTP methods to match. At least one method should match.
+        # Should not be set for gRPC services.
+        # Corresponds to the JSON property `methods`
+        # @return [Array<String>]
+        attr_accessor :methods_prop
+        # Required. List of destination ports to match. At least one port should match.
+        # Corresponds to the JSON property `ports`
+        # @return [Array<Fixnum>]
+        attr_accessor :ports
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @hosts = args[:hosts] if args.key?(:hosts)
+          @http_header_match = args[:http_header_match] if args.key?(:http_header_match)
+          @methods_prop = args[:methods_prop] if args.key?(:methods_prop)
+          @ports = args[:ports] if args.key?(:ports)
+        end
+      end
+      # A generic empty message that you can re-use to avoid defining duplicated empty
+      # messages in your APIs. A typical example is to use it as the request or the
+      # response type of an API method. For instance: service Foo ` rpc Bar(google.
+      # protobuf.Empty) returns (google.protobuf.Empty); `
+      class Empty
+        include Google::Apis::Core::Hashable
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+        end
+      end
+      # Represents a textual expression in the Common Expression Language (CEL) syntax.
+      # CEL is a C-like expression language. The syntax and semantics of CEL are
+      # documented at https://github.com/google/cel-spec. Example (Comparison): title:
+      # "Summary size limit" description: "Determines if a summary is less than 100
+      # chars" expression: "document.summary.size() < 100" Example (Equality): title: "
+      # Requestor is owner" description: "Determines if requestor is the document
+      # owner" expression: "document.owner == request.auth.claims.email" Example (
+      # Logic): title: "Public documents" description: "Determine whether the document
+      # should be publicly visible" expression: "document.type != 'private' &&
+      # document.type != 'internal'" Example (Data Manipulation): title: "Notification
+      # string" description: "Create a notification string with a timestamp."
+      # expression: "'New message received at ' + string(document.create_time)" The
+      # exact variables and functions that may be referenced within an expression are
+      # determined by the service that evaluates it. See the service documentation for
+      # additional information.
+      class Expr
+        include Google::Apis::Core::Hashable
+        # Optional. Description of the expression. This is a longer text which describes
+        # the expression, e.g. when hovered over it in a UI.
+        # Corresponds to the JSON property `description`
+        # @return [String]
+        attr_accessor :description
+        # Textual representation of an expression in Common Expression Language syntax.
+        # Corresponds to the JSON property `expression`
+        # @return [String]
+        attr_accessor :expression
+        # Optional. String indicating the location of the expression for error reporting,
+        # e.g. a file name and a position in the file.
+        # Corresponds to the JSON property `location`
+        # @return [String]
+        attr_accessor :location
+        # Optional. Title for the expression, i.e. a short string describing its purpose.
+        # This can be used e.g. in UIs which allow to enter the expression.
+        # Corresponds to the JSON property `title`
+        # @return [String]
+        attr_accessor :title
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @description = args[:description] if args.key?(:description)
+          @expression = args[:expression] if args.key?(:expression)
+          @location = args[:location] if args.key?(:location)
+          @title = args[:title] if args.key?(:title)
+        end
+      end
+      # Message describing Endpoint object
+      class FirewallEndpoint
+        include Google::Apis::Core::Hashable
+        # Output only. List of networks that are associated with this endpoint in the
+        # local zone. This is a projection of the FirewallEndpointAssociations pointing
+        # at this endpoint. A network will only appear in this list after traffic
+        # routing is fully configured. Format: projects/`project`/global/networks/`name`.
+        # Corresponds to the JSON property `associatedNetworks`
+        # @return [Array<String>]
+        attr_accessor :associated_networks
+        # Output only. List of FirewallEndpointAssociations that are associated to this
+        # endpoint. An association will only appear in this list after traffic routing
+        # is fully configured.
+        # Corresponds to the JSON property `associations`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::FirewallEndpointAssociationReference>]
+        attr_accessor :associations
+        # Required. Project to bill on endpoint uptime usage.
+        # Corresponds to the JSON property `billingProjectId`
+        # @return [String]
+        attr_accessor :billing_project_id
+        # Output only. Create time stamp
+        # Corresponds to the JSON property `createTime`
+        # @return [String]
+        attr_accessor :create_time
+        # Optional. Description of the firewall endpoint. Max length 2048 characters.
+        # Corresponds to the JSON property `description`
+        # @return [String]
+        attr_accessor :description
+        # Optional. Labels as key value pairs
+        # Corresponds to the JSON property `labels`
+        # @return [Hash<String,String>]
+        attr_accessor :labels
+        # Immutable. Identifier. name of resource
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # Output only. Whether reconciling is in progress, recommended per https://
+        # google.aip.dev/128.
+        # Corresponds to the JSON property `reconciling`
+        # @return [Boolean]
+        attr_accessor :reconciling
+        alias_method :reconciling?, :reconciling
+        # Output only. Current state of the endpoint.
+        # Corresponds to the JSON property `state`
+        # @return [String]
+        attr_accessor :state
+        # Output only. Update time stamp
+        # Corresponds to the JSON property `updateTime`
+        # @return [String]
+        attr_accessor :update_time
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @associated_networks = args[:associated_networks] if args.key?(:associated_networks)
+          @associations = args[:associations] if args.key?(:associations)
+          @billing_project_id = args[:billing_project_id] if args.key?(:billing_project_id)
+          @create_time = args[:create_time] if args.key?(:create_time)
+          @description = args[:description] if args.key?(:description)
+          @labels = args[:labels] if args.key?(:labels)
+          @name = args[:name] if args.key?(:name)
+          @reconciling = args[:reconciling] if args.key?(:reconciling)
+          @state = args[:state] if args.key?(:state)
+          @update_time = args[:update_time] if args.key?(:update_time)
+        end
+      end
+      # Message describing Association object
+      class FirewallEndpointAssociation
+        include Google::Apis::Core::Hashable
+        # Output only. Create time stamp
+        # Corresponds to the JSON property `createTime`
+        # @return [String]
+        attr_accessor :create_time
+        # Optional. Whether the association is disabled. True indicates that traffic won'
+        # t be intercepted
+        # Corresponds to the JSON property `disabled`
+        # @return [Boolean]
+        attr_accessor :disabled
+        alias_method :disabled?, :disabled
+        # Required. The URL of the FirewallEndpoint that is being associated.
+        # Corresponds to the JSON property `firewallEndpoint`
+        # @return [String]
+        attr_accessor :firewall_endpoint
+        # Optional. Labels as key value pairs
+        # Corresponds to the JSON property `labels`
+        # @return [Hash<String,String>]
+        attr_accessor :labels
+        # Immutable. Identifier. name of resource
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # Required. The URL of the network that is being associated.
+        # Corresponds to the JSON property `network`
+        # @return [String]
+        attr_accessor :network
+        # Output only. Whether reconciling is in progress, recommended per https://
+        # google.aip.dev/128.
+        # Corresponds to the JSON property `reconciling`
+        # @return [Boolean]
+        attr_accessor :reconciling
+        alias_method :reconciling?, :reconciling
+        # Output only. Current state of the association.
+        # Corresponds to the JSON property `state`
+        # @return [String]
+        attr_accessor :state
+        # Optional. The URL of the TlsInspectionPolicy that is being associated.
+        # Corresponds to the JSON property `tlsInspectionPolicy`
+        # @return [String]
+        attr_accessor :tls_inspection_policy
+        # Output only. Update time stamp
+        # Corresponds to the JSON property `updateTime`
+        # @return [String]
+        attr_accessor :update_time
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @create_time = args[:create_time] if args.key?(:create_time)
+          @disabled = args[:disabled] if args.key?(:disabled)
+          @firewall_endpoint = args[:firewall_endpoint] if args.key?(:firewall_endpoint)
+          @labels = args[:labels] if args.key?(:labels)
+          @name = args[:name] if args.key?(:name)
+          @network = args[:network] if args.key?(:network)
+          @reconciling = args[:reconciling] if args.key?(:reconciling)
+          @state = args[:state] if args.key?(:state)
+          @tls_inspection_policy = args[:tls_inspection_policy] if args.key?(:tls_inspection_policy)
+          @update_time = args[:update_time] if args.key?(:update_time)
+        end
+      end
+      # This is a subset of the FirewallEndpointAssociation message, containing fields
+      # to be used by the consumer.
+      class FirewallEndpointAssociationReference
+        include Google::Apis::Core::Hashable
+        # Output only. The resource name of the FirewallEndpointAssociation. Format:
+        # projects/`project`/locations/`location`/firewallEndpointAssociations/`id`
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # Output only. The VPC network associated. Format: projects/`project`/global/
+        # networks/`name`.
+        # Corresponds to the JSON property `network`
+        # @return [String]
+        attr_accessor :network
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @name = args[:name] if args.key?(:name)
+          @network = args[:network] if args.key?(:network)
+        end
+      end
+      # The GatewaySecurityPolicy resource contains a collection of
+      # GatewaySecurityPolicyRules and associated metadata.
+      class GatewaySecurityPolicy
+        include Google::Apis::Core::Hashable
+        # Output only. The timestamp when the resource was created.
+        # Corresponds to the JSON property `createTime`
+        # @return [String]
+        attr_accessor :create_time
+        # Optional. Free-text description of the resource.
+        # Corresponds to the JSON property `description`
+        # @return [String]
+        attr_accessor :description
+        # Required. Name of the resource. Name is of the form projects/`project`/
+        # locations/`location`/gatewaySecurityPolicies/`gateway_security_policy`
+        # gateway_security_policy should match the pattern:(^[a-z]([a-z0-9-]`0,61`[a-z0-
+        # 9])?$).
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # Optional. Name of a TLS Inspection Policy resource that defines how TLS
+        # inspection will be performed for any rule(s) which enables it.
+        # Corresponds to the JSON property `tlsInspectionPolicy`
+        # @return [String]
+        attr_accessor :tls_inspection_policy
+        # Output only. The timestamp when the resource was updated.
+        # Corresponds to the JSON property `updateTime`
+        # @return [String]
+        attr_accessor :update_time
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @create_time = args[:create_time] if args.key?(:create_time)
+          @description = args[:description] if args.key?(:description)
+          @name = args[:name] if args.key?(:name)
+          @tls_inspection_policy = args[:tls_inspection_policy] if args.key?(:tls_inspection_policy)
+          @update_time = args[:update_time] if args.key?(:update_time)
+        end
+      end
+      # The GatewaySecurityPolicyRule resource is in a nested collection within a
+      # GatewaySecurityPolicy and represents a traffic matching condition and
+      # associated action to perform.
+      class GatewaySecurityPolicyRule
+        include Google::Apis::Core::Hashable
+        # Optional. CEL expression for matching on L7/application level criteria.
+        # Corresponds to the JSON property `applicationMatcher`
+        # @return [String]
+        attr_accessor :application_matcher
+        # Required. Profile which tells what the primitive action should be.
+        # Corresponds to the JSON property `basicProfile`
+        # @return [String]
+        attr_accessor :basic_profile
+        # Output only. Time when the rule was created.
+        # Corresponds to the JSON property `createTime`
+        # @return [String]
+        attr_accessor :create_time
+        # Optional. Free-text description of the resource.
+        # Corresponds to the JSON property `description`
+        # @return [String]
+        attr_accessor :description
+        # Required. Whether the rule is enforced.
+        # Corresponds to the JSON property `enabled`
+        # @return [Boolean]
+        attr_accessor :enabled
+        alias_method :enabled?, :enabled
+        # Required. Immutable. Name of the resource. ame is the full resource name so
+        # projects/`project`/locations/`location`/gatewaySecurityPolicies/`
+        # gateway_security_policy`/rules/`rule` rule should match the pattern: (^[a-z]([
+        # a-z0-9-]`0,61`[a-z0-9])?$).
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # Required. Priority of the rule. Lower number corresponds to higher precedence.
+        # Corresponds to the JSON property `priority`
+        # @return [Fixnum]
+        attr_accessor :priority
+        # Required. CEL expression for matching on session criteria.
+        # Corresponds to the JSON property `sessionMatcher`
+        # @return [String]
+        attr_accessor :session_matcher
+        # Optional. Flag to enable TLS inspection of traffic matching on , can only be
+        # true if the parent GatewaySecurityPolicy references a TLSInspectionConfig.
+        # Corresponds to the JSON property `tlsInspectionEnabled`
+        # @return [Boolean]
+        attr_accessor :tls_inspection_enabled
+        alias_method :tls_inspection_enabled?, :tls_inspection_enabled
+        # Output only. Time when the rule was updated.
+        # Corresponds to the JSON property `updateTime`
+        # @return [String]
+        attr_accessor :update_time
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @application_matcher = args[:application_matcher] if args.key?(:application_matcher)
+          @basic_profile = args[:basic_profile] if args.key?(:basic_profile)
+          @create_time = args[:create_time] if args.key?(:create_time)
+          @description = args[:description] if args.key?(:description)
+          @enabled = args[:enabled] if args.key?(:enabled)
+          @name = args[:name] if args.key?(:name)
+          @priority = args[:priority] if args.key?(:priority)
+          @session_matcher = args[:session_matcher] if args.key?(:session_matcher)
+          @tls_inspection_enabled = args[:tls_inspection_enabled] if args.key?(:tls_inspection_enabled)
+          @update_time = args[:update_time] if args.key?(:update_time)
+        end
+      end
+      # Specification of certificate provider. Defines the mechanism to obtain the
+      # certificate and private key for peer to peer authentication.
+      class GoogleCloudNetworksecurityV1beta1CertificateProvider
+        include Google::Apis::Core::Hashable
+        # Specification of a TLS certificate provider instance. Workloads may have one
+        # or more CertificateProvider instances (plugins) and one of them is enabled and
+        # configured by specifying this message. Workloads use the values from this
+        # message to locate and load the CertificateProvider instance configuration.
+        # Corresponds to the JSON property `certificateProviderInstance`
+        # @return [Google::Apis::NetworksecurityV1beta1::CertificateProviderInstance]
+        attr_accessor :certificate_provider_instance
+        # Specification of the GRPC Endpoint.
+        # Corresponds to the JSON property `grpcEndpoint`
+        # @return [Google::Apis::NetworksecurityV1beta1::GoogleCloudNetworksecurityV1beta1GrpcEndpoint]
+        attr_accessor :grpc_endpoint
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @certificate_provider_instance = args[:certificate_provider_instance] if args.key?(:certificate_provider_instance)
+          @grpc_endpoint = args[:grpc_endpoint] if args.key?(:grpc_endpoint)
+        end
+      end
+      # Specification of the GRPC Endpoint.
+      class GoogleCloudNetworksecurityV1beta1GrpcEndpoint
+        include Google::Apis::Core::Hashable
+        # Required. The target URI of the gRPC endpoint. Only UDS path is supported, and
+        # should start with "unix:".
+        # Corresponds to the JSON property `targetUri`
+        # @return [String]
+        attr_accessor :target_uri
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @target_uri = args[:target_uri] if args.key?(:target_uri)
+        end
+      end
+      # Specifies the audit configuration for a service. The configuration determines
+      # which permission types are logged, and what identities, if any, are exempted
+      # from logging. An AuditConfig must have one or more AuditLogConfigs. If there
+      # are AuditConfigs for both `allServices` and a specific service, the union of
+      # the two AuditConfigs is used for that service: the log_types specified in each
+      # AuditConfig are enabled, and the exempted_members in each AuditLogConfig are
+      # exempted. Example Policy with multiple AuditConfigs: ` "audit_configs": [ ` "
+      # service": "allServices", "audit_log_configs": [ ` "log_type": "DATA_READ", "
+      # exempted_members": [ "user:jose@example.com" ] `, ` "log_type": "DATA_WRITE" `,
+      # ` "log_type": "ADMIN_READ" ` ] `, ` "service": "sampleservice.googleapis.com",
+      # "audit_log_configs": [ ` "log_type": "DATA_READ" `, ` "log_type": "DATA_WRITE"
+      # , "exempted_members": [ "user:aliya@example.com" ] ` ] ` ] ` For sampleservice,
+      # this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also
+      # exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com`
+      # from DATA_WRITE logging.
+      class GoogleIamV1AuditConfig
+        include Google::Apis::Core::Hashable
+        # The configuration for logging of each type of permission.
+        # Corresponds to the JSON property `auditLogConfigs`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::GoogleIamV1AuditLogConfig>]
+        attr_accessor :audit_log_configs
+        # Specifies a service that will be enabled for audit logging. For example, `
+        # storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special
+        # value that covers all services.
+        # Corresponds to the JSON property `service`
+        # @return [String]
+        attr_accessor :service
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @audit_log_configs = args[:audit_log_configs] if args.key?(:audit_log_configs)
+          @service = args[:service] if args.key?(:service)
+        end
+      end
+      # Provides the configuration for logging a type of permissions. Example: ` "
+      # audit_log_configs": [ ` "log_type": "DATA_READ", "exempted_members": [ "user:
+      # jose@example.com" ] `, ` "log_type": "DATA_WRITE" ` ] ` This enables '
+      # DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from
+      # DATA_READ logging.
       class GoogleIamV1AuditLogConfig
         include Google::Apis::Core::Hashable
-        # Specifies the identities that do not cause logging for this type of permission.
-        # Follows the same format of Binding.members.
-        # Corresponds to the JSON property `exemptedMembers`
-        # @return [Array<String>]
-        attr_accessor :exempted_members
+        # Specifies the identities that do not cause logging for this type of permission.
+        # Follows the same format of Binding.members.
+        # Corresponds to the JSON property `exemptedMembers`
+        # @return [Array<String>]
+        attr_accessor :exempted_members
+        # The log type that this config enables.
+        # Corresponds to the JSON property `logType`
+        # @return [String]
+        attr_accessor :log_type
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @exempted_members = args[:exempted_members] if args.key?(:exempted_members)
+          @log_type = args[:log_type] if args.key?(:log_type)
+        end
+      end
+      # Associates `members`, or principals, with a `role`.
+      class GoogleIamV1Binding
+        include Google::Apis::Core::Hashable
+        # Represents a textual expression in the Common Expression Language (CEL) syntax.
+        # CEL is a C-like expression language. The syntax and semantics of CEL are
+        # documented at https://github.com/google/cel-spec. Example (Comparison): title:
+        # "Summary size limit" description: "Determines if a summary is less than 100
+        # chars" expression: "document.summary.size() < 100" Example (Equality): title: "
+        # Requestor is owner" description: "Determines if requestor is the document
+        # owner" expression: "document.owner == request.auth.claims.email" Example (
+        # Logic): title: "Public documents" description: "Determine whether the document
+        # should be publicly visible" expression: "document.type != 'private' &&
+        # document.type != 'internal'" Example (Data Manipulation): title: "Notification
+        # string" description: "Create a notification string with a timestamp."
+        # expression: "'New message received at ' + string(document.create_time)" The
+        # exact variables and functions that may be referenced within an expression are
+        # determined by the service that evaluates it. See the service documentation for
+        # additional information.
+        # Corresponds to the JSON property `condition`
+        # @return [Google::Apis::NetworksecurityV1beta1::Expr]
+        attr_accessor :condition
+        # Specifies the principals requesting access for a Google Cloud resource. `
+        # members` can have the following values: * `allUsers`: A special identifier
+        # that represents anyone who is on the internet; with or without a Google
+        # account. * `allAuthenticatedUsers`: A special identifier that represents
+        # anyone who is authenticated with a Google account or a service account. Does
+        # not include identities that come from external identity providers (IdPs)
+        # through identity federation. * `user:`emailid``: An email address that
+        # represents a specific Google account. For example, `alice@example.com` . * `
+        # serviceAccount:`emailid``: An email address that represents a Google service
+        # account. For example, `my-other-app@appspot.gserviceaccount.com`. * `
+        # serviceAccount:`projectid`.svc.id.goog[`namespace`/`kubernetes-sa`]`: An
+        # identifier for a [Kubernetes service account](https://cloud.google.com/
+        # kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-
+        # project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:`emailid``: An
+        # email address that represents a Google group. For example, `admins@example.com`
+        # . * `domain:`domain``: The G Suite domain (primary) that represents all the
+        # users of that domain. For example, `google.com` or `example.com`. * `principal:
+        # //iam.googleapis.com/locations/global/workforcePools/`pool_id`/subject/`
+        # subject_attribute_value``: A single identity in a workforce identity pool. * `
+        # principalSet://iam.googleapis.com/locations/global/workforcePools/`pool_id`/
+        # group/`group_id``: All workforce identities in a group. * `principalSet://iam.
+        # googleapis.com/locations/global/workforcePools/`pool_id`/attribute.`
+        # attribute_name`/`attribute_value``: All workforce identities with a specific
+        # attribute value. * `principalSet://iam.googleapis.com/locations/global/
+        # workforcePools/`pool_id`/*`: All identities in a workforce identity pool. * `
+        # principal://iam.googleapis.com/projects/`project_number`/locations/global/
+        # workloadIdentityPools/`pool_id`/subject/`subject_attribute_value``: A single
+        # identity in a workload identity pool. * `principalSet://iam.googleapis.com/
+        # projects/`project_number`/locations/global/workloadIdentityPools/`pool_id`/
+        # group/`group_id``: A workload identity pool group. * `principalSet://iam.
+        # googleapis.com/projects/`project_number`/locations/global/
+        # workloadIdentityPools/`pool_id`/attribute.`attribute_name`/`attribute_value``:
+        # All identities in a workload identity pool with a certain attribute. * `
+        # principalSet://iam.googleapis.com/projects/`project_number`/locations/global/
+        # workloadIdentityPools/`pool_id`/*`: All identities in a workload identity pool.
+        # * `deleted:user:`emailid`?uid=`uniqueid``: An email address (plus unique
+        # identifier) representing a user that has been recently deleted. For example, `
+        # alice@example.com?uid=123456789012345678901`. If the user is recovered, this
+        # value reverts to `user:`emailid`` and the recovered user retains the role in
+        # the binding. * `deleted:serviceAccount:`emailid`?uid=`uniqueid``: An email
+        # address (plus unique identifier) representing a service account that has been
+        # recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=
+        # 123456789012345678901`. If the service account is undeleted, this value
+        # reverts to `serviceAccount:`emailid`` and the undeleted service account
+        # retains the role in the binding. * `deleted:group:`emailid`?uid=`uniqueid``:
+        # An email address (plus unique identifier) representing a Google group that has
+        # been recently deleted. For example, `admins@example.com?uid=
+        # 123456789012345678901`. If the group is recovered, this value reverts to `
+        # group:`emailid`` and the recovered group retains the role in the binding. * `
+        # deleted:principal://iam.googleapis.com/locations/global/workforcePools/`
+        # pool_id`/subject/`subject_attribute_value``: Deleted single identity in a
+        # workforce identity pool. For example, `deleted:principal://iam.googleapis.com/
+        # locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.
+        # Corresponds to the JSON property `members`
+        # @return [Array<String>]
+        attr_accessor :members
+        # Role that is assigned to the list of `members`, or principals. For example, `
+        # roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM
+        # roles and permissions, see the [IAM documentation](https://cloud.google.com/
+        # iam/docs/roles-overview). For a list of the available pre-defined roles, see [
+        # here](https://cloud.google.com/iam/docs/understanding-roles).
+        # Corresponds to the JSON property `role`
+        # @return [String]
+        attr_accessor :role
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @condition = args[:condition] if args.key?(:condition)
+          @members = args[:members] if args.key?(:members)
+          @role = args[:role] if args.key?(:role)
+        end
+      end
+      # An Identity and Access Management (IAM) policy, which specifies access
+      # controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
+      # A `binding` binds one or more `members`, or principals, to a single `role`.
+      # Principals can be user accounts, service accounts, Google groups, and domains (
+      # such as G Suite). A `role` is a named list of permissions; each `role` can be
+      # an IAM predefined role or a user-created custom role. For some types of Google
+      # Cloud resources, a `binding` can also specify a `condition`, which is a
+      # logical expression that allows access to a resource only if the expression
+      # evaluates to `true`. A condition can add constraints based on attributes of
+      # the request, the resource, or both. To learn which resources support
+      # conditions in their IAM policies, see the [IAM documentation](https://cloud.
+      # google.com/iam/help/conditions/resource-policies). **JSON example:** ``` ` "
+      # bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
+      # "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
+      # serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
+      # roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
+      # ], "condition": ` "title": "expirable access", "description": "Does not grant
+      # access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
+      # 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` ``` **YAML
+      # example:** ``` bindings: - members: - user:mike@example.com - group:admins@
+      # example.com - domain:google.com - serviceAccount:my-project-id@appspot.
+      # gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: -
+      # user:eve@example.com role: roles/resourcemanager.organizationViewer condition:
+      # title: expirable access description: Does not grant access after Sep 2020
+      # expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag:
+      # BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the
+      # [IAM documentation](https://cloud.google.com/iam/docs/).
+      class GoogleIamV1Policy
+        include Google::Apis::Core::Hashable
+        # Specifies cloud audit logging configuration for this policy.
+        # Corresponds to the JSON property `auditConfigs`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::GoogleIamV1AuditConfig>]
+        attr_accessor :audit_configs
+        # Associates a list of `members`, or principals, with a `role`. Optionally, may
+        # specify a `condition` that determines how and when the `bindings` are applied.
+        # Each of the `bindings` must contain at least one principal. The `bindings` in
+        # a `Policy` can refer to up to 1,500 principals; up to 250 of these principals
+        # can be Google groups. Each occurrence of a principal counts towards these
+        # limits. For example, if the `bindings` grant 50 different roles to `user:alice@
+        # example.com`, and not to any other principal, then you can add another 1,450
+        # principals to the `bindings` in the `Policy`.
+        # Corresponds to the JSON property `bindings`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::GoogleIamV1Binding>]
+        attr_accessor :bindings
+        # `etag` is used for optimistic concurrency control as a way to help prevent
+        # simultaneous updates of a policy from overwriting each other. It is strongly
+        # suggested that systems make use of the `etag` in the read-modify-write cycle
+        # to perform policy updates in order to avoid race conditions: An `etag` is
+        # returned in the response to `getIamPolicy`, and systems are expected to put
+        # that etag in the request to `setIamPolicy` to ensure that their change will be
+        # applied to the same version of the policy. **Important:** If you use IAM
+        # Conditions, you must include the `etag` field whenever you call `setIamPolicy`.
+        # If you omit this field, then IAM allows you to overwrite a version `3` policy
+        # with a version `1` policy, and all of the conditions in the version `3` policy
+        # are lost.
+        # Corresponds to the JSON property `etag`
+        # NOTE: Values are automatically base64 encoded/decoded in the client library.
+        # @return [String]
+        attr_accessor :etag
+        # Specifies the format of the policy. Valid values are `0`, `1`, and `3`.
+        # Requests that specify an invalid value are rejected. Any operation that
+        # affects conditional role bindings must specify version `3`. This requirement
+        # applies to the following operations: * Getting a policy that includes a
+        # conditional role binding * Adding a conditional role binding to a policy *
+        # Changing a conditional role binding in a policy * Removing any role binding,
+        # with or without a condition, from a policy that includes conditions **
+        # Important:** If you use IAM Conditions, you must include the `etag` field
+        # whenever you call `setIamPolicy`. If you omit this field, then IAM allows you
+        # to overwrite a version `3` policy with a version `1` policy, and all of the
+        # conditions in the version `3` policy are lost. If a policy does not include
+        # any conditions, operations on that policy may specify any valid version or
+        # leave the field unset. To learn which resources support conditions in their
+        # IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/
+        # conditions/resource-policies).
+        # Corresponds to the JSON property `version`
+        # @return [Fixnum]
+        attr_accessor :version
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @audit_configs = args[:audit_configs] if args.key?(:audit_configs)
+          @bindings = args[:bindings] if args.key?(:bindings)
+          @etag = args[:etag] if args.key?(:etag)
+          @version = args[:version] if args.key?(:version)
+        end
+      end
+      # Request message for `SetIamPolicy` method.
+      class GoogleIamV1SetIamPolicyRequest
+        include Google::Apis::Core::Hashable
+        # An Identity and Access Management (IAM) policy, which specifies access
+        # controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
+        # A `binding` binds one or more `members`, or principals, to a single `role`.
+        # Principals can be user accounts, service accounts, Google groups, and domains (
+        # such as G Suite). A `role` is a named list of permissions; each `role` can be
+        # an IAM predefined role or a user-created custom role. For some types of Google
+        # Cloud resources, a `binding` can also specify a `condition`, which is a
+        # logical expression that allows access to a resource only if the expression
+        # evaluates to `true`. A condition can add constraints based on attributes of
+        # the request, the resource, or both. To learn which resources support
+        # conditions in their IAM policies, see the [IAM documentation](https://cloud.
+        # google.com/iam/help/conditions/resource-policies). **JSON example:** ``` ` "
+        # bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
+        # "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
+        # serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
+        # roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
+        # ], "condition": ` "title": "expirable access", "description": "Does not grant
+        # access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
+        # 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` ``` **YAML
+        # example:** ``` bindings: - members: - user:mike@example.com - group:admins@
+        # example.com - domain:google.com - serviceAccount:my-project-id@appspot.
+        # gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: -
+        # user:eve@example.com role: roles/resourcemanager.organizationViewer condition:
+        # title: expirable access description: Does not grant access after Sep 2020
+        # expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag:
+        # BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the
+        # [IAM documentation](https://cloud.google.com/iam/docs/).
+        # Corresponds to the JSON property `policy`
+        # @return [Google::Apis::NetworksecurityV1beta1::GoogleIamV1Policy]
+        attr_accessor :policy
-        # The log type that this config enables.
-        # Corresponds to the JSON property `logType`
+        # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
+        # the fields in the mask will be modified. If no mask is provided, the following
+        # default mask is used: `paths: "bindings, etag"`
+        # Corresponds to the JSON property `updateMask`
         # @return [String]
-        attr_accessor :log_type
+        attr_accessor :update_mask
         def initialize(**args)
            update!(**args)
@@ -873,99 +1673,131 @@ module Google
         # Update properties of this object
         def update!(**args)
-          @exempted_members = args[:exempted_members] if args.key?(:exempted_members)
-          @log_type = args[:log_type] if args.key?(:log_type)
+          @policy = args[:policy] if args.key?(:policy)
+          @update_mask = args[:update_mask] if args.key?(:update_mask)
         end
       end
-      # Associates `members`, or principals, with a `role`.
-      class GoogleIamV1Binding
+      # Request message for `TestIamPermissions` method.
+      class GoogleIamV1TestIamPermissionsRequest
         include Google::Apis::Core::Hashable
-        # Represents a textual expression in the Common Expression Language (CEL) syntax.
-        # CEL is a C-like expression language. The syntax and semantics of CEL are
-        # documented at https://github.com/google/cel-spec. Example (Comparison): title:
-        # "Summary size limit" description: "Determines if a summary is less than 100
-        # chars" expression: "document.summary.size() < 100" Example (Equality): title: "
-        # Requestor is owner" description: "Determines if requestor is the document
-        # owner" expression: "document.owner == request.auth.claims.email" Example (
-        # Logic): title: "Public documents" description: "Determine whether the document
-        # should be publicly visible" expression: "document.type != 'private' &&
-        # document.type != 'internal'" Example (Data Manipulation): title: "Notification
-        # string" description: "Create a notification string with a timestamp."
-        # expression: "'New message received at ' + string(document.create_time)" The
-        # exact variables and functions that may be referenced within an expression are
-        # determined by the service that evaluates it. See the service documentation for
-        # additional information.
-        # Corresponds to the JSON property `condition`
-        # @return [Google::Apis::NetworksecurityV1beta1::Expr]
-        attr_accessor :condition
+        # The set of permissions to check for the `resource`. Permissions with wildcards
+        # (such as `*` or `storage.*`) are not allowed. For more information see [IAM
+        # Overview](https://cloud.google.com/iam/docs/overview#permissions).
+        # Corresponds to the JSON property `permissions`
+        # @return [Array<String>]
+        attr_accessor :permissions
-        # Specifies the principals requesting access for a Google Cloud resource. `
-        # members` can have the following values: * `allUsers`: A special identifier
-        # that represents anyone who is on the internet; with or without a Google
-        # account. * `allAuthenticatedUsers`: A special identifier that represents
-        # anyone who is authenticated with a Google account or a service account. Does
-        # not include identities that come from external identity providers (IdPs)
-        # through identity federation. * `user:`emailid``: An email address that
-        # represents a specific Google account. For example, `alice@example.com` . * `
-        # serviceAccount:`emailid``: An email address that represents a Google service
-        # account. For example, `my-other-app@appspot.gserviceaccount.com`. * `
-        # serviceAccount:`projectid`.svc.id.goog[`namespace`/`kubernetes-sa`]`: An
-        # identifier for a [Kubernetes service account](https://cloud.google.com/
-        # kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-
-        # project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:`emailid``: An
-        # email address that represents a Google group. For example, `admins@example.com`
-        # . * `domain:`domain``: The G Suite domain (primary) that represents all the
-        # users of that domain. For example, `google.com` or `example.com`. * `principal:
-        # //iam.googleapis.com/locations/global/workforcePools/`pool_id`/subject/`
-        # subject_attribute_value``: A single identity in a workforce identity pool. * `
-        # principalSet://iam.googleapis.com/locations/global/workforcePools/`pool_id`/
-        # group/`group_id``: All workforce identities in a group. * `principalSet://iam.
-        # googleapis.com/locations/global/workforcePools/`pool_id`/attribute.`
-        # attribute_name`/`attribute_value``: All workforce identities with a specific
-        # attribute value. * `principalSet://iam.googleapis.com/locations/global/
-        # workforcePools/`pool_id`/*`: All identities in a workforce identity pool. * `
-        # principal://iam.googleapis.com/projects/`project_number`/locations/global/
-        # workloadIdentityPools/`pool_id`/subject/`subject_attribute_value``: A single
-        # identity in a workload identity pool. * `principalSet://iam.googleapis.com/
-        # projects/`project_number`/locations/global/workloadIdentityPools/`pool_id`/
-        # group/`group_id``: A workload identity pool group. * `principalSet://iam.
-        # googleapis.com/projects/`project_number`/locations/global/
-        # workloadIdentityPools/`pool_id`/attribute.`attribute_name`/`attribute_value``:
-        # All identities in a workload identity pool with a certain attribute. * `
-        # principalSet://iam.googleapis.com/projects/`project_number`/locations/global/
-        # workloadIdentityPools/`pool_id`/*`: All identities in a workload identity pool.
-        # * `deleted:user:`emailid`?uid=`uniqueid``: An email address (plus unique
-        # identifier) representing a user that has been recently deleted. For example, `
-        # alice@example.com?uid=123456789012345678901`. If the user is recovered, this
-        # value reverts to `user:`emailid`` and the recovered user retains the role in
-        # the binding. * `deleted:serviceAccount:`emailid`?uid=`uniqueid``: An email
-        # address (plus unique identifier) representing a service account that has been
-        # recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=
-        # 123456789012345678901`. If the service account is undeleted, this value
-        # reverts to `serviceAccount:`emailid`` and the undeleted service account
-        # retains the role in the binding. * `deleted:group:`emailid`?uid=`uniqueid``:
-        # An email address (plus unique identifier) representing a Google group that has
-        # been recently deleted. For example, `admins@example.com?uid=
-        # 123456789012345678901`. If the group is recovered, this value reverts to `
-        # group:`emailid`` and the recovered group retains the role in the binding. * `
-        # deleted:principal://iam.googleapis.com/locations/global/workforcePools/`
-        # pool_id`/subject/`subject_attribute_value``: Deleted single identity in a
-        # workforce identity pool. For example, `deleted:principal://iam.googleapis.com/
-        # locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.
-        # Corresponds to the JSON property `members`
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @permissions = args[:permissions] if args.key?(:permissions)
+        end
+      end
+      # Response message for `TestIamPermissions` method.
+      class GoogleIamV1TestIamPermissionsResponse
+        include Google::Apis::Core::Hashable
+        # A subset of `TestPermissionsRequest.permissions` that the caller is allowed.
+        # Corresponds to the JSON property `permissions`
         # @return [Array<String>]
-        attr_accessor :members
+        attr_accessor :permissions
-        # Role that is assigned to the list of `members`, or principals. For example, `
-        # roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM
-        # roles and permissions, see the [IAM documentation](https://cloud.google.com/
-        # iam/docs/roles-overview). For a list of the available pre-defined roles, see [
-        # here](https://cloud.google.com/iam/docs/understanding-roles).
-        # Corresponds to the JSON property `role`
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @permissions = args[:permissions] if args.key?(:permissions)
+        end
+      end
+      # Specification of HTTP header match attributes.
+      class HttpHeaderMatch
+        include Google::Apis::Core::Hashable
+        # Required. The name of the HTTP header to match. For matching against the HTTP
+        # request's authority, use a headerMatch with the header name ":authority". For
+        # matching a request's method, use the headerName ":method".
+        # Corresponds to the JSON property `headerName`
+        # @return [String]
+        attr_accessor :header_name
+        # Required. The value of the header must match the regular expression specified
+        # in regexMatch. For regular expression grammar, please see: en.cppreference.com/
+        # w/cpp/regex/ecmascript For matching against a port specified in the HTTP
+        # request, use a headerMatch with headerName set to Host and a regular
+        # expression that satisfies the RFC2616 Host header's port specifier.
+        # Corresponds to the JSON property `regexMatch`
+        # @return [String]
+        attr_accessor :regex_match
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @header_name = args[:header_name] if args.key?(:header_name)
+          @regex_match = args[:regex_match] if args.key?(:regex_match)
+        end
+      end
+      # Message describing InterceptDeployment object
+      class InterceptDeployment
+        include Google::Apis::Core::Hashable
+        # Output only. [Output only] Create time stamp
+        # Corresponds to the JSON property `createTime`
+        # @return [String]
+        attr_accessor :create_time
+        # Required. Immutable. The regional load balancer which the intercepted traffic
+        # should be forwarded to. Format is: projects/`project`/regions/`region`/
+        # forwardingRules/`forwardingRule`
+        # Corresponds to the JSON property `forwardingRule`
+        # @return [String]
+        attr_accessor :forwarding_rule
+        # Required. Immutable. The Intercept Deployment Group that this resource is part
+        # of. Format is: `projects/`project`/locations/global/interceptDeploymentGroups/`
+        # interceptDeploymentGroup``
+        # Corresponds to the JSON property `interceptDeploymentGroup`
+        # @return [String]
+        attr_accessor :intercept_deployment_group
+        # Optional. Labels as key value pairs
+        # Corresponds to the JSON property `labels`
+        # @return [Hash<String,String>]
+        attr_accessor :labels
+        # Immutable. Identifier. The name of the InterceptDeployment.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # Output only. Whether reconciling is in progress, recommended per https://
+        # google.aip.dev/128.
+        # Corresponds to the JSON property `reconciling`
+        # @return [Boolean]
+        attr_accessor :reconciling
+        alias_method :reconciling?, :reconciling
+        # Output only. Current state of the deployment.
+        # Corresponds to the JSON property `state`
         # @return [String]
-        attr_accessor :role
+        attr_accessor :state
+        # Output only. [Output only] Update time stamp
+        # Corresponds to the JSON property `updateTime`
+        # @return [String]
+        attr_accessor :update_time
         def initialize(**args)
            update!(**args)
@@ -973,93 +1805,64 @@ module Google
         # Update properties of this object
         def update!(**args)
-          @condition = args[:condition] if args.key?(:condition)
-          @members = args[:members] if args.key?(:members)
-          @role = args[:role] if args.key?(:role)
+          @create_time = args[:create_time] if args.key?(:create_time)
+          @forwarding_rule = args[:forwarding_rule] if args.key?(:forwarding_rule)
+          @intercept_deployment_group = args[:intercept_deployment_group] if args.key?(:intercept_deployment_group)
+          @labels = args[:labels] if args.key?(:labels)
+          @name = args[:name] if args.key?(:name)
+          @reconciling = args[:reconciling] if args.key?(:reconciling)
+          @state = args[:state] if args.key?(:state)
+          @update_time = args[:update_time] if args.key?(:update_time)
         end
       end
-      # An Identity and Access Management (IAM) policy, which specifies access
-      # controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
-      # A `binding` binds one or more `members`, or principals, to a single `role`.
-      # Principals can be user accounts, service accounts, Google groups, and domains (
-      # such as G Suite). A `role` is a named list of permissions; each `role` can be
-      # an IAM predefined role or a user-created custom role. For some types of Google
-      # Cloud resources, a `binding` can also specify a `condition`, which is a
-      # logical expression that allows access to a resource only if the expression
-      # evaluates to `true`. A condition can add constraints based on attributes of
-      # the request, the resource, or both. To learn which resources support
-      # conditions in their IAM policies, see the [IAM documentation](https://cloud.
-      # google.com/iam/help/conditions/resource-policies). **JSON example:** ``` ` "
-      # bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
-      # "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
-      # serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
-      # roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
-      # ], "condition": ` "title": "expirable access", "description": "Does not grant
-      # access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
-      # 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` ``` **YAML
-      # example:** ``` bindings: - members: - user:mike@example.com - group:admins@
-      # example.com - domain:google.com - serviceAccount:my-project-id@appspot.
-      # gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: -
-      # user:eve@example.com role: roles/resourcemanager.organizationViewer condition:
-      # title: expirable access description: Does not grant access after Sep 2020
-      # expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag:
-      # BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the
-      # [IAM documentation](https://cloud.google.com/iam/docs/).
-      class GoogleIamV1Policy
+      # Message describing InterceptDeploymentGroup object
+      class InterceptDeploymentGroup
         include Google::Apis::Core::Hashable
-        # Specifies cloud audit logging configuration for this policy.
-        # Corresponds to the JSON property `auditConfigs`
-        # @return [Array<Google::Apis::NetworksecurityV1beta1::GoogleIamV1AuditConfig>]
-        attr_accessor :audit_configs
+        # Output only. The list of Intercept Endpoint Groups that are connected to this
+        # resource.
+        # Corresponds to the JSON property `connectedEndpointGroups`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::InterceptDeploymentGroupConnectedEndpointGroup>]
+        attr_accessor :connected_endpoint_groups
-        # Associates a list of `members`, or principals, with a `role`. Optionally, may
-        # specify a `condition` that determines how and when the `bindings` are applied.
-        # Each of the `bindings` must contain at least one principal. The `bindings` in
-        # a `Policy` can refer to up to 1,500 principals; up to 250 of these principals
-        # can be Google groups. Each occurrence of a principal counts towards these
-        # limits. For example, if the `bindings` grant 50 different roles to `user:alice@
-        # example.com`, and not to any other principal, then you can add another 1,450
-        # principals to the `bindings` in the `Policy`.
-        # Corresponds to the JSON property `bindings`
-        # @return [Array<Google::Apis::NetworksecurityV1beta1::GoogleIamV1Binding>]
-        attr_accessor :bindings
+        # Output only. [Output only] Create time stamp
+        # Corresponds to the JSON property `createTime`
+        # @return [String]
+        attr_accessor :create_time
-        # `etag` is used for optimistic concurrency control as a way to help prevent
-        # simultaneous updates of a policy from overwriting each other. It is strongly
-        # suggested that systems make use of the `etag` in the read-modify-write cycle
-        # to perform policy updates in order to avoid race conditions: An `etag` is
-        # returned in the response to `getIamPolicy`, and systems are expected to put
-        # that etag in the request to `setIamPolicy` to ensure that their change will be
-        # applied to the same version of the policy. **Important:** If you use IAM
-        # Conditions, you must include the `etag` field whenever you call `setIamPolicy`.
-        # If you omit this field, then IAM allows you to overwrite a version `3` policy
-        # with a version `1` policy, and all of the conditions in the version `3` policy
-        # are lost.
-        # Corresponds to the JSON property `etag`
-        # NOTE: Values are automatically base64 encoded/decoded in the client library.
+        # Optional. Labels as key value pairs
+        # Corresponds to the JSON property `labels`
+        # @return [Hash<String,String>]
+        attr_accessor :labels
+        # Immutable. Identifier. Then name of the InterceptDeploymentGroup.
+        # Corresponds to the JSON property `name`
         # @return [String]
-        attr_accessor :etag
+        attr_accessor :name
-        # Specifies the format of the policy. Valid values are `0`, `1`, and `3`.
-        # Requests that specify an invalid value are rejected. Any operation that
-        # affects conditional role bindings must specify version `3`. This requirement
-        # applies to the following operations: * Getting a policy that includes a
-        # conditional role binding * Adding a conditional role binding to a policy *
-        # Changing a conditional role binding in a policy * Removing any role binding,
-        # with or without a condition, from a policy that includes conditions **
-        # Important:** If you use IAM Conditions, you must include the `etag` field
-        # whenever you call `setIamPolicy`. If you omit this field, then IAM allows you
-        # to overwrite a version `3` policy with a version `1` policy, and all of the
-        # conditions in the version `3` policy are lost. If a policy does not include
-        # any conditions, operations on that policy may specify any valid version or
-        # leave the field unset. To learn which resources support conditions in their
-        # IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/
-        # conditions/resource-policies).
-        # Corresponds to the JSON property `version`
-        # @return [Fixnum]
-        attr_accessor :version
+        # Required. Immutable. The network that is being used for the deployment. Format
+        # is: projects/`project`/global/networks/`network`.
+        # Corresponds to the JSON property `network`
+        # @return [String]
+        attr_accessor :network
+        # Output only. Whether reconciling is in progress, recommended per https://
+        # google.aip.dev/128.
+        # Corresponds to the JSON property `reconciling`
+        # @return [Boolean]
+        attr_accessor :reconciling
+        alias_method :reconciling?, :reconciling
+        # Output only. Current state of the deployment group.
+        # Corresponds to the JSON property `state`
+        # @return [String]
+        attr_accessor :state
+        # Output only. [Output only] Update time stamp
+        # Corresponds to the JSON property `updateTime`
+        # @return [String]
+        attr_accessor :update_time
         def initialize(**args)
            update!(**args)
@@ -1067,54 +1870,90 @@ module Google
         # Update properties of this object
         def update!(**args)
-          @audit_configs = args[:audit_configs] if args.key?(:audit_configs)
-          @bindings = args[:bindings] if args.key?(:bindings)
-          @etag = args[:etag] if args.key?(:etag)
-          @version = args[:version] if args.key?(:version)
+          @connected_endpoint_groups = args[:connected_endpoint_groups] if args.key?(:connected_endpoint_groups)
+          @create_time = args[:create_time] if args.key?(:create_time)
+          @labels = args[:labels] if args.key?(:labels)
+          @name = args[:name] if args.key?(:name)
+          @network = args[:network] if args.key?(:network)
+          @reconciling = args[:reconciling] if args.key?(:reconciling)
+          @state = args[:state] if args.key?(:state)
+          @update_time = args[:update_time] if args.key?(:update_time)
         end
       end
-      # Request message for `SetIamPolicy` method.
-      class GoogleIamV1SetIamPolicyRequest
+      # An endpoint group connected to this deployment group.
+      class InterceptDeploymentGroupConnectedEndpointGroup
         include Google::Apis::Core::Hashable
-        # An Identity and Access Management (IAM) policy, which specifies access
-        # controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
-        # A `binding` binds one or more `members`, or principals, to a single `role`.
-        # Principals can be user accounts, service accounts, Google groups, and domains (
-        # such as G Suite). A `role` is a named list of permissions; each `role` can be
-        # an IAM predefined role or a user-created custom role. For some types of Google
-        # Cloud resources, a `binding` can also specify a `condition`, which is a
-        # logical expression that allows access to a resource only if the expression
-        # evaluates to `true`. A condition can add constraints based on attributes of
-        # the request, the resource, or both. To learn which resources support
-        # conditions in their IAM policies, see the [IAM documentation](https://cloud.
-        # google.com/iam/help/conditions/resource-policies). **JSON example:** ``` ` "
-        # bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
-        # "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
-        # serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
-        # roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
-        # ], "condition": ` "title": "expirable access", "description": "Does not grant
-        # access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
-        # 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` ``` **YAML
-        # example:** ``` bindings: - members: - user:mike@example.com - group:admins@
-        # example.com - domain:google.com - serviceAccount:my-project-id@appspot.
-        # gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: -
-        # user:eve@example.com role: roles/resourcemanager.organizationViewer condition:
-        # title: expirable access description: Does not grant access after Sep 2020
-        # expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag:
-        # BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the
-        # [IAM documentation](https://cloud.google.com/iam/docs/).
-        # Corresponds to the JSON property `policy`
-        # @return [Google::Apis::NetworksecurityV1beta1::GoogleIamV1Policy]
-        attr_accessor :policy
+        # Output only. A connected intercept endpoint group.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
-        # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
-        # the fields in the mask will be modified. If no mask is provided, the following
-        # default mask is used: `paths: "bindings, etag"`
-        # Corresponds to the JSON property `updateMask`
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @name = args[:name] if args.key?(:name)
+        end
+      end
+      # Message describing InterceptEndpointGroup object.
+      class InterceptEndpointGroup
+        include Google::Apis::Core::Hashable
+        # Output only. List of Intercept Endpoint Group Associations that are associated
+        # to this endpoint group.
+        # Corresponds to the JSON property `associations`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::InterceptEndpointGroupAssociationDetails>]
+        attr_accessor :associations
+        # Output only. [Output only] Create time stamp
+        # Corresponds to the JSON property `createTime`
         # @return [String]
-        attr_accessor :update_mask
+        attr_accessor :create_time
+        # Optional. User-provided description of the endpoint group. Used as additional
+        # context for the endpoint group.
+        # Corresponds to the JSON property `description`
+        # @return [String]
+        attr_accessor :description
+        # Required. Immutable. The Intercept Deployment Group that this resource is
+        # connected to. Format is: `projects/`project`/locations/global/
+        # interceptDeploymentGroups/`interceptDeploymentGroup``
+        # Corresponds to the JSON property `interceptDeploymentGroup`
+        # @return [String]
+        attr_accessor :intercept_deployment_group
+        # Optional. Labels as key value pairs
+        # Corresponds to the JSON property `labels`
+        # @return [Hash<String,String>]
+        attr_accessor :labels
+        # Immutable. Identifier. The name of the InterceptEndpointGroup.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # Output only. Whether reconciling is in progress, recommended per https://
+        # google.aip.dev/128.
+        # Corresponds to the JSON property `reconciling`
+        # @return [Boolean]
+        attr_accessor :reconciling
+        alias_method :reconciling?, :reconciling
+        # Output only. Current state of the endpoint group.
+        # Corresponds to the JSON property `state`
+        # @return [String]
+        attr_accessor :state
+        # Output only. [Output only] Update time stamp
+        # Corresponds to the JSON property `updateTime`
+        # @return [String]
+        attr_accessor :update_time
         def initialize(**args)
            update!(**args)
@@ -1122,21 +1961,71 @@ module Google
         # Update properties of this object
         def update!(**args)
-          @policy = args[:policy] if args.key?(:policy)
-          @update_mask = args[:update_mask] if args.key?(:update_mask)
+          @associations = args[:associations] if args.key?(:associations)
+          @create_time = args[:create_time] if args.key?(:create_time)
+          @description = args[:description] if args.key?(:description)
+          @intercept_deployment_group = args[:intercept_deployment_group] if args.key?(:intercept_deployment_group)
+          @labels = args[:labels] if args.key?(:labels)
+          @name = args[:name] if args.key?(:name)
+          @reconciling = args[:reconciling] if args.key?(:reconciling)
+          @state = args[:state] if args.key?(:state)
+          @update_time = args[:update_time] if args.key?(:update_time)
         end
       end
-      # Request message for `TestIamPermissions` method.
-      class GoogleIamV1TestIamPermissionsRequest
-        include Google::Apis::Core::Hashable
+      # Message describing InterceptEndpointGroupAssociation object
+      class InterceptEndpointGroupAssociation
+        include Google::Apis::Core::Hashable
+        # Output only. [Output only] Create time stamp
+        # Corresponds to the JSON property `createTime`
+        # @return [String]
+        attr_accessor :create_time
+        # Required. Immutable. The Intercept Endpoint Group that this resource is
+        # connected to. Format is: `projects/`project`/locations/global/
+        # interceptEndpointGroups/`interceptEndpointGroup``
+        # Corresponds to the JSON property `interceptEndpointGroup`
+        # @return [String]
+        attr_accessor :intercept_endpoint_group
+        # Optional. Labels as key value pairs
+        # Corresponds to the JSON property `labels`
+        # @return [Hash<String,String>]
+        attr_accessor :labels
+        # Output only. The list of locations that this association is in and its details.
+        # Corresponds to the JSON property `locationsDetails`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::InterceptEndpointGroupAssociationLocationDetails>]
+        attr_accessor :locations_details
+        # Immutable. Identifier. The name of the InterceptEndpointGroupAssociation.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # Required. Immutable. The VPC network associated. Format: projects/`project`/
+        # global/networks/`network`.
+        # Corresponds to the JSON property `network`
+        # @return [String]
+        attr_accessor :network
+        # Output only. Whether reconciling is in progress, recommended per https://
+        # google.aip.dev/128.
+        # Corresponds to the JSON property `reconciling`
+        # @return [Boolean]
+        attr_accessor :reconciling
+        alias_method :reconciling?, :reconciling
+        # Output only. Current state of the endpoint group association.
+        # Corresponds to the JSON property `state`
+        # @return [String]
+        attr_accessor :state
-        # The set of permissions to check for the `resource`. Permissions with wildcards
-        # (such as `*` or `storage.*`) are not allowed. For more information see [IAM
-        # Overview](https://cloud.google.com/iam/docs/overview#permissions).
-        # Corresponds to the JSON property `permissions`
-        # @return [Array<String>]
-        attr_accessor :permissions
+        # Output only. [Output only] Update time stamp
+        # Corresponds to the JSON property `updateTime`
+        # @return [String]
+        attr_accessor :update_time
         def initialize(**args)
            update!(**args)
@@ -1144,18 +2033,40 @@ module Google
         # Update properties of this object
         def update!(**args)
-          @permissions = args[:permissions] if args.key?(:permissions)
+          @create_time = args[:create_time] if args.key?(:create_time)
+          @intercept_endpoint_group = args[:intercept_endpoint_group] if args.key?(:intercept_endpoint_group)
+          @labels = args[:labels] if args.key?(:labels)
+          @locations_details = args[:locations_details] if args.key?(:locations_details)
+          @name = args[:name] if args.key?(:name)
+          @network = args[:network] if args.key?(:network)
+          @reconciling = args[:reconciling] if args.key?(:reconciling)
+          @state = args[:state] if args.key?(:state)
+          @update_time = args[:update_time] if args.key?(:update_time)
         end
       end
-      # Response message for `TestIamPermissions` method.
-      class GoogleIamV1TestIamPermissionsResponse
+      # This is a subset of the InterceptEndpointGroupAssociation message, containing
+      # fields to be used by the consumer.
+      class InterceptEndpointGroupAssociationDetails
         include Google::Apis::Core::Hashable
-        # A subset of `TestPermissionsRequest.permissions` that the caller is allowed.
-        # Corresponds to the JSON property `permissions`
-        # @return [Array<String>]
-        attr_accessor :permissions
+        # Output only. The resource name of the InterceptEndpointGroupAssociation.
+        # Format: projects/`project`/locations/`location`/
+        # interceptEndpointGroupAssociations/`interceptEndpointGroupAssociation`
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # Output only. The VPC network associated. Format: projects/`project`/global/
+        # networks/`name`.
+        # Corresponds to the JSON property `network`
+        # @return [String]
+        attr_accessor :network
+        # Output only. Current state of the association.
+        # Corresponds to the JSON property `state`
+        # @return [String]
+        attr_accessor :state
         def initialize(**args)
            update!(**args)
@@ -1163,29 +2074,25 @@ module Google
         # Update properties of this object
         def update!(**args)
-          @permissions = args[:permissions] if args.key?(:permissions)
+          @name = args[:name] if args.key?(:name)
+          @network = args[:network] if args.key?(:network)
+          @state = args[:state] if args.key?(:state)
         end
       end
-      # Specification of HTTP header match attributes.
-      class HttpHeaderMatch
+      # Details about the association status in a specific cloud location.
+      class InterceptEndpointGroupAssociationLocationDetails
         include Google::Apis::Core::Hashable
-        # Required. The name of the HTTP header to match. For matching against the HTTP
-        # request's authority, use a headerMatch with the header name ":authority". For
-        # matching a request's method, use the headerName ":method".
-        # Corresponds to the JSON property `headerName`
+        # Output only. The cloud location.
+        # Corresponds to the JSON property `location`
         # @return [String]
-        attr_accessor :header_name
+        attr_accessor :location
-        # Required. The value of the header must match the regular expression specified
-        # in regexMatch. For regular expression grammar, please see: en.cppreference.com/
-        # w/cpp/regex/ecmascript For matching against a port specified in the HTTP
-        # request, use a headerMatch with headerName set to Host and a regular
-        # expression that satisfies the RFC2616 Host header's port specifier.
-        # Corresponds to the JSON property `regexMatch`
+        # Output only. The association state in this location.
+        # Corresponds to the JSON property `state`
         # @return [String]
-        attr_accessor :regex_match
+        attr_accessor :state
         def initialize(**args)
            update!(**args)
@@ -1193,8 +2100,8 @@ module Google
         # Update properties of this object
         def update!(**args)
-          @header_name = args[:header_name] if args.key?(:header_name)
-          @regex_match = args[:regex_match] if args.key?(:regex_match)
+          @location = args[:location] if args.key?(:location)
+          @state = args[:state] if args.key?(:state)
         end
       end
@@ -1310,6 +2217,37 @@ module Google
         end
       end
+      # Message for response to listing `AuthzPolicy` resources.
+      class ListAuthzPoliciesResponse
+        include Google::Apis::Core::Hashable
+        # The list of `AuthzPolicy` resources.
+        # Corresponds to the JSON property `authzPolicies`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::AuthzPolicy>]
+        attr_accessor :authz_policies
+        # A token identifying a page of results that the server returns.
+        # Corresponds to the JSON property `nextPageToken`
+        # @return [String]
+        attr_accessor :next_page_token
+        # Locations that could not be reached.
+        # Corresponds to the JSON property `unreachable`
+        # @return [Array<String>]
+        attr_accessor :unreachable
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @authz_policies = args[:authz_policies] if args.key?(:authz_policies)
+          @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
+          @unreachable = args[:unreachable] if args.key?(:unreachable)
+        end
+      end
       # Response returned by the ListClientTlsPolicies method.
       class ListClientTlsPoliciesResponse
         include Google::Apis::Core::Hashable
@@ -1459,22 +2397,234 @@ module Google
         # Update properties of this object
         def update!(**args)
-          @gateway_security_policy_rules = args[:gateway_security_policy_rules] if args.key?(:gateway_security_policy_rules)
+          @gateway_security_policy_rules = args[:gateway_security_policy_rules] if args.key?(:gateway_security_policy_rules)
+          @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
+          @unreachable = args[:unreachable] if args.key?(:unreachable)
+        end
+      end
+      # Message for response to listing InterceptDeploymentGroups
+      class ListInterceptDeploymentGroupsResponse
+        include Google::Apis::Core::Hashable
+        # The list of InterceptDeploymentGroup
+        # Corresponds to the JSON property `interceptDeploymentGroups`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::InterceptDeploymentGroup>]
+        attr_accessor :intercept_deployment_groups
+        # A token identifying a page of results the server should return.
+        # Corresponds to the JSON property `nextPageToken`
+        # @return [String]
+        attr_accessor :next_page_token
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @intercept_deployment_groups = args[:intercept_deployment_groups] if args.key?(:intercept_deployment_groups)
+          @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
+        end
+      end
+      # Message for response to listing InterceptDeployments
+      class ListInterceptDeploymentsResponse
+        include Google::Apis::Core::Hashable
+        # The list of InterceptDeployment
+        # Corresponds to the JSON property `interceptDeployments`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::InterceptDeployment>]
+        attr_accessor :intercept_deployments
+        # A token identifying a page of results the server should return.
+        # Corresponds to the JSON property `nextPageToken`
+        # @return [String]
+        attr_accessor :next_page_token
+        # Locations that could not be reached.
+        # Corresponds to the JSON property `unreachable`
+        # @return [Array<String>]
+        attr_accessor :unreachable
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @intercept_deployments = args[:intercept_deployments] if args.key?(:intercept_deployments)
+          @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
+          @unreachable = args[:unreachable] if args.key?(:unreachable)
+        end
+      end
+      # Message for response to listing InterceptEndpointGroupAssociations
+      class ListInterceptEndpointGroupAssociationsResponse
+        include Google::Apis::Core::Hashable
+        # The list of InterceptEndpointGroupAssociation
+        # Corresponds to the JSON property `interceptEndpointGroupAssociations`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::InterceptEndpointGroupAssociation>]
+        attr_accessor :intercept_endpoint_group_associations
+        # A token identifying a page of results the server should return.
+        # Corresponds to the JSON property `nextPageToken`
+        # @return [String]
+        attr_accessor :next_page_token
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @intercept_endpoint_group_associations = args[:intercept_endpoint_group_associations] if args.key?(:intercept_endpoint_group_associations)
+          @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
+        end
+      end
+      # Message for response to listing InterceptEndpointGroups
+      class ListInterceptEndpointGroupsResponse
+        include Google::Apis::Core::Hashable
+        # The list of InterceptEndpointGroup
+        # Corresponds to the JSON property `interceptEndpointGroups`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::InterceptEndpointGroup>]
+        attr_accessor :intercept_endpoint_groups
+        # A token identifying a page of results the server should return.
+        # Corresponds to the JSON property `nextPageToken`
+        # @return [String]
+        attr_accessor :next_page_token
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @intercept_endpoint_groups = args[:intercept_endpoint_groups] if args.key?(:intercept_endpoint_groups)
+          @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
+        end
+      end
+      # The response message for Locations.ListLocations.
+      class ListLocationsResponse
+        include Google::Apis::Core::Hashable
+        # A list of locations that matches the specified filter in the request.
+        # Corresponds to the JSON property `locations`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::Location>]
+        attr_accessor :locations
+        # The standard List next-page token.
+        # Corresponds to the JSON property `nextPageToken`
+        # @return [String]
+        attr_accessor :next_page_token
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @locations = args[:locations] if args.key?(:locations)
+          @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
+        end
+      end
+      # Message for response to listing MirroringDeploymentGroups
+      class ListMirroringDeploymentGroupsResponse
+        include Google::Apis::Core::Hashable
+        # The list of MirroringDeploymentGroup
+        # Corresponds to the JSON property `mirroringDeploymentGroups`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::MirroringDeploymentGroup>]
+        attr_accessor :mirroring_deployment_groups
+        # A token identifying a page of results the server should return.
+        # Corresponds to the JSON property `nextPageToken`
+        # @return [String]
+        attr_accessor :next_page_token
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @mirroring_deployment_groups = args[:mirroring_deployment_groups] if args.key?(:mirroring_deployment_groups)
+          @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
+        end
+      end
+      # Message for response to listing MirroringDeployments
+      class ListMirroringDeploymentsResponse
+        include Google::Apis::Core::Hashable
+        # The list of MirroringDeployment
+        # Corresponds to the JSON property `mirroringDeployments`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::MirroringDeployment>]
+        attr_accessor :mirroring_deployments
+        # A token identifying a page of results the server should return.
+        # Corresponds to the JSON property `nextPageToken`
+        # @return [String]
+        attr_accessor :next_page_token
+        # Locations that could not be reached.
+        # Corresponds to the JSON property `unreachable`
+        # @return [Array<String>]
+        attr_accessor :unreachable
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @mirroring_deployments = args[:mirroring_deployments] if args.key?(:mirroring_deployments)
+          @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
+          @unreachable = args[:unreachable] if args.key?(:unreachable)
+        end
+      end
+      # Message for response to listing MirroringEndpointGroupAssociations
+      class ListMirroringEndpointGroupAssociationsResponse
+        include Google::Apis::Core::Hashable
+        # The list of MirroringEndpointGroupAssociation
+        # Corresponds to the JSON property `mirroringEndpointGroupAssociations`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::MirroringEndpointGroupAssociation>]
+        attr_accessor :mirroring_endpoint_group_associations
+        # A token identifying a page of results the server should return.
+        # Corresponds to the JSON property `nextPageToken`
+        # @return [String]
+        attr_accessor :next_page_token
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @mirroring_endpoint_group_associations = args[:mirroring_endpoint_group_associations] if args.key?(:mirroring_endpoint_group_associations)
           @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
-          @unreachable = args[:unreachable] if args.key?(:unreachable)
         end
       end
-      # The response message for Locations.ListLocations.
-      class ListLocationsResponse
+      # Message for response to listing MirroringEndpointGroups
+      class ListMirroringEndpointGroupsResponse
         include Google::Apis::Core::Hashable
-        # A list of locations that matches the specified filter in the request.
-        # Corresponds to the JSON property `locations`
-        # @return [Array<Google::Apis::NetworksecurityV1beta1::Location>]
-        attr_accessor :locations
+        # The list of MirroringEndpointGroup
+        # Corresponds to the JSON property `mirroringEndpointGroups`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::MirroringEndpointGroup>]
+        attr_accessor :mirroring_endpoint_groups
-        # The standard List next-page token.
+        # A token identifying a page of results the server should return.
         # Corresponds to the JSON property `nextPageToken`
         # @return [String]
         attr_accessor :next_page_token
@@ -1485,7 +2635,7 @@ module Google
         # Update properties of this object
         def update!(**args)
-          @locations = args[:locations] if args.key?(:locations)
+          @mirroring_endpoint_groups = args[:mirroring_endpoint_groups] if args.key?(:mirroring_endpoint_groups)
           @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
         end
       end
@@ -1748,6 +2898,313 @@ module Google
         end
       end
+      # Message describing MirroringDeployment object
+      class MirroringDeployment
+        include Google::Apis::Core::Hashable
+        # Output only. [Output only] Create time stamp
+        # Corresponds to the JSON property `createTime`
+        # @return [String]
+        attr_accessor :create_time
+        # Required. Immutable. The regional load balancer which the mirrored traffic
+        # should be forwarded to. Format is: projects/`project`/regions/`region`/
+        # forwardingRules/`forwardingRule`
+        # Corresponds to the JSON property `forwardingRule`
+        # @return [String]
+        attr_accessor :forwarding_rule
+        # Optional. Labels as key value pairs
+        # Corresponds to the JSON property `labels`
+        # @return [Hash<String,String>]
+        attr_accessor :labels
+        # Required. Immutable. The Mirroring Deployment Group that this resource is part
+        # of. Format is: `projects/`project`/locations/global/mirroringDeploymentGroups/`
+        # mirroringDeploymentGroup``
+        # Corresponds to the JSON property `mirroringDeploymentGroup`
+        # @return [String]
+        attr_accessor :mirroring_deployment_group
+        # Immutable. Identifier. The name of the MirroringDeployment.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # Output only. Whether reconciling is in progress, recommended per https://
+        # google.aip.dev/128.
+        # Corresponds to the JSON property `reconciling`
+        # @return [Boolean]
+        attr_accessor :reconciling
+        alias_method :reconciling?, :reconciling
+        # Output only. Current state of the deployment.
+        # Corresponds to the JSON property `state`
+        # @return [String]
+        attr_accessor :state
+        # Output only. [Output only] Update time stamp
+        # Corresponds to the JSON property `updateTime`
+        # @return [String]
+        attr_accessor :update_time
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @create_time = args[:create_time] if args.key?(:create_time)
+          @forwarding_rule = args[:forwarding_rule] if args.key?(:forwarding_rule)
+          @labels = args[:labels] if args.key?(:labels)
+          @mirroring_deployment_group = args[:mirroring_deployment_group] if args.key?(:mirroring_deployment_group)
+          @name = args[:name] if args.key?(:name)
+          @reconciling = args[:reconciling] if args.key?(:reconciling)
+          @state = args[:state] if args.key?(:state)
+          @update_time = args[:update_time] if args.key?(:update_time)
+        end
+      end
+      # Message describing MirroringDeploymentGroup object NEXT ID: 10
+      class MirroringDeploymentGroup
+        include Google::Apis::Core::Hashable
+        # Output only. The list of Mirroring Endpoint Groups that are connected to this
+        # resource.
+        # Corresponds to the JSON property `connectedEndpointGroups`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::MirroringDeploymentGroupConnectedEndpointGroup>]
+        attr_accessor :connected_endpoint_groups
+        # Output only. [Output only] Create time stamp
+        # Corresponds to the JSON property `createTime`
+        # @return [String]
+        attr_accessor :create_time
+        # Optional. Labels as key value pairs
+        # Corresponds to the JSON property `labels`
+        # @return [Hash<String,String>]
+        attr_accessor :labels
+        # Immutable. Identifier. Then name of the MirroringDeploymentGroup.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # Required. Immutable. The network that is being used for the deployment. Format
+        # is: projects/`project`/global/networks/`network`.
+        # Corresponds to the JSON property `network`
+        # @return [String]
+        attr_accessor :network
+        # Output only. Whether reconciling is in progress, recommended per https://
+        # google.aip.dev/128.
+        # Corresponds to the JSON property `reconciling`
+        # @return [Boolean]
+        attr_accessor :reconciling
+        alias_method :reconciling?, :reconciling
+        # Output only. Current state of the deployment group.
+        # Corresponds to the JSON property `state`
+        # @return [String]
+        attr_accessor :state
+        # Output only. [Output only] Update time stamp
+        # Corresponds to the JSON property `updateTime`
+        # @return [String]
+        attr_accessor :update_time
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @connected_endpoint_groups = args[:connected_endpoint_groups] if args.key?(:connected_endpoint_groups)
+          @create_time = args[:create_time] if args.key?(:create_time)
+          @labels = args[:labels] if args.key?(:labels)
+          @name = args[:name] if args.key?(:name)
+          @network = args[:network] if args.key?(:network)
+          @reconciling = args[:reconciling] if args.key?(:reconciling)
+          @state = args[:state] if args.key?(:state)
+          @update_time = args[:update_time] if args.key?(:update_time)
+        end
+      end
+      # An endpoint group connected to this deployment group.
+      class MirroringDeploymentGroupConnectedEndpointGroup
+        include Google::Apis::Core::Hashable
+        # Output only. A connected mirroring endpoint group.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @name = args[:name] if args.key?(:name)
+        end
+      end
+      # Message describing MirroringEndpointGroup object.
+      class MirroringEndpointGroup
+        include Google::Apis::Core::Hashable
+        # Output only. [Output only] Create time stamp
+        # Corresponds to the JSON property `createTime`
+        # @return [String]
+        attr_accessor :create_time
+        # Optional. Labels as key value pairs
+        # Corresponds to the JSON property `labels`
+        # @return [Hash<String,String>]
+        attr_accessor :labels
+        # Required. Immutable. The Mirroring Deployment Group that this resource is
+        # connected to. Format is: `projects/`project`/locations/global/
+        # mirroringDeploymentGroups/`mirroringDeploymentGroup``
+        # Corresponds to the JSON property `mirroringDeploymentGroup`
+        # @return [String]
+        attr_accessor :mirroring_deployment_group
+        # Immutable. Identifier. Next ID: 11 The name of the MirroringEndpointGroup.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # Output only. Whether reconciling is in progress, recommended per https://
+        # google.aip.dev/128.
+        # Corresponds to the JSON property `reconciling`
+        # @return [Boolean]
+        attr_accessor :reconciling
+        alias_method :reconciling?, :reconciling
+        # Output only. Current state of the endpoint group.
+        # Corresponds to the JSON property `state`
+        # @return [String]
+        attr_accessor :state
+        # Output only. [Output only] Update time stamp
+        # Corresponds to the JSON property `updateTime`
+        # @return [String]
+        attr_accessor :update_time
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @create_time = args[:create_time] if args.key?(:create_time)
+          @labels = args[:labels] if args.key?(:labels)
+          @mirroring_deployment_group = args[:mirroring_deployment_group] if args.key?(:mirroring_deployment_group)
+          @name = args[:name] if args.key?(:name)
+          @reconciling = args[:reconciling] if args.key?(:reconciling)
+          @state = args[:state] if args.key?(:state)
+          @update_time = args[:update_time] if args.key?(:update_time)
+        end
+      end
+      # Message describing MirroringEndpointGroupAssociation object
+      class MirroringEndpointGroupAssociation
+        include Google::Apis::Core::Hashable
+        # Output only. [Output only] Create time stamp
+        # Corresponds to the JSON property `createTime`
+        # @return [String]
+        attr_accessor :create_time
+        # Optional. Labels as key value pairs
+        # Corresponds to the JSON property `labels`
+        # @return [Hash<String,String>]
+        attr_accessor :labels
+        # Output only. The list of locations that this association is in and its details.
+        # Corresponds to the JSON property `locationsDetails`
+        # @return [Array<Google::Apis::NetworksecurityV1beta1::MirroringEndpointGroupAssociationLocationDetails>]
+        attr_accessor :locations_details
+        # Required. Immutable. The Mirroring Endpoint Group that this resource is
+        # connected to. Format is: `projects/`project`/locations/global/
+        # mirroringEndpointGroups/`mirroringEndpointGroup``
+        # Corresponds to the JSON property `mirroringEndpointGroup`
+        # @return [String]
+        attr_accessor :mirroring_endpoint_group
+        # Immutable. Identifier. The name of the MirroringEndpointGroupAssociation.
+        # Corresponds to the JSON property `name`
+        # @return [String]
+        attr_accessor :name
+        # Required. Immutable. The VPC network associated. Format: projects/`project`/
+        # global/networks/`network`.
+        # Corresponds to the JSON property `network`
+        # @return [String]
+        attr_accessor :network
+        # Output only. Whether reconciling is in progress, recommended per https://
+        # google.aip.dev/128.
+        # Corresponds to the JSON property `reconciling`
+        # @return [Boolean]
+        attr_accessor :reconciling
+        alias_method :reconciling?, :reconciling
+        # Output only. Current state of the endpoint group association.
+        # Corresponds to the JSON property `state`
+        # @return [String]
+        attr_accessor :state
+        # Output only. [Output only] Update time stamp
+        # Corresponds to the JSON property `updateTime`
+        # @return [String]
+        attr_accessor :update_time
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @create_time = args[:create_time] if args.key?(:create_time)
+          @labels = args[:labels] if args.key?(:labels)
+          @locations_details = args[:locations_details] if args.key?(:locations_details)
+          @mirroring_endpoint_group = args[:mirroring_endpoint_group] if args.key?(:mirroring_endpoint_group)
+          @name = args[:name] if args.key?(:name)
+          @network = args[:network] if args.key?(:network)
+          @reconciling = args[:reconciling] if args.key?(:reconciling)
+          @state = args[:state] if args.key?(:state)
+          @update_time = args[:update_time] if args.key?(:update_time)
+        end
+      end
+      # Details about the association status in a specific cloud location.
+      class MirroringEndpointGroupAssociationLocationDetails
+        include Google::Apis::Core::Hashable
+        # Output only. The cloud location.
+        # Corresponds to the JSON property `location`
+        # @return [String]
+        attr_accessor :location
+        # Output only. The association state in this location.
+        # Corresponds to the JSON property `state`
+        # @return [String]
+        attr_accessor :state
+        def initialize(**args)
+           update!(**args)
+        end
+        # Update properties of this object
+        def update!(**args)
+          @location = args[:location] if args.key?(:location)
+          @state = args[:state] if args.key?(:state)
+        end
+      end
       # This resource represents a long-running operation that is the result of a
       # network API call.
       class Operation
@@ -1936,7 +3393,7 @@ module Google
       end
       # SecurityProfile is a resource that defines the behavior for one of many
-      # ProfileTypes. Next ID: 11
+      # ProfileTypes.
       class SecurityProfile
         include Google::Apis::Core::Hashable
@@ -1945,6 +3402,18 @@ module Google
         # @return [String]
         attr_accessor :create_time
+        # CustomInterceptProfile defines the Packet Intercept Endpoint Group used to
+        # intercept traffic to a third-party firewall in a Firewall rule.
+        # Corresponds to the JSON property `customInterceptProfile`
+        # @return [Google::Apis::NetworksecurityV1beta1::CustomInterceptProfile]
+        attr_accessor :custom_intercept_profile
+        # CustomMirroringProfile defines an action for mirroring traffic to a collector'
+        # s EndpointGroup
+        # Corresponds to the JSON property `customMirroringProfile`
+        # @return [Google::Apis::NetworksecurityV1beta1::CustomMirroringProfile]
+        attr_accessor :custom_mirroring_profile
         # Optional. An optional description of the profile. Max length 512 characters.
         # Corresponds to the JSON property `description`
         # @return [String]
@@ -1992,6 +3461,8 @@ module Google
         # Update properties of this object
         def update!(**args)
           @create_time = args[:create_time] if args.key?(:create_time)
+          @custom_intercept_profile = args[:custom_intercept_profile] if args.key?(:custom_intercept_profile)
+          @custom_mirroring_profile = args[:custom_mirroring_profile] if args.key?(:custom_mirroring_profile)
           @description = args[:description] if args.key?(:description)
           @etag = args[:etag] if args.key?(:etag)
           @labels = args[:labels] if args.key?(:labels)
@@ -2003,7 +3474,7 @@ module Google
       end
       # SecurityProfileGroup is a resource that defines the behavior for various
-      # ProfileTypes. Next ID: 10
+      # ProfileTypes.
       class SecurityProfileGroup
         include Google::Apis::Core::Hashable
@@ -2012,6 +3483,18 @@ module Google
         # @return [String]
         attr_accessor :create_time
+        # Optional. Reference to a SecurityProfile with the CustomIntercept
+        # configuration.
+        # Corresponds to the JSON property `customInterceptProfile`
+        # @return [String]
+        attr_accessor :custom_intercept_profile
+        # Optional. Reference to a SecurityProfile with the CustomMirroring
+        # configuration.
+        # Corresponds to the JSON property `customMirroringProfile`
+        # @return [String]
+        attr_accessor :custom_mirroring_profile
         # Optional. An optional description of the profile group. Max length 2048
         # characters.
         # Corresponds to the JSON property `description`
@@ -2037,8 +3520,8 @@ module Google
         # @return [String]
         attr_accessor :name
-        # Optional. Reference to a SecurityProfile with the threat prevention
-        # configuration for the SecurityProfileGroup.
+        # Optional. Reference to a SecurityProfile with the ThreatPrevention
+        # configuration.
         # Corresponds to the JSON property `threatPreventionProfile`
         # @return [String]
         attr_accessor :threat_prevention_profile
@@ -2055,6 +3538,8 @@ module Google
         # Update properties of this object
         def update!(**args)
           @create_time = args[:create_time] if args.key?(:create_time)
+          @custom_intercept_profile = args[:custom_intercept_profile] if args.key?(:custom_intercept_profile)
+          @custom_mirroring_profile = args[:custom_mirroring_profile] if args.key?(:custom_mirroring_profile)
           @description = args[:description] if args.key?(:description)
           @etag = args[:etag] if args.key?(:etag)
           @labels = args[:labels] if args.key?(:labels)