google-cloud-iap-v1 0.4.0 → 0.6.0

data/lib/google/cloud/iap/v1/service_pb.rb

@@ -62,6 +62,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :cors_settings, :message, 2, "google.cloud.iap.v1.CorsSettings"
       optional :oauth_settings, :message, 3, "google.cloud.iap.v1.OAuthSettings"
       optional :reauth_settings, :message, 6, "google.cloud.iap.v1.ReauthSettings"
+      optional :allowed_domains_settings, :message, 7, "google.cloud.iap.v1.AllowedDomainsSettings"
     end
     add_message "google.cloud.iap.v1.GcipSettings" do
       repeated :tenant_ids, :string, 1
@@ -89,10 +90,15 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       value :MINIMUM, 1
       value :DEFAULT, 2
     end
+    add_message "google.cloud.iap.v1.AllowedDomainsSettings" do
+      proto3_optional :enable, :bool, 1
+      repeated :domains, :string, 2
+    end
     add_message "google.cloud.iap.v1.ApplicationSettings" do
       optional :csm_settings, :message, 1, "google.cloud.iap.v1.CsmSettings"
       optional :access_denied_page_settings, :message, 2, "google.cloud.iap.v1.AccessDeniedPageSettings"
       optional :cookie_domain, :message, 3, "google.protobuf.StringValue"
+      optional :attribute_propagation_settings, :message, 4, "google.cloud.iap.v1.AttributePropagationSettings"
     end
     add_message "google.cloud.iap.v1.CsmSettings" do
       optional :rctoken_aud, :message, 1, "google.protobuf.StringValue"
@@ -100,6 +106,18 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
     add_message "google.cloud.iap.v1.AccessDeniedPageSettings" do
       optional :access_denied_page_uri, :message, 1, "google.protobuf.StringValue"
       optional :generate_troubleshooting_uri, :message, 2, "google.protobuf.BoolValue"
+      proto3_optional :remediation_token_generation_enabled, :message, 3, "google.protobuf.BoolValue"
+    end
+    add_message "google.cloud.iap.v1.AttributePropagationSettings" do
+      proto3_optional :expression, :string, 1
+      repeated :output_credentials, :enum, 2, "google.cloud.iap.v1.AttributePropagationSettings.OutputCredentials"
+      proto3_optional :enable, :bool, 3
+    end
+    add_enum "google.cloud.iap.v1.AttributePropagationSettings.OutputCredentials" do
+      value :OUTPUT_CREDENTIALS_UNSPECIFIED, 0
+      value :HEADER, 1
+      value :JWT, 2
+      value :RCTOKEN, 3
     end
     add_message "google.cloud.iap.v1.ListBrandsRequest" do
       optional :parent, :string, 1
@@ -171,9 +189,12 @@ module Google
         ReauthSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.ReauthSettings").msgclass
         ReauthSettings::Method = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.ReauthSettings.Method").enummodule
         ReauthSettings::PolicyType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.ReauthSettings.PolicyType").enummodule
+        AllowedDomainsSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.AllowedDomainsSettings").msgclass
         ApplicationSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.ApplicationSettings").msgclass
         CsmSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.CsmSettings").msgclass
         AccessDeniedPageSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.AccessDeniedPageSettings").msgclass
+        AttributePropagationSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.AttributePropagationSettings").msgclass
+        AttributePropagationSettings::OutputCredentials = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.AttributePropagationSettings.OutputCredentials").enummodule
         ListBrandsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.ListBrandsRequest").msgclass
         ListBrandsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.ListBrandsResponse").msgclass
         CreateBrandRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.CreateBrandRequest").msgclass

data/lib/google/cloud/iap/v1/service_services_pb.rb

@@ -24,6 +24,8 @@ module Google
     module Iap
       module V1
         module IdentityAwareProxyAdminService
+          # The Cloud Identity-Aware Proxy API.
+          #
           # APIs for Identity-Aware Proxy Admin configurations.
           class Service
 

data/lib/google/cloud/iap/v1/version.rb

@@ -21,7 +21,7 @@ module Google
   module Cloud
     module Iap
       module V1
-        VERSION = "0.4.0"
+        VERSION = "0.6.0"
       end
     end
   end

data/lib/google/cloud/iap/v1.rb

@@ -24,13 +24,18 @@ module Google
   module Cloud
     module Iap
       ##
-      # To load this package, including all its services, and instantiate a client:
+      # API client module.
       #
-      # @example
+      # @example Load this package, including all its services, and instantiate a gRPC client
       #
       #     require "google/cloud/iap/v1"
       #     client = ::Google::Cloud::Iap::V1::IdentityAwareProxyAdminService::Client.new
       #
+      # @example Load this package, including all its services, and instantiate a REST client
+      #
+      #     require "google/cloud/iap/v1"
+      #     client = ::Google::Cloud::Iap::V1::IdentityAwareProxyAdminService::Rest::Client.new
+      #
       module V1
       end
     end

data/proto_docs/google/api/client.rb

@@ -0,0 +1,318 @@
+# frozen_string_literal: true
+
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Api
+    # Required information for every language.
+    # @!attribute [rw] reference_docs_uri
+    #   @return [::String]
+    #     Link to automatically generated reference documentation.  Example:
+    #     https://cloud.google.com/nodejs/docs/reference/asset/latest
+    # @!attribute [rw] destinations
+    #   @return [::Array<::Google::Api::ClientLibraryDestination>]
+    #     The destination where API teams want this client library to be published.
+    class CommonLanguageSettings
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # Details about how and where to publish client libraries.
+    # @!attribute [rw] version
+    #   @return [::String]
+    #     Version of the API to apply these settings to.
+    # @!attribute [rw] launch_stage
+    #   @return [::Google::Api::LaunchStage]
+    #     Launch stage of this version of the API.
+    # @!attribute [rw] rest_numeric_enums
+    #   @return [::Boolean]
+    #     When using transport=rest, the client request will encode enums as
+    #     numbers rather than strings.
+    # @!attribute [rw] java_settings
+    #   @return [::Google::Api::JavaSettings]
+    #     Settings for legacy Java features, supported in the Service YAML.
+    # @!attribute [rw] cpp_settings
+    #   @return [::Google::Api::CppSettings]
+    #     Settings for C++ client libraries.
+    # @!attribute [rw] php_settings
+    #   @return [::Google::Api::PhpSettings]
+    #     Settings for PHP client libraries.
+    # @!attribute [rw] python_settings
+    #   @return [::Google::Api::PythonSettings]
+    #     Settings for Python client libraries.
+    # @!attribute [rw] node_settings
+    #   @return [::Google::Api::NodeSettings]
+    #     Settings for Node client libraries.
+    # @!attribute [rw] dotnet_settings
+    #   @return [::Google::Api::DotnetSettings]
+    #     Settings for .NET client libraries.
+    # @!attribute [rw] ruby_settings
+    #   @return [::Google::Api::RubySettings]
+    #     Settings for Ruby client libraries.
+    # @!attribute [rw] go_settings
+    #   @return [::Google::Api::GoSettings]
+    #     Settings for Go client libraries.
+    class ClientLibrarySettings
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # This message configures the settings for publishing [Google Cloud Client
+    # libraries](https://cloud.google.com/apis/docs/cloud-client-libraries)
+    # generated from the service config.
+    # @!attribute [rw] method_settings
+    #   @return [::Array<::Google::Api::MethodSettings>]
+    #     A list of API method settings, e.g. the behavior for methods that use the
+    #     long-running operation pattern.
+    # @!attribute [rw] new_issue_uri
+    #   @return [::String]
+    #     Link to a place that API users can report issues.  Example:
+    #     https://issuetracker.google.com/issues/new?component=190865&template=1161103
+    # @!attribute [rw] documentation_uri
+    #   @return [::String]
+    #     Link to product home page.  Example:
+    #     https://cloud.google.com/asset-inventory/docs/overview
+    # @!attribute [rw] api_short_name
+    #   @return [::String]
+    #     Used as a tracking tag when collecting data about the APIs developer
+    #     relations artifacts like docs, packages delivered to package managers,
+    #     etc.  Example: "speech".
+    # @!attribute [rw] github_label
+    #   @return [::String]
+    #     GitHub label to apply to issues and pull requests opened for this API.
+    # @!attribute [rw] codeowner_github_teams
+    #   @return [::Array<::String>]
+    #     GitHub teams to be added to CODEOWNERS in the directory in GitHub
+    #     containing source code for the client libraries for this API.
+    # @!attribute [rw] doc_tag_prefix
+    #   @return [::String]
+    #     A prefix used in sample code when demarking regions to be included in
+    #     documentation.
+    # @!attribute [rw] organization
+    #   @return [::Google::Api::ClientLibraryOrganization]
+    #     For whom the client library is being published.
+    # @!attribute [rw] library_settings
+    #   @return [::Array<::Google::Api::ClientLibrarySettings>]
+    #     Client library settings.  If the same version string appears multiple
+    #     times in this list, then the last one wins.  Settings from earlier
+    #     settings with the same version string are discarded.
+    class Publishing
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # Settings for Java client libraries.
+    # @!attribute [rw] library_package
+    #   @return [::String]
+    #     The package name to use in Java. Clobbers the java_package option
+    #     set in the protobuf. This should be used **only** by APIs
+    #     who have already set the language_settings.java.package_name" field
+    #     in gapic.yaml. API teams should use the protobuf java_package option
+    #     where possible.
+    #
+    #     Example of a YAML configuration::
+    #
+    #      publishing:
+    #        java_settings:
+    #          library_package: com.google.cloud.pubsub.v1
+    # @!attribute [rw] service_class_names
+    #   @return [::Google::Protobuf::Map{::String => ::String}]
+    #     Configure the Java class name to use instead of the service's for its
+    #     corresponding generated GAPIC client. Keys are fully-qualified
+    #     service names as they appear in the protobuf (including the full
+    #     the language_settings.java.interface_names" field in gapic.yaml. API
+    #     teams should otherwise use the service name as it appears in the
+    #     protobuf.
+    #
+    #     Example of a YAML configuration::
+    #
+    #      publishing:
+    #        java_settings:
+    #          service_class_names:
+    #            - google.pubsub.v1.Publisher: TopicAdmin
+    #            - google.pubsub.v1.Subscriber: SubscriptionAdmin
+    # @!attribute [rw] common
+    #   @return [::Google::Api::CommonLanguageSettings]
+    #     Some settings.
+    class JavaSettings
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+
+      # @!attribute [rw] key
+      #   @return [::String]
+      # @!attribute [rw] value
+      #   @return [::String]
+      class ServiceClassNamesEntry
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+    end
+
+    # Settings for C++ client libraries.
+    # @!attribute [rw] common
+    #   @return [::Google::Api::CommonLanguageSettings]
+    #     Some settings.
+    class CppSettings
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # Settings for Php client libraries.
+    # @!attribute [rw] common
+    #   @return [::Google::Api::CommonLanguageSettings]
+    #     Some settings.
+    class PhpSettings
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # Settings for Python client libraries.
+    # @!attribute [rw] common
+    #   @return [::Google::Api::CommonLanguageSettings]
+    #     Some settings.
+    class PythonSettings
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # Settings for Node client libraries.
+    # @!attribute [rw] common
+    #   @return [::Google::Api::CommonLanguageSettings]
+    #     Some settings.
+    class NodeSettings
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # Settings for Dotnet client libraries.
+    # @!attribute [rw] common
+    #   @return [::Google::Api::CommonLanguageSettings]
+    #     Some settings.
+    class DotnetSettings
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # Settings for Ruby client libraries.
+    # @!attribute [rw] common
+    #   @return [::Google::Api::CommonLanguageSettings]
+    #     Some settings.
+    class RubySettings
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # Settings for Go client libraries.
+    # @!attribute [rw] common
+    #   @return [::Google::Api::CommonLanguageSettings]
+    #     Some settings.
+    class GoSettings
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+
+    # Describes the generator configuration for a method.
+    # @!attribute [rw] selector
+    #   @return [::String]
+    #     The fully qualified name of the method, for which the options below apply.
+    #     This is used to find the method to apply the options.
+    # @!attribute [rw] long_running
+    #   @return [::Google::Api::MethodSettings::LongRunning]
+    #     Describes settings to use for long-running operations when generating
+    #     API methods for RPCs. Complements RPCs that use the annotations in
+    #     google/longrunning/operations.proto.
+    #
+    #     Example of a YAML configuration::
+    #
+    #      publishing:
+    #        method_behavior:
+    #          - selector: CreateAdDomain
+    #            long_running:
+    #              initial_poll_delay:
+    #                seconds: 60 # 1 minute
+    #              poll_delay_multiplier: 1.5
+    #              max_poll_delay:
+    #                seconds: 360 # 6 minutes
+    #              total_poll_timeout:
+    #                 seconds: 54000 # 90 minutes
+    class MethodSettings
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+
+      # Describes settings to use when generating API methods that use the
+      # long-running operation pattern.
+      # All default values below are from those used in the client library
+      # generators (e.g.
+      # [Java](https://github.com/googleapis/gapic-generator-java/blob/04c2faa191a9b5a10b92392fe8482279c4404803/src/main/java/com/google/api/generator/gapic/composer/common/RetrySettingsComposer.java)).
+      # @!attribute [rw] initial_poll_delay
+      #   @return [::Google::Protobuf::Duration]
+      #     Initial delay after which the first poll request will be made.
+      #     Default value: 5 seconds.
+      # @!attribute [rw] poll_delay_multiplier
+      #   @return [::Float]
+      #     Multiplier to gradually increase delay between subsequent polls until it
+      #     reaches max_poll_delay.
+      #     Default value: 1.5.
+      # @!attribute [rw] max_poll_delay
+      #   @return [::Google::Protobuf::Duration]
+      #     Maximum time between two subsequent poll requests.
+      #     Default value: 45 seconds.
+      # @!attribute [rw] total_poll_timeout
+      #   @return [::Google::Protobuf::Duration]
+      #     Total polling timeout.
+      #     Default value: 5 minutes.
+      class LongRunning
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+    end
+
+    # The organization for which the client libraries are being published.
+    # Affects the url where generated docs are published, etc.
+    module ClientLibraryOrganization
+      # Not useful.
+      CLIENT_LIBRARY_ORGANIZATION_UNSPECIFIED = 0
+
+      # Google Cloud Platform Org.
+      CLOUD = 1
+
+      # Ads (Advertising) Org.
+      ADS = 2
+
+      # Photos Org.
+      PHOTOS = 3
+
+      # Street View Org.
+      STREET_VIEW = 4
+    end
+
+    # To where should client libraries be published?
+    module ClientLibraryDestination
+      # Client libraries will neither be generated nor published to package
+      # managers.
+      CLIENT_LIBRARY_DESTINATION_UNSPECIFIED = 0
+
+      # Generate the client library in a repo under github.com/googleapis,
+      # but don't publish it to package managers.
+      GITHUB = 10
+
+      # Publish the library to package managers like nuget.org and npmjs.com.
+      PACKAGE_MANAGER = 20
+    end
+  end
+end

data/proto_docs/google/api/launch_stage.rb

@@ -0,0 +1,71 @@
+# frozen_string_literal: true
+
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Api
+    # The launch stage as defined by [Google Cloud Platform
+    # Launch Stages](https://cloud.google.com/terms/launch-stages).
+    module LaunchStage
+      # Do not use this default value.
+      LAUNCH_STAGE_UNSPECIFIED = 0
+
+      # The feature is not yet implemented. Users can not use it.
+      UNIMPLEMENTED = 6
+
+      # Prelaunch features are hidden from users and are only visible internally.
+      PRELAUNCH = 7
+
+      # Early Access features are limited to a closed group of testers. To use
+      # these features, you must sign up in advance and sign a Trusted Tester
+      # agreement (which includes confidentiality provisions). These features may
+      # be unstable, changed in backward-incompatible ways, and are not
+      # guaranteed to be released.
+      EARLY_ACCESS = 1
+
+      # Alpha is a limited availability test for releases before they are cleared
+      # for widespread use. By Alpha, all significant design issues are resolved
+      # and we are in the process of verifying functionality. Alpha customers
+      # need to apply for access, agree to applicable terms, and have their
+      # projects allowlisted. Alpha releases don't have to be feature complete,
+      # no SLAs are provided, and there are no technical support obligations, but
+      # they will be far enough along that customers can actually use them in
+      # test environments or for limited-use tests -- just like they would in
+      # normal production cases.
+      ALPHA = 2
+
+      # Beta is the point at which we are ready to open a release for any
+      # customer to use. There are no SLA or technical support obligations in a
+      # Beta release. Products will be complete from a feature perspective, but
+      # may have some open outstanding issues. Beta releases are suitable for
+      # limited production use cases.
+      BETA = 3
+
+      # GA features are open to all developers and are considered stable and
+      # fully qualified for production use.
+      GA = 4
+
+      # Deprecated features are scheduled to be shut down and removed. For more
+      # information, see the "Deprecation Policy" section of our [Terms of
+      # Service](https://cloud.google.com/terms/)
+      # and the [Google Cloud Platform Subject to the Deprecation
+      # Policy](https://cloud.google.com/terms/deprecation) documentation.
+      DEPRECATED = 5
+    end
+  end
+end

data/proto_docs/google/cloud/iap/v1/service.rb

@@ -71,11 +71,11 @@ module Google
         #     Required. The TunnelDestGroup to create.
         # @!attribute [rw] tunnel_dest_group_id
         #   @return [::String]
-        #     Required. The ID to use for the TunnelDestGroup, which becomes the final component of
-        #     the resource name.
+        #     Required. The ID to use for the TunnelDestGroup, which becomes the final
+        #     component of the resource name.
         #
         #     This value must be 4-63 characters, and valid characters
-        #     are `[a-z][0-9]-`.
+        #     are `[a-z]-`.
         class CreateTunnelDestGroupRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -120,14 +120,15 @@ module Google
         # A TunnelDestGroup.
         # @!attribute [rw] name
         #   @return [::String]
-        #     Required. Immutable. Identifier for the TunnelDestGroup. Must be unique within the
-        #     project.
+        #     Required. Immutable. Identifier for the TunnelDestGroup. Must be unique
+        #     within the project and contain only lower case letters (a-z) and dashes
+        #     (-).
         # @!attribute [rw] cidrs
         #   @return [::Array<::String>]
-        #     null List of CIDRs that this group applies to.
+        #     Unordered list. List of CIDRs that this group applies to.
         # @!attribute [rw] fqdns
         #   @return [::Array<::String>]
-        #     null List of FQDNs that this group applies to.
+        #     Unordered list. List of FQDNs that this group applies to.
         class TunnelDestGroup
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -188,6 +189,9 @@ module Google
         # @!attribute [rw] reauth_settings
         #   @return [::Google::Cloud::Iap::V1::ReauthSettings]
         #     Settings to configure reauthentication policies in IAP.
+        # @!attribute [rw] allowed_domains_settings
+        #   @return [::Google::Cloud::Iap::V1::AllowedDomainsSettings]
+        #     Settings to configure and enable allowed domains.
         class AccessSettings
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -240,7 +244,7 @@ module Google
         # Configuration for IAP reauthentication policies.
         # @!attribute [rw] method
         #   @return [::Google::Cloud::Iap::V1::ReauthSettings::Method]
-        #     Reauth method required by the policy.
+        #     Reauth method requested.
         # @!attribute [rw] max_age
         #   @return [::Google::Protobuf::Duration]
         #     Reauth session lifetime, how long before a user has to reauthenticate
@@ -258,14 +262,10 @@ module Google
             # Reauthentication disabled.
             METHOD_UNSPECIFIED = 0
 
-            # Mimics the behavior as if the user had logged out and tried to log in
-            # again. Users with 2SV (2-step verification) enabled see their 2SV
-            # challenges if they did not opt to have their second factor responses
-            # saved. Apps Core (GSuites) admins can configure settings to disable 2SV
-            # cookies and require 2SV for all Apps Core users in their domains.
+            # Prompts the user to log in again.
             LOGIN = 1
 
-            # User must type their password.
+            # Deprecated, no longer accepted by IAP APIs.
             PASSWORD = 2
 
             # User must use their secure key 2nd factor device.
@@ -286,10 +286,23 @@ module Google
           end
         end
 
+        # Configuration for IAP allowed domains. Lets you to restrict access to an app
+        # and allow access to only the domains that you list.
+        # @!attribute [rw] enable
+        #   @return [::Boolean]
+        #     Configuration for customers to opt in for the feature.
+        # @!attribute [rw] domains
+        #   @return [::Array<::String>]
+        #     List of trusted domains.
+        class AllowedDomainsSettings
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
         # Wrapper over application specific settings for IAP.
         # @!attribute [rw] csm_settings
         #   @return [::Google::Cloud::Iap::V1::CsmSettings]
-        #     Settings to configure IAP's behavior for a CSM mesh.
+        #     Settings to configure IAP's behavior for a service mesh.
         # @!attribute [rw] access_denied_page_settings
         #   @return [::Google::Cloud::Iap::V1::AccessDeniedPageSettings]
         #     Customization for Access Denied page.
@@ -297,15 +310,18 @@ module Google
         #   @return [::Google::Protobuf::StringValue]
         #     The Domain value to set for cookies generated by IAP. This value is not
         #     validated by the API, but will be ignored at runtime if invalid.
+        # @!attribute [rw] attribute_propagation_settings
+        #   @return [::Google::Cloud::Iap::V1::AttributePropagationSettings]
+        #     Settings to configure attribute propagation.
         class ApplicationSettings
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # Configuration for RCTokens generated for CSM workloads protected by IAP.
-        # RCTokens are IAP generated JWTs that can be verified at the application. The
-        # RCToken is primarily used for ISTIO deployments, and can be scoped to a
-        # single mesh by configuring the audience field accordingly
+        # Configuration for RCToken generated for service mesh workloads protected by
+        # IAP. RCToken are IAP generated JWTs that can be verified at the application.
+        # The RCToken is primarily used for service mesh deployments, and can be scoped
+        # to a single mesh by configuring the audience field accordingly.
         # @!attribute [rw] rctoken_aud
         #   @return [::Google::Protobuf::StringValue]
         #     Audience claim set in the generated RCToken. This value is not validated by
@@ -326,11 +342,75 @@ module Google
         #   @return [::Google::Protobuf::BoolValue]
         #     Whether to generate a troubleshooting URL on access denied events to this
         #     application.
+        # @!attribute [rw] remediation_token_generation_enabled
+        #   @return [::Google::Protobuf::BoolValue]
+        #     Whether to generate remediation token on access denied events to this
+        #     application.
         class AccessDeniedPageSettings
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
+        # Configuration for propagating attributes to applications protected
+        # by IAP.
+        # @!attribute [rw] expression
+        #   @return [::String]
+        #     Raw string CEL expression. Must return a list of attributes. Maximum of 45
+        #     attributes can be selected. Expressions can select different attribute
+        #     types from `attributes`: `attributes.saml_attributes`,
+        #     `attributes.iap_attributes`. Limited functions are supported:
+        #      - `filter: <list>.filter(<iter_var>, <predicate>)` -> returns a subset of
+        #      `<list>` where `<predicate>` is true for every item.
+        #      - `in: <var> in <list>` -> returns true if `<list>` contains `<var>`
+        #      - `selectByName: <list>.selectByName(<string>)` -> returns the attribute
+        #      in
+        #      `<list>` with the given `<string>` name, otherwise returns empty.
+        #      - `emitAs: <attribute>.emitAs(<string>)` -> sets the `<attribute>` name
+        #      field to the given `<string>` for propagation in selected output
+        #      credentials.
+        #      - `strict: <attribute>.strict()` -> ignore the `x-goog-iap-attr-` prefix
+        #      for the provided `<attribute>` when propagating via the `HEADER` output
+        #      credential, i.e. request headers.
+        #      - `append: <target_list>.append(<attribute>)` OR
+        #      `<target_list>.append(<list>)` -> append the provided `<attribute>` or
+        #      `<list>` onto the end of `<target_list>`.
+        #
+        #     Example expression: `attributes.saml_attributes.filter(x, x.name in
+        #     ['test']).append(attributes.iap_attributes.selectByName('exact').emitAs('custom').strict())`
+        # @!attribute [rw] output_credentials
+        #   @return [::Array<::Google::Cloud::Iap::V1::AttributePropagationSettings::OutputCredentials>]
+        #     Which output credentials attributes selected by the CEL expression should
+        #     be propagated in. All attributes will be fully duplicated in each selected
+        #     output credential.
+        # @!attribute [rw] enable
+        #   @return [::Boolean]
+        #     Whether the provided attribute propagation settings should be evaluated on
+        #     user requests. If set to true, attributes returned from the expression will
+        #     be propagated in the set output credentials.
+        class AttributePropagationSettings
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+
+          # Supported output credentials for attribute propagation. Each output
+          # credential maps to a "field" in the response. For example, selecting JWT
+          # will propagate all attributes in the IAP JWT, header in the headers, etc.
+          module OutputCredentials
+            # No output credential. This is an unsupported default.
+            OUTPUT_CREDENTIALS_UNSPECIFIED = 0
+
+            # Propagate attributes in the headers with "x-goog-iap-attr-" prefix.
+            HEADER = 1
+
+            # Propagate attributes in the JWT of the form: `"additional_claims": {
+            # "my_attribute": ["value1", "value2"] }`
+            JWT = 2
+
+            # Propagate attributes in the RCToken of the form: `"additional_claims": {
+            # "my_attribute": ["value1", "value2"] }`
+            RCTOKEN = 3
+          end
+        end
+
         # The request sent to ListBrands.
         # @!attribute [rw] parent
         #   @return [::String]