google-identity-access_context_manager-v1 0.1.2 → 0.3.0

data/lib/google/identity/access_context_manager/v1/access_context_manager/operations.rb

@@ -95,6 +95,9 @@ module Google
                 channel_args: @config.channel_args,
                 interceptors: @config.interceptors
               )
+
+              # Used by an LRO wrapper for some methods of this service
+              @operations_client = self
             end
 
             # Service calls

data/lib/google/identity/access_context_manager/v1/access_context_manager.rb

@@ -32,15 +32,15 @@ module Google
     module AccessContextManager
       module V1
         ##
-        # API for setting [Access Levels]
-        # [google.identity.accesscontextmanager.v1.AccessLevel] and [Service
-        # Perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]
-        # for Google Cloud Projects. Each organization has one [AccessPolicy]
-        # [google.identity.accesscontextmanager.v1.AccessPolicy] containing the
-        # [Access Levels] [google.identity.accesscontextmanager.v1.AccessLevel]
-        # and [Service Perimeters]
+        # API for setting [access levels]
+        # [google.identity.accesscontextmanager.v1.AccessLevel] and [service
+        # perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]
+        # for Google Cloud projects. Each organization has one [access policy]
+        # [google.identity.accesscontextmanager.v1.AccessPolicy] that contains the
+        # [access levels] [google.identity.accesscontextmanager.v1.AccessLevel]
+        # and [service perimeters]
         # [google.identity.accesscontextmanager.v1.ServicePerimeter]. This
-        # [AccessPolicy] [google.identity.accesscontextmanager.v1.AccessPolicy] is
+        # [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] is
         # applicable to all resources in the organization.
         # AccessPolicies
         #

data/lib/google/identity/access_context_manager/v1/version.rb

@@ -21,7 +21,7 @@ module Google
   module Identity
     module AccessContextManager
       module V1
-        VERSION = "0.1.2"
+        VERSION = "0.3.0"
       end
     end
   end

data/lib/google/identity/access_context_manager/v1.rb

@@ -25,6 +25,8 @@ module Google
       ##
       # To load this package, including all its services, and instantiate a client:
       #
+      # @example
+      #
       #     require "google/identity/access_context_manager/v1"
       #     client = ::Google::Identity::AccessContextManager::V1::AccessContextManager::Client.new
       #

data/lib/google/identity/accesscontextmanager/type/device_resources_pb.rb

@@ -1,7 +1,6 @@
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: google/identity/accesscontextmanager/type/device_resources.proto
 
-require 'google/api/annotations_pb'
 require 'google/protobuf'
 
 Google::Protobuf::DescriptorPool.generated_pool.build do

data/lib/google/identity/accesscontextmanager/v1/access_context_manager_pb.rb

@@ -1,17 +1,20 @@
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: google/identity/accesscontextmanager/v1/access_context_manager.proto
 
+require 'google/protobuf'
+
 require 'google/api/annotations_pb'
 require 'google/api/client_pb'
 require 'google/api/field_behavior_pb'
 require 'google/api/resource_pb'
+require 'google/iam/v1/iam_policy_pb'
+require 'google/iam/v1/policy_pb'
 require 'google/identity/accesscontextmanager/v1/access_level_pb'
 require 'google/identity/accesscontextmanager/v1/access_policy_pb'
 require 'google/identity/accesscontextmanager/v1/gcp_user_access_binding_pb'
 require 'google/identity/accesscontextmanager/v1/service_perimeter_pb'
 require 'google/longrunning/operations_pb'
 require 'google/protobuf/field_mask_pb'
-require 'google/protobuf'
 
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("google/identity/accesscontextmanager/v1/access_context_manager.proto", :syntax => :proto3) do

data/lib/google/identity/accesscontextmanager/v1/access_context_manager_services_pb.rb

@@ -24,15 +24,15 @@ module Google
     module AccessContextManager
       module V1
         module AccessContextManager
-          # API for setting [Access Levels]
-          # [google.identity.accesscontextmanager.v1.AccessLevel] and [Service
-          # Perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]
-          # for Google Cloud Projects. Each organization has one [AccessPolicy]
-          # [google.identity.accesscontextmanager.v1.AccessPolicy] containing the
-          # [Access Levels] [google.identity.accesscontextmanager.v1.AccessLevel]
-          # and [Service Perimeters]
+          # API for setting [access levels]
+          # [google.identity.accesscontextmanager.v1.AccessLevel] and [service
+          # perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]
+          # for Google Cloud projects. Each organization has one [access policy]
+          # [google.identity.accesscontextmanager.v1.AccessPolicy] that contains the
+          # [access levels] [google.identity.accesscontextmanager.v1.AccessLevel]
+          # and [service perimeters]
           # [google.identity.accesscontextmanager.v1.ServicePerimeter]. This
-          # [AccessPolicy] [google.identity.accesscontextmanager.v1.AccessPolicy] is
+          # [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] is
           # applicable to all resources in the organization.
           # AccessPolicies
           class Service
@@ -43,145 +43,144 @@ module Google
             self.unmarshal_class_method = :decode
             self.service_name = 'google.identity.accesscontextmanager.v1.AccessContextManager'
 
-            # List all [AccessPolicies]
-            # [google.identity.accesscontextmanager.v1.AccessPolicy] under a
-            # container.
+            # Lists all [access policies]
+            # [google.identity.accesscontextmanager.v1.AccessPolicy] in an
+            # organization.
             rpc :ListAccessPolicies, ::Google::Identity::AccessContextManager::V1::ListAccessPoliciesRequest, ::Google::Identity::AccessContextManager::V1::ListAccessPoliciesResponse
-            # Get an [AccessPolicy]
-            # [google.identity.accesscontextmanager.v1.AccessPolicy] by name.
+            # Returns an [access policy]
+            # [google.identity.accesscontextmanager.v1.AccessPolicy] based on the name.
             rpc :GetAccessPolicy, ::Google::Identity::AccessContextManager::V1::GetAccessPolicyRequest, ::Google::Identity::AccessContextManager::V1::AccessPolicy
-            # Create an `AccessPolicy`. Fails if this organization already has a
-            # `AccessPolicy`. The longrunning Operation will have a successful status
-            # once the `AccessPolicy` has propagated to long-lasting storage.
-            # Syntactic and basic semantic errors will be returned in `metadata` as a
+            # Creates an access policy. This method fails if the organization already has
+            # an access policy. The long-running operation has a successful status
+            # after the access policy propagates to long-lasting storage.
+            # Syntactic and basic semantic errors are returned in `metadata` as a
             # BadRequest proto.
             rpc :CreateAccessPolicy, ::Google::Identity::AccessContextManager::V1::AccessPolicy, ::Google::Longrunning::Operation
-            # Update an [AccessPolicy]
+            # Updates an [access policy]
             # [google.identity.accesscontextmanager.v1.AccessPolicy]. The
-            # longrunning Operation from this RPC will have a successful status once the
-            # changes to the [AccessPolicy]
-            # [google.identity.accesscontextmanager.v1.AccessPolicy] have propagated
-            # to long-lasting storage. Syntactic and basic semantic errors will be
-            # returned in `metadata` as a BadRequest proto.
+            # long-running operation from this RPC has a successful status after the
+            # changes to the [access policy]
+            # [google.identity.accesscontextmanager.v1.AccessPolicy] propagate
+            # to long-lasting storage.
             rpc :UpdateAccessPolicy, ::Google::Identity::AccessContextManager::V1::UpdateAccessPolicyRequest, ::Google::Longrunning::Operation
-            # Delete an [AccessPolicy]
-            # [google.identity.accesscontextmanager.v1.AccessPolicy] by resource
-            # name. The longrunning Operation will have a successful status once the
-            # [AccessPolicy] [google.identity.accesscontextmanager.v1.AccessPolicy]
-            # has been removed from long-lasting storage.
+            # Deletes an [access policy]
+            # [google.identity.accesscontextmanager.v1.AccessPolicy] based on the
+            # resource name. The long-running operation has a successful status after the
+            # [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy]
+            # is removed from long-lasting storage.
             rpc :DeleteAccessPolicy, ::Google::Identity::AccessContextManager::V1::DeleteAccessPolicyRequest, ::Google::Longrunning::Operation
-            # List all [Access Levels]
+            # Lists all [access levels]
             # [google.identity.accesscontextmanager.v1.AccessLevel] for an access
             # policy.
             rpc :ListAccessLevels, ::Google::Identity::AccessContextManager::V1::ListAccessLevelsRequest, ::Google::Identity::AccessContextManager::V1::ListAccessLevelsResponse
-            # Get an [Access Level]
-            # [google.identity.accesscontextmanager.v1.AccessLevel] by resource
+            # Gets an [access level]
+            # [google.identity.accesscontextmanager.v1.AccessLevel] based on the resource
             # name.
             rpc :GetAccessLevel, ::Google::Identity::AccessContextManager::V1::GetAccessLevelRequest, ::Google::Identity::AccessContextManager::V1::AccessLevel
-            # Create an [Access Level]
-            # [google.identity.accesscontextmanager.v1.AccessLevel]. The longrunning
-            # operation from this RPC will have a successful status once the [Access
-            # Level] [google.identity.accesscontextmanager.v1.AccessLevel] has
-            # propagated to long-lasting storage. [Access Levels]
-            # [google.identity.accesscontextmanager.v1.AccessLevel] containing
-            # errors will result in an error response for the first error encountered.
+            # Creates an [access level]
+            # [google.identity.accesscontextmanager.v1.AccessLevel]. The long-running
+            # operation from this RPC has a successful status after the [access
+            # level] [google.identity.accesscontextmanager.v1.AccessLevel]
+            # propagates to long-lasting storage. If [access levels]
+            # [google.identity.accesscontextmanager.v1.AccessLevel] contain
+            # errors, an error response is returned for the first error encountered.
             rpc :CreateAccessLevel, ::Google::Identity::AccessContextManager::V1::CreateAccessLevelRequest, ::Google::Longrunning::Operation
-            # Update an [Access Level]
-            # [google.identity.accesscontextmanager.v1.AccessLevel]. The longrunning
-            # operation from this RPC will have a successful status once the changes to
-            # the [Access Level]
-            # [google.identity.accesscontextmanager.v1.AccessLevel] have propagated
-            # to long-lasting storage. [Access Levels]
-            # [google.identity.accesscontextmanager.v1.AccessLevel] containing
-            # errors will result in an error response for the first error encountered.
+            # Updates an [access level]
+            # [google.identity.accesscontextmanager.v1.AccessLevel]. The long-running
+            # operation from this RPC has a successful status after the changes to
+            # the [access level]
+            # [google.identity.accesscontextmanager.v1.AccessLevel] propagate
+            # to long-lasting storage. If [access levels]
+            # [google.identity.accesscontextmanager.v1.AccessLevel] contain
+            # errors, an error response is returned for the first error encountered.
             rpc :UpdateAccessLevel, ::Google::Identity::AccessContextManager::V1::UpdateAccessLevelRequest, ::Google::Longrunning::Operation
-            # Delete an [Access Level]
-            # [google.identity.accesscontextmanager.v1.AccessLevel] by resource
-            # name. The longrunning operation from this RPC will have a successful status
-            # once the [Access Level]
+            # Deletes an [access level]
+            # [google.identity.accesscontextmanager.v1.AccessLevel] based on the resource
+            # name. The long-running operation from this RPC has a successful status
+            # after the [access level]
             # [google.identity.accesscontextmanager.v1.AccessLevel] has been removed
             # from long-lasting storage.
             rpc :DeleteAccessLevel, ::Google::Identity::AccessContextManager::V1::DeleteAccessLevelRequest, ::Google::Longrunning::Operation
-            # Replace all existing [Access Levels]
-            # [google.identity.accesscontextmanager.v1.AccessLevel] in an [Access
-            # Policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with
-            # the [Access Levels]
+            # Replaces all existing [access levels]
+            # [google.identity.accesscontextmanager.v1.AccessLevel] in an [access
+            # policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with
+            # the [access levels]
             # [google.identity.accesscontextmanager.v1.AccessLevel] provided. This
-            # is done atomically. The longrunning operation from this RPC will have a
-            # successful status once all replacements have propagated to long-lasting
-            # storage. Replacements containing errors will result in an error response
-            # for the first error encountered.  Replacement will be cancelled on error,
-            # existing [Access Levels]
-            # [google.identity.accesscontextmanager.v1.AccessLevel] will not be
-            # affected. Operation.response field will contain
-            # ReplaceAccessLevelsResponse. Removing [Access Levels]
+            # is done atomically. The long-running operation from this RPC has a
+            # successful status after all replacements propagate to long-lasting
+            # storage. If the replacement contains errors, an error response is returned
+            # for the first error encountered.  Upon error, the replacement is cancelled,
+            # and existing [access levels]
+            # [google.identity.accesscontextmanager.v1.AccessLevel] are not
+            # affected. The Operation.response field contains
+            # ReplaceAccessLevelsResponse. Removing [access levels]
             # [google.identity.accesscontextmanager.v1.AccessLevel] contained in existing
-            # [Service Perimeters]
-            # [google.identity.accesscontextmanager.v1.ServicePerimeter] will result in
+            # [service perimeters]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter] result in an
             # error.
             rpc :ReplaceAccessLevels, ::Google::Identity::AccessContextManager::V1::ReplaceAccessLevelsRequest, ::Google::Longrunning::Operation
-            # List all [Service Perimeters]
+            # Lists all [service perimeters]
             # [google.identity.accesscontextmanager.v1.ServicePerimeter] for an
             # access policy.
             rpc :ListServicePerimeters, ::Google::Identity::AccessContextManager::V1::ListServicePerimetersRequest, ::Google::Identity::AccessContextManager::V1::ListServicePerimetersResponse
-            # Get a [Service Perimeter]
-            # [google.identity.accesscontextmanager.v1.ServicePerimeter] by resource
-            # name.
+            # Gets a [service perimeter]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter] based on the
+            # resource name.
             rpc :GetServicePerimeter, ::Google::Identity::AccessContextManager::V1::GetServicePerimeterRequest, ::Google::Identity::AccessContextManager::V1::ServicePerimeter
-            # Create a [Service Perimeter]
+            # Creates a [service perimeter]
             # [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
-            # longrunning operation from this RPC will have a successful status once the
-            # [Service Perimeter]
-            # [google.identity.accesscontextmanager.v1.ServicePerimeter] has
-            # propagated to long-lasting storage. [Service Perimeters]
-            # [google.identity.accesscontextmanager.v1.ServicePerimeter] containing
-            # errors will result in an error response for the first error encountered.
+            # long-running operation from this RPC has a successful status after the
+            # [service perimeter]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter]
+            # propagates to long-lasting storage. If a [service perimeter]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter] contains
+            # errors, an error response is returned for the first error encountered.
             rpc :CreateServicePerimeter, ::Google::Identity::AccessContextManager::V1::CreateServicePerimeterRequest, ::Google::Longrunning::Operation
-            # Update a [Service Perimeter]
+            # Updates a [service perimeter]
             # [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
-            # longrunning operation from this RPC will have a successful status once the
-            # changes to the [Service Perimeter]
-            # [google.identity.accesscontextmanager.v1.ServicePerimeter] have
-            # propagated to long-lasting storage. [Service Perimeter]
-            # [google.identity.accesscontextmanager.v1.ServicePerimeter] containing
-            # errors will result in an error response for the first error encountered.
+            # long-running operation from this RPC has a successful status after the
+            # [service perimeter]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter]
+            # propagates to long-lasting storage. If a [service perimeter]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter] contains
+            # errors, an error response is returned for the first error encountered.
             rpc :UpdateServicePerimeter, ::Google::Identity::AccessContextManager::V1::UpdateServicePerimeterRequest, ::Google::Longrunning::Operation
-            # Delete a [Service Perimeter]
-            # [google.identity.accesscontextmanager.v1.ServicePerimeter] by resource
-            # name. The longrunning operation from this RPC will have a successful status
-            # once the [Service Perimeter]
-            # [google.identity.accesscontextmanager.v1.ServicePerimeter] has been
-            # removed from long-lasting storage.
+            # Deletes a [service perimeter]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter] based on the
+            # resource name. The long-running operation from this RPC has a successful
+            # status after the [service perimeter]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter] is removed from
+            # long-lasting storage.
             rpc :DeleteServicePerimeter, ::Google::Identity::AccessContextManager::V1::DeleteServicePerimeterRequest, ::Google::Longrunning::Operation
-            # Replace all existing [Service Perimeters]
-            # [google.identity.accesscontextmanager.v1.ServicePerimeter] in an
-            # [Access Policy] [google.identity.accesscontextmanager.v1.AccessPolicy]
-            # with the [Service Perimeters]
-            # [google.identity.accesscontextmanager.v1.ServicePerimeter] provided.
-            # This is done atomically. The longrunning operation from this
-            # RPC will have a successful status once all replacements have propagated to
-            # long-lasting storage. Replacements containing errors will result in an
-            # error response for the first error encountered. Replacement will be
-            # cancelled on error, existing [Service Perimeters]
-            # [google.identity.accesscontextmanager.v1.ServicePerimeter] will not be
-            # affected. Operation.response field will contain
+            # Replace all existing [service perimeters]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter] in an [access
+            # policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with the
+            # [service perimeters]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter] provided. This
+            # is done atomically. The long-running operation from this RPC has a
+            # successful status after all replacements propagate to long-lasting storage.
+            # Replacements containing errors result in an error response for the first
+            # error encountered. Upon an error, replacement are cancelled and existing
+            # [service perimeters]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter] are not
+            # affected. The Operation.response field contains
             # ReplaceServicePerimetersResponse.
             rpc :ReplaceServicePerimeters, ::Google::Identity::AccessContextManager::V1::ReplaceServicePerimetersRequest, ::Google::Longrunning::Operation
-            # Commit the dry-run spec for all the [Service Perimeters]
+            # Commits the dry-run specification for all the [service perimeters]
             # [google.identity.accesscontextmanager.v1.ServicePerimeter] in an
-            # [Access Policy][google.identity.accesscontextmanager.v1.AccessPolicy].
-            # A commit operation on a Service Perimeter involves copying its `spec` field
-            # to that Service Perimeter's `status` field. Only [Service Perimeters]
+            # [access policy][google.identity.accesscontextmanager.v1.AccessPolicy].
+            # A commit operation on a service perimeter involves copying its `spec` field
+            # to the `status` field of the service perimeter. Only [service perimeters]
             # [google.identity.accesscontextmanager.v1.ServicePerimeter] with
             # `use_explicit_dry_run_spec` field set to true are affected by a commit
-            # operation. The longrunning operation from this RPC will have a successful
-            # status once the dry-run specs for all the [Service Perimeters]
+            # operation. The long-running operation from this RPC has a successful
+            # status after the dry-run specifications for all the [service perimeters]
             # [google.identity.accesscontextmanager.v1.ServicePerimeter] have been
-            # committed. If a commit fails, it will cause the longrunning operation to
-            # return an error response and the entire commit operation will be cancelled.
-            # When successful, Operation.response field will contain
-            # CommitServicePerimetersResponse. The `dry_run` and the `spec` fields will
-            # be cleared after a successful commit operation.
+            # committed. If a commit fails, it causes the long-running operation to
+            # return an error response and the entire commit operation is cancelled.
+            # When successful, the Operation.response field contains
+            # CommitServicePerimetersResponse. The `dry_run` and the `spec` fields are
+            # cleared after a successful commit operation.
             rpc :CommitServicePerimeters, ::Google::Identity::AccessContextManager::V1::CommitServicePerimetersRequest, ::Google::Longrunning::Operation
             # Lists all [GcpUserAccessBindings]
             # [google.identity.accesscontextmanager.v1.GcpUserAccessBinding] for a
@@ -195,7 +194,7 @@ module Google
             # [google.identity.accesscontextmanager.v1.GcpUserAccessBinding]. If the
             # client specifies a [name]
             # [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.name],
-            # the server will ignore it. Fails if a resource already exists with the same
+            # the server ignores it. Fails if a resource already exists with the same
             # [group_key]
             # [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.group_key].
             # Completion of this long-running operation does not necessarily signify that
@@ -214,6 +213,23 @@ module Google
             # the binding deletion is deployed onto all affected users, which may take
             # more time.
             rpc :DeleteGcpUserAccessBinding, ::Google::Identity::AccessContextManager::V1::DeleteGcpUserAccessBindingRequest, ::Google::Longrunning::Operation
+            # Sets the IAM policy for the specified Access Context Manager
+            # [access policy][google.identity.accesscontextmanager.v1.AccessPolicy].
+            # This method replaces the existing IAM policy on the access policy. The IAM
+            # policy controls the set of users who can perform specific operations on the
+            # Access Context Manager [access
+            # policy][google.identity.accesscontextmanager.v1.AccessPolicy].
+            rpc :SetIamPolicy, ::Google::Iam::V1::SetIamPolicyRequest, ::Google::Iam::V1::Policy
+            # Gets the IAM policy for the specified Access Context Manager
+            # [access policy][google.identity.accesscontextmanager.v1.AccessPolicy].
+            rpc :GetIamPolicy, ::Google::Iam::V1::GetIamPolicyRequest, ::Google::Iam::V1::Policy
+            # Returns the IAM permissions that the caller has on the specified Access
+            # Context Manager resource. The resource can be an
+            # [AccessPolicy][google.identity.accesscontextmanager.v1.AccessPolicy],
+            # [AccessLevel][google.identity.accesscontextmanager.v1.AccessLevel], or
+            # [ServicePerimeter][google.identity.accesscontextmanager.v1.ServicePerimeter
+            # ]. This method does not support other resources.
+            rpc :TestIamPermissions, ::Google::Iam::V1::TestIamPermissionsRequest, ::Google::Iam::V1::TestIamPermissionsResponse
           end
 
           Stub = Service.rpc_stub_class

data/lib/google/identity/accesscontextmanager/v1/access_level_pb.rb

@@ -1,12 +1,12 @@
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: google/identity/accesscontextmanager/v1/access_level.proto
 
+require 'google/protobuf'
+
 require 'google/api/resource_pb'
 require 'google/identity/accesscontextmanager/type/device_resources_pb'
 require 'google/protobuf/timestamp_pb'
 require 'google/type/expr_pb'
-require 'google/api/annotations_pb'
-require 'google/protobuf'
 
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("google/identity/accesscontextmanager/v1/access_level.proto", :syntax => :proto3) do

data/lib/google/identity/accesscontextmanager/v1/access_policy_pb.rb

@@ -1,10 +1,10 @@
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: google/identity/accesscontextmanager/v1/access_policy.proto
 
+require 'google/protobuf'
+
 require 'google/api/resource_pb'
 require 'google/protobuf/timestamp_pb'
-require 'google/api/annotations_pb'
-require 'google/protobuf'
 
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("google/identity/accesscontextmanager/v1/access_policy.proto", :syntax => :proto3) do
@@ -12,6 +12,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :name, :string, 1
       optional :parent, :string, 2
       optional :title, :string, 3
+      repeated :scopes, :string, 7
       optional :create_time, :message, 4, "google.protobuf.Timestamp"
       optional :update_time, :message, 5, "google.protobuf.Timestamp"
       optional :etag, :string, 6

data/lib/google/identity/accesscontextmanager/v1/gcp_user_access_binding_pb.rb

@@ -1,10 +1,10 @@
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: google/identity/accesscontextmanager/v1/gcp_user_access_binding.proto
 
+require 'google/protobuf'
+
 require 'google/api/field_behavior_pb'
 require 'google/api/resource_pb'
-require 'google/api/annotations_pb'
-require 'google/protobuf'
 
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("google/identity/accesscontextmanager/v1/gcp_user_access_binding.proto", :syntax => :proto3) do

data/lib/google/identity/accesscontextmanager/v1/service_perimeter_pb.rb

@@ -1,10 +1,10 @@
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: google/identity/accesscontextmanager/v1/service_perimeter.proto
 
+require 'google/protobuf'
+
 require 'google/api/resource_pb'
 require 'google/protobuf/timestamp_pb'
-require 'google/api/annotations_pb'
-require 'google/protobuf'
 
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("google/identity/accesscontextmanager/v1/service_perimeter.proto", :syntax => :proto3) do
@@ -51,10 +51,6 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
         optional :resource, :string, 2
       end
     end
-    add_message "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo" do
-      repeated :resources, :string, 1
-      repeated :operations, :message, 2, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation"
-    end
     add_message "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom" do
       repeated :sources, :message, 1, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource"
       repeated :identities, :string, 2
@@ -68,14 +64,19 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :ingress_from, :message, 1, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom"
       optional :ingress_to, :message, 2, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo"
     end
-    add_message "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy" do
-      optional :egress_from, :message, 1, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom"
-      optional :egress_to, :message, 2, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo"
-    end
     add_message "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom" do
       repeated :identities, :string, 1
       optional :identity_type, :enum, 2, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType"
     end
+    add_message "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo" do
+      repeated :resources, :string, 1
+      repeated :operations, :message, 2, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation"
+      repeated :external_resources, :string, 3
+    end
+    add_message "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy" do
+      optional :egress_from, :message, 1, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom"
+      optional :egress_to, :message, 2, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo"
+    end
     add_enum "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType" do
       value :IDENTITY_TYPE_UNSPECIFIED, 0
       value :ANY_IDENTITY, 1
@@ -96,12 +97,12 @@ module Google
         ServicePerimeterConfig::MethodSelector = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector").msgclass
         ServicePerimeterConfig::ApiOperation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation").msgclass
         ServicePerimeterConfig::IngressSource = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource").msgclass
-        ServicePerimeterConfig::EgressTo = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo").msgclass
         ServicePerimeterConfig::IngressFrom = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom").msgclass
         ServicePerimeterConfig::IngressTo = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo").msgclass
         ServicePerimeterConfig::IngressPolicy = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy").msgclass
-        ServicePerimeterConfig::EgressPolicy = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy").msgclass
         ServicePerimeterConfig::EgressFrom = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom").msgclass
+        ServicePerimeterConfig::EgressTo = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo").msgclass
+        ServicePerimeterConfig::EgressPolicy = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy").msgclass
         ServicePerimeterConfig::IdentityType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType").enummodule
       end
     end

data/proto_docs/google/iam/v1/iam_policy.rb

@@ -0,0 +1,87 @@
+# frozen_string_literal: true
+
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Iam
+    module V1
+      # Request message for `SetIamPolicy` method.
+      # @!attribute [rw] resource
+      #   @return [::String]
+      #     REQUIRED: The resource for which the policy is being specified.
+      #     See the operation documentation for the appropriate value for this field.
+      # @!attribute [rw] policy
+      #   @return [::Google::Iam::V1::Policy]
+      #     REQUIRED: The complete policy to be applied to the `resource`. The size of
+      #     the policy is limited to a few 10s of KB. An empty policy is a
+      #     valid policy but certain Cloud Platform services (such as Projects)
+      #     might reject them.
+      # @!attribute [rw] update_mask
+      #   @return [::Google::Protobuf::FieldMask]
+      #     OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
+      #     the fields in the mask will be modified. If no mask is provided, the
+      #     following default mask is used:
+      #
+      #     `paths: "bindings, etag"`
+      class SetIamPolicyRequest
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+
+      # Request message for `GetIamPolicy` method.
+      # @!attribute [rw] resource
+      #   @return [::String]
+      #     REQUIRED: The resource for which the policy is being requested.
+      #     See the operation documentation for the appropriate value for this field.
+      # @!attribute [rw] options
+      #   @return [::Google::Iam::V1::GetPolicyOptions]
+      #     OPTIONAL: A `GetPolicyOptions` object for specifying options to
+      #     `GetIamPolicy`.
+      class GetIamPolicyRequest
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+
+      # Request message for `TestIamPermissions` method.
+      # @!attribute [rw] resource
+      #   @return [::String]
+      #     REQUIRED: The resource for which the policy detail is being requested.
+      #     See the operation documentation for the appropriate value for this field.
+      # @!attribute [rw] permissions
+      #   @return [::Array<::String>]
+      #     The set of permissions to check for the `resource`. Permissions with
+      #     wildcards (such as '*' or 'storage.*') are not allowed. For more
+      #     information see
+      #     [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
+      class TestIamPermissionsRequest
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+
+      # Response message for `TestIamPermissions` method.
+      # @!attribute [rw] permissions
+      #   @return [::Array<::String>]
+      #     A subset of `TestPermissionsRequest.permissions` that the caller is
+      #     allowed.
+      class TestIamPermissionsResponse
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+    end
+  end
+end