google-identity-access_context_manager-v1 0.2.0 → 0.4.0

data/lib/google/identity/access_context_manager/v1/access_context_manager/rest.rb

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+require "gapic/rest"
+require "gapic/config"
+require "gapic/config/method"
+
+require "google/identity/access_context_manager/v1/version"
+
+require "google/identity/access_context_manager/v1/access_context_manager/credentials"
+require "google/identity/access_context_manager/v1/access_context_manager/paths"
+require "google/identity/access_context_manager/v1/access_context_manager/rest/operations"
+require "google/identity/access_context_manager/v1/access_context_manager/rest/client"
+
+module Google
+  module Identity
+    module AccessContextManager
+      module V1
+        ##
+        # API for setting [access levels]
+        # [google.identity.accesscontextmanager.v1.AccessLevel] and [service
+        # perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]
+        # for Google Cloud projects. Each organization has one [access policy]
+        # [google.identity.accesscontextmanager.v1.AccessPolicy] that contains the
+        # [access levels] [google.identity.accesscontextmanager.v1.AccessLevel]
+        # and [service perimeters]
+        # [google.identity.accesscontextmanager.v1.ServicePerimeter]. This
+        # [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] is
+        # applicable to all resources in the organization.
+        # AccessPolicies
+        #
+        # To load this service and instantiate a REST client:
+        #
+        #     require "google/identity/access_context_manager/v1/access_context_manager/rest"
+        #     client = ::Google::Identity::AccessContextManager::V1::AccessContextManager::Rest::Client.new
+        #
+        module AccessContextManager
+          # Client for the REST transport
+          module Rest
+          end
+        end
+      end
+    end
+  end
+end
+
+helper_path = ::File.join __dir__, "rest", "helpers.rb"
+require "google/identity/access_context_manager/v1/access_context_manager/rest/helpers" if ::File.file? helper_path

data/lib/google/identity/access_context_manager/v1/access_context_manager.rb

@@ -26,29 +26,35 @@ require "google/identity/access_context_manager/v1/access_context_manager/creden
 require "google/identity/access_context_manager/v1/access_context_manager/paths"
 require "google/identity/access_context_manager/v1/access_context_manager/operations"
 require "google/identity/access_context_manager/v1/access_context_manager/client"
+require "google/identity/access_context_manager/v1/access_context_manager/rest"
 
 module Google
   module Identity
     module AccessContextManager
       module V1
         ##
-        # API for setting [Access Levels]
-        # [google.identity.accesscontextmanager.v1.AccessLevel] and [Service
-        # Perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]
-        # for Google Cloud Projects. Each organization has one [AccessPolicy]
-        # [google.identity.accesscontextmanager.v1.AccessPolicy] containing the
-        # [Access Levels] [google.identity.accesscontextmanager.v1.AccessLevel]
-        # and [Service Perimeters]
+        # API for setting [access levels]
+        # [google.identity.accesscontextmanager.v1.AccessLevel] and [service
+        # perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]
+        # for Google Cloud projects. Each organization has one [access policy]
+        # [google.identity.accesscontextmanager.v1.AccessPolicy] that contains the
+        # [access levels] [google.identity.accesscontextmanager.v1.AccessLevel]
+        # and [service perimeters]
         # [google.identity.accesscontextmanager.v1.ServicePerimeter]. This
-        # [AccessPolicy] [google.identity.accesscontextmanager.v1.AccessPolicy] is
+        # [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] is
         # applicable to all resources in the organization.
         # AccessPolicies
         #
-        # To load this service and instantiate a client:
+        # @example Load this service and instantiate a gRPC client
         #
         #     require "google/identity/access_context_manager/v1/access_context_manager"
         #     client = ::Google::Identity::AccessContextManager::V1::AccessContextManager::Client.new
         #
+        # @example Load this service and instantiate a REST client
+        #
+        #     require "google/identity/access_context_manager/v1/access_context_manager/rest"
+        #     client = ::Google::Identity::AccessContextManager::V1::AccessContextManager::Rest::Client.new
+        #
         module AccessContextManager
         end
       end

data/lib/google/identity/access_context_manager/v1/rest.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+require "google/identity/access_context_manager/v1/access_context_manager/rest"
+require "google/identity/access_context_manager/v1/version"
+
+module Google
+  module Identity
+    module AccessContextManager
+      ##
+      # To load just the REST part of this package, including all its services, and instantiate a REST client:
+      #
+      # @example
+      #
+      #     require "google/identity/access_context_manager/v1/rest"
+      #     client = ::Google::Identity::AccessContextManager::V1::AccessContextManager::Rest::Client.new
+      #
+      module V1
+      end
+    end
+  end
+end

data/lib/google/identity/access_context_manager/v1/version.rb

@@ -21,7 +21,7 @@ module Google
   module Identity
     module AccessContextManager
       module V1
-        VERSION = "0.2.0"
+        VERSION = "0.4.0"
       end
     end
   end

data/lib/google/identity/access_context_manager/v1.rb

@@ -23,13 +23,18 @@ module Google
   module Identity
     module AccessContextManager
       ##
-      # To load this package, including all its services, and instantiate a client:
+      # API client module.
       #
-      # @example
+      # @example Load this package, including all its services, and instantiate a gRPC client
       #
       #     require "google/identity/access_context_manager/v1"
       #     client = ::Google::Identity::AccessContextManager::V1::AccessContextManager::Client.new
       #
+      # @example Load this package, including all its services, and instantiate a REST client
+      #
+      #     require "google/identity/access_context_manager/v1"
+      #     client = ::Google::Identity::AccessContextManager::V1::AccessContextManager::Rest::Client.new
+      #
       module V1
       end
     end

data/lib/google/identity/accesscontextmanager/v1/access_context_manager_pb.rb

@@ -7,6 +7,8 @@ require 'google/api/annotations_pb'
 require 'google/api/client_pb'
 require 'google/api/field_behavior_pb'
 require 'google/api/resource_pb'
+require 'google/iam/v1/iam_policy_pb'
+require 'google/iam/v1/policy_pb'
 require 'google/identity/accesscontextmanager/v1/access_level_pb'
 require 'google/identity/accesscontextmanager/v1/access_policy_pb'
 require 'google/identity/accesscontextmanager/v1/gcp_user_access_binding_pb'

data/lib/google/identity/accesscontextmanager/v1/access_context_manager_services_pb.rb

@@ -24,15 +24,15 @@ module Google
     module AccessContextManager
       module V1
         module AccessContextManager
-          # API for setting [Access Levels]
-          # [google.identity.accesscontextmanager.v1.AccessLevel] and [Service
-          # Perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]
-          # for Google Cloud Projects. Each organization has one [AccessPolicy]
-          # [google.identity.accesscontextmanager.v1.AccessPolicy] containing the
-          # [Access Levels] [google.identity.accesscontextmanager.v1.AccessLevel]
-          # and [Service Perimeters]
+          # API for setting [access levels]
+          # [google.identity.accesscontextmanager.v1.AccessLevel] and [service
+          # perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]
+          # for Google Cloud projects. Each organization has one [access policy]
+          # [google.identity.accesscontextmanager.v1.AccessPolicy] that contains the
+          # [access levels] [google.identity.accesscontextmanager.v1.AccessLevel]
+          # and [service perimeters]
           # [google.identity.accesscontextmanager.v1.ServicePerimeter]. This
-          # [AccessPolicy] [google.identity.accesscontextmanager.v1.AccessPolicy] is
+          # [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] is
           # applicable to all resources in the organization.
           # AccessPolicies
           class Service
@@ -43,145 +43,144 @@ module Google
             self.unmarshal_class_method = :decode
             self.service_name = 'google.identity.accesscontextmanager.v1.AccessContextManager'
 
-            # List all [AccessPolicies]
-            # [google.identity.accesscontextmanager.v1.AccessPolicy] under a
-            # container.
+            # Lists all [access policies]
+            # [google.identity.accesscontextmanager.v1.AccessPolicy] in an
+            # organization.
             rpc :ListAccessPolicies, ::Google::Identity::AccessContextManager::V1::ListAccessPoliciesRequest, ::Google::Identity::AccessContextManager::V1::ListAccessPoliciesResponse
-            # Get an [AccessPolicy]
-            # [google.identity.accesscontextmanager.v1.AccessPolicy] by name.
+            # Returns an [access policy]
+            # [google.identity.accesscontextmanager.v1.AccessPolicy] based on the name.
             rpc :GetAccessPolicy, ::Google::Identity::AccessContextManager::V1::GetAccessPolicyRequest, ::Google::Identity::AccessContextManager::V1::AccessPolicy
-            # Create an `AccessPolicy`. Fails if this organization already has a
-            # `AccessPolicy`. The longrunning Operation will have a successful status
-            # once the `AccessPolicy` has propagated to long-lasting storage.
-            # Syntactic and basic semantic errors will be returned in `metadata` as a
+            # Creates an access policy. This method fails if the organization already has
+            # an access policy. The long-running operation has a successful status
+            # after the access policy propagates to long-lasting storage.
+            # Syntactic and basic semantic errors are returned in `metadata` as a
             # BadRequest proto.
             rpc :CreateAccessPolicy, ::Google::Identity::AccessContextManager::V1::AccessPolicy, ::Google::Longrunning::Operation
-            # Update an [AccessPolicy]
+            # Updates an [access policy]
             # [google.identity.accesscontextmanager.v1.AccessPolicy]. The
-            # longrunning Operation from this RPC will have a successful status once the
-            # changes to the [AccessPolicy]
-            # [google.identity.accesscontextmanager.v1.AccessPolicy] have propagated
-            # to long-lasting storage. Syntactic and basic semantic errors will be
-            # returned in `metadata` as a BadRequest proto.
+            # long-running operation from this RPC has a successful status after the
+            # changes to the [access policy]
+            # [google.identity.accesscontextmanager.v1.AccessPolicy] propagate
+            # to long-lasting storage.
             rpc :UpdateAccessPolicy, ::Google::Identity::AccessContextManager::V1::UpdateAccessPolicyRequest, ::Google::Longrunning::Operation
-            # Delete an [AccessPolicy]
-            # [google.identity.accesscontextmanager.v1.AccessPolicy] by resource
-            # name. The longrunning Operation will have a successful status once the
-            # [AccessPolicy] [google.identity.accesscontextmanager.v1.AccessPolicy]
-            # has been removed from long-lasting storage.
+            # Deletes an [access policy]
+            # [google.identity.accesscontextmanager.v1.AccessPolicy] based on the
+            # resource name. The long-running operation has a successful status after the
+            # [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy]
+            # is removed from long-lasting storage.
             rpc :DeleteAccessPolicy, ::Google::Identity::AccessContextManager::V1::DeleteAccessPolicyRequest, ::Google::Longrunning::Operation
-            # List all [Access Levels]
+            # Lists all [access levels]
             # [google.identity.accesscontextmanager.v1.AccessLevel] for an access
             # policy.
             rpc :ListAccessLevels, ::Google::Identity::AccessContextManager::V1::ListAccessLevelsRequest, ::Google::Identity::AccessContextManager::V1::ListAccessLevelsResponse
-            # Get an [Access Level]
-            # [google.identity.accesscontextmanager.v1.AccessLevel] by resource
+            # Gets an [access level]
+            # [google.identity.accesscontextmanager.v1.AccessLevel] based on the resource
             # name.
             rpc :GetAccessLevel, ::Google::Identity::AccessContextManager::V1::GetAccessLevelRequest, ::Google::Identity::AccessContextManager::V1::AccessLevel
-            # Create an [Access Level]
-            # [google.identity.accesscontextmanager.v1.AccessLevel]. The longrunning
-            # operation from this RPC will have a successful status once the [Access
-            # Level] [google.identity.accesscontextmanager.v1.AccessLevel] has
-            # propagated to long-lasting storage. [Access Levels]
-            # [google.identity.accesscontextmanager.v1.AccessLevel] containing
-            # errors will result in an error response for the first error encountered.
+            # Creates an [access level]
+            # [google.identity.accesscontextmanager.v1.AccessLevel]. The long-running
+            # operation from this RPC has a successful status after the [access
+            # level] [google.identity.accesscontextmanager.v1.AccessLevel]
+            # propagates to long-lasting storage. If [access levels]
+            # [google.identity.accesscontextmanager.v1.AccessLevel] contain
+            # errors, an error response is returned for the first error encountered.
             rpc :CreateAccessLevel, ::Google::Identity::AccessContextManager::V1::CreateAccessLevelRequest, ::Google::Longrunning::Operation
-            # Update an [Access Level]
-            # [google.identity.accesscontextmanager.v1.AccessLevel]. The longrunning
-            # operation from this RPC will have a successful status once the changes to
-            # the [Access Level]
-            # [google.identity.accesscontextmanager.v1.AccessLevel] have propagated
-            # to long-lasting storage. [Access Levels]
-            # [google.identity.accesscontextmanager.v1.AccessLevel] containing
-            # errors will result in an error response for the first error encountered.
+            # Updates an [access level]
+            # [google.identity.accesscontextmanager.v1.AccessLevel]. The long-running
+            # operation from this RPC has a successful status after the changes to
+            # the [access level]
+            # [google.identity.accesscontextmanager.v1.AccessLevel] propagate
+            # to long-lasting storage. If [access levels]
+            # [google.identity.accesscontextmanager.v1.AccessLevel] contain
+            # errors, an error response is returned for the first error encountered.
             rpc :UpdateAccessLevel, ::Google::Identity::AccessContextManager::V1::UpdateAccessLevelRequest, ::Google::Longrunning::Operation
-            # Delete an [Access Level]
-            # [google.identity.accesscontextmanager.v1.AccessLevel] by resource
-            # name. The longrunning operation from this RPC will have a successful status
-            # once the [Access Level]
+            # Deletes an [access level]
+            # [google.identity.accesscontextmanager.v1.AccessLevel] based on the resource
+            # name. The long-running operation from this RPC has a successful status
+            # after the [access level]
             # [google.identity.accesscontextmanager.v1.AccessLevel] has been removed
             # from long-lasting storage.
             rpc :DeleteAccessLevel, ::Google::Identity::AccessContextManager::V1::DeleteAccessLevelRequest, ::Google::Longrunning::Operation
-            # Replace all existing [Access Levels]
-            # [google.identity.accesscontextmanager.v1.AccessLevel] in an [Access
-            # Policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with
-            # the [Access Levels]
+            # Replaces all existing [access levels]
+            # [google.identity.accesscontextmanager.v1.AccessLevel] in an [access
+            # policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with
+            # the [access levels]
             # [google.identity.accesscontextmanager.v1.AccessLevel] provided. This
-            # is done atomically. The longrunning operation from this RPC will have a
-            # successful status once all replacements have propagated to long-lasting
-            # storage. Replacements containing errors will result in an error response
-            # for the first error encountered.  Replacement will be cancelled on error,
-            # existing [Access Levels]
-            # [google.identity.accesscontextmanager.v1.AccessLevel] will not be
-            # affected. Operation.response field will contain
-            # ReplaceAccessLevelsResponse. Removing [Access Levels]
+            # is done atomically. The long-running operation from this RPC has a
+            # successful status after all replacements propagate to long-lasting
+            # storage. If the replacement contains errors, an error response is returned
+            # for the first error encountered.  Upon error, the replacement is cancelled,
+            # and existing [access levels]
+            # [google.identity.accesscontextmanager.v1.AccessLevel] are not
+            # affected. The Operation.response field contains
+            # ReplaceAccessLevelsResponse. Removing [access levels]
             # [google.identity.accesscontextmanager.v1.AccessLevel] contained in existing
-            # [Service Perimeters]
-            # [google.identity.accesscontextmanager.v1.ServicePerimeter] will result in
+            # [service perimeters]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter] result in an
             # error.
             rpc :ReplaceAccessLevels, ::Google::Identity::AccessContextManager::V1::ReplaceAccessLevelsRequest, ::Google::Longrunning::Operation
-            # List all [Service Perimeters]
+            # Lists all [service perimeters]
             # [google.identity.accesscontextmanager.v1.ServicePerimeter] for an
             # access policy.
             rpc :ListServicePerimeters, ::Google::Identity::AccessContextManager::V1::ListServicePerimetersRequest, ::Google::Identity::AccessContextManager::V1::ListServicePerimetersResponse
-            # Get a [Service Perimeter]
-            # [google.identity.accesscontextmanager.v1.ServicePerimeter] by resource
-            # name.
+            # Gets a [service perimeter]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter] based on the
+            # resource name.
             rpc :GetServicePerimeter, ::Google::Identity::AccessContextManager::V1::GetServicePerimeterRequest, ::Google::Identity::AccessContextManager::V1::ServicePerimeter
-            # Create a [Service Perimeter]
+            # Creates a [service perimeter]
             # [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
-            # longrunning operation from this RPC will have a successful status once the
-            # [Service Perimeter]
-            # [google.identity.accesscontextmanager.v1.ServicePerimeter] has
-            # propagated to long-lasting storage. [Service Perimeters]
-            # [google.identity.accesscontextmanager.v1.ServicePerimeter] containing
-            # errors will result in an error response for the first error encountered.
+            # long-running operation from this RPC has a successful status after the
+            # [service perimeter]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter]
+            # propagates to long-lasting storage. If a [service perimeter]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter] contains
+            # errors, an error response is returned for the first error encountered.
             rpc :CreateServicePerimeter, ::Google::Identity::AccessContextManager::V1::CreateServicePerimeterRequest, ::Google::Longrunning::Operation
-            # Update a [Service Perimeter]
+            # Updates a [service perimeter]
             # [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
-            # longrunning operation from this RPC will have a successful status once the
-            # changes to the [Service Perimeter]
-            # [google.identity.accesscontextmanager.v1.ServicePerimeter] have
-            # propagated to long-lasting storage. [Service Perimeter]
-            # [google.identity.accesscontextmanager.v1.ServicePerimeter] containing
-            # errors will result in an error response for the first error encountered.
+            # long-running operation from this RPC has a successful status after the
+            # [service perimeter]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter]
+            # propagates to long-lasting storage. If a [service perimeter]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter] contains
+            # errors, an error response is returned for the first error encountered.
             rpc :UpdateServicePerimeter, ::Google::Identity::AccessContextManager::V1::UpdateServicePerimeterRequest, ::Google::Longrunning::Operation
-            # Delete a [Service Perimeter]
-            # [google.identity.accesscontextmanager.v1.ServicePerimeter] by resource
-            # name. The longrunning operation from this RPC will have a successful status
-            # once the [Service Perimeter]
-            # [google.identity.accesscontextmanager.v1.ServicePerimeter] has been
-            # removed from long-lasting storage.
+            # Deletes a [service perimeter]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter] based on the
+            # resource name. The long-running operation from this RPC has a successful
+            # status after the [service perimeter]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter] is removed from
+            # long-lasting storage.
             rpc :DeleteServicePerimeter, ::Google::Identity::AccessContextManager::V1::DeleteServicePerimeterRequest, ::Google::Longrunning::Operation
-            # Replace all existing [Service Perimeters]
-            # [google.identity.accesscontextmanager.v1.ServicePerimeter] in an
-            # [Access Policy] [google.identity.accesscontextmanager.v1.AccessPolicy]
-            # with the [Service Perimeters]
-            # [google.identity.accesscontextmanager.v1.ServicePerimeter] provided.
-            # This is done atomically. The longrunning operation from this
-            # RPC will have a successful status once all replacements have propagated to
-            # long-lasting storage. Replacements containing errors will result in an
-            # error response for the first error encountered. Replacement will be
-            # cancelled on error, existing [Service Perimeters]
-            # [google.identity.accesscontextmanager.v1.ServicePerimeter] will not be
-            # affected. Operation.response field will contain
+            # Replace all existing [service perimeters]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter] in an [access
+            # policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with the
+            # [service perimeters]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter] provided. This
+            # is done atomically. The long-running operation from this RPC has a
+            # successful status after all replacements propagate to long-lasting storage.
+            # Replacements containing errors result in an error response for the first
+            # error encountered. Upon an error, replacement are cancelled and existing
+            # [service perimeters]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter] are not
+            # affected. The Operation.response field contains
             # ReplaceServicePerimetersResponse.
             rpc :ReplaceServicePerimeters, ::Google::Identity::AccessContextManager::V1::ReplaceServicePerimetersRequest, ::Google::Longrunning::Operation
-            # Commit the dry-run spec for all the [Service Perimeters]
+            # Commits the dry-run specification for all the [service perimeters]
             # [google.identity.accesscontextmanager.v1.ServicePerimeter] in an
-            # [Access Policy][google.identity.accesscontextmanager.v1.AccessPolicy].
-            # A commit operation on a Service Perimeter involves copying its `spec` field
-            # to that Service Perimeter's `status` field. Only [Service Perimeters]
+            # [access policy][google.identity.accesscontextmanager.v1.AccessPolicy].
+            # A commit operation on a service perimeter involves copying its `spec` field
+            # to the `status` field of the service perimeter. Only [service perimeters]
             # [google.identity.accesscontextmanager.v1.ServicePerimeter] with
             # `use_explicit_dry_run_spec` field set to true are affected by a commit
-            # operation. The longrunning operation from this RPC will have a successful
-            # status once the dry-run specs for all the [Service Perimeters]
+            # operation. The long-running operation from this RPC has a successful
+            # status after the dry-run specifications for all the [service perimeters]
             # [google.identity.accesscontextmanager.v1.ServicePerimeter] have been
-            # committed. If a commit fails, it will cause the longrunning operation to
-            # return an error response and the entire commit operation will be cancelled.
-            # When successful, Operation.response field will contain
-            # CommitServicePerimetersResponse. The `dry_run` and the `spec` fields will
-            # be cleared after a successful commit operation.
+            # committed. If a commit fails, it causes the long-running operation to
+            # return an error response and the entire commit operation is cancelled.
+            # When successful, the Operation.response field contains
+            # CommitServicePerimetersResponse. The `dry_run` and the `spec` fields are
+            # cleared after a successful commit operation.
             rpc :CommitServicePerimeters, ::Google::Identity::AccessContextManager::V1::CommitServicePerimetersRequest, ::Google::Longrunning::Operation
             # Lists all [GcpUserAccessBindings]
             # [google.identity.accesscontextmanager.v1.GcpUserAccessBinding] for a
@@ -195,7 +194,7 @@ module Google
             # [google.identity.accesscontextmanager.v1.GcpUserAccessBinding]. If the
             # client specifies a [name]
             # [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.name],
-            # the server will ignore it. Fails if a resource already exists with the same
+            # the server ignores it. Fails if a resource already exists with the same
             # [group_key]
             # [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.group_key].
             # Completion of this long-running operation does not necessarily signify that
@@ -214,6 +213,23 @@ module Google
             # the binding deletion is deployed onto all affected users, which may take
             # more time.
             rpc :DeleteGcpUserAccessBinding, ::Google::Identity::AccessContextManager::V1::DeleteGcpUserAccessBindingRequest, ::Google::Longrunning::Operation
+            # Sets the IAM policy for the specified Access Context Manager
+            # [access policy][google.identity.accesscontextmanager.v1.AccessPolicy].
+            # This method replaces the existing IAM policy on the access policy. The IAM
+            # policy controls the set of users who can perform specific operations on the
+            # Access Context Manager [access
+            # policy][google.identity.accesscontextmanager.v1.AccessPolicy].
+            rpc :SetIamPolicy, ::Google::Iam::V1::SetIamPolicyRequest, ::Google::Iam::V1::Policy
+            # Gets the IAM policy for the specified Access Context Manager
+            # [access policy][google.identity.accesscontextmanager.v1.AccessPolicy].
+            rpc :GetIamPolicy, ::Google::Iam::V1::GetIamPolicyRequest, ::Google::Iam::V1::Policy
+            # Returns the IAM permissions that the caller has on the specified Access
+            # Context Manager resource. The resource can be an
+            # [AccessPolicy][google.identity.accesscontextmanager.v1.AccessPolicy],
+            # [AccessLevel][google.identity.accesscontextmanager.v1.AccessLevel], or
+            # [ServicePerimeter][google.identity.accesscontextmanager.v1.ServicePerimeter
+            # ]. This method does not support other resources.
+            rpc :TestIamPermissions, ::Google::Iam::V1::TestIamPermissionsRequest, ::Google::Iam::V1::TestIamPermissionsResponse
           end
 
           Stub = Service.rpc_stub_class

data/lib/google/identity/accesscontextmanager/v1/access_policy_pb.rb

@@ -12,6 +12,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :name, :string, 1
       optional :parent, :string, 2
       optional :title, :string, 3
+      repeated :scopes, :string, 7
       optional :create_time, :message, 4, "google.protobuf.Timestamp"
       optional :update_time, :message, 5, "google.protobuf.Timestamp"
       optional :etag, :string, 6

data/lib/google/identity/accesscontextmanager/v1/service_perimeter_pb.rb

@@ -51,10 +51,6 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
         optional :resource, :string, 2
       end
     end
-    add_message "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo" do
-      repeated :resources, :string, 1
-      repeated :operations, :message, 2, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation"
-    end
     add_message "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom" do
       repeated :sources, :message, 1, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource"
       repeated :identities, :string, 2
@@ -68,14 +64,19 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :ingress_from, :message, 1, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom"
       optional :ingress_to, :message, 2, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo"
     end
-    add_message "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy" do
-      optional :egress_from, :message, 1, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom"
-      optional :egress_to, :message, 2, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo"
-    end
     add_message "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom" do
       repeated :identities, :string, 1
       optional :identity_type, :enum, 2, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType"
     end
+    add_message "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo" do
+      repeated :resources, :string, 1
+      repeated :operations, :message, 2, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation"
+      repeated :external_resources, :string, 3
+    end
+    add_message "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy" do
+      optional :egress_from, :message, 1, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom"
+      optional :egress_to, :message, 2, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo"
+    end
     add_enum "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType" do
       value :IDENTITY_TYPE_UNSPECIFIED, 0
       value :ANY_IDENTITY, 1
@@ -96,12 +97,12 @@ module Google
         ServicePerimeterConfig::MethodSelector = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector").msgclass
         ServicePerimeterConfig::ApiOperation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation").msgclass
         ServicePerimeterConfig::IngressSource = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource").msgclass
-        ServicePerimeterConfig::EgressTo = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo").msgclass
         ServicePerimeterConfig::IngressFrom = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom").msgclass
         ServicePerimeterConfig::IngressTo = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo").msgclass
         ServicePerimeterConfig::IngressPolicy = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy").msgclass
-        ServicePerimeterConfig::EgressPolicy = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy").msgclass
         ServicePerimeterConfig::EgressFrom = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom").msgclass
+        ServicePerimeterConfig::EgressTo = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo").msgclass
+        ServicePerimeterConfig::EgressPolicy = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy").msgclass
         ServicePerimeterConfig::IdentityType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType").enummodule
       end
     end