google-api-python-client 2.146.0__py2.py3-none-any.whl → 2.148.0__py2.py3-none-any.whl

googleapiclient/discovery_cache/documents/networkconnectivity.v1.json

@@ -2812,7 +2812,7 @@
 }
 }
 },
-"revision": "20240911",
+"revision": "20240923",
 "rootUrl": "https://networkconnectivity.googleapis.com/",
 "schemas": {
 "AcceptHubSpokeRequest": {
@@ -3572,7 +3572,7 @@
 "id": "LinkedInterconnectAttachments",
 "properties": {
 "includeImportRanges": {
-"description": "Optional. IP ranges allowed to be included during import from hub.(does not control transit connectivity) The only allowed value for now is \"ALL_IPV4_RANGES\".",
+"description": "Optional. IP ranges allowed to be included during import from hub (does not control transit connectivity). The only allowed value for now is \"ALL_IPV4_RANGES\".",
 "items": {
 "type": "string"
 },
@@ -3597,12 +3597,44 @@
 },
 "type": "object"
 },
+"LinkedProducerVpcNetwork": {
+"description": "Next ID: 7",
+"id": "LinkedProducerVpcNetwork",
+"properties": {
+"excludeExportRanges": {
+"description": "Optional. IP ranges encompassing the subnets to be excluded from peering.",
+"items": {
+"type": "string"
+},
+"type": "array"
+},
+"network": {
+"description": "Immutable. The URI of the Service Consumer VPC that the Producer VPC is peered with.",
+"type": "string"
+},
+"peering": {
+"description": "Immutable. The name of the VPC peering between the Service Consumer VPC and the Producer VPC (defined in the Tenant project) which is added to the NCC hub. This peering must be in ACTIVE state.",
+"type": "string"
+},
+"producerNetwork": {
+"description": "Output only. The URI of the Producer VPC.",
+"readOnly": true,
+"type": "string"
+},
+"serviceConsumerVpcSpoke": {
+"description": "Output only. The Service Consumer Network spoke.",
+"readOnly": true,
+"type": "string"
+}
+},
+"type": "object"
+},
 "LinkedRouterApplianceInstances": {
 "description": "A collection of router appliance instances. If you configure multiple router appliance instances to receive data from the same set of sites outside of Google Cloud, we recommend that you associate those instances with the same spoke.",
 "id": "LinkedRouterApplianceInstances",
 "properties": {
 "includeImportRanges": {
-"description": "Optional. IP ranges allowed to be included during import from hub.(does not control transit connectivity) The only allowed value for now is \"ALL_IPV4_RANGES\".",
+"description": "Optional. IP ranges allowed to be included during import from hub (does not control transit connectivity). The only allowed value for now is \"ALL_IPV4_RANGES\".",
 "items": {
 "type": "string"
 },
@@ -3665,7 +3697,7 @@
 "id": "LinkedVpnTunnels",
 "properties": {
 "includeImportRanges": {
-"description": "Optional. IP ranges allowed to be included during import from hub.(does not control transit connectivity) The only allowed value for now is \"ALL_IPV4_RANGES\".",
+"description": "Optional. IP ranges allowed to be included during import from hub (does not control transit connectivity). The only allowed value for now is \"ALL_IPV4_RANGES\".",
 "items": {
 "type": "string"
 },
@@ -5102,6 +5134,10 @@
 "$ref": "LinkedInterconnectAttachments",
 "description": "VLAN attachments that are associated with the spoke."
 },
+"linkedProducerVpcNetwork": {
+"$ref": "LinkedProducerVpcNetwork",
+"description": "Optional. The linked producer VPC that is associated with the spoke."
+},
 "linkedRouterApplianceInstances": {
 "$ref": "LinkedRouterApplianceInstances",
 "description": "Router appliance instances that are associated with the spoke."
@@ -5133,14 +5169,16 @@
 "VPN_TUNNEL",
 "INTERCONNECT_ATTACHMENT",
 "ROUTER_APPLIANCE",
-"VPC_NETWORK"
+"VPC_NETWORK",
+"PRODUCER_VPC_NETWORK"
 ],
 "enumDescriptions": [
 "Unspecified spoke type.",
 "Spokes associated with VPN tunnels.",
 "Spokes associated with VLAN attachments.",
 "Spokes associated with router appliance instances.",
-"Spokes associated with VPC networks."
+"Spokes associated with VPC networks.",
+"Spokes that are backed by a producer VPC network."
 ],
 "readOnly": true,
 "type": "string"
@@ -5306,14 +5344,16 @@
 "VPN_TUNNEL",
 "INTERCONNECT_ATTACHMENT",
 "ROUTER_APPLIANCE",
-"VPC_NETWORK"
+"VPC_NETWORK",
+"PRODUCER_VPC_NETWORK"
 ],
 "enumDescriptions": [
 "Unspecified spoke type.",
 "Spokes associated with VPN tunnels.",
 "Spokes associated with VLAN attachments.",
 "Spokes associated with router appliance instances.",
-"Spokes associated with VPC networks."
+"Spokes associated with VPC networks.",
+"Spokes that are backed by a producer VPC network."
 ],
 "readOnly": true,
 "type": "string"

googleapiclient/discovery_cache/documents/networkconnectivity.v1alpha1.json

@@ -1116,7 +1116,7 @@
 }
 }
 },
-"revision": "20240807",
+"revision": "20240911",
 "rootUrl": "https://networkconnectivity.googleapis.com/",
 "schemas": {
 "AuditConfig": {
@@ -1383,7 +1383,7 @@
 "type": "string"
 },
 "ipCidrRange": {
-"description": "IP range that this internal range defines.",
+"description": "IP range that this internal range defines. NOTE: IPv6 ranges are limited to usage=EXTERNAL_TO_VPC and peering=FOR_SELF. NOTE: For IPv6 Ranges this field is compulsory, i.e. the address range must be specified explicitly.",
 "type": "string"
 },
 "labels": {
@@ -1439,7 +1439,7 @@
 "type": "string"
 },
 "prefixLength": {
-"description": "An alternative to ip_cidr_range. Can be set when trying to create a reservation that automatically finds a free range of the given size. If both ip_cidr_range and prefix_length are set, there is an error if the range sizes do not match. Can also be used during updates to change the range size.",
+"description": "An alternative to ip_cidr_range. Can be set when trying to create an IPv4 reservation that automatically finds a free range of the given size. If both ip_cidr_range and prefix_length are set, there is an error if the range sizes do not match. Can also be used during updates to change the range size. NOTE: For IPv6 this field only works if ip_cidr_range is set as well, and both fields must match. In other words, with IPv6 this field only works as a redundant parameter.",
 "format": "int32",
 "type": "integer"
 },

googleapiclient/discovery_cache/documents/networkmanagement.v1.json

@@ -591,7 +591,7 @@
 }
 }
 },
-"revision": "20240905",
+"revision": "20240918",
 "rootUrl": "https://networkmanagement.googleapis.com/",
 "schemas": {
 "AbortInfo": {
@@ -1162,9 +1162,14 @@ false
 "REDIS_INSTANCE_CONNECTING_FROM_PUPI_ADDRESS",
 "REDIS_INSTANCE_NO_ROUTE_TO_DESTINATION_NETWORK",
 "REDIS_INSTANCE_NO_EXTERNAL_IP",
+"REDIS_INSTANCE_UNSUPPORTED_PROTOCOL",
 "DROPPED_INSIDE_REDIS_CLUSTER_SERVICE",
 "REDIS_CLUSTER_UNSUPPORTED_PORT",
-"REDIS_CLUSTER_NO_EXTERNAL_IP"
+"REDIS_CLUSTER_NO_EXTERNAL_IP",
+"REDIS_CLUSTER_UNSUPPORTED_PROTOCOL",
+"NO_ADVERTISED_ROUTE_TO_GCP_DESTINATION",
+"NO_TRAFFIC_SELECTOR_TO_GCP_DESTINATION",
+"NO_KNOWN_ROUTE_FROM_PEERED_NETWORK_TO_DESTINATION"
 ],
 "enumDescriptions": [
 "Cause is unspecified.",
@@ -1242,9 +1247,14 @@ false
 "Packet is dropped due to connecting from PUPI address to a PSA based Redis Instance.",
 "Packet is dropped due to no route to the destination network.",
 "Redis Instance does not have an external IP address.",
+"Packet is dropped due to an unsupported protocol being used to connect to a Redis Instance. Only TCP connections are accepted by a Redis Instance.",
 "Generic drop cause for a packet being dropped inside a Redis Cluster service project.",
 "Packet is dropped due to an unsupported port being used to connect to a Redis Cluster. Ports 6379 and 11000 to 13047 should be used to connect to a Redis Cluster.",
-"Redis Cluster does not have an external IP address."
+"Redis Cluster does not have an external IP address.",
+"Packet is dropped due to an unsupported protocol being used to connect to a Redis Cluster. Only TCP connections are accepted by a Redis Cluster.",
+"Packet from the non-GCP (on-prem) or unknown GCP network is dropped due to the destination IP address not belonging to any IP prefix advertised via BGP by the Cloud Router.",
+"Packet from the non-GCP (on-prem) or unknown GCP network is dropped due to the destination IP address not belonging to any IP prefix included to the local traffic selector of the VPN tunnel.",
+"Packet from the unknown peered network is dropped due to no known route from the source network to the destination IP address."
 ],
 "type": "string"
 },
@@ -1401,6 +1411,14 @@ false
 "projectId": {
 "description": "Project ID where the endpoint is located. The Project ID can be derived from the URI if you provide a VM instance or network URI. The following are two cases where you must provide the project ID: 1. Only the IP address is specified, and the IP address is within a Google Cloud project. 2. When you are using Shared VPC and the IP address that you provide is from the service project. In this case, the network that the IP address resides in is defined in the host project.",
 "type": "string"
+},
+"redisCluster": {
+"description": "A [Redis Cluster](https://cloud.google.com/memorystore/docs/cluster) URI.",
+"type": "string"
+},
+"redisInstance": {
+"description": "A [Redis Instance](https://cloud.google.com/memorystore/docs/redis) URI.",
+"type": "string"
 }
 },
 "type": "object"
@@ -2126,7 +2144,7 @@ false
 "type": "object"
 },
 "NetworkInfo": {
-"description": "For display only. Metadata associated with a Compute Engine network.",
+"description": "For display only. Metadata associated with a Compute Engine network. Next ID: 7",
 "id": "NetworkInfo",
 "properties": {
 "displayName": {
@@ -2134,7 +2152,15 @@ false
 "type": "string"
 },
 "matchedIpRange": {
-"description": "The IP range that matches the test.",
+"description": "The IP range of the subnet matching the source IP address of the test.",
+"type": "string"
+},
+"matchedSubnetUri": {
+"description": "URI of the subnet matching the source IP address of the test.",
+"type": "string"
+},
+"region": {
+"description": "The region of the subnet matching the source IP address of the test.",
 "type": "string"
 },
 "uri": {
@@ -2485,6 +2511,14 @@ false
 "description": "For display only. Metadata associated with a Compute Engine route.",
 "id": "RouteInfo",
 "properties": {
+"advertisedRouteNextHopUri": {
+"description": "For advertised routes, the URI of their next hop, i.e. the URI of the hybrid endpoint (VPN tunnel, Interconnect attachment, NCC router appliance) the advertised prefix is advertised through, or URI of the source peered network.",
+"type": "string"
+},
+"advertisedRouteSourceRouterUri": {
+"description": "For advertised dynamic routes, the URI of the Cloud Router that advertised the corresponding IP prefix.",
+"type": "string"
+},
 "destIpRange": {
 "description": "Destination IP range of the route.",
 "type": "string"
@@ -2569,6 +2603,10 @@ false
 },
 "type": "array"
 },
+"region": {
+"description": "Region of the route (if applicable).",
+"type": "string"
+},
 "routeScope": {
 "description": "Indicates where route is applicable.",
 "enum": [
@@ -2593,7 +2631,8 @@ false
 "PEERING_SUBNET",
 "PEERING_STATIC",
 "PEERING_DYNAMIC",
-"POLICY_BASED"
+"POLICY_BASED",
+"ADVERTISED"
 ],
 "enumDescriptions": [
 "Unspecified type. Default value.",
@@ -2603,7 +2642,8 @@ false
 "A subnet route received from peering network.",
 "A static route received from peering network.",
 "A dynamic route received from peering network.",
-"Policy based route."
+"Policy based route.",
+"Advertised route. Synthetic route which is used to transition from the StartFromPrivateNetwork state in Connectivity tests."
 ],
 "type": "string"
 },
@@ -2619,7 +2659,7 @@ false
 "type": "array"
 },
 "uri": {
-"description": "URI of a route. Dynamic, peering static and peering dynamic routes do not have an URI. Advertised route from Google Cloud VPC to on-premises network also does not have an URI.",
+"description": "URI of a route (if applicable).",
 "type": "string"
 }
 },

googleapiclient/discovery_cache/documents/networkmanagement.v1beta1.json

@@ -758,7 +758,7 @@
 }
 }
 },
-"revision": "20240905",
+"revision": "20240918",
 "rootUrl": "https://networkmanagement.googleapis.com/",
 "schemas": {
 "AbortInfo": {
@@ -1334,9 +1334,14 @@ false
 "REDIS_INSTANCE_CONNECTING_FROM_PUPI_ADDRESS",
 "REDIS_INSTANCE_NO_ROUTE_TO_DESTINATION_NETWORK",
 "REDIS_INSTANCE_NO_EXTERNAL_IP",
+"REDIS_INSTANCE_UNSUPPORTED_PROTOCOL",
 "DROPPED_INSIDE_REDIS_CLUSTER_SERVICE",
 "REDIS_CLUSTER_UNSUPPORTED_PORT",
-"REDIS_CLUSTER_NO_EXTERNAL_IP"
+"REDIS_CLUSTER_NO_EXTERNAL_IP",
+"REDIS_CLUSTER_UNSUPPORTED_PROTOCOL",
+"NO_ADVERTISED_ROUTE_TO_GCP_DESTINATION",
+"NO_TRAFFIC_SELECTOR_TO_GCP_DESTINATION",
+"NO_KNOWN_ROUTE_FROM_PEERED_NETWORK_TO_DESTINATION"
 ],
 "enumDescriptions": [
 "Cause is unspecified.",
@@ -1414,9 +1419,14 @@ false
 "Packet is dropped due to connecting from PUPI address to a PSA based Redis Instance.",
 "Packet is dropped due to no route to the destination network.",
 "Redis Instance does not have an external IP address.",
+"Packet is dropped due to an unsupported protocol being used to connect to a Redis Instance. Only TCP connections are accepted by a Redis Instance.",
 "Generic drop cause for a packet being dropped inside a Redis Cluster service project.",
 "Packet is dropped due to an unsupported port being used to connect to a Redis Cluster. Ports 6379 and 11000 to 13047 should be used to connect to a Redis Cluster.",
-"Redis Cluster does not have an external IP address."
+"Redis Cluster does not have an external IP address.",
+"Packet is dropped due to an unsupported protocol being used to connect to a Redis Cluster. Only TCP connections are accepted by a Redis Cluster.",
+"Packet from the non-GCP (on-prem) or unknown GCP network is dropped due to the destination IP address not belonging to any IP prefix advertised via BGP by the Cloud Router.",
+"Packet from the non-GCP (on-prem) or unknown GCP network is dropped due to the destination IP address not belonging to any IP prefix included to the local traffic selector of the VPN tunnel.",
+"Packet from the unknown peered network is dropped due to no known route from the source network to the destination IP address."
 ],
 "type": "string"
 },
@@ -2331,7 +2341,7 @@ false
 "type": "object"
 },
 "NetworkInfo": {
-"description": "For display only. Metadata associated with a Compute Engine network.",
+"description": "For display only. Metadata associated with a Compute Engine network. Next ID: 7",
 "id": "NetworkInfo",
 "properties": {
 "displayName": {
@@ -2339,7 +2349,15 @@ false
 "type": "string"
 },
 "matchedIpRange": {
-"description": "The IP range that matches the test.",
+"description": "The IP range of the subnet matching the source IP address of the test.",
+"type": "string"
+},
+"matchedSubnetUri": {
+"description": "URI of the subnet matching the source IP address of the test.",
+"type": "string"
+},
+"region": {
+"description": "The region of the subnet matching the source IP address of the test.",
 "type": "string"
 },
 "uri": {
@@ -2690,6 +2708,14 @@ false
 "description": "For display only. Metadata associated with a Compute Engine route.",
 "id": "RouteInfo",
 "properties": {
+"advertisedRouteNextHopUri": {
+"description": "For advertised routes, the URI of their next hop, i.e. the URI of the hybrid endpoint (VPN tunnel, Interconnect attachment, NCC router appliance) the advertised prefix is advertised through, or URI of the source peered network.",
+"type": "string"
+},
+"advertisedRouteSourceRouterUri": {
+"description": "For advertised dynamic routes, the URI of the Cloud Router that advertised the corresponding IP prefix.",
+"type": "string"
+},
 "destIpRange": {
 "description": "Destination IP range of the route.",
 "type": "string"
@@ -2774,6 +2800,10 @@ false
 },
 "type": "array"
 },
+"region": {
+"description": "Region of the route (if applicable).",
+"type": "string"
+},
 "routeScope": {
 "description": "Indicates where route is applicable.",
 "enum": [
@@ -2798,7 +2828,8 @@ false
 "PEERING_SUBNET",
 "PEERING_STATIC",
 "PEERING_DYNAMIC",
-"POLICY_BASED"
+"POLICY_BASED",
+"ADVERTISED"
 ],
 "enumDescriptions": [
 "Unspecified type. Default value.",
@@ -2808,7 +2839,8 @@ false
 "A subnet route received from peering network.",
 "A static route received from peering network.",
 "A dynamic route received from peering network.",
-"Policy based route."
+"Policy based route.",
+"Advertised route. Synthetic route which is used to transition from the StartFromPrivateNetwork state in Connectivity tests."
 ],
 "type": "string"
 },
@@ -2824,7 +2856,7 @@ false
 "type": "array"
 },
 "uri": {
-"description": "URI of a route. Dynamic, peering static and peering dynamic routes do not have an URI. Advertised route from Google Cloud VPC to on-premises network also does not have an URI.",
+"description": "URI of a route (if applicable).",
 "type": "string"
 }
 },

googleapiclient/discovery_cache/documents/networksecurity.v1.json

@@ -3253,7 +3253,7 @@
 }
 }
 },
-"revision": "20240828",
+"revision": "20240919",
 "rootUrl": "https://networksecurity.googleapis.com/",
 "schemas": {
 "AddAddressGroupItemsRequest": {
@@ -3492,6 +3492,17 @@
 },
 "type": "object"
 },
+"CustomMirroringProfile": {
+"description": "CustomMirroringProfile defines an action for mirroring traffic to a collector's EndpointGroup",
+"id": "CustomMirroringProfile",
+"properties": {
+"mirroringEndpointGroup": {
+"description": "Required. The MirroringEndpointGroup to which traffic associated with the SP should be mirrored.",
+"type": "string"
+}
+},
+"type": "object"
+},
 "Destination": {
 "description": "Specification of traffic destination attributes.",
 "id": "Destination",
@@ -4527,6 +4538,10 @@
 "readOnly": true,
 "type": "string"
 },
+"customMirroringProfile": {
+"$ref": "CustomMirroringProfile",
+"description": "The custom Packet Mirroring v2 configuration for the SecurityProfile."
+},
 "description": {
 "description": "Optional. An optional description of the profile. Max length 512 characters.",
 "type": "string"
@@ -4555,11 +4570,13 @@
 "description": "Immutable. The single ProfileType that the SecurityProfile resource configures.",
 "enum": [
 "PROFILE_TYPE_UNSPECIFIED",
-"THREAT_PREVENTION"
+"THREAT_PREVENTION",
+"CUSTOM_MIRRORING"
 ],
 "enumDescriptions": [
 "Profile type not specified.",
-"Profile type for threat prevention."
+"Profile type for threat prevention.",
+"Profile type for packet mirroring v2"
 ],
 "type": "string"
 },
@@ -4582,6 +4599,10 @@
 "readOnly": true,
 "type": "string"
 },
+"customMirroringProfile": {
+"description": "Optional. Reference to a SecurityProfile with the CustomMirroring configuration.",
+"type": "string"
+},
 "description": {
 "description": "Optional. An optional description of the profile group. Max length 2048 characters.",
 "type": "string"

googleapiclient/discovery_cache/documents/networksecurity.v1beta1.json

@@ -1923,7 +1923,7 @@
 "type": "string"
 },
 "updateMask": {
-"description": "Required. Used to specify the fields to be overwritten in the `AuthzPolicy` resource by the update. The fields specified in the update_mask are relative to the resource, not the full request. A field is overwritten if it is in the mask. If the user does not specify a mask, then all fields are overwritten.",
+"description": "Required. Used to specify the fields to be overwritten in the `AuthzPolicy` resource by the update. The fields specified in the `update_mask` are relative to the resource, not the full request. A field is overwritten if it is in the mask. If the user does not specify a mask, then all fields are overwritten.",
 "format": "google-fieldmask",
 "location": "query",
 "type": "string"
@@ -4159,7 +4159,7 @@
 }
 }
 },
-"revision": "20240828",
+"revision": "20240919",
 "rootUrl": "https://networksecurity.googleapis.com/",
 "schemas": {
 "AddAddressGroupItemsRequest": {
@@ -4322,7 +4322,7 @@
 "id": "AuthzPolicy",
 "properties": {
 "action": {
-"description": "Required. Can be one of ALLOW, DENY, CUSTOM. When the action is CUSTOM, customProvider must be specified. When the action is ALLOW, only requests matching the policy will be allowed. When the action is DENY, only requests matching the policy will be denied. When a request arrives, the policies are evaluated in the following order: 1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request. 2. If there are any DENY policies that match the request, the request is denied. 3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed. 4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request.",
+"description": "Required. Can be one of `ALLOW`, `DENY`, `CUSTOM`. When the action is `CUSTOM`, `customProvider` must be specified. When the action is `ALLOW`, only requests matching the policy will be allowed. When the action is `DENY`, only requests matching the policy will be denied. When a request arrives, the policies are evaluated in the following order: 1. If there is a `CUSTOM` policy that matches the request, the `CUSTOM` policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request. 2. If there are any `DENY` policies that match the request, the request is denied. 3. If there are no `ALLOW` policies for the resource or if any of the `ALLOW` policies match the request, the request is allowed. 4. Else the request is denied by default if none of the configured AuthzPolicies with `ALLOW` action match the request.",
 "enum": [
 "AUTHZ_ACTION_UNSPECIFIED",
 "ALLOW",
@@ -4345,14 +4345,14 @@
 },
 "customProvider": {
 "$ref": "AuthzPolicyCustomProvider",
-"description": "Optional. Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One of cloudIap or authzExtension must be specified."
+"description": "Optional. Required if the action is `CUSTOM`. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One of `cloudIap` or `authzExtension` must be specified."
 },
 "description": {
 "description": "Optional. A human-readable description of the resource.",
 "type": "string"
 },
 "httpRules": {
-"description": "Optional. A list of authorization HTTP rules to match against the incoming request. A policy match occurs when at least one HTTP rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow or Deny Action.",
+"description": "Optional. A list of authorization HTTP rules to match against the incoming request. A policy match occurs when at least one HTTP rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow or Deny Action. Limited to 5 rules.",
 "items": {
 "$ref": "AuthzPolicyAuthzRule"
 },
@@ -4413,7 +4413,7 @@
 "type": "array"
 },
 "sources": {
-"description": "Optional. Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 10 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match.",
+"description": "Optional. Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match.",
 "items": {
 "$ref": "AuthzPolicyAuthzRuleFromRequestSource"
 },
@@ -4427,14 +4427,14 @@
 "id": "AuthzPolicyAuthzRuleFromRequestSource",
 "properties": {
 "principals": {
-"description": "Optional. A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. Limited to 10 principals.",
+"description": "Optional. A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. Limited to 5 principals.",
 "items": {
 "$ref": "AuthzPolicyAuthzRuleStringMatch"
 },
 "type": "array"
 },
 "resources": {
-"description": "Optional. A list of resources to match against the resource of the source VM of a request. Limited to 10 resources.",
+"description": "Optional. A list of resources to match against the resource of the source VM of a request. Limited to 5 resources.",
 "items": {
 "$ref": "AuthzPolicyAuthzRuleRequestResource"
 },
@@ -4478,7 +4478,7 @@
 "id": "AuthzPolicyAuthzRuleRequestResourceTagValueIdSet",
 "properties": {
 "ids": {
-"description": "Required. A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. Limited to 10 matches.",
+"description": "Required. A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. Limited to 5 matches.",
 "items": {
 "format": "int64",
 "type": "string"
@@ -4527,7 +4527,7 @@
 "type": "array"
 },
 "operations": {
-"description": "Optional. Describes properties of one or more targets of a request. At least one of operations or notOperations must be specified. Limited to 10 operations. A match occurs when ANY operation (in operations or notOperations) matches. Within an operation, the match follows AND semantics across fields and OR semantics within a field, i.e. a match occurs when ANY path matches AND ANY header matches and ANY method matches.",
+"description": "Optional. Describes properties of one or more targets of a request. At least one of operations or notOperations must be specified. Limited to 5 operations. A match occurs when ANY operation (in operations or notOperations) matches. Within an operation, the match follows AND semantics across fields and OR semantics within a field, i.e. a match occurs when ANY path matches AND ANY header matches and ANY method matches.",
 "items": {
 "$ref": "AuthzPolicyAuthzRuleToRequestOperation"
 },
@@ -4545,7 +4545,7 @@
 "description": "Optional. A list of headers to match against in http header."
 },
 "hosts": {
-"description": "Optional. A list of HTTP Hosts to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. Limited to 10 matches.",
+"description": "Optional. A list of HTTP Hosts to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches.",
 "items": {
 "$ref": "AuthzPolicyAuthzRuleStringMatch"
 },
@@ -4559,7 +4559,7 @@
 "type": "array"
 },
 "paths": {
-"description": "Optional. A list of paths to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. Limited to 10 matches. Note that this path match includes the query parameters. For gRPC services, this should be a fully-qualified name of the form /package.service/method.",
+"description": "Optional. A list of paths to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. Note that this path match includes the query parameters. For gRPC services, this should be a fully-qualified name of the form /package.service/method.",
 "items": {
 "$ref": "AuthzPolicyAuthzRuleStringMatch"
 },
@@ -4573,7 +4573,7 @@
 "id": "AuthzPolicyAuthzRuleToRequestOperationHeaderSet",
 "properties": {
 "headers": {
-"description": "Required. A list of headers to match against in http header. The match can be one of exact, prefix, suffix, or contains (substring match). The match follows AND semantics which means all the headers must match. Matches are always case sensitive unless the ignoreCase is set. Limited to 10 matches.",
+"description": "Required. A list of headers to match against in http header. The match can be one of exact, prefix, suffix, or contains (substring match). The match follows AND semantics which means all the headers must match. Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches.",
 "items": {
 "$ref": "AuthzPolicyAuthzRuleHeaderMatch"
 },
@@ -4622,7 +4622,7 @@
 "id": "AuthzPolicyTarget",
 "properties": {
 "loadBalancingScheme": {
-"description": "Required. All gateways and forwarding rules referenced by this policy and extensions must share the same load balancing scheme. Supported values: `INTERNAL_MANAGED` and `EXTERNAL_MANAGED`. For more information, refer to [Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service).",
+"description": "Required. All gateways and forwarding rules referenced by this policy and extensions must share the same load balancing scheme. Supported values: `INTERNAL_MANAGED` and `EXTERNAL_MANAGED`. For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service).",
 "enum": [
 "LOAD_BALANCING_SCHEME_UNSPECIFIED",
 "INTERNAL_MANAGED",
@@ -4728,6 +4728,17 @@
 },
 "type": "object"
 },
+"CustomMirroringProfile": {
+"description": "CustomMirroringProfile defines an action for mirroring traffic to a collector's EndpointGroup",
+"id": "CustomMirroringProfile",
+"properties": {
+"mirroringEndpointGroup": {
+"description": "Required. The MirroringEndpointGroup to which traffic associated with the SP should be mirrored.",
+"type": "string"
+}
+},
+"type": "object"
+},
 "Destination": {
 "description": "Specification of traffic destination attributes.",
 "id": "Destination",
@@ -5880,7 +5891,7 @@
 "type": "object"
 },
 "MirroringEndpointGroup": {
-"description": "Message describing MirroringEndpointGroup object",
+"description": "Message describing MirroringEndpointGroup object. Next ID: 10",
 "id": "MirroringEndpointGroup",
 "properties": {
 "createTime": {
@@ -6170,6 +6181,10 @@
 "readOnly": true,
 "type": "string"
 },
+"customMirroringProfile": {
+"$ref": "CustomMirroringProfile",
+"description": "The custom Packet Mirroring v2 configuration for the SecurityProfile."
+},
 "description": {
 "description": "Optional. An optional description of the profile. Max length 512 characters.",
 "type": "string"
@@ -6198,11 +6213,13 @@
 "description": "Immutable. The single ProfileType that the SecurityProfile resource configures.",
 "enum": [
 "PROFILE_TYPE_UNSPECIFIED",
-"THREAT_PREVENTION"
+"THREAT_PREVENTION",
+"CUSTOM_MIRRORING"
 ],
 "enumDescriptions": [
 "Profile type not specified.",
-"Profile type for threat prevention."
+"Profile type for threat prevention.",
+"Profile type for packet mirroring v2"
 ],
 "type": "string"
 },
@@ -6225,6 +6242,10 @@
 "readOnly": true,
 "type": "string"
 },
+"customMirroringProfile": {
+"description": "Optional. Reference to a SecurityProfile with the CustomMirroring configuration.",
+"type": "string"
+},
 "description": {
 "description": "Optional. An optional description of the profile group. Max length 2048 characters.",
 "type": "string"