google-api-python-client 2.176.0__py3-none-any.whl → 2.178.0__py3-none-any.whl

googleapiclient/discovery_cache/documents/networkmanagement.v1beta1.json

@@ -1181,7 +1181,7 @@
 }
 }
 },
-"revision": "20250625",
+"revision": "20250709",
 "rootUrl": "https://networkmanagement.googleapis.com/",
 "schemas": {
 "AbortInfo": {
@@ -1228,7 +1228,8 @@
 "NON_ROUTABLE_IP_ADDRESS",
 "UNKNOWN_ISSUE_IN_GOOGLE_MANAGED_PROJECT",
 "UNSUPPORTED_GOOGLE_MANAGED_PROJECT_CONFIG",
-"NO_SERVERLESS_IP_RANGES"
+"NO_SERVERLESS_IP_RANGES",
+"IP_VERSION_PROTOCOL_MISMATCH"
 ],
 "enumDeprecated": [
 false,
@@ -1268,6 +1269,7 @@ false,
 false,
 false,
 false,
+false,
 false
 ],
 "enumDescriptions": [
@@ -1308,7 +1310,8 @@ false
 "Aborted because one of the endpoints is a non-routable IP address (loopback, link-local, etc).",
 "Aborted due to an unknown issue in the Google-managed project.",
 "Aborted due to an unsupported configuration of the Google-managed project.",
-"Aborted because the source endpoint is a Cloud Run revision with direct VPC access enabled, but there are no reserved serverless IP ranges."
+"Aborted because the source endpoint is a Cloud Run revision with direct VPC access enabled, but there are no reserved serverless IP ranges.",
+"Aborted because the used protocol is not supported for the used IP version."
 ],
 "type": "string"
 },
@@ -1839,7 +1842,8 @@ false
 "TRAFFIC_FROM_HYBRID_ENDPOINT_TO_INTERNET_DISALLOWED",
 "NO_MATCHING_NAT64_GATEWAY",
 "LOAD_BALANCER_BACKEND_IP_VERSION_MISMATCH",
-"NO_KNOWN_ROUTE_FROM_NCC_NETWORK_TO_DESTINATION"
+"NO_KNOWN_ROUTE_FROM_NCC_NETWORK_TO_DESTINATION",
+"CLOUD_NAT_PROTOCOL_UNSUPPORTED"
 ],
 "enumDescriptions": [
 "Cause is unspecified.",
@@ -1934,7 +1938,8 @@ false
 "Packet could be dropped because hybrid endpoint like a VPN gateway or Interconnect is not allowed to send traffic to the Internet.",
 "Packet with destination IP address within the reserved NAT64 range is dropped due to no matching NAT gateway in the subnet.",
 "Packet is dropped due to being sent to a backend of a passthrough load balancer that doesn't use the same IP version as the frontend.",
-"Packet from the unknown NCC network is dropped due to no known route from the source network to the destination IP address."
+"Packet from the unknown NCC network is dropped due to no known route from the source network to the destination IP address.",
+"Packet is dropped by Cloud NAT due to using an unsupported protocol."
 ],
 "type": "string"
 },

googleapiclient/discovery_cache/documents/networksecurity.v1.json

@@ -2338,7 +2338,7 @@
 ],
 "parameters": {
 "name": {
-"description": "Required. Name of the ClientTlsPolicy resource. It matches the pattern `projects/*/locations/{location}/clientTlsPolicies/{client_tls_policy}`",
+"description": "Required. Name of the ClientTlsPolicy resource. It matches the pattern `projects/{project}/locations/{location}/clientTlsPolicies/{client_tls_policy}`",
 "location": "path",
 "pattern": "^projects/[^/]+/locations/[^/]+/clientTlsPolicies/[^/]+$",
 "required": true,
@@ -5070,7 +5070,7 @@
 }
 }
 },
-"revision": "20250604",
+"revision": "20250714",
 "rootUrl": "https://networksecurity.googleapis.com/",
 "schemas": {
 "AddAddressGroupItemsRequest": {
@@ -5387,12 +5387,19 @@
 "id": "AuthzPolicyAuthzRuleFromRequestSource",
 "properties": {
 "ipBlocks": {
-"description": "Optional. A list of IPs or CIDRs to match against the source IP of a request. Limited to 5 ip_blocks.",
+"description": "Optional. A list of IP addresses or IP address ranges to match against the source IP address of the request. Limited to 5 ip_blocks.",
 "items": {
 "$ref": "AuthzPolicyAuthzRuleIpBlock"
 },
 "type": "array"
 },
+"principals": {
+"description": "Optional. A list of identities derived from the client's certificate. This field will not match on a request unless frontend mutual TLS is enabled for the forwarding rule or Gateway and the client certificate has been successfully validated by mTLS. Each identity is a string whose value is matched against a list of URI SANs, DNS Name SANs, or the common name in the client's certificate. A match happens when any principal matches with the rule. Limited to 5 principals.",
+"items": {
+"$ref": "AuthzPolicyAuthzRulePrincipal"
+},
+"type": "array"
+},
 "resources": {
 "description": "Optional. A list of resources to match against the resource of the source VM of a request. Limited to 5 resources.",
 "items": {
@@ -5434,6 +5441,33 @@
 },
 "type": "object"
 },
+"AuthzPolicyAuthzRulePrincipal": {
+"description": "Describes the properties of a principal to be matched against.",
+"id": "AuthzPolicyAuthzRulePrincipal",
+"properties": {
+"principal": {
+"$ref": "AuthzPolicyAuthzRuleStringMatch",
+"description": "Required. A non-empty string whose value is matched against the principal value based on the principal_selector. Only exact match can be applied for CLIENT_CERT_URI_SAN, CLIENT_CERT_DNS_NAME_SAN, CLIENT_CERT_COMMON_NAME selectors."
+},
+"principalSelector": {
+"description": "Optional. An enum to decide what principal value the principal rule will match against. If not specified, the PrincipalSelector is CLIENT_CERT_URI_SAN.",
+"enum": [
+"PRINCIPAL_SELECTOR_UNSPECIFIED",
+"CLIENT_CERT_URI_SAN",
+"CLIENT_CERT_DNS_NAME_SAN",
+"CLIENT_CERT_COMMON_NAME"
+],
+"enumDescriptions": [
+"Unspecified principal selector. It will be treated as CLIENT_CERT_URI_SAN by default.",
+"The principal rule is matched against a list of URI SANs in the validated client\u2019s certificate. A match happens when there is any exact URI SAN value match. This is the default principal selector.",
+"The principal rule is matched against a list of DNS Name SANs in the validated client\u2019s certificate. A match happens when there is any exact DNS Name SAN value match.",
+"The principal rule is matched against the common name in the client\u2019s certificate. Authorization against multiple common names in the client certificate is not supported. Requests with multiple common names in the client certificate will be rejected if CLIENT_CERT_COMMON_NAME is set as the principal selector. A match happens when there is an exact common name value match. This is only applicable for Application Load Balancers except for classic Global External Application load balancer. CLIENT_CERT_COMMON_NAME is not supported for INTERNAL_SELF_MANAGED load balancing scheme."
+],
+"type": "string"
+}
+},
+"type": "object"
+},
 "AuthzPolicyAuthzRuleRequestResource": {
 "description": "Describes the properties of a client VM resource accessing the internal application load balancers.",
 "id": "AuthzPolicyAuthzRuleRequestResource",
@@ -5624,7 +5658,7 @@
 "type": "object"
 },
 "BackendAuthenticationConfig": {
-"description": "BackendAuthenticationConfig message groups the TrustConfig together with other settings that control how the load balancer authenticates, and expresses its identity to, the backend: * `trustConfig` is the attached TrustConfig. * `wellKnownRoots` indicates whether the load balance should trust backend server certificates that are issued by public certificate authorities, in addition to certificates trusted by the TrustConfig. * `clientCertificate` is a client certificate that the load balancer uses to express its identity to the backend, if the connection to the backend uses mTLS. You can attach the BackendAuthenticationConfig to the load balancer\u2019s BackendService directly determining how that BackendService negotiates TLS.",
+"description": "BackendAuthenticationConfig message groups the TrustConfig together with other settings that control how the load balancer authenticates, and expresses its identity to, the backend: * `trustConfig` is the attached TrustConfig. * `wellKnownRoots` indicates whether the load balance should trust backend server certificates that are issued by public certificate authorities, in addition to certificates trusted by the TrustConfig. * `clientCertificate` is a client certificate that the load balancer uses to express its identity to the backend, if the connection to the backend uses mTLS. You can attach the BackendAuthenticationConfig to the load balancer's BackendService directly determining how that BackendService negotiates TLS.",
 "id": "BackendAuthenticationConfig",
 "properties": {
 "clientCertificate": {
@@ -5727,7 +5761,7 @@
 "type": "object"
 },
 "name": {
-"description": "Required. Name of the ClientTlsPolicy resource. It matches the pattern `projects/*/locations/{location}/clientTlsPolicies/{client_tls_policy}`",
+"description": "Required. Name of the ClientTlsPolicy resource. It matches the pattern `projects/{project}/locations/{location}/clientTlsPolicies/{client_tls_policy}`",
 "type": "string"
 },
 "serverValidationCa": {

googleapiclient/discovery_cache/documents/networksecurity.v1beta1.json

@@ -2338,7 +2338,7 @@
 ],
 "parameters": {
 "name": {
-"description": "Required. Name of the ClientTlsPolicy resource. It matches the pattern `projects/*/locations/{location}/clientTlsPolicies/{client_tls_policy}`",
+"description": "Required. Name of the ClientTlsPolicy resource. It matches the pattern `projects/{project}/locations/{location}/clientTlsPolicies/{client_tls_policy}`",
 "location": "path",
 "pattern": "^projects/[^/]+/locations/[^/]+/clientTlsPolicies/[^/]+$",
 "required": true,
@@ -2420,6 +2420,163 @@
 }
 }
 },
+"dnsThreatDetectors": {
+"methods": {
+"create": {
+"description": "Creates a new DnsThreatDetector in a given project and location.",
+"flatPath": "v1beta1/projects/{projectsId}/locations/{locationsId}/dnsThreatDetectors",
+"httpMethod": "POST",
+"id": "networksecurity.projects.locations.dnsThreatDetectors.create",
+"parameterOrder": [
+"parent"
+],
+"parameters": {
+"dnsThreatDetectorId": {
+"description": "Optional. Id of the requesting DnsThreatDetector object. If this field is not supplied, the service will generate an identifier.",
+"location": "query",
+"type": "string"
+},
+"parent": {
+"description": "Required. Value for parent of the DnsThreatDetector resource.",
+"location": "path",
+"pattern": "^projects/[^/]+/locations/[^/]+$",
+"required": true,
+"type": "string"
+}
+},
+"path": "v1beta1/{+parent}/dnsThreatDetectors",
+"request": {
+"$ref": "DnsThreatDetector"
+},
+"response": {
+"$ref": "DnsThreatDetector"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-platform"
+]
+},
+"delete": {
+"description": "Deletes a single DnsThreatDetector.",
+"flatPath": "v1beta1/projects/{projectsId}/locations/{locationsId}/dnsThreatDetectors/{dnsThreatDetectorsId}",
+"httpMethod": "DELETE",
+"id": "networksecurity.projects.locations.dnsThreatDetectors.delete",
+"parameterOrder": [
+"name"
+],
+"parameters": {
+"name": {
+"description": "Required. Name of the DnsThreatDetector resource.",
+"location": "path",
+"pattern": "^projects/[^/]+/locations/[^/]+/dnsThreatDetectors/[^/]+$",
+"required": true,
+"type": "string"
+}
+},
+"path": "v1beta1/{+name}",
+"response": {
+"$ref": "Empty"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-platform"
+]
+},
+"get": {
+"description": "Gets details of a single DnsThreatDetector.",
+"flatPath": "v1beta1/projects/{projectsId}/locations/{locationsId}/dnsThreatDetectors/{dnsThreatDetectorsId}",
+"httpMethod": "GET",
+"id": "networksecurity.projects.locations.dnsThreatDetectors.get",
+"parameterOrder": [
+"name"
+],
+"parameters": {
+"name": {
+"description": "Required. Name of the DnsThreatDetector resource",
+"location": "path",
+"pattern": "^projects/[^/]+/locations/[^/]+/dnsThreatDetectors/[^/]+$",
+"required": true,
+"type": "string"
+}
+},
+"path": "v1beta1/{+name}",
+"response": {
+"$ref": "DnsThreatDetector"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-platform"
+]
+},
+"list": {
+"description": "Lists DnsThreatDetectors in a given project and location.",
+"flatPath": "v1beta1/projects/{projectsId}/locations/{locationsId}/dnsThreatDetectors",
+"httpMethod": "GET",
+"id": "networksecurity.projects.locations.dnsThreatDetectors.list",
+"parameterOrder": [
+"parent"
+],
+"parameters": {
+"pageSize": {
+"description": "Optional. Requested page size. Server may return fewer items than requested. If unspecified, server will pick an appropriate default.",
+"format": "int32",
+"location": "query",
+"type": "integer"
+},
+"pageToken": {
+"description": "Optional. A page token, received from a previous `ListDnsThreatDetectorsRequest` call. Provide this to retrieve the subsequent page.",
+"location": "query",
+"type": "string"
+},
+"parent": {
+"description": "Required. Parent value for ListDnsThreatDetectorsRequest",
+"location": "path",
+"pattern": "^projects/[^/]+/locations/[^/]+$",
+"required": true,
+"type": "string"
+}
+},
+"path": "v1beta1/{+parent}/dnsThreatDetectors",
+"response": {
+"$ref": "ListDnsThreatDetectorsResponse"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-platform"
+]
+},
+"patch": {
+"description": "Updates the parameters of a single DnsThreatDetector.",
+"flatPath": "v1beta1/projects/{projectsId}/locations/{locationsId}/dnsThreatDetectors/{dnsThreatDetectorsId}",
+"httpMethod": "PATCH",
+"id": "networksecurity.projects.locations.dnsThreatDetectors.patch",
+"parameterOrder": [
+"name"
+],
+"parameters": {
+"name": {
+"description": "Immutable. Identifier. Name of the DnsThreatDetector resource.",
+"location": "path",
+"pattern": "^projects/[^/]+/locations/[^/]+/dnsThreatDetectors/[^/]+$",
+"required": true,
+"type": "string"
+},
+"updateMask": {
+"description": "Optional. Field mask is used to specify the fields to be overwritten in the DnsThreatDetector resource by the update. The fields specified in the update_mask are relative to the resource, not the full request. A field will be overwritten if it is in the mask. If the mask is not provided then all fields present in the request will be overwritten.",
+"format": "google-fieldmask",
+"location": "query",
+"type": "string"
+}
+},
+"path": "v1beta1/{+name}",
+"request": {
+"$ref": "DnsThreatDetector"
+},
+"response": {
+"$ref": "DnsThreatDetector"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-platform"
+]
+}
+}
+},
 "firewallEndpointAssociations": {
 "methods": {
 "create": {
@@ -5356,7 +5513,7 @@
 }
 }
 },
-"revision": "20250608",
+"revision": "20250721",
 "rootUrl": "https://networksecurity.googleapis.com/",
 "schemas": {
 "AddAddressGroupItemsRequest": {
@@ -5673,12 +5830,19 @@
 "id": "AuthzPolicyAuthzRuleFromRequestSource",
 "properties": {
 "ipBlocks": {
-"description": "Optional. A list of IPs or CIDRs to match against the source IP of a request. Limited to 5 ip_blocks.",
+"description": "Optional. A list of IP addresses or IP address ranges to match against the source IP address of the request. Limited to 5 ip_blocks.",
 "items": {
 "$ref": "AuthzPolicyAuthzRuleIpBlock"
 },
 "type": "array"
 },
+"principals": {
+"description": "Optional. A list of identities derived from the client's certificate. This field will not match on a request unless frontend mutual TLS is enabled for the forwarding rule or Gateway and the client certificate has been successfully validated by mTLS. Each identity is a string whose value is matched against a list of URI SANs, DNS Name SANs, or the common name in the client's certificate. A match happens when any principal matches with the rule. Limited to 5 principals.",
+"items": {
+"$ref": "AuthzPolicyAuthzRulePrincipal"
+},
+"type": "array"
+},
 "resources": {
 "description": "Optional. A list of resources to match against the resource of the source VM of a request. Limited to 5 resources.",
 "items": {
@@ -5720,6 +5884,33 @@
 },
 "type": "object"
 },
+"AuthzPolicyAuthzRulePrincipal": {
+"description": "Describes the properties of a principal to be matched against.",
+"id": "AuthzPolicyAuthzRulePrincipal",
+"properties": {
+"principal": {
+"$ref": "AuthzPolicyAuthzRuleStringMatch",
+"description": "Required. A non-empty string whose value is matched against the principal value based on the principal_selector. Only exact match can be applied for CLIENT_CERT_URI_SAN, CLIENT_CERT_DNS_NAME_SAN, CLIENT_CERT_COMMON_NAME selectors."
+},
+"principalSelector": {
+"description": "Optional. An enum to decide what principal value the principal rule will match against. If not specified, the PrincipalSelector is CLIENT_CERT_URI_SAN.",
+"enum": [
+"PRINCIPAL_SELECTOR_UNSPECIFIED",
+"CLIENT_CERT_URI_SAN",
+"CLIENT_CERT_DNS_NAME_SAN",
+"CLIENT_CERT_COMMON_NAME"
+],
+"enumDescriptions": [
+"Unspecified principal selector. It will be treated as CLIENT_CERT_URI_SAN by default.",
+"The principal rule is matched against a list of URI SANs in the validated client\u2019s certificate. A match happens when there is any exact URI SAN value match. This is the default principal selector.",
+"The principal rule is matched against a list of DNS Name SANs in the validated client\u2019s certificate. A match happens when there is any exact DNS Name SAN value match.",
+"The principal rule is matched against the common name in the client\u2019s certificate. Authorization against multiple common names in the client certificate is not supported. Requests with multiple common names in the client certificate will be rejected if CLIENT_CERT_COMMON_NAME is set as the principal selector. A match happens when there is an exact common name value match. This is only applicable for Application Load Balancers except for classic Global External Application load balancer. CLIENT_CERT_COMMON_NAME is not supported for INTERNAL_SELF_MANAGED load balancing scheme."
+],
+"type": "string"
+}
+},
+"type": "object"
+},
 "AuthzPolicyAuthzRuleRequestResource": {
 "description": "Describes the properties of a client VM resource accessing the internal application load balancers.",
 "id": "AuthzPolicyAuthzRuleRequestResource",
@@ -5910,7 +6101,7 @@
 "type": "object"
 },
 "BackendAuthenticationConfig": {
-"description": "BackendAuthenticationConfig message groups the TrustConfig together with other settings that control how the load balancer authenticates, and expresses its identity to, the backend: * `trustConfig` is the attached TrustConfig. * `wellKnownRoots` indicates whether the load balance should trust backend server certificates that are issued by public certificate authorities, in addition to certificates trusted by the TrustConfig. * `clientCertificate` is a client certificate that the load balancer uses to express its identity to the backend, if the connection to the backend uses mTLS. You can attach the BackendAuthenticationConfig to the load balancer\u2019s BackendService directly determining how that BackendService negotiates TLS.",
+"description": "BackendAuthenticationConfig message groups the TrustConfig together with other settings that control how the load balancer authenticates, and expresses its identity to, the backend: * `trustConfig` is the attached TrustConfig. * `wellKnownRoots` indicates whether the load balance should trust backend server certificates that are issued by public certificate authorities, in addition to certificates trusted by the TrustConfig. * `clientCertificate` is a client certificate that the load balancer uses to express its identity to the backend, if the connection to the backend uses mTLS. You can attach the BackendAuthenticationConfig to the load balancer's BackendService directly determining how that BackendService negotiates TLS.",
 "id": "BackendAuthenticationConfig",
 "properties": {
 "clientCertificate": {
@@ -6013,7 +6204,7 @@
 "type": "object"
 },
 "name": {
-"description": "Required. Name of the ClientTlsPolicy resource. It matches the pattern `projects/*/locations/{location}/clientTlsPolicies/{client_tls_policy}`",
+"description": "Required. Name of the ClientTlsPolicy resource. It matches the pattern `projects/{project}/locations/{location}/clientTlsPolicies/{client_tls_policy}`",
 "type": "string"
 },
 "serverValidationCa": {
@@ -6106,6 +6297,55 @@
 },
 "type": "object"
 },
+"DnsThreatDetector": {
+"description": "Message describing DnsThreatDetector object",
+"id": "DnsThreatDetector",
+"properties": {
+"createTime": {
+"description": "Output only. [Output only] Create time stamp",
+"format": "google-datetime",
+"readOnly": true,
+"type": "string"
+},
+"excludedNetworks": {
+"description": "Optional. A list of Network resource names which are exempt from the configuration in this DnsThreatDetector. Example: `projects/PROJECT_ID/global/networks/NETWORK_NAME`.",
+"items": {
+"type": "string"
+},
+"type": "array"
+},
+"labels": {
+"additionalProperties": {
+"type": "string"
+},
+"description": "Optional. Labels as key value pairs",
+"type": "object"
+},
+"name": {
+"description": "Immutable. Identifier. Name of the DnsThreatDetector resource.",
+"type": "string"
+},
+"provider": {
+"description": "Required. The provider used for DNS threat analysis.",
+"enum": [
+"PROVIDER_UNSPECIFIED",
+"INFOBLOX"
+],
+"enumDescriptions": [
+"An unspecified provider.",
+"The Infoblox DNS threat detecter."
+],
+"type": "string"
+},
+"updateTime": {
+"description": "Output only. [Output only] Update time stamp",
+"format": "google-datetime",
+"readOnly": true,
+"type": "string"
+}
+},
+"type": "object"
+},
 "Empty": {
 "description": "A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); }",
 "id": "Empty",
@@ -7215,6 +7455,31 @@
 },
 "type": "object"
 },
+"ListDnsThreatDetectorsResponse": {
+"description": "Message for response to listing DnsThreatDetectors",
+"id": "ListDnsThreatDetectorsResponse",
+"properties": {
+"dnsThreatDetectors": {
+"description": "The list of DnsThreatDetector resources.",
+"items": {
+"$ref": "DnsThreatDetector"
+},
+"type": "array"
+},
+"nextPageToken": {
+"description": "A token, which can be sent as `page_token` to retrieve the next page.",
+"type": "string"
+},
+"unreachable": {
+"description": "Unordered list. Unreachable `DnsThreatDetector` resources.",
+"items": {
+"type": "string"
+},
+"type": "array"
+}
+},
+"type": "object"
+},
 "ListFirewallEndpointAssociationsResponse": {
 "description": "Message for response to listing Associations",
 "id": "ListFirewallEndpointAssociationsResponse",

googleapiclient/discovery_cache/documents/networkservices.v1.json

@@ -3004,7 +3004,7 @@
 }
 }
 },
-"revision": "20250616",
+"revision": "20250723",
 "rootUrl": "https://networkservices.googleapis.com/",
 "schemas": {
 "AuditConfig": {
@@ -3136,11 +3136,13 @@
 "description": "Optional. The format of communication supported by the callout extension. If not specified, the default value `EXT_PROC_GRPC` is used.",
 "enum": [
 "WIRE_FORMAT_UNSPECIFIED",
-"EXT_PROC_GRPC"
+"EXT_PROC_GRPC",
+"EXT_AUTHZ_GRPC"
 ],
 "enumDescriptions": [
 "Not specified.",
-"The extension service uses ext_proc gRPC API over a gRPC stream. This is the default value if the wire format is not specified. The backend service for the extension must use HTTP2 or H2C as the protocol. All `supported_events` for a client request are sent as part of the same gRPC stream."
+"The extension service uses ext_proc gRPC API over a gRPC stream. This is the default value if the wire format is not specified. The backend service for the extension must use HTTP2 or H2C as the protocol. All `supported_events` for a client request are sent as part of the same gRPC stream.",
+"The extension service uses Envoy's `ext_authz` gRPC API. The backend service for the extension must use HTTP2, or H2C as the protocol. `EXT_AUTHZ_GRPC` is only supported for `AuthzExtension` resources."
 ],
 "type": "string"
 }
@@ -3503,7 +3505,7 @@
 "type": "string"
 },
 "ports": {
-"description": "Required. One or more port numbers (1-65535), on which the Gateway will receive traffic. The proxy binds to the specified ports. Gateways of type 'SECURE_WEB_GATEWAY' are limited to 1 port. Gateways of type 'OPEN_MESH' listen on 0.0.0.0 for IPv4 and :: for IPv6 and support multiple ports.",
+"description": "Required. One or more port numbers (1-65535), on which the Gateway will receive traffic. The proxy binds to the specified ports. Gateways of type 'SECURE_WEB_GATEWAY' are limited to 5 ports. Gateways of type 'OPEN_MESH' listen on 0.0.0.0 for IPv4 and :: for IPv6 and support multiple ports.",
 "items": {
 "format": "int32",
 "type": "integer"
@@ -5890,7 +5892,7 @@
 "type": "boolean"
 },
 "minLogLevel": {
-"description": "Non-empty default. Specificies the lowest level of the plugin logs that are exported to Cloud Logging. This setting relates to the logs generated by using logging statements in your Wasm code. This field is can be set only if logging is enabled for the plugin. If the field is not provided when logging is enabled, it is set to `INFO` by default.",
+"description": "Non-empty default. Specifies the lowest level of the plugin logs that are exported to Cloud Logging. This setting relates to the logs generated by using logging statements in your Wasm code. This field is can be set only if logging is enabled for the plugin. If the field is not provided when logging is enabled, it is set to `INFO` by default.",
 "enum": [
 "LOG_LEVEL_UNSPECIFIED",
 "TRACE",
@@ -5946,12 +5948,12 @@
 "type": "string"
 },
 "imageDigest": {
-"description": "Output only. The resolved digest for the image specified in the `image` field. The digest is resolved during the creation of `WasmPluginVersion` resource. This field holds the digest value, regardless of whether a tag or digest was originally specified in the `image` field.",
+"description": "Output only. This field holds the digest (usually checksum) value for the plugin image. The value is calculated based on the `image_uri` field. If the `image_uri` field refers to a container image, the digest value is obtained from the container image. If the `image_uri` field refers to a generic artifact, the digest value is calculated based on the contents of the file.",
 "readOnly": true,
 "type": "string"
 },
 "imageUri": {
-"description": "Optional. URI of the container image containing the plugin, stored in the Artifact Registry. When a new `WasmPluginVersion` resource is created, the digest of the container image is saved in the `image_digest` field. When downloading an image, the digest value is used instead of an image tag.",
+"description": "Optional. URI of the image containing the Wasm module, stored in Artifact Registry. The URI can refer to one of the following repository formats: * Container images: the `image_uri` must point to a container that contains a single file with the name `plugin.wasm`. When a new `WasmPluginVersion` resource is created, the digest of the image is saved in the `image_digest` field. When pulling a container image from Artifact Registry, the digest value is used instead of an image tag. * Generic artifacts: the `image_uri` must be in this format: `projects/{project}/locations/{location}/repositories/{repository}/ genericArtifacts/{package}:{version}`. The specified package and version must contain a file with the name `plugin.wasm`. When a new `WasmPluginVersion` resource is created, the checksum of the contents of the file is saved in the `image_digest` field.",
 "type": "string"
 },
 "labels": {
@@ -5971,12 +5973,12 @@
 "type": "string"
 },
 "pluginConfigDigest": {
-"description": "Output only. This field holds the digest (usually checksum) value for the plugin configuration. The value is calculated based on the contents of `plugin_config_data` or the container image defined by the `plugin_config_uri` field.",
+"description": "Output only. This field holds the digest (usually checksum) value for the plugin configuration. The value is calculated based on the contents of `plugin_config_data` field or the image defined by the `plugin_config_uri` field.",
 "readOnly": true,
 "type": "string"
 },
 "pluginConfigUri": {
-"description": "URI of the plugin configuration stored in the Artifact Registry. The configuration is provided to the plugin at runtime through the `ON_CONFIGURE` callback. The container image must contain only a single file with the name `plugin.config`. When a new `WasmPluginVersion` resource is created, the digest of the container image is saved in the `plugin_config_digest` field.",
+"description": "URI of the plugin configuration stored in the Artifact Registry. The configuration is provided to the plugin at runtime through the `ON_CONFIGURE` callback. The URI can refer to one of the following repository formats: * Container images: the `plugin_config_uri` must point to a container that contains a single file with the name `plugin.config`. When a new `WasmPluginVersion` resource is created, the digest of the image is saved in the `plugin_config_digest` field. When pulling a container image from Artifact Registry, the digest value is used instead of an image tag. * Generic artifacts: the `plugin_config_uri` must be in this format: `projects/{project}/locations/{location}/repositories/{repository}/ genericArtifacts/{package}:{version}`. The specified package and version must contain a file with the name `plugin.config`. When a new `WasmPluginVersion` resource is created, the checksum of the contents of the file is saved in the `plugin_config_digest` field.",
 "type": "string"
 },
 "updateTime": {
@@ -6003,12 +6005,12 @@
 "type": "string"
 },
 "imageDigest": {
-"description": "Output only. The resolved digest for the image specified in `image`. The digest is resolved during the creation of a `WasmPluginVersion` resource. This field holds the digest value regardless of whether a tag or digest was originally specified in the `image` field.",
+"description": "Output only. This field holds the digest (usually checksum) value for the plugin image. The value is calculated based on the `image_uri` field. If the `image_uri` field refers to a container image, the digest value is obtained from the container image. If the `image_uri` field refers to a generic artifact, the digest value is calculated based on the contents of the file.",
 "readOnly": true,
 "type": "string"
 },
 "imageUri": {
-"description": "Optional. URI of the container image containing the Wasm module, stored in the Artifact Registry. The container image must contain only a single file with the name `plugin.wasm`. When a new `WasmPluginVersion` resource is created, the URI gets resolved to an image digest and saved in the `image_digest` field.",
+"description": "Optional. URI of the image containing the Wasm module, stored in Artifact Registry. The URI can refer to one of the following repository formats: * Container images: the `image_uri` must point to a container that contains a single file with the name `plugin.wasm`. When a new `WasmPluginVersion` resource is created, the digest of the image is saved in the `image_digest` field. When pulling a container image from Artifact Registry, the digest value is used instead of an image tag. * Generic artifacts: the `image_uri` must be in this format: `projects/{project}/locations/{location}/repositories/{repository}/ genericArtifacts/{package}:{version}`. The specified package and version must contain a file with the name `plugin.wasm`. When a new `WasmPluginVersion` resource is created, the checksum of the contents of the file is saved in the `image_digest` field.",
 "type": "string"
 },
 "labels": {
@@ -6024,12 +6026,12 @@
 "type": "string"
 },
 "pluginConfigDigest": {
-"description": "Output only. This field holds the digest (usually checksum) value for the plugin configuration. The value is calculated based on the contents of the `plugin_config_data` field or the container image defined by the `plugin_config_uri` field.",
+"description": "Output only. This field holds the digest (usually checksum) value for the plugin configuration. The value is calculated based on the contents of `plugin_config_data` field or the image defined by the `plugin_config_uri` field.",
 "readOnly": true,
 "type": "string"
 },
 "pluginConfigUri": {
-"description": "URI of the plugin configuration stored in the Artifact Registry. The configuration is provided to the plugin at runtime through the `ON_CONFIGURE` callback. The container image must contain only a single file with the name `plugin.config`. When a new `WasmPluginVersion` resource is created, the digest of the container image is saved in the `plugin_config_digest` field.",
+"description": "URI of the plugin configuration stored in the Artifact Registry. The configuration is provided to the plugin at runtime through the `ON_CONFIGURE` callback. The URI can refer to one of the following repository formats: * Container images: the `plugin_config_uri` must point to a container that contains a single file with the name `plugin.config`. When a new `WasmPluginVersion` resource is created, the digest of the image is saved in the `plugin_config_digest` field. When pulling a container image from Artifact Registry, the digest value is used instead of an image tag. * Generic artifacts: the `plugin_config_uri` must be in this format: `projects/{project}/locations/{location}/repositories/{repository}/ genericArtifacts/{package}:{version}`. The specified package and version must contain a file with the name `plugin.config`. When a new `WasmPluginVersion` resource is created, the checksum of the contents of the file is saved in the `plugin_config_digest` field.",
 "type": "string"
 },
 "updateTime": {