google-api-python-client 2.183.0__py3-none-any.whl → 2.184.0__py3-none-any.whl

googleapiclient/discovery_cache/documents/compute.v1.json

@@ -1793,6 +1793,38 @@
 "https://www.googleapis.com/auth/compute.readonly"
 ]
 },
+"getEffectiveSecurityPolicies": {
+"description": "Returns effective security policies applied to this backend service.",
+"flatPath": "projects/{project}/global/backendServices/{backendService}/getEffectiveSecurityPolicies",
+"httpMethod": "GET",
+"id": "compute.backendServices.getEffectiveSecurityPolicies",
+"parameterOrder": [
+"project",
+"backendService"
+],
+"parameters": {
+"backendService": {
+"description": "Name of the Backend Service for this request.",
+"location": "path",
+"pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+"required": true,
+"type": "string"
+},
+"project": {
+"description": "Project ID for this request.",
+"location": "path",
+"pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+"required": true,
+"type": "string"
+}
+},
+"path": "projects/{project}/global/backendServices/{backendService}/getEffectiveSecurityPolicies",
+"scopes": [
+"https://www.googleapis.com/auth/cloud-platform",
+"https://www.googleapis.com/auth/compute",
+"https://www.googleapis.com/auth/compute.readonly"
+]
+},
 "getHealth": {
 "description": "Gets the most recent health check results for this BackendService. Example request body: { \"group\": \"/zones/us-east1-b/instanceGroups/lb-backend-example\" }",
 "flatPath": "projects/{project}/global/backendServices/{backendService}/getHealth",
@@ -19900,6 +19932,576 @@
 }
 }
 },
+"organizationSecurityPolicies": {
+"methods": {
+"addAssociation": {
+"description": "Inserts an association for the specified security policy. This has billing implications. Projects in the hierarchy with effective hierarchical security policies will be automatically enrolled into Cloud Armor Enterprise if not already enrolled. Use of this API to modify firewall policies is deprecated. Use firewallPolicies.addAssociation instead if possible.",
+"flatPath": "locations/global/securityPolicies/{securityPolicy}/addAssociation",
+"httpMethod": "POST",
+"id": "compute.organizationSecurityPolicies.addAssociation",
+"parameterOrder": [
+"securityPolicy"
+],
+"parameters": {
+"replaceExistingAssociation": {
+"description": "Indicates whether or not to replace it if an association of the attachment already exists. This is false by default, in which case an error will be returned if an association already exists.",
+"location": "query",
+"type": "boolean"
+},
+"requestId": {
+"description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+"location": "query",
+"type": "string"
+},
+"securityPolicy": {
+"description": "Name of the security policy to update.",
+"location": "path",
+"pattern": "(securityPolicies/)?[0-9]{0,20}",
+"required": true,
+"type": "string"
+}
+},
+"path": "locations/global/securityPolicies/{securityPolicy}/addAssociation",
+"request": {
+"$ref": "SecurityPolicyAssociation"
+},
+"response": {
+"$ref": "Operation"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-platform",
+"https://www.googleapis.com/auth/compute"
+]
+},
+"addRule": {
+"description": "Inserts a rule into a security policy.",
+"flatPath": "locations/global/securityPolicies/{securityPolicy}/addRule",
+"httpMethod": "POST",
+"id": "compute.organizationSecurityPolicies.addRule",
+"parameterOrder": [
+"securityPolicy"
+],
+"parameters": {
+"requestId": {
+"description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+"location": "query",
+"type": "string"
+},
+"securityPolicy": {
+"description": "Name of the security policy to update.",
+"location": "path",
+"pattern": "(securityPolicies/)?[0-9]{0,20}",
+"required": true,
+"type": "string"
+}
+},
+"path": "locations/global/securityPolicies/{securityPolicy}/addRule",
+"request": {
+"$ref": "SecurityPolicyRule"
+},
+"response": {
+"$ref": "Operation"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-platform",
+"https://www.googleapis.com/auth/compute"
+]
+},
+"copyRules": {
+"description": "Copies rules to the specified security policy. Use of this API to modify firewall policies is deprecated. Use firewallPolicies.copyRules instead.",
+"flatPath": "locations/global/securityPolicies/{securityPolicy}/copyRules",
+"httpMethod": "POST",
+"id": "compute.organizationSecurityPolicies.copyRules",
+"parameterOrder": [
+"securityPolicy"
+],
+"parameters": {
+"requestId": {
+"description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+"location": "query",
+"type": "string"
+},
+"securityPolicy": {
+"description": "Name of the security policy to update.",
+"location": "path",
+"pattern": "(securityPolicies/)?[0-9]{0,20}",
+"required": true,
+"type": "string"
+},
+"sourceSecurityPolicy": {
+"description": "The security policy from which to copy rules.",
+"location": "query",
+"type": "string"
+}
+},
+"path": "locations/global/securityPolicies/{securityPolicy}/copyRules",
+"response": {
+"$ref": "Operation"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-platform",
+"https://www.googleapis.com/auth/compute"
+]
+},
+"delete": {
+"description": "Deletes the specified policy. Use of this API to remove firewall policies is deprecated. Use firewallPolicies.delete instead.",
+"flatPath": "locations/global/securityPolicies/{securityPolicy}",
+"httpMethod": "DELETE",
+"id": "compute.organizationSecurityPolicies.delete",
+"parameterOrder": [
+"securityPolicy"
+],
+"parameters": {
+"requestId": {
+"description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+"location": "query",
+"type": "string"
+},
+"securityPolicy": {
+"description": "Name of the security policy to delete.",
+"location": "path",
+"pattern": "(securityPolicies/)?[0-9]{0,20}",
+"required": true,
+"type": "string"
+}
+},
+"path": "locations/global/securityPolicies/{securityPolicy}",
+"response": {
+"$ref": "Operation"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-platform",
+"https://www.googleapis.com/auth/compute"
+]
+},
+"get": {
+"description": "List all of the ordered rules present in a single specified policy. Use of this API to read firewall policies is deprecated. Use firewallPolicies.get instead.",
+"flatPath": "locations/global/securityPolicies/{securityPolicy}",
+"httpMethod": "GET",
+"id": "compute.organizationSecurityPolicies.get",
+"parameterOrder": [
+"securityPolicy"
+],
+"parameters": {
+"securityPolicy": {
+"description": "Name of the security policy to get.",
+"location": "path",
+"pattern": "(securityPolicies/)?[0-9]{0,20}",
+"required": true,
+"type": "string"
+}
+},
+"path": "locations/global/securityPolicies/{securityPolicy}",
+"response": {
+"$ref": "SecurityPolicy"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-platform",
+"https://www.googleapis.com/auth/compute",
+"https://www.googleapis.com/auth/compute.readonly"
+]
+},
+"getAssociation": {
+"description": "Gets an association with the specified name. Use of this API to read firewall policies is deprecated. Use firewallPolicies.getAssociation instead if possible.",
+"flatPath": "locations/global/securityPolicies/{securityPolicy}/getAssociation",
+"httpMethod": "GET",
+"id": "compute.organizationSecurityPolicies.getAssociation",
+"parameterOrder": [
+"securityPolicy"
+],
+"parameters": {
+"name": {
+"description": "The name of the association to get from the security policy.",
+"location": "query",
+"type": "string"
+},
+"securityPolicy": {
+"description": "Name of the security policy to which the queried rule belongs.",
+"location": "path",
+"pattern": "(securityPolicies/)?[0-9]{0,20}",
+"required": true,
+"type": "string"
+}
+},
+"path": "locations/global/securityPolicies/{securityPolicy}/getAssociation",
+"response": {
+"$ref": "SecurityPolicyAssociation"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-platform",
+"https://www.googleapis.com/auth/compute",
+"https://www.googleapis.com/auth/compute.readonly"
+]
+},
+"getRule": {
+"description": "Gets a rule at the specified priority. Use of this API to read firewall policies is deprecated. Use firewallPolicies.getRule instead.",
+"flatPath": "locations/global/securityPolicies/{securityPolicy}/getRule",
+"httpMethod": "GET",
+"id": "compute.organizationSecurityPolicies.getRule",
+"parameterOrder": [
+"securityPolicy"
+],
+"parameters": {
+"priority": {
+"description": "The priority of the rule to get from the security policy.",
+"format": "int32",
+"location": "query",
+"type": "integer"
+},
+"securityPolicy": {
+"description": "Name of the security policy to which the queried rule belongs.",
+"location": "path",
+"pattern": "(securityPolicies/)?[0-9]{0,20}",
+"required": true,
+"type": "string"
+}
+},
+"path": "locations/global/securityPolicies/{securityPolicy}/getRule",
+"response": {
+"$ref": "SecurityPolicyRule"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-platform",
+"https://www.googleapis.com/auth/compute",
+"https://www.googleapis.com/auth/compute.readonly"
+]
+},
+"insert": {
+"description": "Creates a new policy in the specified project using the data included in the request. Use of this API to insert firewall policies is deprecated. Use firewallPolicies.insert instead.",
+"flatPath": "locations/global/securityPolicies",
+"httpMethod": "POST",
+"id": "compute.organizationSecurityPolicies.insert",
+"parameters": {
+"parentId": {
+"description": "Parent ID for this request. The ID can be either be \"folders/[FOLDER_ID]\" if the parent is a folder or \"organizations/[ORGANIZATION_ID]\" if the parent is an organization.",
+"location": "query",
+"type": "string"
+},
+"requestId": {
+"description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+"location": "query",
+"type": "string"
+}
+},
+"path": "locations/global/securityPolicies",
+"request": {
+"$ref": "SecurityPolicy"
+},
+"response": {
+"$ref": "Operation"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-platform",
+"https://www.googleapis.com/auth/compute"
+]
+},
+"list": {
+"description": "List all the policies that have been configured for the specified project. Use of this API to read firewall policies is deprecated. Use firewallPolicies.list instead.",
+"flatPath": "locations/global/securityPolicies",
+"httpMethod": "GET",
+"id": "compute.organizationSecurityPolicies.list",
+"parameters": {
+"filter": {
+"description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. These two types of filter expressions cannot be mixed in one request. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `>`, `<`, `<=`, `>=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`. You cannot combine constraints on multiple fields using regular expressions.",
+"location": "query",
+"type": "string"
+},
+"maxResults": {
+"default": "500",
+"description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
+"format": "uint32",
+"location": "query",
+"minimum": "0",
+"type": "integer"
+},
+"orderBy": {
+"description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
+"location": "query",
+"type": "string"
+},
+"pageToken": {
+"description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
+"location": "query",
+"type": "string"
+},
+"parentId": {
+"description": "Parent ID for this request.",
+"location": "query",
+"type": "string"
+},
+"returnPartialSuccess": {
+"description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false. For example, when partial success behavior is enabled, aggregatedList for a single zone scope either returns all resources in the zone or no resources, with an error code.",
+"location": "query",
+"type": "boolean"
+}
+},
+"path": "locations/global/securityPolicies",
+"response": {
+"$ref": "SecurityPolicyList"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-platform",
+"https://www.googleapis.com/auth/compute",
+"https://www.googleapis.com/auth/compute.readonly"
+]
+},
+"listAssociations": {
+"description": "Lists associations of a specified target, i.e., organization or folder. Use of this API to read firewall policies is deprecated. Use firewallPolicies.listAssociations instead if possible.",
+"flatPath": "locations/global/securityPolicies/listAssociations",
+"httpMethod": "GET",
+"id": "compute.organizationSecurityPolicies.listAssociations",
+"parameters": {
+"targetResource": {
+"description": "The target resource to list associations. It is an organization, or a folder.",
+"location": "query",
+"type": "string"
+}
+},
+"path": "locations/global/securityPolicies/listAssociations",
+"response": {
+"$ref": "OrganizationSecurityPoliciesListAssociationsResponse"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-platform",
+"https://www.googleapis.com/auth/compute",
+"https://www.googleapis.com/auth/compute.readonly"
+]
+},
+"listPreconfiguredExpressionSets": {
+"description": "Gets the current list of preconfigured Web Application Firewall (WAF) expressions.",
+"flatPath": "locations/global/securityPolicies/listPreconfiguredExpressionSets",
+"httpMethod": "GET",
+"id": "compute.organizationSecurityPolicies.listPreconfiguredExpressionSets",
+"parameters": {
+"filter": {
+"description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. These two types of filter expressions cannot be mixed in one request. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `>`, `<`, `<=`, `>=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`. You cannot combine constraints on multiple fields using regular expressions.",
+"location": "query",
+"type": "string"
+},
+"maxResults": {
+"default": "500",
+"description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
+"format": "uint32",
+"location": "query",
+"minimum": "0",
+"type": "integer"
+},
+"orderBy": {
+"description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
+"location": "query",
+"type": "string"
+},
+"pageToken": {
+"description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
+"location": "query",
+"type": "string"
+},
+"parentId": {
+"description": "Parent ID for this request.",
+"location": "query",
+"type": "string"
+},
+"returnPartialSuccess": {
+"description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false. For example, when partial success behavior is enabled, aggregatedList for a single zone scope either returns all resources in the zone or no resources, with an error code.",
+"location": "query",
+"type": "boolean"
+}
+},
+"path": "locations/global/securityPolicies/listPreconfiguredExpressionSets",
+"response": {
+"$ref": "SecurityPoliciesListPreconfiguredExpressionSetsResponse"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-platform",
+"https://www.googleapis.com/auth/compute",
+"https://www.googleapis.com/auth/compute.readonly"
+]
+},
+"move": {
+"description": "Moves the specified security policy. Use of this API to modify firewall policies is deprecated. Use firewallPolicies.move instead.",
+"flatPath": "locations/global/securityPolicies/{securityPolicy}/move",
+"httpMethod": "POST",
+"id": "compute.organizationSecurityPolicies.move",
+"parameterOrder": [
+"securityPolicy"
+],
+"parameters": {
+"parentId": {
+"description": "The new parent of the security policy.",
+"location": "query",
+"type": "string"
+},
+"requestId": {
+"description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+"location": "query",
+"type": "string"
+},
+"securityPolicy": {
+"description": "Name of the security policy to update.",
+"location": "path",
+"pattern": "(securityPolicies/)?[0-9]{0,20}",
+"required": true,
+"type": "string"
+}
+},
+"path": "locations/global/securityPolicies/{securityPolicy}/move",
+"response": {
+"$ref": "Operation"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-platform",
+"https://www.googleapis.com/auth/compute"
+]
+},
+"patch": {
+"description": "Patches the specified policy with the data included in the request. Use of this API to modify firewall policies is deprecated. Use firewallPolicies.patch instead.",
+"flatPath": "locations/global/securityPolicies/{securityPolicy}",
+"httpMethod": "PATCH",
+"id": "compute.organizationSecurityPolicies.patch",
+"parameterOrder": [
+"securityPolicy"
+],
+"parameters": {
+"requestId": {
+"description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+"location": "query",
+"type": "string"
+},
+"securityPolicy": {
+"description": "Name of the security policy to update.",
+"location": "path",
+"pattern": "(securityPolicies/)?[0-9]{0,20}",
+"required": true,
+"type": "string"
+}
+},
+"path": "locations/global/securityPolicies/{securityPolicy}",
+"request": {
+"$ref": "SecurityPolicy"
+},
+"response": {
+"$ref": "Operation"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-platform",
+"https://www.googleapis.com/auth/compute"
+]
+},
+"patchRule": {
+"description": "Patches a rule at the specified priority. Use of this API to modify firewall policies is deprecated. Use firewallPolicies.patchRule instead.",
+"flatPath": "locations/global/securityPolicies/{securityPolicy}/patchRule",
+"httpMethod": "POST",
+"id": "compute.organizationSecurityPolicies.patchRule",
+"parameterOrder": [
+"securityPolicy"
+],
+"parameters": {
+"priority": {
+"description": "The priority of the rule to patch.",
+"format": "int32",
+"location": "query",
+"type": "integer"
+},
+"requestId": {
+"description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+"location": "query",
+"type": "string"
+},
+"securityPolicy": {
+"description": "Name of the security policy to update.",
+"location": "path",
+"pattern": "(securityPolicies/)?[0-9]{0,20}",
+"required": true,
+"type": "string"
+}
+},
+"path": "locations/global/securityPolicies/{securityPolicy}/patchRule",
+"request": {
+"$ref": "SecurityPolicyRule"
+},
+"response": {
+"$ref": "Operation"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-platform",
+"https://www.googleapis.com/auth/compute"
+]
+},
+"removeAssociation": {
+"description": "Removes an association for the specified security policy. Use of this API to modify firewall policies is deprecated. Use firewallPolicies.removeAssociation instead if possible.",
+"flatPath": "locations/global/securityPolicies/{securityPolicy}/removeAssociation",
+"httpMethod": "POST",
+"id": "compute.organizationSecurityPolicies.removeAssociation",
+"parameterOrder": [
+"securityPolicy"
+],
+"parameters": {
+"name": {
+"description": "Name for the attachment that will be removed.",
+"location": "query",
+"type": "string"
+},
+"requestId": {
+"description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+"location": "query",
+"type": "string"
+},
+"securityPolicy": {
+"description": "Name of the security policy to update.",
+"location": "path",
+"pattern": "(securityPolicies/)?[0-9]{0,20}",
+"required": true,
+"type": "string"
+}
+},
+"path": "locations/global/securityPolicies/{securityPolicy}/removeAssociation",
+"response": {
+"$ref": "Operation"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-platform",
+"https://www.googleapis.com/auth/compute"
+]
+},
+"removeRule": {
+"description": "Deletes a rule at the specified priority.",
+"flatPath": "locations/global/securityPolicies/{securityPolicy}/removeRule",
+"httpMethod": "POST",
+"id": "compute.organizationSecurityPolicies.removeRule",
+"parameterOrder": [
+"securityPolicy"
+],
+"parameters": {
+"priority": {
+"description": "The priority of the rule to remove from the security policy.",
+"format": "int32",
+"location": "query",
+"type": "integer"
+},
+"requestId": {
+"description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+"location": "query",
+"type": "string"
+},
+"securityPolicy": {
+"description": "Name of the security policy to update.",
+"location": "path",
+"pattern": "(securityPolicies/)?[0-9]{0,20}",
+"required": true,
+"type": "string"
+}
+},
+"path": "locations/global/securityPolicies/{securityPolicy}/removeRule",
+"response": {
+"$ref": "Operation"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-platform",
+"https://www.googleapis.com/auth/compute"
+]
+}
+}
+},
 "packetMirrorings": {
 "methods": {
 "aggregatedList": {
@@ -19950,17 +20552,212 @@
 "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false. For example, when partial success behavior is enabled, aggregatedList for a single zone scope either returns all resources in the zone or no resources, with an error code.",
 "location": "query",
 "type": "boolean"
-},
-"serviceProjectNumber": {
-"description": "The Shared VPC service project id or service project number for which aggregated list request is invoked for subnetworks list-usable api.",
-"format": "int64",
-"location": "query",
-"type": "string"
+},
+"serviceProjectNumber": {
+"description": "The Shared VPC service project id or service project number for which aggregated list request is invoked for subnetworks list-usable api.",
+"format": "int64",
+"location": "query",
+"type": "string"
+}
+},
+"path": "projects/{project}/aggregated/packetMirrorings",
+"response": {
+"$ref": "PacketMirroringAggregatedList"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-platform",
+"https://www.googleapis.com/auth/compute",
+"https://www.googleapis.com/auth/compute.readonly"
+]
+},
+"delete": {
+"description": "Deletes the specified PacketMirroring resource.",
+"flatPath": "projects/{project}/regions/{region}/packetMirrorings/{packetMirroring}",
+"httpMethod": "DELETE",
+"id": "compute.packetMirrorings.delete",
+"parameterOrder": [
+"project",
+"region",
+"packetMirroring"
+],
+"parameters": {
+"packetMirroring": {
+"description": "Name of the PacketMirroring resource to delete.",
+"location": "path",
+"pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+"required": true,
+"type": "string"
+},
+"project": {
+"description": "Project ID for this request.",
+"location": "path",
+"pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+"required": true,
+"type": "string"
+},
+"region": {
+"description": "Name of the region for this request.",
+"location": "path",
+"pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+"required": true,
+"type": "string"
+},
+"requestId": {
+"description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+"location": "query",
+"type": "string"
+}
+},
+"path": "projects/{project}/regions/{region}/packetMirrorings/{packetMirroring}",
+"response": {
+"$ref": "Operation"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-platform",
+"https://www.googleapis.com/auth/compute"
+]
+},
+"get": {
+"description": "Returns the specified PacketMirroring resource.",
+"flatPath": "projects/{project}/regions/{region}/packetMirrorings/{packetMirroring}",
+"httpMethod": "GET",
+"id": "compute.packetMirrorings.get",
+"parameterOrder": [
+"project",
+"region",
+"packetMirroring"
+],
+"parameters": {
+"packetMirroring": {
+"description": "Name of the PacketMirroring resource to return.",
+"location": "path",
+"pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+"required": true,
+"type": "string"
+},
+"project": {
+"description": "Project ID for this request.",
+"location": "path",
+"pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+"required": true,
+"type": "string"
+},
+"region": {
+"description": "Name of the region for this request.",
+"location": "path",
+"pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+"required": true,
+"type": "string"
+}
+},
+"path": "projects/{project}/regions/{region}/packetMirrorings/{packetMirroring}",
+"response": {
+"$ref": "PacketMirroring"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-platform",
+"https://www.googleapis.com/auth/compute",
+"https://www.googleapis.com/auth/compute.readonly"
+]
+},
+"insert": {
+"description": "Creates a PacketMirroring resource in the specified project and region using the data included in the request.",
+"flatPath": "projects/{project}/regions/{region}/packetMirrorings",
+"httpMethod": "POST",
+"id": "compute.packetMirrorings.insert",
+"parameterOrder": [
+"project",
+"region"
+],
+"parameters": {
+"project": {
+"description": "Project ID for this request.",
+"location": "path",
+"pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+"required": true,
+"type": "string"
+},
+"region": {
+"description": "Name of the region for this request.",
+"location": "path",
+"pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+"required": true,
+"type": "string"
+},
+"requestId": {
+"description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+"location": "query",
+"type": "string"
+}
+},
+"path": "projects/{project}/regions/{region}/packetMirrorings",
+"request": {
+"$ref": "PacketMirroring"
+},
+"response": {
+"$ref": "Operation"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-platform",
+"https://www.googleapis.com/auth/compute"
+]
+},
+"list": {
+"description": "Retrieves a list of PacketMirroring resources available to the specified project and region.",
+"flatPath": "projects/{project}/regions/{region}/packetMirrorings",
+"httpMethod": "GET",
+"id": "compute.packetMirrorings.list",
+"parameterOrder": [
+"project",
+"region"
+],
+"parameters": {
+"filter": {
+"description": "A filter expression that filters resources listed in the response. Most Compute resources support two types of filter expressions: expressions that support regular expressions and expressions that follow API improvement proposal AIP-160. These two types of filter expressions cannot be mixed in one request. If you want to use AIP-160, your expression must specify the field name, an operator, and the value that you want to use for filtering. The value must be a string, a number, or a boolean. The operator must be either `=`, `!=`, `>`, `<`, `<=`, `>=` or `:`. For example, if you are filtering Compute Engine instances, you can exclude instances named `example-instance` by specifying `name != example-instance`. The `:*` comparison can be used to test whether a key has been defined. For example, to find all objects with `owner` label use: ``` labels.owner:* ``` You can also filter nested fields. For example, you could specify `scheduling.automaticRestart = false` to include instances only if they are not scheduled for automatic restarts. You can use filtering on nested fields to filter based on resource labels. To filter on multiple expressions, provide each separate expression within parentheses. For example: ``` (scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\") ``` By default, each expression is an `AND` expression. However, you can include `AND` and `OR` expressions explicitly. For example: ``` (cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\") AND (scheduling.automaticRestart = true) ``` If you want to use a regular expression, use the `eq` (equal) or `ne` (not equal) operator against a single un-parenthesized expression with or without quotes or against multiple parenthesized expressions. Examples: `fieldname eq unquoted literal` `fieldname eq 'single quoted literal'` `fieldname eq \"double quoted literal\"` `(fieldname1 eq literal) (fieldname2 ne \"literal\")` The literal value is interpreted as a regular expression using Google RE2 library syntax. The literal value must match the entire field. For example, to filter for instances that do not end with name \"instance\", you would use `name ne .*instance`. You cannot combine constraints on multiple fields using regular expressions.",
+"location": "query",
+"type": "string"
+},
+"maxResults": {
+"default": "500",
+"description": "The maximum number of results per page that should be returned. If the number of available results is larger than `maxResults`, Compute Engine returns a `nextPageToken` that can be used to get the next page of results in subsequent list requests. Acceptable values are `0` to `500`, inclusive. (Default: `500`)",
+"format": "uint32",
+"location": "query",
+"minimum": "0",
+"type": "integer"
+},
+"orderBy": {
+"description": "Sorts list results by a certain order. By default, results are returned in alphanumerical order based on the resource name. You can also sort results in descending order based on the creation timestamp using `orderBy=\"creationTimestamp desc\"`. This sorts results based on the `creationTimestamp` field in reverse chronological order (newest result first). Use this to sort resources like operations so that the newest operation is returned first. Currently, only sorting by `name` or `creationTimestamp desc` is supported.",
+"location": "query",
+"type": "string"
+},
+"pageToken": {
+"description": "Specifies a page token to use. Set `pageToken` to the `nextPageToken` returned by a previous list request to get the next page of results.",
+"location": "query",
+"type": "string"
+},
+"project": {
+"description": "Project ID for this request.",
+"location": "path",
+"pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+"required": true,
+"type": "string"
+},
+"region": {
+"description": "Name of the region for this request.",
+"location": "path",
+"pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+"required": true,
+"type": "string"
+},
+"returnPartialSuccess": {
+"description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false. For example, when partial success behavior is enabled, aggregatedList for a single zone scope either returns all resources in the zone or no resources, with an error code.",
+"location": "query",
+"type": "boolean"
 }
 },
-"path": "projects/{project}/aggregated/packetMirrorings",
+"path": "projects/{project}/regions/{region}/packetMirrorings",
 "response": {
-"$ref": "PacketMirroringAggregatedList"
+"$ref": "PacketMirroringList"
 },
 "scopes": [
 "https://www.googleapis.com/auth/cloud-platform",
@@ -19968,11 +20765,11 @@
 "https://www.googleapis.com/auth/compute.readonly"
 ]
 },
-"delete": {
-"description": "Deletes the specified PacketMirroring resource.",
+"patch": {
+"description": "Patches the specified PacketMirroring resource with the data included in the request. This method supports PATCH semantics and uses JSON merge patch format and processing rules.",
 "flatPath": "projects/{project}/regions/{region}/packetMirrorings/{packetMirroring}",
-"httpMethod": "DELETE",
-"id": "compute.packetMirrorings.delete",
+"httpMethod": "PATCH",
+"id": "compute.packetMirrorings.patch",
 "parameterOrder": [
 "project",
 "region",
@@ -19980,7 +20777,7 @@
 ],
 "parameters": {
 "packetMirroring": {
-"description": "Name of the PacketMirroring resource to delete.",
+"description": "Name of the PacketMirroring resource to patch.",
 "location": "path",
 "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
 "required": true,
@@ -20007,6 +20804,9 @@
 }
 },
 "path": "projects/{project}/regions/{region}/packetMirrorings/{packetMirroring}",
+"request": {
+"$ref": "PacketMirroring"
+},
 "response": {
 "$ref": "Operation"
 },
@@ -20015,24 +20815,17 @@
 "https://www.googleapis.com/auth/compute"
 ]
 },
-"get": {
-"description": "Returns the specified PacketMirroring resource.",
-"flatPath": "projects/{project}/regions/{region}/packetMirrorings/{packetMirroring}",
-"httpMethod": "GET",
-"id": "compute.packetMirrorings.get",
+"testIamPermissions": {
+"description": "Returns permissions that a caller has on the specified resource.",
+"flatPath": "projects/{project}/regions/{region}/packetMirrorings/{resource}/testIamPermissions",
+"httpMethod": "POST",
+"id": "compute.packetMirrorings.testIamPermissions",
 "parameterOrder": [
 "project",
 "region",
-"packetMirroring"
+"resource"
 ],
 "parameters": {
-"packetMirroring": {
-"description": "Name of the PacketMirroring resource to return.",
-"location": "path",
-"pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
-"required": true,
-"type": "string"
-},
 "project": {
 "description": "Project ID for this request.",
 "location": "path",
@@ -20041,73 +20834,79 @@
 "type": "string"
 },
 "region": {
-"description": "Name of the region for this request.",
+"description": "The name of the region for this request.",
 "location": "path",
 "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
 "required": true,
 "type": "string"
+},
+"resource": {
+"description": "Name or id of the resource for this request.",
+"location": "path",
+"pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
+"required": true,
+"type": "string"
 }
 },
-"path": "projects/{project}/regions/{region}/packetMirrorings/{packetMirroring}",
+"path": "projects/{project}/regions/{region}/packetMirrorings/{resource}/testIamPermissions",
+"request": {
+"$ref": "TestPermissionsRequest"
+},
 "response": {
-"$ref": "PacketMirroring"
+"$ref": "TestPermissionsResponse"
 },
 "scopes": [
 "https://www.googleapis.com/auth/cloud-platform",
 "https://www.googleapis.com/auth/compute",
 "https://www.googleapis.com/auth/compute.readonly"
 ]
+}
+}
 },
-"insert": {
-"description": "Creates a PacketMirroring resource in the specified project and region using the data included in the request.",
-"flatPath": "projects/{project}/regions/{region}/packetMirrorings",
-"httpMethod": "POST",
-"id": "compute.packetMirrorings.insert",
+"previewFeatures": {
+"methods": {
+"get": {
+"description": "Returns the details of the given PreviewFeature.",
+"flatPath": "projects/{project}/global/previewFeatures/{previewFeature}",
+"httpMethod": "GET",
+"id": "compute.previewFeatures.get",
 "parameterOrder": [
 "project",
-"region"
+"previewFeature"
 ],
 "parameters": {
-"project": {
-"description": "Project ID for this request.",
+"previewFeature": {
+"description": "Name of the PreviewFeature for this request.",
 "location": "path",
-"pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
+"pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
 "required": true,
 "type": "string"
 },
-"region": {
-"description": "Name of the region for this request.",
+"project": {
+"description": "Project ID for this request.",
 "location": "path",
-"pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+"pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
 "required": true,
 "type": "string"
-},
-"requestId": {
-"description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
-"location": "query",
-"type": "string"
 }
 },
-"path": "projects/{project}/regions/{region}/packetMirrorings",
-"request": {
-"$ref": "PacketMirroring"
-},
+"path": "projects/{project}/global/previewFeatures/{previewFeature}",
 "response": {
-"$ref": "Operation"
+"$ref": "PreviewFeature"
 },
 "scopes": [
 "https://www.googleapis.com/auth/cloud-platform",
-"https://www.googleapis.com/auth/compute"
+"https://www.googleapis.com/auth/compute",
+"https://www.googleapis.com/auth/compute.readonly"
 ]
 },
 "list": {
-"description": "Retrieves a list of PacketMirroring resources available to the specified project and region.",
-"flatPath": "projects/{project}/regions/{region}/packetMirrorings",
+"description": "Returns the details of the given PreviewFeature.",
+"flatPath": "projects/{project}/global/previewFeatures",
 "httpMethod": "GET",
-"id": "compute.packetMirrorings.list",
+"id": "compute.previewFeatures.list",
 "parameterOrder": [
-"project",
-"region"
+"project"
 ],
 "parameters": {
 "filter": {
@@ -20140,22 +20939,15 @@
 "required": true,
 "type": "string"
 },
-"region": {
-"description": "Name of the region for this request.",
-"location": "path",
-"pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-"required": true,
-"type": "string"
-},
 "returnPartialSuccess": {
 "description": "Opt-in for partial success behavior which provides partial results in case of failure. The default value is false. For example, when partial success behavior is enabled, aggregatedList for a single zone scope either returns all resources in the zone or no resources, with an error code.",
 "location": "query",
 "type": "boolean"
 }
 },
-"path": "projects/{project}/regions/{region}/packetMirrorings",
+"path": "projects/{project}/global/previewFeatures",
 "response": {
-"$ref": "PacketMirroringList"
+"$ref": "PreviewFeatureList"
 },
 "scopes": [
 "https://www.googleapis.com/auth/cloud-platform",
@@ -20163,19 +20955,18 @@
 "https://www.googleapis.com/auth/compute.readonly"
 ]
 },
-"patch": {
-"description": "Patches the specified PacketMirroring resource with the data included in the request. This method supports PATCH semantics and uses JSON merge patch format and processing rules.",
-"flatPath": "projects/{project}/regions/{region}/packetMirrorings/{packetMirroring}",
+"update": {
+"description": "Patches the given PreviewFeature. This method is used to enable or disable a PreviewFeature.",
+"flatPath": "projects/{project}/global/previewFeatures/{previewFeature}",
 "httpMethod": "PATCH",
-"id": "compute.packetMirrorings.patch",
+"id": "compute.previewFeatures.update",
 "parameterOrder": [
 "project",
-"region",
-"packetMirroring"
+"previewFeature"
 ],
 "parameters": {
-"packetMirroring": {
-"description": "Name of the PacketMirroring resource to patch.",
+"previewFeature": {
+"description": "Name of the PreviewFeature for this request.",
 "location": "path",
 "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
 "required": true,
@@ -20188,22 +20979,15 @@
 "required": true,
 "type": "string"
 },
-"region": {
-"description": "Name of the region for this request.",
-"location": "path",
-"pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-"required": true,
-"type": "string"
-},
 "requestId": {
 "description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
 "location": "query",
 "type": "string"
 }
 },
-"path": "projects/{project}/regions/{region}/packetMirrorings/{packetMirroring}",
+"path": "projects/{project}/global/previewFeatures/{previewFeature}",
 "request": {
-"$ref": "PacketMirroring"
+"$ref": "PreviewFeature"
 },
 "response": {
 "$ref": "Operation"
@@ -20212,52 +20996,6 @@
 "https://www.googleapis.com/auth/cloud-platform",
 "https://www.googleapis.com/auth/compute"
 ]
-},
-"testIamPermissions": {
-"description": "Returns permissions that a caller has on the specified resource.",
-"flatPath": "projects/{project}/regions/{region}/packetMirrorings/{resource}/testIamPermissions",
-"httpMethod": "POST",
-"id": "compute.packetMirrorings.testIamPermissions",
-"parameterOrder": [
-"project",
-"region",
-"resource"
-],
-"parameters": {
-"project": {
-"description": "Project ID for this request.",
-"location": "path",
-"pattern": "(?:(?:[-a-z0-9]{1,63}\\.)*(?:[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?):)?(?:[0-9]{1,19}|(?:[a-z0-9](?:[-a-z0-9]{0,61}[a-z0-9])?))",
-"required": true,
-"type": "string"
-},
-"region": {
-"description": "The name of the region for this request.",
-"location": "path",
-"pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
-"required": true,
-"type": "string"
-},
-"resource": {
-"description": "Name or id of the resource for this request.",
-"location": "path",
-"pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}",
-"required": true,
-"type": "string"
-}
-},
-"path": "projects/{project}/regions/{region}/packetMirrorings/{resource}/testIamPermissions",
-"request": {
-"$ref": "TestPermissionsRequest"
-},
-"response": {
-"$ref": "TestPermissionsResponse"
-},
-"scopes": [
-"https://www.googleapis.com/auth/cloud-platform",
-"https://www.googleapis.com/auth/compute",
-"https://www.googleapis.com/auth/compute.readonly"
-]
 }
 }
 },
@@ -30480,6 +31218,60 @@
 "https://www.googleapis.com/auth/cloud-platform",
 "https://www.googleapis.com/auth/compute"
 ]
+},
+"reportFaulty": {
+"description": "Allows customers to report a faulty subBlock.",
+"flatPath": "projects/{project}/zones/{zone}/{parentName}/reservationSubBlocks/{reservationSubBlock}/reportFaulty",
+"httpMethod": "POST",
+"id": "compute.reservationSubBlocks.reportFaulty",
+"parameterOrder": [
+"project",
+"zone",
+"parentName",
+"reservationSubBlock"
+],
+"parameters": {
+"parentName": {
+"description": "The name of the parent reservation and parent block. In the format of reservations/{reservation_name}/reservationBlocks/{reservation_block_name}",
+"location": "path",
+"required": true,
+"type": "string"
+},
+"project": {
+"description": "Project ID for this request.",
+"location": "path",
+"required": true,
+"type": "string"
+},
+"requestId": {
+"description": "An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported ( 00000000-0000-0000-0000-000000000000).",
+"location": "query",
+"type": "string"
+},
+"reservationSubBlock": {
+"description": "The name of the reservation subBlock. Name should conform to RFC1035 or be a resource ID.",
+"location": "path",
+"required": true,
+"type": "string"
+},
+"zone": {
+"description": "Name of the zone for this request. Zone name should conform to RFC1035.",
+"location": "path",
+"required": true,
+"type": "string"
+}
+},
+"path": "projects/{project}/zones/{zone}/{parentName}/reservationSubBlocks/{reservationSubBlock}/reportFaulty",
+"request": {
+"$ref": "ReservationSubBlocksReportFaultyRequest"
+},
+"response": {
+"$ref": "Operation"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-platform",
+"https://www.googleapis.com/auth/compute"
+]
 }
 }
 },
@@ -40401,7 +41193,7 @@
 }
 }
 },
-"revision": "20250909",
+"revision": "20250916",
 "rootUrl": "https://compute.googleapis.com/",
 "schemas": {
 "AWSV4Signature": {
@@ -46478,6 +47270,28 @@ false
 },
 "type": "object"
 },
+"Date": {
+"description": "Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values. * A month and day, with a zero year (for example, an anniversary). * A year on its own, with a zero month and a zero day. * A year and month, with a zero day (for example, a credit card expiration date). Related types: * google.type.TimeOfDay * google.type.DateTime * google.protobuf.Timestamp",
+"id": "Date",
+"properties": {
+"day": {
+"description": "Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.",
+"format": "int32",
+"type": "integer"
+},
+"month": {
+"description": "Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.",
+"format": "int32",
+"type": "integer"
+},
+"year": {
+"description": "Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.",
+"format": "int32",
+"type": "integer"
+}
+},
+"type": "object"
+},
 "DeprecationStatus": {
 "description": "Deprecation status for a public resource.",
 "id": "DeprecationStatus",
@@ -52718,6 +53532,10 @@ false
 "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
 "type": "string"
 },
+"params": {
+"$ref": "ImageParams",
+"description": "Input only. [Input Only] Additional params passed with the request, but not persisted as part of resource payload."
+},
 "rawDisk": {
 "description": "The parameters of the raw disk image.",
 "properties": {
@@ -52999,6 +53817,20 @@ false
 },
 "type": "object"
 },
+"ImageParams": {
+"description": "Additional image params.",
+"id": "ImageParams",
+"properties": {
+"resourceManagerTags": {
+"additionalProperties": {
+"type": "string"
+},
+"description": "Resource manager tags to be bound to the image. Tag keys and values have the same definition as resource manager tags. Keys must be in the format `tagKeys/{tag_key_id}`, and values are in the format `tagValues/456`. The field is ignored (both PUT & PATCH) when empty.",
+"type": "object"
+}
+},
+"type": "object"
+},
 "InitialStateConfig": {
 "description": "Initial State for shielded instance, these are public keys which are safe to store in public",
 "id": "InitialStateConfig",
@@ -58397,6 +59229,18 @@ false
 "The interconnect has not completed turnup. No attachments may be provisioned on this interconnect."
 ],
 "type": "string"
+},
+"subzone": {
+"description": "Specific subzone in the InterconnectLocation that represents where this connection is to be provisioned.",
+"enum": [
+"SUBZONE_A",
+"SUBZONE_B"
+],
+"enumDescriptions": [
+"Subzone A.",
+"Subzone B."
+],
+"type": "string"
 }
 },
 "type": "object"
@@ -69868,6 +70712,24 @@ false
 },
 "type": "object"
 },
+"OrganizationSecurityPoliciesListAssociationsResponse": {
+"id": "OrganizationSecurityPoliciesListAssociationsResponse",
+"properties": {
+"associations": {
+"description": "A list of associations.",
+"items": {
+"$ref": "SecurityPolicyAssociation"
+},
+"type": "array"
+},
+"kind": {
+"default": "compute#organizationSecurityPoliciesListAssociationsResponse",
+"description": "[Output Only] Type of securityPolicy associations. Always compute#organizationSecurityPoliciesListAssociations for lists of securityPolicy associations.",
+"type": "string"
+}
+},
+"type": "object"
+},
 "OutlierDetection": {
 "description": "Settings controlling the eviction of unhealthy hosts from the load balancing pool for the backend service.",
 "id": "OutlierDetection",
@@ -70640,269 +71502,565 @@ false
 },
 "type": "object"
 },
-"PathMatcher": {
-"description": "A matcher for the path portion of the URL. The BackendService from the longest-matched rule will serve the URL. If no rule was matched, the default service is used.",
-"id": "PathMatcher",
-"properties": {
-"defaultCustomErrorResponsePolicy": {
-"$ref": "CustomErrorResponsePolicy",
-"description": "defaultCustomErrorResponsePolicy specifies how the Load Balancer returns error responses when BackendServiceor BackendBucket responds with an error. This policy takes effect at the PathMatcher level and applies only when no policy has been defined for the error code at lower levels like RouteRule and PathRule within this PathMatcher. If an error code does not have a policy defined in defaultCustomErrorResponsePolicy, then a policy defined for the error code in UrlMap.defaultCustomErrorResponsePolicy takes effect. For example, consider a UrlMap with the following configuration: - UrlMap.defaultCustomErrorResponsePolicy is configured with policies for 5xx and 4xx errors - A RouteRule for /coming_soon/ is configured for the error code 404. If the request is for www.myotherdomain.com and a 404 is encountered, the policy under UrlMap.defaultCustomErrorResponsePolicy takes effect. If a 404 response is encountered for the request www.example.com/current_events/, the pathMatcher's policy takes effect. If however, the request for www.example.com/coming_soon/ encounters a 404, the policy in RouteRule.customErrorResponsePolicy takes effect. If any of the requests in this example encounter a 500 error code, the policy at UrlMap.defaultCustomErrorResponsePolicy takes effect. When used in conjunction with pathMatcher.defaultRouteAction.retryPolicy, retries take precedence. Only once all retries are exhausted, the defaultCustomErrorResponsePolicy is applied. While attempting a retry, if load balancer is successful in reaching the service, the defaultCustomErrorResponsePolicy is ignored and the response from the service is returned to the client. defaultCustomErrorResponsePolicy is supported only for global external Application Load Balancers."
-},
-"defaultRouteAction": {
-"$ref": "HttpRouteAction",
-"description": "defaultRouteAction takes effect when none of the pathRules or routeRules match. The load balancer performs advanced routing actions, such as URL rewrites and header transformations, before forwarding the request to the selected backend. Only one of defaultUrlRedirect, defaultService or defaultRouteAction.weightedBackendService can be set. URL maps for classic Application Load Balancers only support the urlRewrite action within a path matcher's defaultRouteAction."
-},
-"defaultService": {
-"description": "The full or partial URL to the BackendService resource. This URL is used if none of the pathRules or routeRules defined by this PathMatcher are matched. For example, the following are all valid URLs to a BackendService resource: - https://www.googleapis.com/compute/v1/projects/project /global/backendServices/backendService - compute/v1/projects/project/global/backendServices/backendService - global/backendServices/backendService If defaultRouteAction is also specified, advanced routing actions, such as URL rewrites, take effect before sending the request to the backend. Only one of defaultUrlRedirect, defaultService or defaultRouteAction.weightedBackendService can be set. Authorization requires one or more of the following Google IAM permissions on the specified resource default_service: - compute.backendBuckets.use - compute.backendServices.use ",
-"type": "string"
-},
-"defaultUrlRedirect": {
-"$ref": "HttpRedirectAction",
-"description": "When none of the specified pathRules or routeRules match, the request is redirected to a URL specified by defaultUrlRedirect. Only one of defaultUrlRedirect, defaultService or defaultRouteAction.weightedBackendService can be set. Not supported when the URL map is bound to a target gRPC proxy."
-},
-"description": {
-"description": "An optional description of this resource. Provide this property when you create the resource.",
-"type": "string"
-},
-"headerAction": {
-"$ref": "HttpHeaderAction",
-"description": "Specifies changes to request and response headers that need to take effect for the selected backend service. HeaderAction specified here are applied after the matching HttpRouteRule HeaderAction and before the HeaderAction in the UrlMap HeaderAction is not supported for load balancers that have their loadBalancingScheme set to EXTERNAL. Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true."
-},
-"name": {
-"description": "The name to which this PathMatcher is referred by the HostRule.",
-"type": "string"
-},
-"pathRules": {
-"description": "The list of path rules. Use this list instead of routeRules when routing based on simple path matching is all that's required. The order by which path rules are specified does not matter. Matches are always done on the longest-path-first basis. For example: a pathRule with a path /a/b/c/* will match before /a/b/* irrespective of the order in which those paths appear in this list. Within a given pathMatcher, only one of pathRules or routeRules must be set.",
-"items": {
-"$ref": "PathRule"
-},
-"type": "array"
-},
-"routeRules": {
-"description": "The list of HTTP route rules. Use this list instead of pathRules when advanced route matching and routing actions are desired. routeRules are evaluated in order of priority, from the lowest to highest number. Within a given pathMatcher, you can set only one of pathRules or routeRules.",
-"items": {
-"$ref": "HttpRouteRule"
-},
-"type": "array"
-}
-},
-"type": "object"
-},
-"PathRule": {
-"description": "A path-matching rule for a URL. If matched, will use the specified BackendService to handle the traffic arriving at this URL.",
-"id": "PathRule",
+"PathMatcher": {
+"description": "A matcher for the path portion of the URL. The BackendService from the longest-matched rule will serve the URL. If no rule was matched, the default service is used.",
+"id": "PathMatcher",
+"properties": {
+"defaultCustomErrorResponsePolicy": {
+"$ref": "CustomErrorResponsePolicy",
+"description": "defaultCustomErrorResponsePolicy specifies how the Load Balancer returns error responses when BackendServiceor BackendBucket responds with an error. This policy takes effect at the PathMatcher level and applies only when no policy has been defined for the error code at lower levels like RouteRule and PathRule within this PathMatcher. If an error code does not have a policy defined in defaultCustomErrorResponsePolicy, then a policy defined for the error code in UrlMap.defaultCustomErrorResponsePolicy takes effect. For example, consider a UrlMap with the following configuration: - UrlMap.defaultCustomErrorResponsePolicy is configured with policies for 5xx and 4xx errors - A RouteRule for /coming_soon/ is configured for the error code 404. If the request is for www.myotherdomain.com and a 404 is encountered, the policy under UrlMap.defaultCustomErrorResponsePolicy takes effect. If a 404 response is encountered for the request www.example.com/current_events/, the pathMatcher's policy takes effect. If however, the request for www.example.com/coming_soon/ encounters a 404, the policy in RouteRule.customErrorResponsePolicy takes effect. If any of the requests in this example encounter a 500 error code, the policy at UrlMap.defaultCustomErrorResponsePolicy takes effect. When used in conjunction with pathMatcher.defaultRouteAction.retryPolicy, retries take precedence. Only once all retries are exhausted, the defaultCustomErrorResponsePolicy is applied. While attempting a retry, if load balancer is successful in reaching the service, the defaultCustomErrorResponsePolicy is ignored and the response from the service is returned to the client. defaultCustomErrorResponsePolicy is supported only for global external Application Load Balancers."
+},
+"defaultRouteAction": {
+"$ref": "HttpRouteAction",
+"description": "defaultRouteAction takes effect when none of the pathRules or routeRules match. The load balancer performs advanced routing actions, such as URL rewrites and header transformations, before forwarding the request to the selected backend. Only one of defaultUrlRedirect, defaultService or defaultRouteAction.weightedBackendService can be set. URL maps for classic Application Load Balancers only support the urlRewrite action within a path matcher's defaultRouteAction."
+},
+"defaultService": {
+"description": "The full or partial URL to the BackendService resource. This URL is used if none of the pathRules or routeRules defined by this PathMatcher are matched. For example, the following are all valid URLs to a BackendService resource: - https://www.googleapis.com/compute/v1/projects/project /global/backendServices/backendService - compute/v1/projects/project/global/backendServices/backendService - global/backendServices/backendService If defaultRouteAction is also specified, advanced routing actions, such as URL rewrites, take effect before sending the request to the backend. Only one of defaultUrlRedirect, defaultService or defaultRouteAction.weightedBackendService can be set. Authorization requires one or more of the following Google IAM permissions on the specified resource default_service: - compute.backendBuckets.use - compute.backendServices.use ",
+"type": "string"
+},
+"defaultUrlRedirect": {
+"$ref": "HttpRedirectAction",
+"description": "When none of the specified pathRules or routeRules match, the request is redirected to a URL specified by defaultUrlRedirect. Only one of defaultUrlRedirect, defaultService or defaultRouteAction.weightedBackendService can be set. Not supported when the URL map is bound to a target gRPC proxy."
+},
+"description": {
+"description": "An optional description of this resource. Provide this property when you create the resource.",
+"type": "string"
+},
+"headerAction": {
+"$ref": "HttpHeaderAction",
+"description": "Specifies changes to request and response headers that need to take effect for the selected backend service. HeaderAction specified here are applied after the matching HttpRouteRule HeaderAction and before the HeaderAction in the UrlMap HeaderAction is not supported for load balancers that have their loadBalancingScheme set to EXTERNAL. Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true."
+},
+"name": {
+"description": "The name to which this PathMatcher is referred by the HostRule.",
+"type": "string"
+},
+"pathRules": {
+"description": "The list of path rules. Use this list instead of routeRules when routing based on simple path matching is all that's required. The order by which path rules are specified does not matter. Matches are always done on the longest-path-first basis. For example: a pathRule with a path /a/b/c/* will match before /a/b/* irrespective of the order in which those paths appear in this list. Within a given pathMatcher, only one of pathRules or routeRules must be set.",
+"items": {
+"$ref": "PathRule"
+},
+"type": "array"
+},
+"routeRules": {
+"description": "The list of HTTP route rules. Use this list instead of pathRules when advanced route matching and routing actions are desired. routeRules are evaluated in order of priority, from the lowest to highest number. Within a given pathMatcher, you can set only one of pathRules or routeRules.",
+"items": {
+"$ref": "HttpRouteRule"
+},
+"type": "array"
+}
+},
+"type": "object"
+},
+"PathRule": {
+"description": "A path-matching rule for a URL. If matched, will use the specified BackendService to handle the traffic arriving at this URL.",
+"id": "PathRule",
+"properties": {
+"customErrorResponsePolicy": {
+"$ref": "CustomErrorResponsePolicy",
+"description": "customErrorResponsePolicy specifies how the Load Balancer returns error responses when BackendServiceor BackendBucket responds with an error. If a policy for an error code is not configured for the PathRule, a policy for the error code configured in pathMatcher.defaultCustomErrorResponsePolicy is applied. If one is not specified in pathMatcher.defaultCustomErrorResponsePolicy, the policy configured in UrlMap.defaultCustomErrorResponsePolicy takes effect. For example, consider a UrlMap with the following configuration: - UrlMap.defaultCustomErrorResponsePolicy are configured with policies for 5xx and 4xx errors - A PathRule for /coming_soon/ is configured for the error code 404. If the request is for www.myotherdomain.com and a 404 is encountered, the policy under UrlMap.defaultCustomErrorResponsePolicy takes effect. If a 404 response is encountered for the request www.example.com/current_events/, the pathMatcher's policy takes effect. If however, the request for www.example.com/coming_soon/ encounters a 404, the policy in PathRule.customErrorResponsePolicy takes effect. If any of the requests in this example encounter a 500 error code, the policy at UrlMap.defaultCustomErrorResponsePolicy takes effect. customErrorResponsePolicy is supported only for global external Application Load Balancers."
+},
+"paths": {
+"description": "The list of path patterns to match. Each must start with / and the only place a * is allowed is at the end following a /. The string fed to the path matcher does not include any text after the first ? or #, and those chars are not allowed here.",
+"items": {
+"type": "string"
+},
+"type": "array"
+},
+"routeAction": {
+"$ref": "HttpRouteAction",
+"description": "In response to a matching path, the load balancer performs advanced routing actions, such as URL rewrites and header transformations, before forwarding the request to the selected backend. Only one of urlRedirect, service or routeAction.weightedBackendService can be set. URL maps for classic Application Load Balancers only support the urlRewrite action within a path rule's routeAction."
+},
+"service": {
+"description": "The full or partial URL of the backend service resource to which traffic is directed if this rule is matched. If routeAction is also specified, advanced routing actions, such as URL rewrites, take effect before sending the request to the backend. Only one of urlRedirect, service or routeAction.weightedBackendService can be set.",
+"type": "string"
+},
+"urlRedirect": {
+"$ref": "HttpRedirectAction",
+"description": "When a path pattern is matched, the request is redirected to a URL specified by urlRedirect. Only one of urlRedirect, service or routeAction.weightedBackendService can be set. Not supported when the URL map is bound to a target gRPC proxy."
+}
+},
+"type": "object"
+},
+"PerInstanceConfig": {
+"id": "PerInstanceConfig",
+"properties": {
+"fingerprint": {
+"description": "Fingerprint of this per-instance config. This field can be used in optimistic locking. It is ignored when inserting a per-instance config. An up-to-date fingerprint must be provided in order to update an existing per-instance configuration or the field needs to be unset.",
+"format": "byte",
+"type": "string"
+},
+"name": {
+"description": "The name of a per-instance configuration and its corresponding instance. Serves as a merge key during UpdatePerInstanceConfigs operations, that is, if a per-instance configuration with the same name exists then it will be updated, otherwise a new one will be created for the VM instance with the same name. An attempt to create a per-instance configuration for a VM instance that either doesn't exist or is not part of the group will result in an error.",
+"type": "string"
+},
+"preservedState": {
+"$ref": "PreservedState",
+"description": "The intended preserved state for the given instance. Does not contain preserved state generated from a stateful policy."
+},
+"status": {
+"description": "The status of applying this per-instance configuration on the corresponding managed instance.",
+"enum": [
+"APPLYING",
+"DELETING",
+"EFFECTIVE",
+"NONE",
+"UNAPPLIED",
+"UNAPPLIED_DELETION"
+],
+"enumDescriptions": [
+"The per-instance configuration is being applied to the instance, but is not yet effective, possibly waiting for the instance to, for example, REFRESH.",
+"The per-instance configuration deletion is being applied on the instance, possibly waiting for the instance to, for example, REFRESH.",
+"The per-instance configuration is effective on the instance, meaning that all disks, ips and metadata specified in this configuration are attached or set on the instance.",
+"*[Default]* The default status, when no per-instance configuration exists.",
+"The per-instance configuration is set on an instance but not been applied yet.",
+"The per-instance configuration has been deleted, but the deletion is not yet applied."
+],
+"type": "string"
+}
+},
+"type": "object"
+},
+"Policy": {
+"description": "An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** ``` { \"bindings\": [ { \"role\": \"roles/resourcemanager.organizationAdmin\", \"members\": [ \"user:mike@example.com\", \"group:admins@example.com\", \"domain:google.com\", \"serviceAccount:my-project-id@appspot.gserviceaccount.com\" ] }, { \"role\": \"roles/resourcemanager.organizationViewer\", \"members\": [ \"user:eve@example.com\" ], \"condition\": { \"title\": \"expirable access\", \"description\": \"Does not grant access after Sep 2020\", \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\", } } ], \"etag\": \"BwWWja0YfJA=\", \"version\": 3 } ``` **YAML example:** ``` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).",
+"id": "Policy",
+"properties": {
+"auditConfigs": {
+"description": "Specifies cloud audit logging configuration for this policy.",
+"items": {
+"$ref": "AuditConfig"
+},
+"type": "array"
+},
+"bindings": {
+"description": "Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.",
+"items": {
+"$ref": "Binding"
+},
+"type": "array"
+},
+"etag": {
+"description": "`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.",
+"format": "byte",
+"type": "string"
+},
+"version": {
+"description": "Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
+"format": "int32",
+"type": "integer"
+}
+},
+"type": "object"
+},
+"PreconfiguredWafSet": {
+"id": "PreconfiguredWafSet",
+"properties": {
+"expressionSets": {
+"description": "List of entities that are currently supported for WAF rules.",
+"items": {
+"$ref": "WafExpressionSet"
+},
+"type": "array"
+}
+},
+"type": "object"
+},
+"PreservedState": {
+"description": "Preserved state for a given instance.",
+"id": "PreservedState",
+"properties": {
+"disks": {
+"additionalProperties": {
+"$ref": "PreservedStatePreservedDisk"
+},
+"description": "Preserved disks defined for this instance. This map is keyed with the device names of the disks.",
+"type": "object"
+},
+"externalIPs": {
+"additionalProperties": {
+"$ref": "PreservedStatePreservedNetworkIp"
+},
+"description": "Preserved external IPs defined for this instance. This map is keyed with the name of the network interface.",
+"type": "object"
+},
+"internalIPs": {
+"additionalProperties": {
+"$ref": "PreservedStatePreservedNetworkIp"
+},
+"description": "Preserved internal IPs defined for this instance. This map is keyed with the name of the network interface.",
+"type": "object"
+},
+"metadata": {
+"additionalProperties": {
+"type": "string"
+},
+"description": "Preserved metadata defined for this instance.",
+"type": "object"
+}
+},
+"type": "object"
+},
+"PreservedStatePreservedDisk": {
+"id": "PreservedStatePreservedDisk",
+"properties": {
+"autoDelete": {
+"description": "These stateful disks will never be deleted during autohealing, update, instance recreate operations. This flag is used to configure if the disk should be deleted after it is no longer used by the group, e.g. when the given instance or the whole MIG is deleted. Note: disks attached in READ_ONLY mode cannot be auto-deleted.",
+"enum": [
+"NEVER",
+"ON_PERMANENT_INSTANCE_DELETION"
+],
+"enumDescriptions": [
+"",
+""
+],
+"type": "string"
+},
+"mode": {
+"description": "The mode in which to attach this disk, either READ_WRITE or READ_ONLY. If not specified, the default is to attach the disk in READ_WRITE mode.",
+"enum": [
+"READ_ONLY",
+"READ_WRITE"
+],
+"enumDescriptions": [
+"Attaches this disk in read-only mode. Multiple VM instances can use a disk in READ_ONLY mode at a time.",
+"*[Default]* Attaches this disk in READ_WRITE mode. Only one VM instance at a time can be attached to a disk in READ_WRITE mode."
+],
+"type": "string"
+},
+"source": {
+"description": "The URL of the disk resource that is stateful and should be attached to the VM instance.",
+"type": "string"
+}
+},
+"type": "object"
+},
+"PreservedStatePreservedNetworkIp": {
+"id": "PreservedStatePreservedNetworkIp",
+"properties": {
+"autoDelete": {
+"description": "These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted.",
+"enum": [
+"NEVER",
+"ON_PERMANENT_INSTANCE_DELETION"
+],
+"enumDescriptions": [
+"",
+""
+],
+"type": "string"
+},
+"ipAddress": {
+"$ref": "PreservedStatePreservedNetworkIpIpAddress",
+"description": "Ip address representation"
+}
+},
+"type": "object"
+},
+"PreservedStatePreservedNetworkIpIpAddress": {
+"id": "PreservedStatePreservedNetworkIpIpAddress",
+"properties": {
+"address": {
+"description": "The URL of the reservation for this IP address.",
+"type": "string"
+},
+"literal": {
+"description": "An IPv4 internal network address to assign to the instance for this network interface.",
+"type": "string"
+}
+},
+"type": "object"
+},
+"PreviewFeature": {
+"description": "Represents a single Google Compute Engine preview feature.",
+"id": "PreviewFeature",
+"properties": {
+"activationStatus": {
+"description": "Specifies whether the feature is enabled or disabled.",
+"enum": [
+"ACTIVATION_STATE_UNSPECIFIED",
+"DISABLED",
+"ENABLED"
+],
+"enumDescriptions": [
+"",
+"",
+""
+],
+"type": "string"
+},
+"creationTimestamp": {
+"description": "[Output Only] Creation timestamp in RFC3339 text format.",
+"type": "string"
+},
+"description": {
+"description": "[Output Only] Description of the feature.",
+"type": "string"
+},
+"id": {
+"description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.",
+"format": "uint64",
+"type": "string"
+},
+"kind": {
+"default": "compute#previewFeature",
+"description": "[Output only] The type of the feature. Always \"compute#previewFeature\" for preview features.",
+"type": "string"
+},
+"name": {
+"description": "Name of the feature.",
+"type": "string"
+},
+"rolloutOperation": {
+"$ref": "PreviewFeatureRolloutOperation",
+"description": "Rollout operation of the feature."
+},
+"selfLink": {
+"description": "[Output Only] Server-defined URL for the resource.",
+"type": "string"
+},
+"status": {
+"$ref": "PreviewFeatureStatus",
+"description": "[Output only] Status of the feature."
+}
+},
+"type": "object"
+},
+"PreviewFeatureList": {
+"id": "PreviewFeatureList",
+"properties": {
+"etag": {
+"type": "string"
+},
+"id": {
+"description": "[Output Only] Unique identifier for the resource; defined by the server.",
+"type": "string"
+},
+"items": {
+"description": "A list of PreviewFeature resources.",
+"items": {
+"$ref": "PreviewFeature"
+},
+"type": "array"
+},
+"nextPageToken": {
+"description": "[Output Only] This token allows you to get the next page of results for list requests. If the number of results is larger than maxResults, use the nextPageToken as a value for the query parameter pageToken in the next list request. Subsequent list requests will have their own nextPageToken to continue paging through the results.",
+"type": "string"
+},
+"selfLink": {
+"description": "[Output Only] Server-defined URL for this resource.",
+"type": "string"
+},
+"unreachables": {
+"description": "[Output Only] Unreachable resources. end_interface: MixerListResponseWithEtagBuilder",
+"items": {
+"type": "string"
+},
+"type": "array"
+},
+"warning": {
+"description": "[Output Only] Informational warning message.",
+"properties": {
+"code": {
+"description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.",
+"enum": [
+"CLEANUP_FAILED",
+"DEPRECATED_RESOURCE_USED",
+"DEPRECATED_TYPE_USED",
+"DISK_SIZE_LARGER_THAN_IMAGE_SIZE",
+"EXPERIMENTAL_TYPE_USED",
+"EXTERNAL_API_WARNING",
+"FIELD_VALUE_OVERRIDEN",
+"INJECTED_KERNELS_DEPRECATED",
+"INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB",
+"LARGE_DEPLOYMENT_WARNING",
+"LIST_OVERHEAD_QUOTA_EXCEED",
+"MISSING_TYPE_DEPENDENCY",
+"NEXT_HOP_ADDRESS_NOT_ASSIGNED",
+"NEXT_HOP_CANNOT_IP_FORWARD",
+"NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE",
+"NEXT_HOP_INSTANCE_NOT_FOUND",
+"NEXT_HOP_INSTANCE_NOT_ON_NETWORK",
+"NEXT_HOP_NOT_RUNNING",
+"NOT_CRITICAL_ERROR",
+"NO_RESULTS_ON_PAGE",
+"PARTIAL_SUCCESS",
+"QUOTA_INFO_UNAVAILABLE",
+"REQUIRED_TOS_AGREEMENT",
+"RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING",
+"RESOURCE_NOT_DELETED",
+"SCHEMA_VALIDATION_IGNORED",
+"SINGLE_INSTANCE_PROPERTY_TEMPLATE",
+"UNDECLARED_PROPERTIES",
+"UNREACHABLE"
+],
+"enumDeprecated": [
+false,
+false,
+false,
+false,
+false,
+false,
+true,
+false,
+false,
+false,
+false,
+false,
+false,
+false,
+false,
+false,
+false,
+false,
+false,
+false,
+false,
+false,
+false,
+false,
+false,
+false,
+false,
+false,
+false
+],
+"enumDescriptions": [
+"Warning about failed cleanup of transient changes made by a failed operation.",
+"A link to a deprecated resource was created.",
+"When deploying and at least one of the resources has a type marked as deprecated",
+"The user created a boot disk that is larger than image size.",
+"When deploying and at least one of the resources has a type marked as experimental",
+"Warning that is present in an external api call",
+"Warning that value of a field has been overridden. Deprecated unused field.",
+"The operation involved use of an injected kernel, which is deprecated.",
+"A WEIGHTED_MAGLEV backend service is associated with a health check that is not of type HTTP/HTTPS/HTTP2.",
+"When deploying a deployment with a exceedingly large number of resources",
+"Resource can't be retrieved due to list overhead quota exceed which captures the amount of resources filtered out by user-defined list filter.",
+"A resource depends on a missing type",
+"The route's nextHopIp address is not assigned to an instance on the network.",
+"The route's next hop instance cannot ip forward.",
+"The route's nextHopInstance URL refers to an instance that does not have an ipv6 interface on the same network as the route.",
+"The route's nextHopInstance URL refers to an instance that does not exist.",
+"The route's nextHopInstance URL refers to an instance that is not on the same network as the route.",
+"The route's next hop instance does not have a status of RUNNING.",
+"Error which is not critical. We decided to continue the process despite the mentioned error.",
+"No results are present on a particular list page.",
+"Success is reported, but some results may be missing due to errors",
+"Quota information is not available to client requests (e.g: regions.list).",
+"The user attempted to use a resource that requires a TOS they have not accepted.",
+"Warning that a resource is in use.",
+"One or more of the resources set to auto-delete could not be deleted because they were in use.",
+"When a resource schema validation is ignored.",
+"Instance template used in instance group manager is valid as such, but its application does not make a lot of sense, because it allows only single instance in instance group.",
+"When undeclared properties in the schema are present",
+"A given scope cannot be reached."
+],
+"type": "string"
+},
+"data": {
+"description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ",
+"items": {
+"properties": {
+"key": {
+"description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).",
+"type": "string"
+},
+"value": {
+"description": "[Output Only] A warning data value corresponding to the key.",
+"type": "string"
+}
+},
+"type": "object"
+},
+"type": "array"
+},
+"message": {
+"description": "[Output Only] A human-readable description of the warning code.",
+"type": "string"
+}
+},
+"type": "object"
+}
+},
+"type": "object"
+},
+"PreviewFeatureRolloutOperation": {
+"description": "Represents the rollout operation",
+"id": "PreviewFeatureRolloutOperation",
 "properties": {
-"customErrorResponsePolicy": {
-"$ref": "CustomErrorResponsePolicy",
-"description": "customErrorResponsePolicy specifies how the Load Balancer returns error responses when BackendServiceor BackendBucket responds with an error. If a policy for an error code is not configured for the PathRule, a policy for the error code configured in pathMatcher.defaultCustomErrorResponsePolicy is applied. If one is not specified in pathMatcher.defaultCustomErrorResponsePolicy, the policy configured in UrlMap.defaultCustomErrorResponsePolicy takes effect. For example, consider a UrlMap with the following configuration: - UrlMap.defaultCustomErrorResponsePolicy are configured with policies for 5xx and 4xx errors - A PathRule for /coming_soon/ is configured for the error code 404. If the request is for www.myotherdomain.com and a 404 is encountered, the policy under UrlMap.defaultCustomErrorResponsePolicy takes effect. If a 404 response is encountered for the request www.example.com/current_events/, the pathMatcher's policy takes effect. If however, the request for www.example.com/coming_soon/ encounters a 404, the policy in PathRule.customErrorResponsePolicy takes effect. If any of the requests in this example encounter a 500 error code, the policy at UrlMap.defaultCustomErrorResponsePolicy takes effect. customErrorResponsePolicy is supported only for global external Application Load Balancers."
-},
-"paths": {
-"description": "The list of path patterns to match. Each must start with / and the only place a * is allowed is at the end following a /. The string fed to the path matcher does not include any text after the first ? or #, and those chars are not allowed here.",
-"items": {
-"type": "string"
-},
-"type": "array"
-},
-"routeAction": {
-"$ref": "HttpRouteAction",
-"description": "In response to a matching path, the load balancer performs advanced routing actions, such as URL rewrites and header transformations, before forwarding the request to the selected backend. Only one of urlRedirect, service or routeAction.weightedBackendService can be set. URL maps for classic Application Load Balancers only support the urlRewrite action within a path rule's routeAction."
-},
-"service": {
-"description": "The full or partial URL of the backend service resource to which traffic is directed if this rule is matched. If routeAction is also specified, advanced routing actions, such as URL rewrites, take effect before sending the request to the backend. Only one of urlRedirect, service or routeAction.weightedBackendService can be set.",
-"type": "string"
-},
-"urlRedirect": {
-"$ref": "HttpRedirectAction",
-"description": "When a path pattern is matched, the request is redirected to a URL specified by urlRedirect. Only one of urlRedirect, service or routeAction.weightedBackendService can be set. Not supported when the URL map is bound to a target gRPC proxy."
+"rolloutInput": {
+"$ref": "PreviewFeatureRolloutOperationRolloutInput",
+"description": "Input only. The input for the rollout operation."
 }
 },
 "type": "object"
 },
-"PerInstanceConfig": {
-"id": "PerInstanceConfig",
+"PreviewFeatureRolloutOperationRolloutInput": {
+"description": "Represents the input for the rollout operation.",
+"id": "PreviewFeatureRolloutOperationRolloutInput",
 "properties": {
-"fingerprint": {
-"description": "Fingerprint of this per-instance config. This field can be used in optimistic locking. It is ignored when inserting a per-instance config. An up-to-date fingerprint must be provided in order to update an existing per-instance configuration or the field needs to be unset.",
-"format": "byte",
-"type": "string"
-},
 "name": {
-"description": "The name of a per-instance configuration and its corresponding instance. Serves as a merge key during UpdatePerInstanceConfigs operations, that is, if a per-instance configuration with the same name exists then it will be updated, otherwise a new one will be created for the VM instance with the same name. An attempt to create a per-instance configuration for a VM instance that either doesn't exist or is not part of the group will result in an error.",
+"description": "The name of the rollout plan Ex. organizations//locations/global/rolloutPlans/ Ex. folders//locations/global/rolloutPlans/ Ex. projects//locations/global/rolloutPlans/.",
 "type": "string"
 },
-"preservedState": {
-"$ref": "PreservedState",
-"description": "The intended preserved state for the given instance. Does not contain preserved state generated from a stateful policy."
-},
-"status": {
-"description": "The status of applying this per-instance configuration on the corresponding managed instance.",
+"predefinedRolloutPlan": {
+"description": "Predefined rollout plan.",
 "enum": [
-"APPLYING",
-"DELETING",
-"EFFECTIVE",
-"NONE",
-"UNAPPLIED",
-"UNAPPLIED_DELETION"
+"ROLLOUT_PLAN_FAST_ROLLOUT",
+"ROLLOUT_PLAN_TWO_DAY_ROLLOUT",
+"ROLLOUT_PLAN_UNSPECIFIED"
 ],
 "enumDescriptions": [
-"The per-instance configuration is being applied to the instance, but is not yet effective, possibly waiting for the instance to, for example, REFRESH.",
-"The per-instance configuration deletion is being applied on the instance, possibly waiting for the instance to, for example, REFRESH.",
-"The per-instance configuration is effective on the instance, meaning that all disks, ips and metadata specified in this configuration are attached or set on the instance.",
-"*[Default]* The default status, when no per-instance configuration exists.",
-"The per-instance configuration is set on an instance but not been applied yet.",
-"The per-instance configuration has been deleted, but the deletion is not yet applied."
+"",
+"",
+""
 ],
 "type": "string"
 }
 },
 "type": "object"
 },
-"Policy": {
-"description": "An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** ``` { \"bindings\": [ { \"role\": \"roles/resourcemanager.organizationAdmin\", \"members\": [ \"user:mike@example.com\", \"group:admins@example.com\", \"domain:google.com\", \"serviceAccount:my-project-id@appspot.gserviceaccount.com\" ] }, { \"role\": \"roles/resourcemanager.organizationViewer\", \"members\": [ \"user:eve@example.com\" ], \"condition\": { \"title\": \"expirable access\", \"description\": \"Does not grant access after Sep 2020\", \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\", } } ], \"etag\": \"BwWWja0YfJA=\", \"version\": 3 } ``` **YAML example:** ``` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).",
-"id": "Policy",
+"PreviewFeatureStatus": {
+"description": "[Output Only] The status of the feature.",
+"id": "PreviewFeatureStatus",
 "properties": {
-"auditConfigs": {
-"description": "Specifies cloud audit logging configuration for this policy.",
-"items": {
-"$ref": "AuditConfig"
-},
-"type": "array"
-},
-"bindings": {
-"description": "Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.",
-"items": {
-"$ref": "Binding"
-},
-"type": "array"
-},
-"etag": {
-"description": "`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.",
-"format": "byte",
+"description": {
+"description": "[Output Only] The description of the feature.",
 "type": "string"
 },
-"version": {
-"description": "Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
-"format": "int32",
-"type": "integer"
-}
-},
-"type": "object"
-},
-"PreconfiguredWafSet": {
-"id": "PreconfiguredWafSet",
-"properties": {
-"expressionSets": {
-"description": "List of entities that are currently supported for WAF rules.",
-"items": {
-"$ref": "WafExpressionSet"
-},
-"type": "array"
-}
-},
-"type": "object"
-},
-"PreservedState": {
-"description": "Preserved state for a given instance.",
-"id": "PreservedState",
-"properties": {
-"disks": {
-"additionalProperties": {
-"$ref": "PreservedStatePreservedDisk"
-},
-"description": "Preserved disks defined for this instance. This map is keyed with the device names of the disks.",
-"type": "object"
-},
-"externalIPs": {
-"additionalProperties": {
-"$ref": "PreservedStatePreservedNetworkIp"
-},
-"description": "Preserved external IPs defined for this instance. This map is keyed with the name of the network interface.",
-"type": "object"
-},
-"internalIPs": {
-"additionalProperties": {
-"$ref": "PreservedStatePreservedNetworkIp"
-},
-"description": "Preserved internal IPs defined for this instance. This map is keyed with the name of the network interface.",
-"type": "object"
-},
-"metadata": {
-"additionalProperties": {
+"helpLink": {
+"description": "[Output Only] Link to the public documentation for the feature.",
 "type": "string"
 },
-"description": "Preserved metadata defined for this instance.",
-"type": "object"
+"releaseStatus": {
+"$ref": "PreviewFeatureStatusReleaseStatus"
 }
 },
 "type": "object"
 },
-"PreservedStatePreservedDisk": {
-"id": "PreservedStatePreservedDisk",
+"PreviewFeatureStatusReleaseStatus": {
+"description": "[Output Only] The release status of the feature.",
+"id": "PreviewFeatureStatusReleaseStatus",
 "properties": {
-"autoDelete": {
-"description": "These stateful disks will never be deleted during autohealing, update, instance recreate operations. This flag is used to configure if the disk should be deleted after it is no longer used by the group, e.g. when the given instance or the whole MIG is deleted. Note: disks attached in READ_ONLY mode cannot be auto-deleted.",
+"stage": {
+"description": "[Output Only] The stage of the feature.",
 "enum": [
-"NEVER",
-"ON_PERMANENT_INSTANCE_DELETION"
+"DEPRECATED",
+"GA",
+"PREVIEW",
+"STAGE_UNSPECIFIED"
 ],
 "enumDescriptions": [
 "",
-""
-],
-"type": "string"
-},
-"mode": {
-"description": "The mode in which to attach this disk, either READ_WRITE or READ_ONLY. If not specified, the default is to attach the disk in READ_WRITE mode.",
-"enum": [
-"READ_ONLY",
-"READ_WRITE"
-],
-"enumDescriptions": [
-"Attaches this disk in read-only mode. Multiple VM instances can use a disk in READ_ONLY mode at a time.",
-"*[Default]* Attaches this disk in READ_WRITE mode. Only one VM instance at a time can be attached to a disk in READ_WRITE mode."
-],
-"type": "string"
-},
-"source": {
-"description": "The URL of the disk resource that is stateful and should be attached to the VM instance.",
-"type": "string"
-}
-},
-"type": "object"
-},
-"PreservedStatePreservedNetworkIp": {
-"id": "PreservedStatePreservedNetworkIp",
-"properties": {
-"autoDelete": {
-"description": "These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted.",
-"enum": [
-"NEVER",
-"ON_PERMANENT_INSTANCE_DELETION"
-],
-"enumDescriptions": [
+"",
 "",
 ""
 ],
 "type": "string"
 },
-"ipAddress": {
-"$ref": "PreservedStatePreservedNetworkIpIpAddress",
-"description": "Ip address representation"
-}
-},
-"type": "object"
-},
-"PreservedStatePreservedNetworkIpIpAddress": {
-"id": "PreservedStatePreservedNetworkIpIpAddress",
-"properties": {
-"address": {
-"description": "The URL of the reservation for this IP address.",
-"type": "string"
-},
-"literal": {
-"description": "An IPv4 internal network address to assign to the instance for this network interface.",
-"type": "string"
+"updateDate": {
+"$ref": "Date",
+"description": "Output only. The last date when a feature transitioned between ReleaseStatuses.",
+"readOnly": true
 }
 },
 "type": "object"
@@ -75439,6 +76597,72 @@ false
 },
 "type": "object"
 },
+"ReservationSubBlocksReportFaultyRequest": {
+"id": "ReservationSubBlocksReportFaultyRequest",
+"properties": {
+"disruptionSchedule": {
+"description": "The disruption schedule for the subBlock.",
+"enum": [
+"DISRUPTION_SCHEDULE_UNSPECIFIED",
+"IMMEDIATE"
+],
+"enumDescriptions": [
+"",
+"All VMs will be disrupted immediately."
+],
+"type": "string"
+},
+"failureComponent": {
+"description": "The component that experienced the fault.",
+"enum": [
+"FAILURE_COMPONENT_UNSPECIFIED",
+"MULTIPLE_FAULTY_HOSTS",
+"NVLINK_SWITCH"
+],
+"enumDescriptions": [
+"",
+"Multiple hosts experienced the fault.",
+"The NVLink switch experienced the fault."
+],
+"type": "string"
+},
+"faultReasons": {
+"description": "The reasons for the fault experienced with the subBlock.",
+"items": {
+"$ref": "ReservationSubBlocksReportFaultyRequestFaultReason"
+},
+"type": "array"
+}
+},
+"type": "object"
+},
+"ReservationSubBlocksReportFaultyRequestFaultReason": {
+"description": "The reason for the fault experienced with the subBlock.",
+"id": "ReservationSubBlocksReportFaultyRequestFaultReason",
+"properties": {
+"behavior": {
+"description": "The behavior of the fault experienced with the subBlock.",
+"enum": [
+"FAULT_BEHAVIOR_UNSPECIFIED",
+"GPU_ERROR",
+"PERFORMANCE",
+"SWITCH_FAILURE"
+],
+"enumDescriptions": [
+"",
+"The subBlock experienced a GPU error.",
+"The subBlock experienced performance issues.",
+"The subBlock experienced a switch failure."
+],
+"type": "string"
+},
+"description": {
+"description": "The description of the fault experienced with the subBlock.",
+"type": "string"
+}
+},
+"type": "object"
+},
 "ReservationsBlocksPerformMaintenanceRequest": {
 "id": "ReservationsBlocksPerformMaintenanceRequest",
 "properties": {
@@ -79761,6 +80985,13 @@ false
 "advancedOptionsConfig": {
 "$ref": "SecurityPolicyAdvancedOptionsConfig"
 },
+"associations": {
+"description": "A list of associations that belong to this policy.",
+"items": {
+"$ref": "SecurityPolicyAssociation"
+},
+"type": "array"
+},
 "creationTimestamp": {
 "description": "[Output Only] Creation timestamp in RFC3339 text format.",
 "type": "string"
@@ -79822,6 +81053,11 @@ false
 "description": "[Output Only] Server-defined URL for the resource.",
 "type": "string"
 },
+"shortName": {
+"description": "User-provided name of the organization security policy. The name should be unique in the organization in which the security policy is created. This should only be used when SecurityPolicyType is CLOUD_ARMOR. The name must be 1-63 characters long, and comply with https://www.ietf.org/rfc/rfc1035.txt. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
+"pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
+"type": "string"
+},
 "type": {
 "description": "The type indicates the intended use of the security policy. - CLOUD_ARMOR: Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers. - CLOUD_ARMOR_EDGE: Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache. - CLOUD_ARMOR_INTERNAL_SERVICE (preview only): Cloud Armor internal service policies can be configured to filter HTTP requests targeting services managed by Traffic Director in a service mesh. They filter requests before the request is served from the application. - CLOUD_ARMOR_NETWORK: Cloud Armor network policies can be configured to filter packets targeting network load balancing resources such as backend services, target pools, target instances, and instances with external IPs. They filter requests before the request is served from the application. This field can be set only at resource creation time.",
 "enum": [
@@ -80016,6 +81252,47 @@ false
 },
 "type": "object"
 },
+"SecurityPolicyAssociation": {
+"id": "SecurityPolicyAssociation",
+"properties": {
+"attachmentId": {
+"description": "The resource that the security policy is attached to.",
+"type": "string"
+},
+"displayName": {
+"deprecated": true,
+"description": "[Output Only] The display name of the security policy of the association.",
+"type": "string"
+},
+"excludedFolders": {
+"description": "A list of folders to exclude from the security policy.",
+"items": {
+"type": "string"
+},
+"type": "array"
+},
+"excludedProjects": {
+"description": "A list of projects to exclude from the security policy.",
+"items": {
+"type": "string"
+},
+"type": "array"
+},
+"name": {
+"description": "The name for an association.",
+"type": "string"
+},
+"securityPolicyId": {
+"description": "[Output Only] The security policy ID of the association.",
+"type": "string"
+},
+"shortName": {
+"description": "[Output Only] The short name of the security policy of the association.",
+"type": "string"
+}
+},
+"type": "object"
+},
 "SecurityPolicyDdosProtectionConfig": {
 "id": "SecurityPolicyDdosProtectionConfig",
 "properties": {
@@ -81627,7 +82904,7 @@ false
 "type": "object"
 },
 "Snapshot": {
-"description": "Represents a Persistent Disk Snapshot resource. You can use snapshots to back up data on a regular interval. For more information, read Creating persistent disk snapshots. LINT.IfChange",
+"description": "Represents a Persistent Disk Snapshot resource. You can use snapshots to back up data on a regular interval. For more information, read Creating persistent disk snapshots.",
 "id": "Snapshot",
 "properties": {
 "architecture": {
@@ -81742,6 +83019,10 @@ false
 "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?",
 "type": "string"
 },
+"params": {
+"$ref": "SnapshotParams",
+"description": "Input only. [Input Only] Additional params passed with the request, but not persisted as part of resource payload."
+},
 "satisfiesPzi": {
 "description": "Output only. Reserved for future use.",
 "readOnly": true,
@@ -82007,6 +83288,20 @@ false
 },
 "type": "object"
 },
+"SnapshotParams": {
+"description": "Additional snapshot params.",
+"id": "SnapshotParams",
+"properties": {
+"resourceManagerTags": {
+"additionalProperties": {
+"type": "string"
+},
+"description": "Resource manager tags to be bound to the snapshot. Tag keys and values have the same definition as resource manager tags. Keys must be in the format `tagKeys/{tag_key_id}`, and values are in the format `tagValues/456`. The field is ignored (both PUT & PATCH) when empty.",
+"type": "object"
+}
+},
+"type": "object"
+},
 "SnapshotSettings": {
 "id": "SnapshotSettings",
 "properties": {