docs: update docs (#916)

* fix: re-run script

* test: fix noxfile
diff --git a/docs/dyn/secretmanager_v1.projects.secrets.html b/docs/dyn/secretmanager_v1.projects.secrets.html
index 76eebe3..383fad4 100644
--- a/docs/dyn/secretmanager_v1.projects.secrets.html
+++ b/docs/dyn/secretmanager_v1.projects.secrets.html
@@ -165,6 +165,7 @@
     # 
     # A Secret is made up of zero or more SecretVersions that
     # represent the secret data.
+  "name": "A String", # Output only. The resource name of the Secret in the format `projects/*/secrets/*`.
   "replication": { # A policy that defines the replication configuration of data. # Required. Immutable. The replication policy of the secret data attached to the Secret.
       # 
       # The replication policy cannot be changed after the Secret has been created.
@@ -197,7 +198,6 @@
       # No more than 64 labels can be assigned to a given resource.
     "a_key": "A String",
   },
-  "name": "A String", # Output only. The resource name of the Secret in the format `projects/*/secrets/*`.
 }
 
   secretId: string, Required. This must be unique within the project.
@@ -218,6 +218,7 @@
       #
       # A Secret is made up of zero or more SecretVersions that
       # represent the secret data.
+    "name": "A String", # Output only. The resource name of the Secret in the format `projects/*/secrets/*`.
     "replication": { # A policy that defines the replication configuration of data. # Required. Immutable. The replication policy of the secret data attached to the Secret.
         #
         # The replication policy cannot be changed after the Secret has been created.
@@ -250,7 +251,6 @@
         # No more than 64 labels can be assigned to a given resource.
       "a_key": "A String",
     },
-    "name": "A String", # Output only. The resource name of the Secret in the format `projects/*/secrets/*`.
   }</pre>
 </div>
 
@@ -300,6 +300,7 @@
       #
       # A Secret is made up of zero or more SecretVersions that
       # represent the secret data.
+    &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name of the Secret in the format `projects/*/secrets/*`.
     &quot;replication&quot;: { # A policy that defines the replication configuration of data. # Required. Immutable. The replication policy of the secret data attached to the Secret.
         #
         # The replication policy cannot be changed after the Secret has been created.
@@ -332,7 +333,6 @@
         # No more than 64 labels can be assigned to a given resource.
       &quot;a_key&quot;: &quot;A String&quot;,
     },
-    &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name of the Secret in the format `projects/*/secrets/*`.
   }</pre>
 </div>
 
@@ -431,6 +431,147 @@
       #
       # For a description of IAM and its features, see the
       # [IAM documentation](https://cloud.google.com/iam/docs/).
+    &quot;bindings&quot;: [ # Associates a list of `members` to a `role`. Optionally, may specify a
+        # `condition` that determines how and when the `bindings` are applied. Each
+        # of the `bindings` must contain at least one member.
+      { # Associates `members` with a `role`.
+        &quot;role&quot;: &quot;A String&quot;, # Role that is assigned to `members`.
+            # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+        &quot;condition&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
+            #
+            # If the condition evaluates to `true`, then this binding applies to the
+            # current request.
+            #
+            # If the condition evaluates to `false`, then this binding does not apply to
+            # the current request. However, a different role binding might grant the same
+            # role to one or more of the members in this binding.
+            #
+            # To learn which resources support conditions in their IAM policies, see the
+            # [IAM
+            # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+            # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
+            # are documented at https://github.com/google/cel-spec.
+            #
+            # Example (Comparison):
+            #
+            #     title: &quot;Summary size limit&quot;
+            #     description: &quot;Determines if a summary is less than 100 chars&quot;
+            #     expression: &quot;document.summary.size() &lt; 100&quot;
+            #
+            # Example (Equality):
+            #
+            #     title: &quot;Requestor is owner&quot;
+            #     description: &quot;Determines if requestor is the document owner&quot;
+            #     expression: &quot;document.owner == request.auth.claims.email&quot;
+            #
+            # Example (Logic):
+            #
+            #     title: &quot;Public documents&quot;
+            #     description: &quot;Determine whether the document should be publicly visible&quot;
+            #     expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
+            #
+            # Example (Data Manipulation):
+            #
+            #     title: &quot;Notification string&quot;
+            #     description: &quot;Create a notification string with a timestamp.&quot;
+            #     expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
+            #
+            # The exact variables and functions that may be referenced within an expression
+            # are determined by the service that evaluates it. See the service
+            # documentation for additional information.
+          &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
+              # its purpose. This can be used e.g. in UIs which allow to enter the
+              # expression.
+          &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
+              # reporting, e.g. a file name and a position in the file.
+          &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
+              # describes the expression, e.g. when hovered over it in a UI.
+          &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
+              # syntax.
+        },
+        &quot;members&quot;: [ # Specifies the identities requesting access for a Cloud Platform resource.
+            # `members` can have the following values:
+            #
+            # * `allUsers`: A special identifier that represents anyone who is
+            #    on the internet; with or without a Google account.
+            #
+            # * `allAuthenticatedUsers`: A special identifier that represents anyone
+            #    who is authenticated with a Google account or a service account.
+            #
+            # * `user:{emailid}`: An email address that represents a specific Google
+            #    account. For example, `alice@example.com` .
+            #
+            #
+            # * `serviceAccount:{emailid}`: An email address that represents a service
+            #    account. For example, `my-other-app@appspot.gserviceaccount.com`.
+            #
+            # * `group:{emailid}`: An email address that represents a Google group.
+            #    For example, `admins@example.com`.
+            #
+            # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
+            #    identifier) representing a user that has been recently deleted. For
+            #    example, `alice@example.com?uid=123456789012345678901`. If the user is
+            #    recovered, this value reverts to `user:{emailid}` and the recovered user
+            #    retains the role in the binding.
+            #
+            # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
+            #    unique identifier) representing a service account that has been recently
+            #    deleted. For example,
+            #    `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
+            #    If the service account is undeleted, this value reverts to
+            #    `serviceAccount:{emailid}` and the undeleted service account retains the
+            #    role in the binding.
+            #
+            # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
+            #    identifier) representing a Google group that has been recently
+            #    deleted. For example, `admins@example.com?uid=123456789012345678901`. If
+            #    the group is recovered, this value reverts to `group:{emailid}` and the
+            #    recovered group retains the role in the binding.
+            #
+            #
+            # * `domain:{domain}`: The G Suite domain (primary) that represents all the
+            #    users of that domain. For example, `google.com` or `example.com`.
+            #
+          &quot;A String&quot;,
+        ],
+      },
+    ],
+    &quot;etag&quot;: &quot;A String&quot;, # `etag` is used for optimistic concurrency control as a way to help
+        # prevent simultaneous updates of a policy from overwriting each other.
+        # It is strongly suggested that systems make use of the `etag` in the
+        # read-modify-write cycle to perform policy updates in order to avoid race
+        # conditions: An `etag` is returned in the response to `getIamPolicy`, and
+        # systems are expected to put that etag in the request to `setIamPolicy` to
+        # ensure that their change will be applied to the same version of the policy.
+        #
+        # **Important:** If you use IAM Conditions, you must include the `etag` field
+        # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+        # you to overwrite a version `3` policy with a version `1` policy, and all of
+        # the conditions in the version `3` policy are lost.
+    &quot;version&quot;: 42, # Specifies the format of the policy.
+        #
+        # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
+        # are rejected.
+        #
+        # Any operation that affects conditional role bindings must specify version
+        # `3`. This requirement applies to the following operations:
+        #
+        # * Getting a policy that includes a conditional role binding
+        # * Adding a conditional role binding to a policy
+        # * Changing a conditional role binding in a policy
+        # * Removing any role binding, with or without a condition, from a policy
+        #   that includes conditions
+        #
+        # **Important:** If you use IAM Conditions, you must include the `etag` field
+        # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+        # you to overwrite a version `3` policy with a version `1` policy, and all of
+        # the conditions in the version `3` policy are lost.
+        #
+        # If a policy does not include any conditions, operations on that policy may
+        # specify any valid version or leave the field unset.
+        #
+        # To learn which resources support conditions in their IAM policies, see the
+        # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
     &quot;auditConfigs&quot;: [ # Specifies cloud audit logging configuration for this policy.
       { # Specifies the audit configuration for a service.
           # The configuration determines which permission types are logged, and what
@@ -516,147 +657,6 @@
         ],
       },
     ],
-    &quot;bindings&quot;: [ # Associates a list of `members` to a `role`. Optionally, may specify a
-        # `condition` that determines how and when the `bindings` are applied. Each
-        # of the `bindings` must contain at least one member.
-      { # Associates `members` with a `role`.
-        &quot;members&quot;: [ # Specifies the identities requesting access for a Cloud Platform resource.
-            # `members` can have the following values:
-            #
-            # * `allUsers`: A special identifier that represents anyone who is
-            #    on the internet; with or without a Google account.
-            #
-            # * `allAuthenticatedUsers`: A special identifier that represents anyone
-            #    who is authenticated with a Google account or a service account.
-            #
-            # * `user:{emailid}`: An email address that represents a specific Google
-            #    account. For example, `alice@example.com` .
-            #
-            #
-            # * `serviceAccount:{emailid}`: An email address that represents a service
-            #    account. For example, `my-other-app@appspot.gserviceaccount.com`.
-            #
-            # * `group:{emailid}`: An email address that represents a Google group.
-            #    For example, `admins@example.com`.
-            #
-            # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
-            #    identifier) representing a user that has been recently deleted. For
-            #    example, `alice@example.com?uid=123456789012345678901`. If the user is
-            #    recovered, this value reverts to `user:{emailid}` and the recovered user
-            #    retains the role in the binding.
-            #
-            # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
-            #    unique identifier) representing a service account that has been recently
-            #    deleted. For example,
-            #    `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
-            #    If the service account is undeleted, this value reverts to
-            #    `serviceAccount:{emailid}` and the undeleted service account retains the
-            #    role in the binding.
-            #
-            # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
-            #    identifier) representing a Google group that has been recently
-            #    deleted. For example, `admins@example.com?uid=123456789012345678901`. If
-            #    the group is recovered, this value reverts to `group:{emailid}` and the
-            #    recovered group retains the role in the binding.
-            #
-            #
-            # * `domain:{domain}`: The G Suite domain (primary) that represents all the
-            #    users of that domain. For example, `google.com` or `example.com`.
-            #
-          &quot;A String&quot;,
-        ],
-        &quot;role&quot;: &quot;A String&quot;, # Role that is assigned to `members`.
-            # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
-        &quot;condition&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
-            #
-            # If the condition evaluates to `true`, then this binding applies to the
-            # current request.
-            #
-            # If the condition evaluates to `false`, then this binding does not apply to
-            # the current request. However, a different role binding might grant the same
-            # role to one or more of the members in this binding.
-            #
-            # To learn which resources support conditions in their IAM policies, see the
-            # [IAM
-            # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
-            # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
-            # are documented at https://github.com/google/cel-spec.
-            #
-            # Example (Comparison):
-            #
-            #     title: &quot;Summary size limit&quot;
-            #     description: &quot;Determines if a summary is less than 100 chars&quot;
-            #     expression: &quot;document.summary.size() &lt; 100&quot;
-            #
-            # Example (Equality):
-            #
-            #     title: &quot;Requestor is owner&quot;
-            #     description: &quot;Determines if requestor is the document owner&quot;
-            #     expression: &quot;document.owner == request.auth.claims.email&quot;
-            #
-            # Example (Logic):
-            #
-            #     title: &quot;Public documents&quot;
-            #     description: &quot;Determine whether the document should be publicly visible&quot;
-            #     expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
-            #
-            # Example (Data Manipulation):
-            #
-            #     title: &quot;Notification string&quot;
-            #     description: &quot;Create a notification string with a timestamp.&quot;
-            #     expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
-            #
-            # The exact variables and functions that may be referenced within an expression
-            # are determined by the service that evaluates it. See the service
-            # documentation for additional information.
-          &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
-              # describes the expression, e.g. when hovered over it in a UI.
-          &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
-              # syntax.
-          &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
-              # its purpose. This can be used e.g. in UIs which allow to enter the
-              # expression.
-          &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
-              # reporting, e.g. a file name and a position in the file.
-        },
-      },
-    ],
-    &quot;etag&quot;: &quot;A String&quot;, # `etag` is used for optimistic concurrency control as a way to help
-        # prevent simultaneous updates of a policy from overwriting each other.
-        # It is strongly suggested that systems make use of the `etag` in the
-        # read-modify-write cycle to perform policy updates in order to avoid race
-        # conditions: An `etag` is returned in the response to `getIamPolicy`, and
-        # systems are expected to put that etag in the request to `setIamPolicy` to
-        # ensure that their change will be applied to the same version of the policy.
-        #
-        # **Important:** If you use IAM Conditions, you must include the `etag` field
-        # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
-        # you to overwrite a version `3` policy with a version `1` policy, and all of
-        # the conditions in the version `3` policy are lost.
-    &quot;version&quot;: 42, # Specifies the format of the policy.
-        #
-        # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
-        # are rejected.
-        #
-        # Any operation that affects conditional role bindings must specify version
-        # `3`. This requirement applies to the following operations:
-        #
-        # * Getting a policy that includes a conditional role binding
-        # * Adding a conditional role binding to a policy
-        # * Changing a conditional role binding in a policy
-        # * Removing any role binding, with or without a condition, from a policy
-        #   that includes conditions
-        #
-        # **Important:** If you use IAM Conditions, you must include the `etag` field
-        # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
-        # you to overwrite a version `3` policy with a version `1` policy, and all of
-        # the conditions in the version `3` policy are lost.
-        #
-        # If a policy does not include any conditions, operations on that policy may
-        # specify any valid version or leave the field unset.
-        #
-        # To learn which resources support conditions in their IAM policies, see the
-        # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   }</pre>
 </div>
 
@@ -681,7 +681,6 @@
   An object of the form:
 
     { # Response message for SecretManagerService.ListSecrets.
-    &quot;totalSize&quot;: 42, # The total number of Secrets.
     &quot;secrets&quot;: [ # The list of Secrets sorted in reverse by create_time (newest
         # first).
       { # A Secret is a logical secret whose value and versions can
@@ -689,6 +688,7 @@
           #
           # A Secret is made up of zero or more SecretVersions that
           # represent the secret data.
+        &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name of the Secret in the format `projects/*/secrets/*`.
         &quot;replication&quot;: { # A policy that defines the replication configuration of data. # Required. Immutable. The replication policy of the secret data attached to the Secret.
             #
             # The replication policy cannot be changed after the Secret has been created.
@@ -721,11 +721,11 @@
             # No more than 64 labels can be assigned to a given resource.
           &quot;a_key&quot;: &quot;A String&quot;,
         },
-        &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name of the Secret in the format `projects/*/secrets/*`.
       },
     ],
     &quot;nextPageToken&quot;: &quot;A String&quot;, # A token to retrieve the next page of results. Pass this value in
         # ListSecretsRequest.page_token to retrieve the next page.
+    &quot;totalSize&quot;: 42, # The total number of Secrets.
   }</pre>
 </div>
 
@@ -757,6 +757,7 @@
     # 
     # A Secret is made up of zero or more SecretVersions that
     # represent the secret data.
+  &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name of the Secret in the format `projects/*/secrets/*`.
   &quot;replication&quot;: { # A policy that defines the replication configuration of data. # Required. Immutable. The replication policy of the secret data attached to the Secret.
       # 
       # The replication policy cannot be changed after the Secret has been created.
@@ -789,7 +790,6 @@
       # No more than 64 labels can be assigned to a given resource.
     &quot;a_key&quot;: &quot;A String&quot;,
   },
-  &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name of the Secret in the format `projects/*/secrets/*`.
 }
 
   updateMask: string, Required. Specifies the fields to be updated.
@@ -806,6 +806,7 @@
       #
       # A Secret is made up of zero or more SecretVersions that
       # represent the secret data.
+    &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name of the Secret in the format `projects/*/secrets/*`.
     &quot;replication&quot;: { # A policy that defines the replication configuration of data. # Required. Immutable. The replication policy of the secret data attached to the Secret.
         #
         # The replication policy cannot be changed after the Secret has been created.
@@ -838,7 +839,6 @@
         # No more than 64 labels can be assigned to a given resource.
       &quot;a_key&quot;: &quot;A String&quot;,
     },
-    &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name of the Secret in the format `projects/*/secrets/*`.
   }</pre>
 </div>
 
@@ -927,6 +927,147 @@
         #
         # For a description of IAM and its features, see the
         # [IAM documentation](https://cloud.google.com/iam/docs/).
+      &quot;bindings&quot;: [ # Associates a list of `members` to a `role`. Optionally, may specify a
+          # `condition` that determines how and when the `bindings` are applied. Each
+          # of the `bindings` must contain at least one member.
+        { # Associates `members` with a `role`.
+          &quot;role&quot;: &quot;A String&quot;, # Role that is assigned to `members`.
+              # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+          &quot;condition&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
+              #
+              # If the condition evaluates to `true`, then this binding applies to the
+              # current request.
+              #
+              # If the condition evaluates to `false`, then this binding does not apply to
+              # the current request. However, a different role binding might grant the same
+              # role to one or more of the members in this binding.
+              #
+              # To learn which resources support conditions in their IAM policies, see the
+              # [IAM
+              # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+              # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
+              # are documented at https://github.com/google/cel-spec.
+              #
+              # Example (Comparison):
+              #
+              #     title: &quot;Summary size limit&quot;
+              #     description: &quot;Determines if a summary is less than 100 chars&quot;
+              #     expression: &quot;document.summary.size() &lt; 100&quot;
+              #
+              # Example (Equality):
+              #
+              #     title: &quot;Requestor is owner&quot;
+              #     description: &quot;Determines if requestor is the document owner&quot;
+              #     expression: &quot;document.owner == request.auth.claims.email&quot;
+              #
+              # Example (Logic):
+              #
+              #     title: &quot;Public documents&quot;
+              #     description: &quot;Determine whether the document should be publicly visible&quot;
+              #     expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
+              #
+              # Example (Data Manipulation):
+              #
+              #     title: &quot;Notification string&quot;
+              #     description: &quot;Create a notification string with a timestamp.&quot;
+              #     expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
+              #
+              # The exact variables and functions that may be referenced within an expression
+              # are determined by the service that evaluates it. See the service
+              # documentation for additional information.
+            &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
+                # its purpose. This can be used e.g. in UIs which allow to enter the
+                # expression.
+            &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
+                # reporting, e.g. a file name and a position in the file.
+            &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
+                # describes the expression, e.g. when hovered over it in a UI.
+            &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
+                # syntax.
+          },
+          &quot;members&quot;: [ # Specifies the identities requesting access for a Cloud Platform resource.
+              # `members` can have the following values:
+              #
+              # * `allUsers`: A special identifier that represents anyone who is
+              #    on the internet; with or without a Google account.
+              #
+              # * `allAuthenticatedUsers`: A special identifier that represents anyone
+              #    who is authenticated with a Google account or a service account.
+              #
+              # * `user:{emailid}`: An email address that represents a specific Google
+              #    account. For example, `alice@example.com` .
+              #
+              #
+              # * `serviceAccount:{emailid}`: An email address that represents a service
+              #    account. For example, `my-other-app@appspot.gserviceaccount.com`.
+              #
+              # * `group:{emailid}`: An email address that represents a Google group.
+              #    For example, `admins@example.com`.
+              #
+              # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
+              #    identifier) representing a user that has been recently deleted. For
+              #    example, `alice@example.com?uid=123456789012345678901`. If the user is
+              #    recovered, this value reverts to `user:{emailid}` and the recovered user
+              #    retains the role in the binding.
+              #
+              # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
+              #    unique identifier) representing a service account that has been recently
+              #    deleted. For example,
+              #    `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
+              #    If the service account is undeleted, this value reverts to
+              #    `serviceAccount:{emailid}` and the undeleted service account retains the
+              #    role in the binding.
+              #
+              # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
+              #    identifier) representing a Google group that has been recently
+              #    deleted. For example, `admins@example.com?uid=123456789012345678901`. If
+              #    the group is recovered, this value reverts to `group:{emailid}` and the
+              #    recovered group retains the role in the binding.
+              #
+              #
+              # * `domain:{domain}`: The G Suite domain (primary) that represents all the
+              #    users of that domain. For example, `google.com` or `example.com`.
+              #
+            &quot;A String&quot;,
+          ],
+        },
+      ],
+      &quot;etag&quot;: &quot;A String&quot;, # `etag` is used for optimistic concurrency control as a way to help
+          # prevent simultaneous updates of a policy from overwriting each other.
+          # It is strongly suggested that systems make use of the `etag` in the
+          # read-modify-write cycle to perform policy updates in order to avoid race
+          # conditions: An `etag` is returned in the response to `getIamPolicy`, and
+          # systems are expected to put that etag in the request to `setIamPolicy` to
+          # ensure that their change will be applied to the same version of the policy.
+          #
+          # **Important:** If you use IAM Conditions, you must include the `etag` field
+          # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+          # you to overwrite a version `3` policy with a version `1` policy, and all of
+          # the conditions in the version `3` policy are lost.
+      &quot;version&quot;: 42, # Specifies the format of the policy.
+          #
+          # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
+          # are rejected.
+          #
+          # Any operation that affects conditional role bindings must specify version
+          # `3`. This requirement applies to the following operations:
+          #
+          # * Getting a policy that includes a conditional role binding
+          # * Adding a conditional role binding to a policy
+          # * Changing a conditional role binding in a policy
+          # * Removing any role binding, with or without a condition, from a policy
+          #   that includes conditions
+          #
+          # **Important:** If you use IAM Conditions, you must include the `etag` field
+          # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+          # you to overwrite a version `3` policy with a version `1` policy, and all of
+          # the conditions in the version `3` policy are lost.
+          #
+          # If a policy does not include any conditions, operations on that policy may
+          # specify any valid version or leave the field unset.
+          #
+          # To learn which resources support conditions in their IAM policies, see the
+          # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
       &quot;auditConfigs&quot;: [ # Specifies cloud audit logging configuration for this policy.
         { # Specifies the audit configuration for a service.
             # The configuration determines which permission types are logged, and what
@@ -1012,147 +1153,6 @@
           ],
         },
       ],
-      &quot;bindings&quot;: [ # Associates a list of `members` to a `role`. Optionally, may specify a
-          # `condition` that determines how and when the `bindings` are applied. Each
-          # of the `bindings` must contain at least one member.
-        { # Associates `members` with a `role`.
-          &quot;members&quot;: [ # Specifies the identities requesting access for a Cloud Platform resource.
-              # `members` can have the following values:
-              #
-              # * `allUsers`: A special identifier that represents anyone who is
-              #    on the internet; with or without a Google account.
-              #
-              # * `allAuthenticatedUsers`: A special identifier that represents anyone
-              #    who is authenticated with a Google account or a service account.
-              #
-              # * `user:{emailid}`: An email address that represents a specific Google
-              #    account. For example, `alice@example.com` .
-              #
-              #
-              # * `serviceAccount:{emailid}`: An email address that represents a service
-              #    account. For example, `my-other-app@appspot.gserviceaccount.com`.
-              #
-              # * `group:{emailid}`: An email address that represents a Google group.
-              #    For example, `admins@example.com`.
-              #
-              # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
-              #    identifier) representing a user that has been recently deleted. For
-              #    example, `alice@example.com?uid=123456789012345678901`. If the user is
-              #    recovered, this value reverts to `user:{emailid}` and the recovered user
-              #    retains the role in the binding.
-              #
-              # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
-              #    unique identifier) representing a service account that has been recently
-              #    deleted. For example,
-              #    `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
-              #    If the service account is undeleted, this value reverts to
-              #    `serviceAccount:{emailid}` and the undeleted service account retains the
-              #    role in the binding.
-              #
-              # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
-              #    identifier) representing a Google group that has been recently
-              #    deleted. For example, `admins@example.com?uid=123456789012345678901`. If
-              #    the group is recovered, this value reverts to `group:{emailid}` and the
-              #    recovered group retains the role in the binding.
-              #
-              #
-              # * `domain:{domain}`: The G Suite domain (primary) that represents all the
-              #    users of that domain. For example, `google.com` or `example.com`.
-              #
-            &quot;A String&quot;,
-          ],
-          &quot;role&quot;: &quot;A String&quot;, # Role that is assigned to `members`.
-              # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
-          &quot;condition&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
-              #
-              # If the condition evaluates to `true`, then this binding applies to the
-              # current request.
-              #
-              # If the condition evaluates to `false`, then this binding does not apply to
-              # the current request. However, a different role binding might grant the same
-              # role to one or more of the members in this binding.
-              #
-              # To learn which resources support conditions in their IAM policies, see the
-              # [IAM
-              # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
-              # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
-              # are documented at https://github.com/google/cel-spec.
-              #
-              # Example (Comparison):
-              #
-              #     title: &quot;Summary size limit&quot;
-              #     description: &quot;Determines if a summary is less than 100 chars&quot;
-              #     expression: &quot;document.summary.size() &lt; 100&quot;
-              #
-              # Example (Equality):
-              #
-              #     title: &quot;Requestor is owner&quot;
-              #     description: &quot;Determines if requestor is the document owner&quot;
-              #     expression: &quot;document.owner == request.auth.claims.email&quot;
-              #
-              # Example (Logic):
-              #
-              #     title: &quot;Public documents&quot;
-              #     description: &quot;Determine whether the document should be publicly visible&quot;
-              #     expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
-              #
-              # Example (Data Manipulation):
-              #
-              #     title: &quot;Notification string&quot;
-              #     description: &quot;Create a notification string with a timestamp.&quot;
-              #     expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
-              #
-              # The exact variables and functions that may be referenced within an expression
-              # are determined by the service that evaluates it. See the service
-              # documentation for additional information.
-            &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
-                # describes the expression, e.g. when hovered over it in a UI.
-            &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
-                # syntax.
-            &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
-                # its purpose. This can be used e.g. in UIs which allow to enter the
-                # expression.
-            &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
-                # reporting, e.g. a file name and a position in the file.
-          },
-        },
-      ],
-      &quot;etag&quot;: &quot;A String&quot;, # `etag` is used for optimistic concurrency control as a way to help
-          # prevent simultaneous updates of a policy from overwriting each other.
-          # It is strongly suggested that systems make use of the `etag` in the
-          # read-modify-write cycle to perform policy updates in order to avoid race
-          # conditions: An `etag` is returned in the response to `getIamPolicy`, and
-          # systems are expected to put that etag in the request to `setIamPolicy` to
-          # ensure that their change will be applied to the same version of the policy.
-          #
-          # **Important:** If you use IAM Conditions, you must include the `etag` field
-          # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
-          # you to overwrite a version `3` policy with a version `1` policy, and all of
-          # the conditions in the version `3` policy are lost.
-      &quot;version&quot;: 42, # Specifies the format of the policy.
-          #
-          # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
-          # are rejected.
-          #
-          # Any operation that affects conditional role bindings must specify version
-          # `3`. This requirement applies to the following operations:
-          #
-          # * Getting a policy that includes a conditional role binding
-          # * Adding a conditional role binding to a policy
-          # * Changing a conditional role binding in a policy
-          # * Removing any role binding, with or without a condition, from a policy
-          #   that includes conditions
-          #
-          # **Important:** If you use IAM Conditions, you must include the `etag` field
-          # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
-          # you to overwrite a version `3` policy with a version `1` policy, and all of
-          # the conditions in the version `3` policy are lost.
-          #
-          # If a policy does not include any conditions, operations on that policy may
-          # specify any valid version or leave the field unset.
-          #
-          # To learn which resources support conditions in their IAM policies, see the
-          # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
     },
     &quot;updateMask&quot;: &quot;A String&quot;, # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
         # the fields in the mask will be modified. If no mask is provided, the
@@ -1236,6 +1236,147 @@
       #
       # For a description of IAM and its features, see the
       # [IAM documentation](https://cloud.google.com/iam/docs/).
+    &quot;bindings&quot;: [ # Associates a list of `members` to a `role`. Optionally, may specify a
+        # `condition` that determines how and when the `bindings` are applied. Each
+        # of the `bindings` must contain at least one member.
+      { # Associates `members` with a `role`.
+        &quot;role&quot;: &quot;A String&quot;, # Role that is assigned to `members`.
+            # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+        &quot;condition&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
+            #
+            # If the condition evaluates to `true`, then this binding applies to the
+            # current request.
+            #
+            # If the condition evaluates to `false`, then this binding does not apply to
+            # the current request. However, a different role binding might grant the same
+            # role to one or more of the members in this binding.
+            #
+            # To learn which resources support conditions in their IAM policies, see the
+            # [IAM
+            # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+            # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
+            # are documented at https://github.com/google/cel-spec.
+            #
+            # Example (Comparison):
+            #
+            #     title: &quot;Summary size limit&quot;
+            #     description: &quot;Determines if a summary is less than 100 chars&quot;
+            #     expression: &quot;document.summary.size() &lt; 100&quot;
+            #
+            # Example (Equality):
+            #
+            #     title: &quot;Requestor is owner&quot;
+            #     description: &quot;Determines if requestor is the document owner&quot;
+            #     expression: &quot;document.owner == request.auth.claims.email&quot;
+            #
+            # Example (Logic):
+            #
+            #     title: &quot;Public documents&quot;
+            #     description: &quot;Determine whether the document should be publicly visible&quot;
+            #     expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
+            #
+            # Example (Data Manipulation):
+            #
+            #     title: &quot;Notification string&quot;
+            #     description: &quot;Create a notification string with a timestamp.&quot;
+            #     expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
+            #
+            # The exact variables and functions that may be referenced within an expression
+            # are determined by the service that evaluates it. See the service
+            # documentation for additional information.
+          &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
+              # its purpose. This can be used e.g. in UIs which allow to enter the
+              # expression.
+          &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
+              # reporting, e.g. a file name and a position in the file.
+          &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
+              # describes the expression, e.g. when hovered over it in a UI.
+          &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
+              # syntax.
+        },
+        &quot;members&quot;: [ # Specifies the identities requesting access for a Cloud Platform resource.
+            # `members` can have the following values:
+            #
+            # * `allUsers`: A special identifier that represents anyone who is
+            #    on the internet; with or without a Google account.
+            #
+            # * `allAuthenticatedUsers`: A special identifier that represents anyone
+            #    who is authenticated with a Google account or a service account.
+            #
+            # * `user:{emailid}`: An email address that represents a specific Google
+            #    account. For example, `alice@example.com` .
+            #
+            #
+            # * `serviceAccount:{emailid}`: An email address that represents a service
+            #    account. For example, `my-other-app@appspot.gserviceaccount.com`.
+            #
+            # * `group:{emailid}`: An email address that represents a Google group.
+            #    For example, `admins@example.com`.
+            #
+            # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
+            #    identifier) representing a user that has been recently deleted. For
+            #    example, `alice@example.com?uid=123456789012345678901`. If the user is
+            #    recovered, this value reverts to `user:{emailid}` and the recovered user
+            #    retains the role in the binding.
+            #
+            # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
+            #    unique identifier) representing a service account that has been recently
+            #    deleted. For example,
+            #    `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
+            #    If the service account is undeleted, this value reverts to
+            #    `serviceAccount:{emailid}` and the undeleted service account retains the
+            #    role in the binding.
+            #
+            # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
+            #    identifier) representing a Google group that has been recently
+            #    deleted. For example, `admins@example.com?uid=123456789012345678901`. If
+            #    the group is recovered, this value reverts to `group:{emailid}` and the
+            #    recovered group retains the role in the binding.
+            #
+            #
+            # * `domain:{domain}`: The G Suite domain (primary) that represents all the
+            #    users of that domain. For example, `google.com` or `example.com`.
+            #
+          &quot;A String&quot;,
+        ],
+      },
+    ],
+    &quot;etag&quot;: &quot;A String&quot;, # `etag` is used for optimistic concurrency control as a way to help
+        # prevent simultaneous updates of a policy from overwriting each other.
+        # It is strongly suggested that systems make use of the `etag` in the
+        # read-modify-write cycle to perform policy updates in order to avoid race
+        # conditions: An `etag` is returned in the response to `getIamPolicy`, and
+        # systems are expected to put that etag in the request to `setIamPolicy` to
+        # ensure that their change will be applied to the same version of the policy.
+        #
+        # **Important:** If you use IAM Conditions, you must include the `etag` field
+        # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+        # you to overwrite a version `3` policy with a version `1` policy, and all of
+        # the conditions in the version `3` policy are lost.
+    &quot;version&quot;: 42, # Specifies the format of the policy.
+        #
+        # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
+        # are rejected.
+        #
+        # Any operation that affects conditional role bindings must specify version
+        # `3`. This requirement applies to the following operations:
+        #
+        # * Getting a policy that includes a conditional role binding
+        # * Adding a conditional role binding to a policy
+        # * Changing a conditional role binding in a policy
+        # * Removing any role binding, with or without a condition, from a policy
+        #   that includes conditions
+        #
+        # **Important:** If you use IAM Conditions, you must include the `etag` field
+        # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+        # you to overwrite a version `3` policy with a version `1` policy, and all of
+        # the conditions in the version `3` policy are lost.
+        #
+        # If a policy does not include any conditions, operations on that policy may
+        # specify any valid version or leave the field unset.
+        #
+        # To learn which resources support conditions in their IAM policies, see the
+        # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
     &quot;auditConfigs&quot;: [ # Specifies cloud audit logging configuration for this policy.
       { # Specifies the audit configuration for a service.
           # The configuration determines which permission types are logged, and what
@@ -1321,147 +1462,6 @@
         ],
       },
     ],
-    &quot;bindings&quot;: [ # Associates a list of `members` to a `role`. Optionally, may specify a
-        # `condition` that determines how and when the `bindings` are applied. Each
-        # of the `bindings` must contain at least one member.
-      { # Associates `members` with a `role`.
-        &quot;members&quot;: [ # Specifies the identities requesting access for a Cloud Platform resource.
-            # `members` can have the following values:
-            #
-            # * `allUsers`: A special identifier that represents anyone who is
-            #    on the internet; with or without a Google account.
-            #
-            # * `allAuthenticatedUsers`: A special identifier that represents anyone
-            #    who is authenticated with a Google account or a service account.
-            #
-            # * `user:{emailid}`: An email address that represents a specific Google
-            #    account. For example, `alice@example.com` .
-            #
-            #
-            # * `serviceAccount:{emailid}`: An email address that represents a service
-            #    account. For example, `my-other-app@appspot.gserviceaccount.com`.
-            #
-            # * `group:{emailid}`: An email address that represents a Google group.
-            #    For example, `admins@example.com`.
-            #
-            # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
-            #    identifier) representing a user that has been recently deleted. For
-            #    example, `alice@example.com?uid=123456789012345678901`. If the user is
-            #    recovered, this value reverts to `user:{emailid}` and the recovered user
-            #    retains the role in the binding.
-            #
-            # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
-            #    unique identifier) representing a service account that has been recently
-            #    deleted. For example,
-            #    `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
-            #    If the service account is undeleted, this value reverts to
-            #    `serviceAccount:{emailid}` and the undeleted service account retains the
-            #    role in the binding.
-            #
-            # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique
-            #    identifier) representing a Google group that has been recently
-            #    deleted. For example, `admins@example.com?uid=123456789012345678901`. If
-            #    the group is recovered, this value reverts to `group:{emailid}` and the
-            #    recovered group retains the role in the binding.
-            #
-            #
-            # * `domain:{domain}`: The G Suite domain (primary) that represents all the
-            #    users of that domain. For example, `google.com` or `example.com`.
-            #
-          &quot;A String&quot;,
-        ],
-        &quot;role&quot;: &quot;A String&quot;, # Role that is assigned to `members`.
-            # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
-        &quot;condition&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
-            #
-            # If the condition evaluates to `true`, then this binding applies to the
-            # current request.
-            #
-            # If the condition evaluates to `false`, then this binding does not apply to
-            # the current request. However, a different role binding might grant the same
-            # role to one or more of the members in this binding.
-            #
-            # To learn which resources support conditions in their IAM policies, see the
-            # [IAM
-            # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
-            # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
-            # are documented at https://github.com/google/cel-spec.
-            #
-            # Example (Comparison):
-            #
-            #     title: &quot;Summary size limit&quot;
-            #     description: &quot;Determines if a summary is less than 100 chars&quot;
-            #     expression: &quot;document.summary.size() &lt; 100&quot;
-            #
-            # Example (Equality):
-            #
-            #     title: &quot;Requestor is owner&quot;
-            #     description: &quot;Determines if requestor is the document owner&quot;
-            #     expression: &quot;document.owner == request.auth.claims.email&quot;
-            #
-            # Example (Logic):
-            #
-            #     title: &quot;Public documents&quot;
-            #     description: &quot;Determine whether the document should be publicly visible&quot;
-            #     expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
-            #
-            # Example (Data Manipulation):
-            #
-            #     title: &quot;Notification string&quot;
-            #     description: &quot;Create a notification string with a timestamp.&quot;
-            #     expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
-            #
-            # The exact variables and functions that may be referenced within an expression
-            # are determined by the service that evaluates it. See the service
-            # documentation for additional information.
-          &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
-              # describes the expression, e.g. when hovered over it in a UI.
-          &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
-              # syntax.
-          &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
-              # its purpose. This can be used e.g. in UIs which allow to enter the
-              # expression.
-          &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
-              # reporting, e.g. a file name and a position in the file.
-        },
-      },
-    ],
-    &quot;etag&quot;: &quot;A String&quot;, # `etag` is used for optimistic concurrency control as a way to help
-        # prevent simultaneous updates of a policy from overwriting each other.
-        # It is strongly suggested that systems make use of the `etag` in the
-        # read-modify-write cycle to perform policy updates in order to avoid race
-        # conditions: An `etag` is returned in the response to `getIamPolicy`, and
-        # systems are expected to put that etag in the request to `setIamPolicy` to
-        # ensure that their change will be applied to the same version of the policy.
-        #
-        # **Important:** If you use IAM Conditions, you must include the `etag` field
-        # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
-        # you to overwrite a version `3` policy with a version `1` policy, and all of
-        # the conditions in the version `3` policy are lost.
-    &quot;version&quot;: 42, # Specifies the format of the policy.
-        #
-        # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
-        # are rejected.
-        #
-        # Any operation that affects conditional role bindings must specify version
-        # `3`. This requirement applies to the following operations:
-        #
-        # * Getting a policy that includes a conditional role binding
-        # * Adding a conditional role binding to a policy
-        # * Changing a conditional role binding in a policy
-        # * Removing any role binding, with or without a condition, from a policy
-        #   that includes conditions
-        #
-        # **Important:** If you use IAM Conditions, you must include the `etag` field
-        # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
-        # you to overwrite a version `3` policy with a version `1` policy, and all of
-        # the conditions in the version `3` policy are lost.
-        #
-        # If a policy does not include any conditions, operations on that policy may
-        # specify any valid version or leave the field unset.
-        #
-        # To learn which resources support conditions in their IAM policies, see the
-        # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   }</pre>
 </div>