docs: docs update (#911)

Thank you for opening a Pull Request! Before submitting your PR, there are a few things you can do to make sure it goes smoothly:
- [ ] Make sure to open an issue as a [bug/issue](https://github.com/googleapis/google-api-python-client/issues/new/choose) before writing your code!  That way we can discuss the change, evaluate designs, and agree on the general idea
- [ ] Ensure the tests and linter pass
- [ ] Code coverage does not decrease (if any source code was changed)
- [ ] Appropriate docs were updated (if necessary)

Fixes #<issue_number_goes_here> 🦕
diff --git a/docs/dyn/cloudkms_v1.projects.locations.keyRings.html b/docs/dyn/cloudkms_v1.projects.locations.keyRings.html
index 15b72f9..c50b1e1 100644
--- a/docs/dyn/cloudkms_v1.projects.locations.keyRings.html
+++ b/docs/dyn/cloudkms_v1.projects.locations.keyRings.html
@@ -94,7 +94,7 @@
   <code><a href="#getIamPolicy">getIamPolicy(resource, options_requestedPolicyVersion=None, x__xgafv=None)</a></code></p>
 <p class="firstline">Gets the access control policy for a resource.</p>
 <p class="toc_element">
-  <code><a href="#list">list(parent, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None, filter=None)</a></code></p>
+  <code><a href="#list">list(parent, pageToken=None, orderBy=None, pageSize=None, filter=None, x__xgafv=None)</a></code></p>
 <p class="firstline">Lists KeyRings.</p>
 <p class="toc_element">
   <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
@@ -117,9 +117,9 @@
     The object takes the form of:
 
 { # A KeyRing is a toplevel logical grouping of CryptoKeys.
-  "createTime": "A String", # Output only. The time at which this KeyRing was created.
-  "name": "A String", # Output only. The resource name for the KeyRing in the format
+  &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name for the KeyRing in the format
       # `projects/*/locations/*/keyRings/*`.
+  &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which this KeyRing was created.
 }
 
   keyRingId: string, Required. It must be unique within a location and match the regular
@@ -133,9 +133,9 @@
   An object of the form:
 
     { # A KeyRing is a toplevel logical grouping of CryptoKeys.
-    "createTime": "A String", # Output only. The time at which this KeyRing was created.
-    "name": "A String", # Output only. The resource name for the KeyRing in the format
+    &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name for the KeyRing in the format
         # `projects/*/locations/*/keyRings/*`.
+    &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which this KeyRing was created.
   }</pre>
 </div>
 
@@ -154,9 +154,9 @@
   An object of the form:
 
     { # A KeyRing is a toplevel logical grouping of CryptoKeys.
-    "createTime": "A String", # Output only. The time at which this KeyRing was created.
-    "name": "A String", # Output only. The resource name for the KeyRing in the format
+    &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name for the KeyRing in the format
         # `projects/*/locations/*/keyRings/*`.
+    &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which this KeyRing was created.
   }</pre>
 </div>
 
@@ -177,6 +177,10 @@
 Requests for policies with any conditional bindings must specify version 3.
 Policies without any conditional bindings may specify any valid value or
 leave the field unset.
+
+To learn which resources support conditions in their IAM policies, see the
+[IAM
+documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
@@ -195,36 +199,40 @@
       # permissions; each `role` can be an IAM predefined role or a user-created
       # custom role.
       #
-      # Optionally, a `binding` can specify a `condition`, which is a logical
-      # expression that allows access to a resource only if the expression evaluates
-      # to `true`. A condition can add constraints based on attributes of the
-      # request, the resource, or both.
+      # For some types of Google Cloud resources, a `binding` can also specify a
+      # `condition`, which is a logical expression that allows access to a resource
+      # only if the expression evaluates to `true`. A condition can add constraints
+      # based on attributes of the request, the resource, or both. To learn which
+      # resources support conditions in their IAM policies, see the
+      # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
       #
       # **JSON example:**
       #
       #     {
-      #       "bindings": [
+      #       &quot;bindings&quot;: [
       #         {
-      #           "role": "roles/resourcemanager.organizationAdmin",
-      #           "members": [
-      #             "user:mike@example.com",
-      #             "group:admins@example.com",
-      #             "domain:google.com",
-      #             "serviceAccount:my-project-id@appspot.gserviceaccount.com"
+      #           &quot;role&quot;: &quot;roles/resourcemanager.organizationAdmin&quot;,
+      #           &quot;members&quot;: [
+      #             &quot;user:mike@example.com&quot;,
+      #             &quot;group:admins@example.com&quot;,
+      #             &quot;domain:google.com&quot;,
+      #             &quot;serviceAccount:my-project-id@appspot.gserviceaccount.com&quot;
       #           ]
       #         },
       #         {
-      #           "role": "roles/resourcemanager.organizationViewer",
-      #           "members": ["user:eve@example.com"],
-      #           "condition": {
-      #             "title": "expirable access",
-      #             "description": "Does not grant access after Sep 2020",
-      #             "expression": "request.time &lt; timestamp('2020-10-01T00:00:00.000Z')",
+      #           &quot;role&quot;: &quot;roles/resourcemanager.organizationViewer&quot;,
+      #           &quot;members&quot;: [
+      #             &quot;user:eve@example.com&quot;
+      #           ],
+      #           &quot;condition&quot;: {
+      #             &quot;title&quot;: &quot;expirable access&quot;,
+      #             &quot;description&quot;: &quot;Does not grant access after Sep 2020&quot;,
+      #             &quot;expression&quot;: &quot;request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)&quot;,
       #           }
       #         }
       #       ],
-      #       "etag": "BwWWja0YfJA=",
-      #       "version": 3
+      #       &quot;etag&quot;: &quot;BwWWja0YfJA=&quot;,
+      #       &quot;version&quot;: 3
       #     }
       #
       # **YAML example:**
@@ -242,63 +250,126 @@
       #       condition:
       #         title: expirable access
       #         description: Does not grant access after Sep 2020
-      #         expression: request.time &lt; timestamp('2020-10-01T00:00:00.000Z')
+      #         expression: request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)
       #     - etag: BwWWja0YfJA=
       #     - version: 3
       #
       # For a description of IAM and its features, see the
       # [IAM documentation](https://cloud.google.com/iam/docs/).
-    "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a
+    &quot;version&quot;: 42, # Specifies the format of the policy.
+        #
+        # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
+        # are rejected.
+        #
+        # Any operation that affects conditional role bindings must specify version
+        # `3`. This requirement applies to the following operations:
+        #
+        # * Getting a policy that includes a conditional role binding
+        # * Adding a conditional role binding to a policy
+        # * Changing a conditional role binding in a policy
+        # * Removing any role binding, with or without a condition, from a policy
+        #   that includes conditions
+        #
+        # **Important:** If you use IAM Conditions, you must include the `etag` field
+        # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+        # you to overwrite a version `3` policy with a version `1` policy, and all of
+        # the conditions in the version `3` policy are lost.
+        #
+        # If a policy does not include any conditions, operations on that policy may
+        # specify any valid version or leave the field unset.
+        #
+        # To learn which resources support conditions in their IAM policies, see the
+        # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    &quot;auditConfigs&quot;: [ # Specifies cloud audit logging configuration for this policy.
+      { # Specifies the audit configuration for a service.
+          # The configuration determines which permission types are logged, and what
+          # identities, if any, are exempted from logging.
+          # An AuditConfig must have one or more AuditLogConfigs.
+          #
+          # If there are AuditConfigs for both `allServices` and a specific service,
+          # the union of the two AuditConfigs is used for that service: the log_types
+          # specified in each AuditConfig are enabled, and the exempted_members in each
+          # AuditLogConfig are exempted.
+          #
+          # Example Policy with multiple AuditConfigs:
+          #
+          #     {
+          #       &quot;audit_configs&quot;: [
+          #         {
+          #           &quot;service&quot;: &quot;allServices&quot;
+          #           &quot;audit_log_configs&quot;: [
+          #             {
+          #               &quot;log_type&quot;: &quot;DATA_READ&quot;,
+          #               &quot;exempted_members&quot;: [
+          #                 &quot;user:jose@example.com&quot;
+          #               ]
+          #             },
+          #             {
+          #               &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
+          #             },
+          #             {
+          #               &quot;log_type&quot;: &quot;ADMIN_READ&quot;,
+          #             }
+          #           ]
+          #         },
+          #         {
+          #           &quot;service&quot;: &quot;sampleservice.googleapis.com&quot;
+          #           &quot;audit_log_configs&quot;: [
+          #             {
+          #               &quot;log_type&quot;: &quot;DATA_READ&quot;,
+          #             },
+          #             {
+          #               &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
+          #               &quot;exempted_members&quot;: [
+          #                 &quot;user:aliya@example.com&quot;
+          #               ]
+          #             }
+          #           ]
+          #         }
+          #       ]
+          #     }
+          #
+          # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
+          # logging. It also exempts jose@example.com from DATA_READ logging, and
+          # aliya@example.com from DATA_WRITE logging.
+        &quot;auditLogConfigs&quot;: [ # The configuration for logging of each type of permission.
+          { # Provides the configuration for logging a type of permissions.
+              # Example:
+              #
+              #     {
+              #       &quot;audit_log_configs&quot;: [
+              #         {
+              #           &quot;log_type&quot;: &quot;DATA_READ&quot;,
+              #           &quot;exempted_members&quot;: [
+              #             &quot;user:jose@example.com&quot;
+              #           ]
+              #         },
+              #         {
+              #           &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
+              #         }
+              #       ]
+              #     }
+              #
+              # This enables &#x27;DATA_READ&#x27; and &#x27;DATA_WRITE&#x27; logging, while exempting
+              # jose@example.com from DATA_READ logging.
+            &quot;exemptedMembers&quot;: [ # Specifies the identities that do not cause logging for this type of
+                # permission.
+                # Follows the same format of Binding.members.
+              &quot;A String&quot;,
+            ],
+            &quot;logType&quot;: &quot;A String&quot;, # The log type that this config enables.
+          },
+        ],
+        &quot;service&quot;: &quot;A String&quot;, # Specifies a service that will be enabled for audit logging.
+            # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
+            # `allServices` is a special value that covers all services.
+      },
+    ],
+    &quot;bindings&quot;: [ # Associates a list of `members` to a `role`. Optionally, may specify a
         # `condition` that determines how and when the `bindings` are applied. Each
         # of the `bindings` must contain at least one member.
       { # Associates `members` with a `role`.
-        "role": "A String", # Role that is assigned to `members`.
-            # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
-        "condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
-            # NOTE: An unsatisfied condition will not allow user access via current
-            # binding. Different bindings, including their conditions, are examined
-            # independently.
-            # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
-            # are documented at https://github.com/google/cel-spec.
-            #
-            # Example (Comparison):
-            #
-            #     title: "Summary size limit"
-            #     description: "Determines if a summary is less than 100 chars"
-            #     expression: "document.summary.size() &lt; 100"
-            #
-            # Example (Equality):
-            #
-            #     title: "Requestor is owner"
-            #     description: "Determines if requestor is the document owner"
-            #     expression: "document.owner == request.auth.claims.email"
-            #
-            # Example (Logic):
-            #
-            #     title: "Public documents"
-            #     description: "Determine whether the document should be publicly visible"
-            #     expression: "document.type != 'private' &amp;&amp; document.type != 'internal'"
-            #
-            # Example (Data Manipulation):
-            #
-            #     title: "Notification string"
-            #     description: "Create a notification string with a timestamp."
-            #     expression: "'New message received at ' + string(document.create_time)"
-            #
-            # The exact variables and functions that may be referenced within an expression
-            # are determined by the service that evaluates it. See the service
-            # documentation for additional information.
-          "location": "A String", # Optional. String indicating the location of the expression for error
-              # reporting, e.g. a file name and a position in the file.
-          "expression": "A String", # Textual representation of an expression in Common Expression Language
-              # syntax.
-          "description": "A String", # Optional. Description of the expression. This is a longer text which
-              # describes the expression, e.g. when hovered over it in a UI.
-          "title": "A String", # Optional. Title for the expression, i.e. a short string describing
-              # its purpose. This can be used e.g. in UIs which allow to enter the
-              # expression.
-        },
-        "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
+        &quot;members&quot;: [ # Specifies the identities requesting access for a Cloud Platform resource.
             # `members` can have the following values:
             #
             # * `allUsers`: A special identifier that represents anyone who is
@@ -341,96 +412,65 @@
             # * `domain:{domain}`: The G Suite domain (primary) that represents all the
             #    users of that domain. For example, `google.com` or `example.com`.
             #
-          "A String",
+          &quot;A String&quot;,
         ],
+        &quot;role&quot;: &quot;A String&quot;, # Role that is assigned to `members`.
+            # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+        &quot;condition&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
+            #
+            # If the condition evaluates to `true`, then this binding applies to the
+            # current request.
+            #
+            # If the condition evaluates to `false`, then this binding does not apply to
+            # the current request. However, a different role binding might grant the same
+            # role to one or more of the members in this binding.
+            #
+            # To learn which resources support conditions in their IAM policies, see the
+            # [IAM
+            # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+            # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
+            # are documented at https://github.com/google/cel-spec.
+            #
+            # Example (Comparison):
+            #
+            #     title: &quot;Summary size limit&quot;
+            #     description: &quot;Determines if a summary is less than 100 chars&quot;
+            #     expression: &quot;document.summary.size() &lt; 100&quot;
+            #
+            # Example (Equality):
+            #
+            #     title: &quot;Requestor is owner&quot;
+            #     description: &quot;Determines if requestor is the document owner&quot;
+            #     expression: &quot;document.owner == request.auth.claims.email&quot;
+            #
+            # Example (Logic):
+            #
+            #     title: &quot;Public documents&quot;
+            #     description: &quot;Determine whether the document should be publicly visible&quot;
+            #     expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
+            #
+            # Example (Data Manipulation):
+            #
+            #     title: &quot;Notification string&quot;
+            #     description: &quot;Create a notification string with a timestamp.&quot;
+            #     expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
+            #
+            # The exact variables and functions that may be referenced within an expression
+            # are determined by the service that evaluates it. See the service
+            # documentation for additional information.
+          &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
+              # its purpose. This can be used e.g. in UIs which allow to enter the
+              # expression.
+          &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
+              # reporting, e.g. a file name and a position in the file.
+          &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
+              # describes the expression, e.g. when hovered over it in a UI.
+          &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
+              # syntax.
+        },
       },
     ],
-    "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
-      { # Specifies the audit configuration for a service.
-          # The configuration determines which permission types are logged, and what
-          # identities, if any, are exempted from logging.
-          # An AuditConfig must have one or more AuditLogConfigs.
-          #
-          # If there are AuditConfigs for both `allServices` and a specific service,
-          # the union of the two AuditConfigs is used for that service: the log_types
-          # specified in each AuditConfig are enabled, and the exempted_members in each
-          # AuditLogConfig are exempted.
-          #
-          # Example Policy with multiple AuditConfigs:
-          #
-          #     {
-          #       "audit_configs": [
-          #         {
-          #           "service": "allServices"
-          #           "audit_log_configs": [
-          #             {
-          #               "log_type": "DATA_READ",
-          #               "exempted_members": [
-          #                 "user:jose@example.com"
-          #               ]
-          #             },
-          #             {
-          #               "log_type": "DATA_WRITE",
-          #             },
-          #             {
-          #               "log_type": "ADMIN_READ",
-          #             }
-          #           ]
-          #         },
-          #         {
-          #           "service": "sampleservice.googleapis.com"
-          #           "audit_log_configs": [
-          #             {
-          #               "log_type": "DATA_READ",
-          #             },
-          #             {
-          #               "log_type": "DATA_WRITE",
-          #               "exempted_members": [
-          #                 "user:aliya@example.com"
-          #               ]
-          #             }
-          #           ]
-          #         }
-          #       ]
-          #     }
-          #
-          # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
-          # logging. It also exempts jose@example.com from DATA_READ logging, and
-          # aliya@example.com from DATA_WRITE logging.
-        "auditLogConfigs": [ # The configuration for logging of each type of permission.
-          { # Provides the configuration for logging a type of permissions.
-              # Example:
-              #
-              #     {
-              #       "audit_log_configs": [
-              #         {
-              #           "log_type": "DATA_READ",
-              #           "exempted_members": [
-              #             "user:jose@example.com"
-              #           ]
-              #         },
-              #         {
-              #           "log_type": "DATA_WRITE",
-              #         }
-              #       ]
-              #     }
-              #
-              # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
-              # jose@example.com from DATA_READ logging.
-            "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
-                # permission.
-                # Follows the same format of Binding.members.
-              "A String",
-            ],
-            "logType": "A String", # The log type that this config enables.
-          },
-        ],
-        "service": "A String", # Specifies a service that will be enabled for audit logging.
-            # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
-            # `allServices` is a special value that covers all services.
-      },
-    ],
-    "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
+    &quot;etag&quot;: &quot;A String&quot;, # `etag` is used for optimistic concurrency control as a way to help
         # prevent simultaneous updates of a policy from overwriting each other.
         # It is strongly suggested that systems make use of the `etag` in the
         # read-modify-write cycle to perform policy updates in order to avoid race
@@ -442,37 +482,18 @@
         # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
         # you to overwrite a version `3` policy with a version `1` policy, and all of
         # the conditions in the version `3` policy are lost.
-    "version": 42, # Specifies the format of the policy.
-        #
-        # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
-        # are rejected.
-        #
-        # Any operation that affects conditional role bindings must specify version
-        # `3`. This requirement applies to the following operations:
-        #
-        # * Getting a policy that includes a conditional role binding
-        # * Adding a conditional role binding to a policy
-        # * Changing a conditional role binding in a policy
-        # * Removing any role binding, with or without a condition, from a policy
-        #   that includes conditions
-        #
-        # **Important:** If you use IAM Conditions, you must include the `etag` field
-        # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
-        # you to overwrite a version `3` policy with a version `1` policy, and all of
-        # the conditions in the version `3` policy are lost.
-        #
-        # If a policy does not include any conditions, operations on that policy may
-        # specify any valid version or leave the field unset.
   }</pre>
 </div>
 
 <div class="method">
-    <code class="details" id="list">list(parent, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None, filter=None)</code>
+    <code class="details" id="list">list(parent, pageToken=None, orderBy=None, pageSize=None, filter=None, x__xgafv=None)</code>
   <pre>Lists KeyRings.
 
 Args:
   parent: string, Required. The resource name of the location associated with the
 KeyRings, in the format `projects/*/locations/*`. (required)
+  pageToken: string, Optional. Optional pagination token, returned earlier via
+ListKeyRingsResponse.next_page_token.
   orderBy: string, Optional. Specify how the results should be sorted. If not specified, the
 results will be sorted in the default order.  For more information, see
 [Sorting and filtering list
@@ -481,31 +502,29 @@
 response.  Further KeyRings can subsequently be obtained by
 including the ListKeyRingsResponse.next_page_token in a subsequent
 request.  If unspecified, the server will pick an appropriate default.
-  pageToken: string, Optional. Optional pagination token, returned earlier via
-ListKeyRingsResponse.next_page_token.
-  x__xgafv: string, V1 error format.
-    Allowed values
-      1 - v1 error format
-      2 - v2 error format
   filter: string, Optional. Only include resources that match the filter in the response. For
 more information, see
 [Sorting and filtering list
 results](https://cloud.google.com/kms/docs/sorting-and-filtering).
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
 
 Returns:
   An object of the form:
 
     { # Response message for KeyManagementService.ListKeyRings.
-    "nextPageToken": "A String", # A token to retrieve next page of results. Pass this value in
-        # ListKeyRingsRequest.page_token to retrieve the next page of results.
-    "totalSize": 42, # The total number of KeyRings that matched the query.
-    "keyRings": [ # The list of KeyRings.
+    &quot;keyRings&quot;: [ # The list of KeyRings.
       { # A KeyRing is a toplevel logical grouping of CryptoKeys.
-        "createTime": "A String", # Output only. The time at which this KeyRing was created.
-        "name": "A String", # Output only. The resource name for the KeyRing in the format
+        &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name for the KeyRing in the format
             # `projects/*/locations/*/keyRings/*`.
+        &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which this KeyRing was created.
       },
     ],
+    &quot;nextPageToken&quot;: &quot;A String&quot;, # A token to retrieve next page of results. Pass this value in
+        # ListKeyRingsRequest.page_token to retrieve the next page of results.
+    &quot;totalSize&quot;: 42, # The total number of KeyRings that matched the query.
   }</pre>
 </div>
 
@@ -518,7 +537,7 @@
   previous_response: The response from the request for the previous page. (required)
 
 Returns:
-  A request object that you can call 'execute()' on to request the next
+  A request object that you can call &#x27;execute()&#x27; on to request the next
   page. Returns None if there are no more items in the collection.
     </pre>
 </div>
@@ -528,7 +547,7 @@
   <pre>Sets the access control policy on the specified resource. Replaces any
 existing policy.
 
-Can return Public Errors: NOT_FOUND, INVALID_ARGUMENT and PERMISSION_DENIED
+Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.
 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being specified.
@@ -537,7 +556,7 @@
     The object takes the form of:
 
 { # Request message for `SetIamPolicy` method.
-    "policy": { # An Identity and Access Management (IAM) policy, which specifies access # REQUIRED: The complete policy to be applied to the `resource`. The size of
+    &quot;policy&quot;: { # An Identity and Access Management (IAM) policy, which specifies access # REQUIRED: The complete policy to be applied to the `resource`. The size of
         # the policy is limited to a few 10s of KB. An empty policy is a
         # valid policy but certain Cloud Platform services (such as Projects)
         # might reject them.
@@ -550,36 +569,40 @@
         # permissions; each `role` can be an IAM predefined role or a user-created
         # custom role.
         #
-        # Optionally, a `binding` can specify a `condition`, which is a logical
-        # expression that allows access to a resource only if the expression evaluates
-        # to `true`. A condition can add constraints based on attributes of the
-        # request, the resource, or both.
+        # For some types of Google Cloud resources, a `binding` can also specify a
+        # `condition`, which is a logical expression that allows access to a resource
+        # only if the expression evaluates to `true`. A condition can add constraints
+        # based on attributes of the request, the resource, or both. To learn which
+        # resources support conditions in their IAM policies, see the
+        # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
         #
         # **JSON example:**
         #
         #     {
-        #       "bindings": [
+        #       &quot;bindings&quot;: [
         #         {
-        #           "role": "roles/resourcemanager.organizationAdmin",
-        #           "members": [
-        #             "user:mike@example.com",
-        #             "group:admins@example.com",
-        #             "domain:google.com",
-        #             "serviceAccount:my-project-id@appspot.gserviceaccount.com"
+        #           &quot;role&quot;: &quot;roles/resourcemanager.organizationAdmin&quot;,
+        #           &quot;members&quot;: [
+        #             &quot;user:mike@example.com&quot;,
+        #             &quot;group:admins@example.com&quot;,
+        #             &quot;domain:google.com&quot;,
+        #             &quot;serviceAccount:my-project-id@appspot.gserviceaccount.com&quot;
         #           ]
         #         },
         #         {
-        #           "role": "roles/resourcemanager.organizationViewer",
-        #           "members": ["user:eve@example.com"],
-        #           "condition": {
-        #             "title": "expirable access",
-        #             "description": "Does not grant access after Sep 2020",
-        #             "expression": "request.time &lt; timestamp('2020-10-01T00:00:00.000Z')",
+        #           &quot;role&quot;: &quot;roles/resourcemanager.organizationViewer&quot;,
+        #           &quot;members&quot;: [
+        #             &quot;user:eve@example.com&quot;
+        #           ],
+        #           &quot;condition&quot;: {
+        #             &quot;title&quot;: &quot;expirable access&quot;,
+        #             &quot;description&quot;: &quot;Does not grant access after Sep 2020&quot;,
+        #             &quot;expression&quot;: &quot;request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)&quot;,
         #           }
         #         }
         #       ],
-        #       "etag": "BwWWja0YfJA=",
-        #       "version": 3
+        #       &quot;etag&quot;: &quot;BwWWja0YfJA=&quot;,
+        #       &quot;version&quot;: 3
         #     }
         #
         # **YAML example:**
@@ -597,63 +620,126 @@
         #       condition:
         #         title: expirable access
         #         description: Does not grant access after Sep 2020
-        #         expression: request.time &lt; timestamp('2020-10-01T00:00:00.000Z')
+        #         expression: request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)
         #     - etag: BwWWja0YfJA=
         #     - version: 3
         #
         # For a description of IAM and its features, see the
         # [IAM documentation](https://cloud.google.com/iam/docs/).
-      "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a
+      &quot;version&quot;: 42, # Specifies the format of the policy.
+          #
+          # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
+          # are rejected.
+          #
+          # Any operation that affects conditional role bindings must specify version
+          # `3`. This requirement applies to the following operations:
+          #
+          # * Getting a policy that includes a conditional role binding
+          # * Adding a conditional role binding to a policy
+          # * Changing a conditional role binding in a policy
+          # * Removing any role binding, with or without a condition, from a policy
+          #   that includes conditions
+          #
+          # **Important:** If you use IAM Conditions, you must include the `etag` field
+          # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+          # you to overwrite a version `3` policy with a version `1` policy, and all of
+          # the conditions in the version `3` policy are lost.
+          #
+          # If a policy does not include any conditions, operations on that policy may
+          # specify any valid version or leave the field unset.
+          #
+          # To learn which resources support conditions in their IAM policies, see the
+          # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+      &quot;auditConfigs&quot;: [ # Specifies cloud audit logging configuration for this policy.
+        { # Specifies the audit configuration for a service.
+            # The configuration determines which permission types are logged, and what
+            # identities, if any, are exempted from logging.
+            # An AuditConfig must have one or more AuditLogConfigs.
+            #
+            # If there are AuditConfigs for both `allServices` and a specific service,
+            # the union of the two AuditConfigs is used for that service: the log_types
+            # specified in each AuditConfig are enabled, and the exempted_members in each
+            # AuditLogConfig are exempted.
+            #
+            # Example Policy with multiple AuditConfigs:
+            #
+            #     {
+            #       &quot;audit_configs&quot;: [
+            #         {
+            #           &quot;service&quot;: &quot;allServices&quot;
+            #           &quot;audit_log_configs&quot;: [
+            #             {
+            #               &quot;log_type&quot;: &quot;DATA_READ&quot;,
+            #               &quot;exempted_members&quot;: [
+            #                 &quot;user:jose@example.com&quot;
+            #               ]
+            #             },
+            #             {
+            #               &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
+            #             },
+            #             {
+            #               &quot;log_type&quot;: &quot;ADMIN_READ&quot;,
+            #             }
+            #           ]
+            #         },
+            #         {
+            #           &quot;service&quot;: &quot;sampleservice.googleapis.com&quot;
+            #           &quot;audit_log_configs&quot;: [
+            #             {
+            #               &quot;log_type&quot;: &quot;DATA_READ&quot;,
+            #             },
+            #             {
+            #               &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
+            #               &quot;exempted_members&quot;: [
+            #                 &quot;user:aliya@example.com&quot;
+            #               ]
+            #             }
+            #           ]
+            #         }
+            #       ]
+            #     }
+            #
+            # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
+            # logging. It also exempts jose@example.com from DATA_READ logging, and
+            # aliya@example.com from DATA_WRITE logging.
+          &quot;auditLogConfigs&quot;: [ # The configuration for logging of each type of permission.
+            { # Provides the configuration for logging a type of permissions.
+                # Example:
+                #
+                #     {
+                #       &quot;audit_log_configs&quot;: [
+                #         {
+                #           &quot;log_type&quot;: &quot;DATA_READ&quot;,
+                #           &quot;exempted_members&quot;: [
+                #             &quot;user:jose@example.com&quot;
+                #           ]
+                #         },
+                #         {
+                #           &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
+                #         }
+                #       ]
+                #     }
+                #
+                # This enables &#x27;DATA_READ&#x27; and &#x27;DATA_WRITE&#x27; logging, while exempting
+                # jose@example.com from DATA_READ logging.
+              &quot;exemptedMembers&quot;: [ # Specifies the identities that do not cause logging for this type of
+                  # permission.
+                  # Follows the same format of Binding.members.
+                &quot;A String&quot;,
+              ],
+              &quot;logType&quot;: &quot;A String&quot;, # The log type that this config enables.
+            },
+          ],
+          &quot;service&quot;: &quot;A String&quot;, # Specifies a service that will be enabled for audit logging.
+              # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
+              # `allServices` is a special value that covers all services.
+        },
+      ],
+      &quot;bindings&quot;: [ # Associates a list of `members` to a `role`. Optionally, may specify a
           # `condition` that determines how and when the `bindings` are applied. Each
           # of the `bindings` must contain at least one member.
         { # Associates `members` with a `role`.
-          "role": "A String", # Role that is assigned to `members`.
-              # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
-          "condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
-              # NOTE: An unsatisfied condition will not allow user access via current
-              # binding. Different bindings, including their conditions, are examined
-              # independently.
-              # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
-              # are documented at https://github.com/google/cel-spec.
-              #
-              # Example (Comparison):
-              #
-              #     title: "Summary size limit"
-              #     description: "Determines if a summary is less than 100 chars"
-              #     expression: "document.summary.size() &lt; 100"
-              #
-              # Example (Equality):
-              #
-              #     title: "Requestor is owner"
-              #     description: "Determines if requestor is the document owner"
-              #     expression: "document.owner == request.auth.claims.email"
-              #
-              # Example (Logic):
-              #
-              #     title: "Public documents"
-              #     description: "Determine whether the document should be publicly visible"
-              #     expression: "document.type != 'private' &amp;&amp; document.type != 'internal'"
-              #
-              # Example (Data Manipulation):
-              #
-              #     title: "Notification string"
-              #     description: "Create a notification string with a timestamp."
-              #     expression: "'New message received at ' + string(document.create_time)"
-              #
-              # The exact variables and functions that may be referenced within an expression
-              # are determined by the service that evaluates it. See the service
-              # documentation for additional information.
-            "location": "A String", # Optional. String indicating the location of the expression for error
-                # reporting, e.g. a file name and a position in the file.
-            "expression": "A String", # Textual representation of an expression in Common Expression Language
-                # syntax.
-            "description": "A String", # Optional. Description of the expression. This is a longer text which
-                # describes the expression, e.g. when hovered over it in a UI.
-            "title": "A String", # Optional. Title for the expression, i.e. a short string describing
-                # its purpose. This can be used e.g. in UIs which allow to enter the
-                # expression.
-          },
-          "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
+          &quot;members&quot;: [ # Specifies the identities requesting access for a Cloud Platform resource.
               # `members` can have the following values:
               #
               # * `allUsers`: A special identifier that represents anyone who is
@@ -696,96 +782,65 @@
               # * `domain:{domain}`: The G Suite domain (primary) that represents all the
               #    users of that domain. For example, `google.com` or `example.com`.
               #
-            "A String",
+            &quot;A String&quot;,
           ],
+          &quot;role&quot;: &quot;A String&quot;, # Role that is assigned to `members`.
+              # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+          &quot;condition&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
+              #
+              # If the condition evaluates to `true`, then this binding applies to the
+              # current request.
+              #
+              # If the condition evaluates to `false`, then this binding does not apply to
+              # the current request. However, a different role binding might grant the same
+              # role to one or more of the members in this binding.
+              #
+              # To learn which resources support conditions in their IAM policies, see the
+              # [IAM
+              # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+              # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
+              # are documented at https://github.com/google/cel-spec.
+              #
+              # Example (Comparison):
+              #
+              #     title: &quot;Summary size limit&quot;
+              #     description: &quot;Determines if a summary is less than 100 chars&quot;
+              #     expression: &quot;document.summary.size() &lt; 100&quot;
+              #
+              # Example (Equality):
+              #
+              #     title: &quot;Requestor is owner&quot;
+              #     description: &quot;Determines if requestor is the document owner&quot;
+              #     expression: &quot;document.owner == request.auth.claims.email&quot;
+              #
+              # Example (Logic):
+              #
+              #     title: &quot;Public documents&quot;
+              #     description: &quot;Determine whether the document should be publicly visible&quot;
+              #     expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
+              #
+              # Example (Data Manipulation):
+              #
+              #     title: &quot;Notification string&quot;
+              #     description: &quot;Create a notification string with a timestamp.&quot;
+              #     expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
+              #
+              # The exact variables and functions that may be referenced within an expression
+              # are determined by the service that evaluates it. See the service
+              # documentation for additional information.
+            &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
+                # its purpose. This can be used e.g. in UIs which allow to enter the
+                # expression.
+            &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
+                # reporting, e.g. a file name and a position in the file.
+            &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
+                # describes the expression, e.g. when hovered over it in a UI.
+            &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
+                # syntax.
+          },
         },
       ],
-      "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
-        { # Specifies the audit configuration for a service.
-            # The configuration determines which permission types are logged, and what
-            # identities, if any, are exempted from logging.
-            # An AuditConfig must have one or more AuditLogConfigs.
-            #
-            # If there are AuditConfigs for both `allServices` and a specific service,
-            # the union of the two AuditConfigs is used for that service: the log_types
-            # specified in each AuditConfig are enabled, and the exempted_members in each
-            # AuditLogConfig are exempted.
-            #
-            # Example Policy with multiple AuditConfigs:
-            #
-            #     {
-            #       "audit_configs": [
-            #         {
-            #           "service": "allServices"
-            #           "audit_log_configs": [
-            #             {
-            #               "log_type": "DATA_READ",
-            #               "exempted_members": [
-            #                 "user:jose@example.com"
-            #               ]
-            #             },
-            #             {
-            #               "log_type": "DATA_WRITE",
-            #             },
-            #             {
-            #               "log_type": "ADMIN_READ",
-            #             }
-            #           ]
-            #         },
-            #         {
-            #           "service": "sampleservice.googleapis.com"
-            #           "audit_log_configs": [
-            #             {
-            #               "log_type": "DATA_READ",
-            #             },
-            #             {
-            #               "log_type": "DATA_WRITE",
-            #               "exempted_members": [
-            #                 "user:aliya@example.com"
-            #               ]
-            #             }
-            #           ]
-            #         }
-            #       ]
-            #     }
-            #
-            # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
-            # logging. It also exempts jose@example.com from DATA_READ logging, and
-            # aliya@example.com from DATA_WRITE logging.
-          "auditLogConfigs": [ # The configuration for logging of each type of permission.
-            { # Provides the configuration for logging a type of permissions.
-                # Example:
-                #
-                #     {
-                #       "audit_log_configs": [
-                #         {
-                #           "log_type": "DATA_READ",
-                #           "exempted_members": [
-                #             "user:jose@example.com"
-                #           ]
-                #         },
-                #         {
-                #           "log_type": "DATA_WRITE",
-                #         }
-                #       ]
-                #     }
-                #
-                # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
-                # jose@example.com from DATA_READ logging.
-              "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
-                  # permission.
-                  # Follows the same format of Binding.members.
-                "A String",
-              ],
-              "logType": "A String", # The log type that this config enables.
-            },
-          ],
-          "service": "A String", # Specifies a service that will be enabled for audit logging.
-              # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
-              # `allServices` is a special value that covers all services.
-        },
-      ],
-      "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
+      &quot;etag&quot;: &quot;A String&quot;, # `etag` is used for optimistic concurrency control as a way to help
           # prevent simultaneous updates of a policy from overwriting each other.
           # It is strongly suggested that systems make use of the `etag` in the
           # read-modify-write cycle to perform policy updates in order to avoid race
@@ -797,33 +852,12 @@
           # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
           # you to overwrite a version `3` policy with a version `1` policy, and all of
           # the conditions in the version `3` policy are lost.
-      "version": 42, # Specifies the format of the policy.
-          #
-          # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
-          # are rejected.
-          #
-          # Any operation that affects conditional role bindings must specify version
-          # `3`. This requirement applies to the following operations:
-          #
-          # * Getting a policy that includes a conditional role binding
-          # * Adding a conditional role binding to a policy
-          # * Changing a conditional role binding in a policy
-          # * Removing any role binding, with or without a condition, from a policy
-          #   that includes conditions
-          #
-          # **Important:** If you use IAM Conditions, you must include the `etag` field
-          # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
-          # you to overwrite a version `3` policy with a version `1` policy, and all of
-          # the conditions in the version `3` policy are lost.
-          #
-          # If a policy does not include any conditions, operations on that policy may
-          # specify any valid version or leave the field unset.
     },
-    "updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
+    &quot;updateMask&quot;: &quot;A String&quot;, # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
         # the fields in the mask will be modified. If no mask is provided, the
         # following default mask is used:
-        # paths: "bindings, etag"
-        # This field is only used by Cloud IAM.
+        # 
+        # `paths: &quot;bindings, etag&quot;`
   }
 
   x__xgafv: string, V1 error format.
@@ -844,36 +878,40 @@
       # permissions; each `role` can be an IAM predefined role or a user-created
       # custom role.
       #
-      # Optionally, a `binding` can specify a `condition`, which is a logical
-      # expression that allows access to a resource only if the expression evaluates
-      # to `true`. A condition can add constraints based on attributes of the
-      # request, the resource, or both.
+      # For some types of Google Cloud resources, a `binding` can also specify a
+      # `condition`, which is a logical expression that allows access to a resource
+      # only if the expression evaluates to `true`. A condition can add constraints
+      # based on attributes of the request, the resource, or both. To learn which
+      # resources support conditions in their IAM policies, see the
+      # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
       #
       # **JSON example:**
       #
       #     {
-      #       "bindings": [
+      #       &quot;bindings&quot;: [
       #         {
-      #           "role": "roles/resourcemanager.organizationAdmin",
-      #           "members": [
-      #             "user:mike@example.com",
-      #             "group:admins@example.com",
-      #             "domain:google.com",
-      #             "serviceAccount:my-project-id@appspot.gserviceaccount.com"
+      #           &quot;role&quot;: &quot;roles/resourcemanager.organizationAdmin&quot;,
+      #           &quot;members&quot;: [
+      #             &quot;user:mike@example.com&quot;,
+      #             &quot;group:admins@example.com&quot;,
+      #             &quot;domain:google.com&quot;,
+      #             &quot;serviceAccount:my-project-id@appspot.gserviceaccount.com&quot;
       #           ]
       #         },
       #         {
-      #           "role": "roles/resourcemanager.organizationViewer",
-      #           "members": ["user:eve@example.com"],
-      #           "condition": {
-      #             "title": "expirable access",
-      #             "description": "Does not grant access after Sep 2020",
-      #             "expression": "request.time &lt; timestamp('2020-10-01T00:00:00.000Z')",
+      #           &quot;role&quot;: &quot;roles/resourcemanager.organizationViewer&quot;,
+      #           &quot;members&quot;: [
+      #             &quot;user:eve@example.com&quot;
+      #           ],
+      #           &quot;condition&quot;: {
+      #             &quot;title&quot;: &quot;expirable access&quot;,
+      #             &quot;description&quot;: &quot;Does not grant access after Sep 2020&quot;,
+      #             &quot;expression&quot;: &quot;request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)&quot;,
       #           }
       #         }
       #       ],
-      #       "etag": "BwWWja0YfJA=",
-      #       "version": 3
+      #       &quot;etag&quot;: &quot;BwWWja0YfJA=&quot;,
+      #       &quot;version&quot;: 3
       #     }
       #
       # **YAML example:**
@@ -891,63 +929,126 @@
       #       condition:
       #         title: expirable access
       #         description: Does not grant access after Sep 2020
-      #         expression: request.time &lt; timestamp('2020-10-01T00:00:00.000Z')
+      #         expression: request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)
       #     - etag: BwWWja0YfJA=
       #     - version: 3
       #
       # For a description of IAM and its features, see the
       # [IAM documentation](https://cloud.google.com/iam/docs/).
-    "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a
+    &quot;version&quot;: 42, # Specifies the format of the policy.
+        #
+        # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
+        # are rejected.
+        #
+        # Any operation that affects conditional role bindings must specify version
+        # `3`. This requirement applies to the following operations:
+        #
+        # * Getting a policy that includes a conditional role binding
+        # * Adding a conditional role binding to a policy
+        # * Changing a conditional role binding in a policy
+        # * Removing any role binding, with or without a condition, from a policy
+        #   that includes conditions
+        #
+        # **Important:** If you use IAM Conditions, you must include the `etag` field
+        # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+        # you to overwrite a version `3` policy with a version `1` policy, and all of
+        # the conditions in the version `3` policy are lost.
+        #
+        # If a policy does not include any conditions, operations on that policy may
+        # specify any valid version or leave the field unset.
+        #
+        # To learn which resources support conditions in their IAM policies, see the
+        # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    &quot;auditConfigs&quot;: [ # Specifies cloud audit logging configuration for this policy.
+      { # Specifies the audit configuration for a service.
+          # The configuration determines which permission types are logged, and what
+          # identities, if any, are exempted from logging.
+          # An AuditConfig must have one or more AuditLogConfigs.
+          #
+          # If there are AuditConfigs for both `allServices` and a specific service,
+          # the union of the two AuditConfigs is used for that service: the log_types
+          # specified in each AuditConfig are enabled, and the exempted_members in each
+          # AuditLogConfig are exempted.
+          #
+          # Example Policy with multiple AuditConfigs:
+          #
+          #     {
+          #       &quot;audit_configs&quot;: [
+          #         {
+          #           &quot;service&quot;: &quot;allServices&quot;
+          #           &quot;audit_log_configs&quot;: [
+          #             {
+          #               &quot;log_type&quot;: &quot;DATA_READ&quot;,
+          #               &quot;exempted_members&quot;: [
+          #                 &quot;user:jose@example.com&quot;
+          #               ]
+          #             },
+          #             {
+          #               &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
+          #             },
+          #             {
+          #               &quot;log_type&quot;: &quot;ADMIN_READ&quot;,
+          #             }
+          #           ]
+          #         },
+          #         {
+          #           &quot;service&quot;: &quot;sampleservice.googleapis.com&quot;
+          #           &quot;audit_log_configs&quot;: [
+          #             {
+          #               &quot;log_type&quot;: &quot;DATA_READ&quot;,
+          #             },
+          #             {
+          #               &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
+          #               &quot;exempted_members&quot;: [
+          #                 &quot;user:aliya@example.com&quot;
+          #               ]
+          #             }
+          #           ]
+          #         }
+          #       ]
+          #     }
+          #
+          # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
+          # logging. It also exempts jose@example.com from DATA_READ logging, and
+          # aliya@example.com from DATA_WRITE logging.
+        &quot;auditLogConfigs&quot;: [ # The configuration for logging of each type of permission.
+          { # Provides the configuration for logging a type of permissions.
+              # Example:
+              #
+              #     {
+              #       &quot;audit_log_configs&quot;: [
+              #         {
+              #           &quot;log_type&quot;: &quot;DATA_READ&quot;,
+              #           &quot;exempted_members&quot;: [
+              #             &quot;user:jose@example.com&quot;
+              #           ]
+              #         },
+              #         {
+              #           &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
+              #         }
+              #       ]
+              #     }
+              #
+              # This enables &#x27;DATA_READ&#x27; and &#x27;DATA_WRITE&#x27; logging, while exempting
+              # jose@example.com from DATA_READ logging.
+            &quot;exemptedMembers&quot;: [ # Specifies the identities that do not cause logging for this type of
+                # permission.
+                # Follows the same format of Binding.members.
+              &quot;A String&quot;,
+            ],
+            &quot;logType&quot;: &quot;A String&quot;, # The log type that this config enables.
+          },
+        ],
+        &quot;service&quot;: &quot;A String&quot;, # Specifies a service that will be enabled for audit logging.
+            # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
+            # `allServices` is a special value that covers all services.
+      },
+    ],
+    &quot;bindings&quot;: [ # Associates a list of `members` to a `role`. Optionally, may specify a
         # `condition` that determines how and when the `bindings` are applied. Each
         # of the `bindings` must contain at least one member.
       { # Associates `members` with a `role`.
-        "role": "A String", # Role that is assigned to `members`.
-            # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
-        "condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
-            # NOTE: An unsatisfied condition will not allow user access via current
-            # binding. Different bindings, including their conditions, are examined
-            # independently.
-            # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
-            # are documented at https://github.com/google/cel-spec.
-            #
-            # Example (Comparison):
-            #
-            #     title: "Summary size limit"
-            #     description: "Determines if a summary is less than 100 chars"
-            #     expression: "document.summary.size() &lt; 100"
-            #
-            # Example (Equality):
-            #
-            #     title: "Requestor is owner"
-            #     description: "Determines if requestor is the document owner"
-            #     expression: "document.owner == request.auth.claims.email"
-            #
-            # Example (Logic):
-            #
-            #     title: "Public documents"
-            #     description: "Determine whether the document should be publicly visible"
-            #     expression: "document.type != 'private' &amp;&amp; document.type != 'internal'"
-            #
-            # Example (Data Manipulation):
-            #
-            #     title: "Notification string"
-            #     description: "Create a notification string with a timestamp."
-            #     expression: "'New message received at ' + string(document.create_time)"
-            #
-            # The exact variables and functions that may be referenced within an expression
-            # are determined by the service that evaluates it. See the service
-            # documentation for additional information.
-          "location": "A String", # Optional. String indicating the location of the expression for error
-              # reporting, e.g. a file name and a position in the file.
-          "expression": "A String", # Textual representation of an expression in Common Expression Language
-              # syntax.
-          "description": "A String", # Optional. Description of the expression. This is a longer text which
-              # describes the expression, e.g. when hovered over it in a UI.
-          "title": "A String", # Optional. Title for the expression, i.e. a short string describing
-              # its purpose. This can be used e.g. in UIs which allow to enter the
-              # expression.
-        },
-        "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
+        &quot;members&quot;: [ # Specifies the identities requesting access for a Cloud Platform resource.
             # `members` can have the following values:
             #
             # * `allUsers`: A special identifier that represents anyone who is
@@ -990,96 +1091,65 @@
             # * `domain:{domain}`: The G Suite domain (primary) that represents all the
             #    users of that domain. For example, `google.com` or `example.com`.
             #
-          "A String",
+          &quot;A String&quot;,
         ],
+        &quot;role&quot;: &quot;A String&quot;, # Role that is assigned to `members`.
+            # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+        &quot;condition&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
+            #
+            # If the condition evaluates to `true`, then this binding applies to the
+            # current request.
+            #
+            # If the condition evaluates to `false`, then this binding does not apply to
+            # the current request. However, a different role binding might grant the same
+            # role to one or more of the members in this binding.
+            #
+            # To learn which resources support conditions in their IAM policies, see the
+            # [IAM
+            # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+            # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
+            # are documented at https://github.com/google/cel-spec.
+            #
+            # Example (Comparison):
+            #
+            #     title: &quot;Summary size limit&quot;
+            #     description: &quot;Determines if a summary is less than 100 chars&quot;
+            #     expression: &quot;document.summary.size() &lt; 100&quot;
+            #
+            # Example (Equality):
+            #
+            #     title: &quot;Requestor is owner&quot;
+            #     description: &quot;Determines if requestor is the document owner&quot;
+            #     expression: &quot;document.owner == request.auth.claims.email&quot;
+            #
+            # Example (Logic):
+            #
+            #     title: &quot;Public documents&quot;
+            #     description: &quot;Determine whether the document should be publicly visible&quot;
+            #     expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
+            #
+            # Example (Data Manipulation):
+            #
+            #     title: &quot;Notification string&quot;
+            #     description: &quot;Create a notification string with a timestamp.&quot;
+            #     expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
+            #
+            # The exact variables and functions that may be referenced within an expression
+            # are determined by the service that evaluates it. See the service
+            # documentation for additional information.
+          &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
+              # its purpose. This can be used e.g. in UIs which allow to enter the
+              # expression.
+          &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
+              # reporting, e.g. a file name and a position in the file.
+          &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
+              # describes the expression, e.g. when hovered over it in a UI.
+          &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
+              # syntax.
+        },
       },
     ],
-    "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
-      { # Specifies the audit configuration for a service.
-          # The configuration determines which permission types are logged, and what
-          # identities, if any, are exempted from logging.
-          # An AuditConfig must have one or more AuditLogConfigs.
-          #
-          # If there are AuditConfigs for both `allServices` and a specific service,
-          # the union of the two AuditConfigs is used for that service: the log_types
-          # specified in each AuditConfig are enabled, and the exempted_members in each
-          # AuditLogConfig are exempted.
-          #
-          # Example Policy with multiple AuditConfigs:
-          #
-          #     {
-          #       "audit_configs": [
-          #         {
-          #           "service": "allServices"
-          #           "audit_log_configs": [
-          #             {
-          #               "log_type": "DATA_READ",
-          #               "exempted_members": [
-          #                 "user:jose@example.com"
-          #               ]
-          #             },
-          #             {
-          #               "log_type": "DATA_WRITE",
-          #             },
-          #             {
-          #               "log_type": "ADMIN_READ",
-          #             }
-          #           ]
-          #         },
-          #         {
-          #           "service": "sampleservice.googleapis.com"
-          #           "audit_log_configs": [
-          #             {
-          #               "log_type": "DATA_READ",
-          #             },
-          #             {
-          #               "log_type": "DATA_WRITE",
-          #               "exempted_members": [
-          #                 "user:aliya@example.com"
-          #               ]
-          #             }
-          #           ]
-          #         }
-          #       ]
-          #     }
-          #
-          # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
-          # logging. It also exempts jose@example.com from DATA_READ logging, and
-          # aliya@example.com from DATA_WRITE logging.
-        "auditLogConfigs": [ # The configuration for logging of each type of permission.
-          { # Provides the configuration for logging a type of permissions.
-              # Example:
-              #
-              #     {
-              #       "audit_log_configs": [
-              #         {
-              #           "log_type": "DATA_READ",
-              #           "exempted_members": [
-              #             "user:jose@example.com"
-              #           ]
-              #         },
-              #         {
-              #           "log_type": "DATA_WRITE",
-              #         }
-              #       ]
-              #     }
-              #
-              # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
-              # jose@example.com from DATA_READ logging.
-            "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
-                # permission.
-                # Follows the same format of Binding.members.
-              "A String",
-            ],
-            "logType": "A String", # The log type that this config enables.
-          },
-        ],
-        "service": "A String", # Specifies a service that will be enabled for audit logging.
-            # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
-            # `allServices` is a special value that covers all services.
-      },
-    ],
-    "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
+    &quot;etag&quot;: &quot;A String&quot;, # `etag` is used for optimistic concurrency control as a way to help
         # prevent simultaneous updates of a policy from overwriting each other.
         # It is strongly suggested that systems make use of the `etag` in the
         # read-modify-write cycle to perform policy updates in order to avoid race
@@ -1091,27 +1161,6 @@
         # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
         # you to overwrite a version `3` policy with a version `1` policy, and all of
         # the conditions in the version `3` policy are lost.
-    "version": 42, # Specifies the format of the policy.
-        #
-        # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
-        # are rejected.
-        #
-        # Any operation that affects conditional role bindings must specify version
-        # `3`. This requirement applies to the following operations:
-        #
-        # * Getting a policy that includes a conditional role binding
-        # * Adding a conditional role binding to a policy
-        # * Changing a conditional role binding in a policy
-        # * Removing any role binding, with or without a condition, from a policy
-        #   that includes conditions
-        #
-        # **Important:** If you use IAM Conditions, you must include the `etag` field
-        # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
-        # you to overwrite a version `3` policy with a version `1` policy, and all of
-        # the conditions in the version `3` policy are lost.
-        #
-        # If a policy does not include any conditions, operations on that policy may
-        # specify any valid version or leave the field unset.
   }</pre>
 </div>
 
@@ -1119,11 +1168,11 @@
     <code class="details" id="testIamPermissions">testIamPermissions(resource, body=None, x__xgafv=None)</code>
   <pre>Returns permissions that a caller has on the specified resource.
 If the resource does not exist, this will return an empty set of
-permissions, not a NOT_FOUND error.
+permissions, not a `NOT_FOUND` error.
 
 Note: This operation is designed to be used for building permission-aware
 UIs and command-line tools, not for authorization checking. This operation
-may "fail open" without warning.
+may &quot;fail open&quot; without warning.
 
 Args:
   resource: string, REQUIRED: The resource for which the policy detail is being requested.
@@ -1132,11 +1181,11 @@
     The object takes the form of:
 
 { # Request message for `TestIamPermissions` method.
-    "permissions": [ # The set of permissions to check for the `resource`. Permissions with
-        # wildcards (such as '*' or 'storage.*') are not allowed. For more
+    &quot;permissions&quot;: [ # The set of permissions to check for the `resource`. Permissions with
+        # wildcards (such as &#x27;*&#x27; or &#x27;storage.*&#x27;) are not allowed. For more
         # information see
         # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
-      "A String",
+      &quot;A String&quot;,
     ],
   }
 
@@ -1149,9 +1198,9 @@
   An object of the form:
 
     { # Response message for `TestIamPermissions` method.
-    "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is
+    &quot;permissions&quot;: [ # A subset of `TestPermissionsRequest.permissions` that the caller is
         # allowed.
-      "A String",
+      &quot;A String&quot;,
     ],
   }</pre>
 </div>