docs: docs update (#911)

Thank you for opening a Pull Request! Before submitting your PR, there are a few things you can do to make sure it goes smoothly:
- [ ] Make sure to open an issue as a [bug/issue](https://github.com/googleapis/google-api-python-client/issues/new/choose) before writing your code!  That way we can discuss the change, evaluate designs, and agree on the general idea
- [ ] Ensure the tests and linter pass
- [ ] Code coverage does not decrease (if any source code was changed)
- [ ] Appropriate docs were updated (if necessary)

Fixes #<issue_number_goes_here> 🦕
diff --git a/docs/dyn/cloudresourcemanager_v2.folders.html b/docs/dyn/cloudresourcemanager_v2.folders.html
index 9618c2e..2e84164 100644
--- a/docs/dyn/cloudresourcemanager_v2.folders.html
+++ b/docs/dyn/cloudresourcemanager_v2.folders.html
@@ -87,7 +87,7 @@
   <code><a href="#getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</a></code></p>
 <p class="firstline">Gets the access control policy for a Folder. The returned policy may be</p>
 <p class="toc_element">
-  <code><a href="#list">list(parent=None, showDeleted=None, pageToken=None, x__xgafv=None, pageSize=None)</a></code></p>
+  <code><a href="#list">list(pageToken=None, pageSize=None, parent=None, showDeleted=None, x__xgafv=None)</a></code></p>
 <p class="firstline">Lists the Folders that are direct descendants of supplied parent resource.</p>
 <p class="toc_element">
   <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
@@ -125,7 +125,7 @@
 In order to succeed, the addition of this new Folder must not violate
 the Folder naming, height or fanout constraints.
 
-+ The Folder's display_name must be distinct from all other Folder's that
++ The Folder&#x27;s display_name must be distinct from all other Folder&#x27;s that
 share its parent.
 + The addition of the Folder must not cause the active Folder hierarchy
 to exceed a height of 4. Note, the full active + deleted Folder hierarchy
@@ -148,28 +148,28 @@
   body: object, The request body.
     The object takes the form of:
 
-{ # A Folder in an Organization's resource hierarchy, used to
-    # organize that Organization's resources.
-  "lifecycleState": "A String", # Output only. The lifecycle state of the folder.
+{ # A Folder in an Organization&#x27;s resource hierarchy, used to
+    # organize that Organization&#x27;s resources.
+  &quot;lifecycleState&quot;: &quot;A String&quot;, # Output only. The lifecycle state of the folder.
       # Updates to the lifecycle_state must be performed via
       # DeleteFolder and
       # UndeleteFolder.
-  "displayName": "A String", # The folder’s display name.
+  &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name of the Folder.
+      # Its format is `folders/{folder_id}`, for example: &quot;folders/1234&quot;.
+  &quot;displayName&quot;: &quot;A String&quot;, # The folder’s display name.
       # A folder’s display name must be unique amongst its siblings, e.g.
       # no two folders with the same parent can share the same display name.
       # The display name must start and end with a letter or digit, may contain
       # letters, digits, spaces, hyphens and underscores and can be no longer
       # than 30 characters. This is captured by the regular expression:
       # [\p{L}\p{N}]([\p{L}\p{N}_- ]{0,28}[\p{L}\p{N}])?.
-  "name": "A String", # Output only. The resource name of the Folder.
-      # Its format is `folders/{folder_id}`, for example: "folders/1234".
-  "parent": "A String", # Required. The Folder’s parent's resource name.
-      # Updates to the folder's parent must be performed via
+  &quot;parent&quot;: &quot;A String&quot;, # Required. The Folder’s parent&#x27;s resource name.
+      # Updates to the folder&#x27;s parent must be performed via
       # MoveFolder.
-  "createTime": "A String", # Output only. Timestamp when the Folder was created. Assigned by the server.
+  &quot;createTime&quot;: &quot;A String&quot;, # Output only. Timestamp when the Folder was created. Assigned by the server.
 }
 
-  parent: string, Required. The resource name of the new Folder's parent.
+  parent: string, Required. The resource name of the new Folder&#x27;s parent.
 Must be of the form `folders/{folder_id}` or `organizations/{org_id}`.
   x__xgafv: string, V1 error format.
     Allowed values
@@ -181,7 +181,10 @@
 
     { # This resource represents a long-running operation that is the result of a
       # network API call.
-    "response": { # The normal response of the operation in case of success.  If the original
+    &quot;done&quot;: True or False, # If the value is `false`, it means the operation is still in progress.
+        # If `true`, the operation is completed, and either `error` or `response` is
+        # available.
+    &quot;response&quot;: { # The normal response of the operation in case of success.  If the original
         # method returns no data on success, such as `Delete`, the response is
         # `google.protobuf.Empty`.  If the original method is standard
         # `Get`/`Create`/`Update`, the response should be the resource.  For other
@@ -189,38 +192,35 @@
         # is the original method name.  For example, if the original method name
         # is `TakeSnapshot()`, the inferred response type is
         # `TakeSnapshotResponse`.
-      "a_key": "", # Properties of the object. Contains field @type with type URL.
+      &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
     },
-    "metadata": { # Service-specific metadata associated with the operation.  It typically
-        # contains progress information and common metadata such as create time.
-        # Some services might not provide such metadata.  Any method that returns a
-        # long-running operation should document the metadata type, if any.
-      "a_key": "", # Properties of the object. Contains field @type with type URL.
-    },
-    "done": True or False, # If the value is `false`, it means the operation is still in progress.
-        # If `true`, the operation is completed, and either `error` or `response` is
-        # available.
-    "name": "A String", # The server-assigned name, which is only unique within the same service that
+    &quot;name&quot;: &quot;A String&quot;, # The server-assigned name, which is only unique within the same service that
         # originally returns it. If you use the default HTTP mapping, the
         # `name` should be a resource name ending with `operations/{unique_id}`.
-    "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
+    &quot;error&quot;: { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
         # different programming environments, including REST APIs and RPC APIs. It is
         # used by [gRPC](https://github.com/grpc). Each `Status` message contains
         # three pieces of data: error code, error message, and error details.
         #
         # You can find out more about this error model and how to work with it in the
         # [API Design Guide](https://cloud.google.com/apis/design/errors).
-      "message": "A String", # A developer-facing error message, which should be in English. Any
+      &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
+      &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any
           # user-facing error message should be localized and sent in the
           # google.rpc.Status.details field, or localized by the client.
-      "code": 42, # The status code, which should be an enum value of google.rpc.Code.
-      "details": [ # A list of messages that carry the error details.  There is a common set of
+      &quot;details&quot;: [ # A list of messages that carry the error details.  There is a common set of
           # message types for APIs to use.
         {
-          "a_key": "", # Properties of the object. Contains field @type with type URL.
+          &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
         },
       ],
     },
+    &quot;metadata&quot;: { # Service-specific metadata associated with the operation.  It typically
+        # contains progress information and common metadata such as create time.
+        # Some services might not provide such metadata.  Any method that returns a
+        # long-running operation should document the metadata type, if any.
+      &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
+    },
   }</pre>
 </div>
 
@@ -231,7 +231,7 @@
 immediately, and is deleted approximately 30 days later. This method may
 only be called on an empty Folder in the
 ACTIVE state, where a Folder is empty if
-it doesn't contain any Folders or Projects in the
+it doesn&#x27;t contain any Folders or Projects in the
 ACTIVE state.
 The caller must have `resourcemanager.folders.delete` permission on the
 identified folder.
@@ -247,25 +247,25 @@
 Returns:
   An object of the form:
 
-    { # A Folder in an Organization's resource hierarchy, used to
-      # organize that Organization's resources.
-    "lifecycleState": "A String", # Output only. The lifecycle state of the folder.
+    { # A Folder in an Organization&#x27;s resource hierarchy, used to
+      # organize that Organization&#x27;s resources.
+    &quot;lifecycleState&quot;: &quot;A String&quot;, # Output only. The lifecycle state of the folder.
         # Updates to the lifecycle_state must be performed via
         # DeleteFolder and
         # UndeleteFolder.
-    "displayName": "A String", # The folder’s display name.
+    &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name of the Folder.
+        # Its format is `folders/{folder_id}`, for example: &quot;folders/1234&quot;.
+    &quot;displayName&quot;: &quot;A String&quot;, # The folder’s display name.
         # A folder’s display name must be unique amongst its siblings, e.g.
         # no two folders with the same parent can share the same display name.
         # The display name must start and end with a letter or digit, may contain
         # letters, digits, spaces, hyphens and underscores and can be no longer
         # than 30 characters. This is captured by the regular expression:
         # [\p{L}\p{N}]([\p{L}\p{N}_- ]{0,28}[\p{L}\p{N}])?.
-    "name": "A String", # Output only. The resource name of the Folder.
-        # Its format is `folders/{folder_id}`, for example: "folders/1234".
-    "parent": "A String", # Required. The Folder’s parent's resource name.
-        # Updates to the folder's parent must be performed via
+    &quot;parent&quot;: &quot;A String&quot;, # Required. The Folder’s parent&#x27;s resource name.
+        # Updates to the folder&#x27;s parent must be performed via
         # MoveFolder.
-    "createTime": "A String", # Output only. Timestamp when the Folder was created. Assigned by the server.
+    &quot;createTime&quot;: &quot;A String&quot;, # Output only. Timestamp when the Folder was created. Assigned by the server.
   }</pre>
 </div>
 
@@ -288,25 +288,25 @@
 Returns:
   An object of the form:
 
-    { # A Folder in an Organization's resource hierarchy, used to
-      # organize that Organization's resources.
-    "lifecycleState": "A String", # Output only. The lifecycle state of the folder.
+    { # A Folder in an Organization&#x27;s resource hierarchy, used to
+      # organize that Organization&#x27;s resources.
+    &quot;lifecycleState&quot;: &quot;A String&quot;, # Output only. The lifecycle state of the folder.
         # Updates to the lifecycle_state must be performed via
         # DeleteFolder and
         # UndeleteFolder.
-    "displayName": "A String", # The folder’s display name.
+    &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name of the Folder.
+        # Its format is `folders/{folder_id}`, for example: &quot;folders/1234&quot;.
+    &quot;displayName&quot;: &quot;A String&quot;, # The folder’s display name.
         # A folder’s display name must be unique amongst its siblings, e.g.
         # no two folders with the same parent can share the same display name.
         # The display name must start and end with a letter or digit, may contain
         # letters, digits, spaces, hyphens and underscores and can be no longer
         # than 30 characters. This is captured by the regular expression:
         # [\p{L}\p{N}]([\p{L}\p{N}_- ]{0,28}[\p{L}\p{N}])?.
-    "name": "A String", # Output only. The resource name of the Folder.
-        # Its format is `folders/{folder_id}`, for example: "folders/1234".
-    "parent": "A String", # Required. The Folder’s parent's resource name.
-        # Updates to the folder's parent must be performed via
+    &quot;parent&quot;: &quot;A String&quot;, # Required. The Folder’s parent&#x27;s resource name.
+        # Updates to the folder&#x27;s parent must be performed via
         # MoveFolder.
-    "createTime": "A String", # Output only. Timestamp when the Folder was created. Assigned by the server.
+    &quot;createTime&quot;: &quot;A String&quot;, # Output only. Timestamp when the Folder was created. Assigned by the server.
   }</pre>
 </div>
 
@@ -314,7 +314,7 @@
     <code class="details" id="getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</code>
   <pre>Gets the access control policy for a Folder. The returned policy may be
 empty if no such policy or resource exists. The `resource` field should
-be the Folder's resource name, e.g. "folders/1234".
+be the Folder&#x27;s resource name, e.g. &quot;folders/1234&quot;.
 The caller must have `resourcemanager.folders.getIamPolicy` permission
 on the identified folder.
 
@@ -325,9 +325,9 @@
     The object takes the form of:
 
 { # Request message for `GetIamPolicy` method.
-    "options": { # Encapsulates settings provided to GetIamPolicy. # OPTIONAL: A `GetPolicyOptions` object for specifying options to
+    &quot;options&quot;: { # Encapsulates settings provided to GetIamPolicy. # OPTIONAL: A `GetPolicyOptions` object for specifying options to
         # `GetIamPolicy`.
-      "requestedPolicyVersion": 42, # Optional. The policy format version to be returned.
+      &quot;requestedPolicyVersion&quot;: 42, # Optional. The policy format version to be returned.
           #
           # Valid values are 0, 1, and 3. Requests specifying an invalid value will be
           # rejected.
@@ -335,6 +335,10 @@
           # Requests for policies with any conditional bindings must specify version 3.
           # Policies without any conditional bindings may specify any valid value or
           # leave the field unset.
+          #
+          # To learn which resources support conditions in their IAM policies, see the
+          # [IAM
+          # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
     },
   }
 
@@ -356,36 +360,40 @@
       # permissions; each `role` can be an IAM predefined role or a user-created
       # custom role.
       #
-      # Optionally, a `binding` can specify a `condition`, which is a logical
-      # expression that allows access to a resource only if the expression evaluates
-      # to `true`. A condition can add constraints based on attributes of the
-      # request, the resource, or both.
+      # For some types of Google Cloud resources, a `binding` can also specify a
+      # `condition`, which is a logical expression that allows access to a resource
+      # only if the expression evaluates to `true`. A condition can add constraints
+      # based on attributes of the request, the resource, or both. To learn which
+      # resources support conditions in their IAM policies, see the
+      # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
       #
       # **JSON example:**
       #
       #     {
-      #       "bindings": [
+      #       &quot;bindings&quot;: [
       #         {
-      #           "role": "roles/resourcemanager.organizationAdmin",
-      #           "members": [
-      #             "user:mike@example.com",
-      #             "group:admins@example.com",
-      #             "domain:google.com",
-      #             "serviceAccount:my-project-id@appspot.gserviceaccount.com"
+      #           &quot;role&quot;: &quot;roles/resourcemanager.organizationAdmin&quot;,
+      #           &quot;members&quot;: [
+      #             &quot;user:mike@example.com&quot;,
+      #             &quot;group:admins@example.com&quot;,
+      #             &quot;domain:google.com&quot;,
+      #             &quot;serviceAccount:my-project-id@appspot.gserviceaccount.com&quot;
       #           ]
       #         },
       #         {
-      #           "role": "roles/resourcemanager.organizationViewer",
-      #           "members": ["user:eve@example.com"],
-      #           "condition": {
-      #             "title": "expirable access",
-      #             "description": "Does not grant access after Sep 2020",
-      #             "expression": "request.time &lt; timestamp('2020-10-01T00:00:00.000Z')",
+      #           &quot;role&quot;: &quot;roles/resourcemanager.organizationViewer&quot;,
+      #           &quot;members&quot;: [
+      #             &quot;user:eve@example.com&quot;
+      #           ],
+      #           &quot;condition&quot;: {
+      #             &quot;title&quot;: &quot;expirable access&quot;,
+      #             &quot;description&quot;: &quot;Does not grant access after Sep 2020&quot;,
+      #             &quot;expression&quot;: &quot;request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)&quot;,
       #           }
       #         }
       #       ],
-      #       "etag": "BwWWja0YfJA=",
-      #       "version": 3
+      #       &quot;etag&quot;: &quot;BwWWja0YfJA=&quot;,
+      #       &quot;version&quot;: 3
       #     }
       #
       # **YAML example:**
@@ -403,98 +411,25 @@
       #       condition:
       #         title: expirable access
       #         description: Does not grant access after Sep 2020
-      #         expression: request.time &lt; timestamp('2020-10-01T00:00:00.000Z')
+      #         expression: request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)
       #     - etag: BwWWja0YfJA=
       #     - version: 3
       #
       # For a description of IAM and its features, see the
       # [IAM documentation](https://cloud.google.com/iam/docs/).
-    "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
-      { # Specifies the audit configuration for a service.
-          # The configuration determines which permission types are logged, and what
-          # identities, if any, are exempted from logging.
-          # An AuditConfig must have one or more AuditLogConfigs.
-          #
-          # If there are AuditConfigs for both `allServices` and a specific service,
-          # the union of the two AuditConfigs is used for that service: the log_types
-          # specified in each AuditConfig are enabled, and the exempted_members in each
-          # AuditLogConfig are exempted.
-          #
-          # Example Policy with multiple AuditConfigs:
-          #
-          #     {
-          #       "audit_configs": [
-          #         {
-          #           "service": "allServices"
-          #           "audit_log_configs": [
-          #             {
-          #               "log_type": "DATA_READ",
-          #               "exempted_members": [
-          #                 "user:jose@example.com"
-          #               ]
-          #             },
-          #             {
-          #               "log_type": "DATA_WRITE",
-          #             },
-          #             {
-          #               "log_type": "ADMIN_READ",
-          #             }
-          #           ]
-          #         },
-          #         {
-          #           "service": "sampleservice.googleapis.com"
-          #           "audit_log_configs": [
-          #             {
-          #               "log_type": "DATA_READ",
-          #             },
-          #             {
-          #               "log_type": "DATA_WRITE",
-          #               "exempted_members": [
-          #                 "user:aliya@example.com"
-          #               ]
-          #             }
-          #           ]
-          #         }
-          #       ]
-          #     }
-          #
-          # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
-          # logging. It also exempts jose@example.com from DATA_READ logging, and
-          # aliya@example.com from DATA_WRITE logging.
-        "auditLogConfigs": [ # The configuration for logging of each type of permission.
-          { # Provides the configuration for logging a type of permissions.
-              # Example:
-              #
-              #     {
-              #       "audit_log_configs": [
-              #         {
-              #           "log_type": "DATA_READ",
-              #           "exempted_members": [
-              #             "user:jose@example.com"
-              #           ]
-              #         },
-              #         {
-              #           "log_type": "DATA_WRITE",
-              #         }
-              #       ]
-              #     }
-              #
-              # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
-              # jose@example.com from DATA_READ logging.
-            "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
-                # permission.
-                # Follows the same format of Binding.members.
-              "A String",
-            ],
-            "logType": "A String", # The log type that this config enables.
-          },
-        ],
-        "service": "A String", # Specifies a service that will be enabled for audit logging.
-            # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
-            # `allServices` is a special value that covers all services.
-      },
-    ],
-    "version": 42, # Specifies the format of the policy.
+    &quot;etag&quot;: &quot;A String&quot;, # `etag` is used for optimistic concurrency control as a way to help
+        # prevent simultaneous updates of a policy from overwriting each other.
+        # It is strongly suggested that systems make use of the `etag` in the
+        # read-modify-write cycle to perform policy updates in order to avoid race
+        # conditions: An `etag` is returned in the response to `getIamPolicy`, and
+        # systems are expected to put that etag in the request to `setIamPolicy` to
+        # ensure that their change will be applied to the same version of the policy.
+        #
+        # **Important:** If you use IAM Conditions, you must include the `etag` field
+        # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+        # you to overwrite a version `3` policy with a version `1` policy, and all of
+        # the conditions in the version `3` policy are lost.
+    &quot;version&quot;: 42, # Specifies the format of the policy.
         #
         # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
         # are rejected.
@@ -515,57 +450,153 @@
         #
         # If a policy does not include any conditions, operations on that policy may
         # specify any valid version or leave the field unset.
-    "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a
+        #
+        # To learn which resources support conditions in their IAM policies, see the
+        # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    &quot;auditConfigs&quot;: [ # Specifies cloud audit logging configuration for this policy.
+      { # Specifies the audit configuration for a service.
+          # The configuration determines which permission types are logged, and what
+          # identities, if any, are exempted from logging.
+          # An AuditConfig must have one or more AuditLogConfigs.
+          #
+          # If there are AuditConfigs for both `allServices` and a specific service,
+          # the union of the two AuditConfigs is used for that service: the log_types
+          # specified in each AuditConfig are enabled, and the exempted_members in each
+          # AuditLogConfig are exempted.
+          #
+          # Example Policy with multiple AuditConfigs:
+          #
+          #     {
+          #       &quot;audit_configs&quot;: [
+          #         {
+          #           &quot;service&quot;: &quot;allServices&quot;
+          #           &quot;audit_log_configs&quot;: [
+          #             {
+          #               &quot;log_type&quot;: &quot;DATA_READ&quot;,
+          #               &quot;exempted_members&quot;: [
+          #                 &quot;user:jose@example.com&quot;
+          #               ]
+          #             },
+          #             {
+          #               &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
+          #             },
+          #             {
+          #               &quot;log_type&quot;: &quot;ADMIN_READ&quot;,
+          #             }
+          #           ]
+          #         },
+          #         {
+          #           &quot;service&quot;: &quot;sampleservice.googleapis.com&quot;
+          #           &quot;audit_log_configs&quot;: [
+          #             {
+          #               &quot;log_type&quot;: &quot;DATA_READ&quot;,
+          #             },
+          #             {
+          #               &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
+          #               &quot;exempted_members&quot;: [
+          #                 &quot;user:aliya@example.com&quot;
+          #               ]
+          #             }
+          #           ]
+          #         }
+          #       ]
+          #     }
+          #
+          # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
+          # logging. It also exempts jose@example.com from DATA_READ logging, and
+          # aliya@example.com from DATA_WRITE logging.
+        &quot;service&quot;: &quot;A String&quot;, # Specifies a service that will be enabled for audit logging.
+            # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
+            # `allServices` is a special value that covers all services.
+        &quot;auditLogConfigs&quot;: [ # The configuration for logging of each type of permission.
+          { # Provides the configuration for logging a type of permissions.
+              # Example:
+              #
+              #     {
+              #       &quot;audit_log_configs&quot;: [
+              #         {
+              #           &quot;log_type&quot;: &quot;DATA_READ&quot;,
+              #           &quot;exempted_members&quot;: [
+              #             &quot;user:jose@example.com&quot;
+              #           ]
+              #         },
+              #         {
+              #           &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
+              #         }
+              #       ]
+              #     }
+              #
+              # This enables &#x27;DATA_READ&#x27; and &#x27;DATA_WRITE&#x27; logging, while exempting
+              # jose@example.com from DATA_READ logging.
+            &quot;exemptedMembers&quot;: [ # Specifies the identities that do not cause logging for this type of
+                # permission.
+                # Follows the same format of Binding.members.
+              &quot;A String&quot;,
+            ],
+            &quot;logType&quot;: &quot;A String&quot;, # The log type that this config enables.
+          },
+        ],
+      },
+    ],
+    &quot;bindings&quot;: [ # Associates a list of `members` to a `role`. Optionally, may specify a
         # `condition` that determines how and when the `bindings` are applied. Each
         # of the `bindings` must contain at least one member.
       { # Associates `members` with a `role`.
-        "role": "A String", # Role that is assigned to `members`.
+        &quot;role&quot;: &quot;A String&quot;, # Role that is assigned to `members`.
             # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
-        "condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
-            # NOTE: An unsatisfied condition will not allow user access via current
-            # binding. Different bindings, including their conditions, are examined
-            # independently.
+        &quot;condition&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
+            #
+            # If the condition evaluates to `true`, then this binding applies to the
+            # current request.
+            #
+            # If the condition evaluates to `false`, then this binding does not apply to
+            # the current request. However, a different role binding might grant the same
+            # role to one or more of the members in this binding.
+            #
+            # To learn which resources support conditions in their IAM policies, see the
+            # [IAM
+            # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
             # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
             # are documented at https://github.com/google/cel-spec.
             #
             # Example (Comparison):
             #
-            #     title: "Summary size limit"
-            #     description: "Determines if a summary is less than 100 chars"
-            #     expression: "document.summary.size() &lt; 100"
+            #     title: &quot;Summary size limit&quot;
+            #     description: &quot;Determines if a summary is less than 100 chars&quot;
+            #     expression: &quot;document.summary.size() &lt; 100&quot;
             #
             # Example (Equality):
             #
-            #     title: "Requestor is owner"
-            #     description: "Determines if requestor is the document owner"
-            #     expression: "document.owner == request.auth.claims.email"
+            #     title: &quot;Requestor is owner&quot;
+            #     description: &quot;Determines if requestor is the document owner&quot;
+            #     expression: &quot;document.owner == request.auth.claims.email&quot;
             #
             # Example (Logic):
             #
-            #     title: "Public documents"
-            #     description: "Determine whether the document should be publicly visible"
-            #     expression: "document.type != 'private' &amp;&amp; document.type != 'internal'"
+            #     title: &quot;Public documents&quot;
+            #     description: &quot;Determine whether the document should be publicly visible&quot;
+            #     expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
             #
             # Example (Data Manipulation):
             #
-            #     title: "Notification string"
-            #     description: "Create a notification string with a timestamp."
-            #     expression: "'New message received at ' + string(document.create_time)"
+            #     title: &quot;Notification string&quot;
+            #     description: &quot;Create a notification string with a timestamp.&quot;
+            #     expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
             #
             # The exact variables and functions that may be referenced within an expression
             # are determined by the service that evaluates it. See the service
             # documentation for additional information.
-          "description": "A String", # Optional. Description of the expression. This is a longer text which
-              # describes the expression, e.g. when hovered over it in a UI.
-          "expression": "A String", # Textual representation of an expression in Common Expression Language
-              # syntax.
-          "location": "A String", # Optional. String indicating the location of the expression for error
-              # reporting, e.g. a file name and a position in the file.
-          "title": "A String", # Optional. Title for the expression, i.e. a short string describing
+          &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
               # its purpose. This can be used e.g. in UIs which allow to enter the
               # expression.
+          &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
+              # reporting, e.g. a file name and a position in the file.
+          &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
+              # describes the expression, e.g. when hovered over it in a UI.
+          &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
+              # syntax.
         },
-        "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
+        &quot;members&quot;: [ # Specifies the identities requesting access for a Cloud Platform resource.
             # `members` can have the following values:
             #
             # * `allUsers`: A special identifier that represents anyone who is
@@ -608,27 +639,15 @@
             # * `domain:{domain}`: The G Suite domain (primary) that represents all the
             #    users of that domain. For example, `google.com` or `example.com`.
             #
-          "A String",
+          &quot;A String&quot;,
         ],
       },
     ],
-    "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
-        # prevent simultaneous updates of a policy from overwriting each other.
-        # It is strongly suggested that systems make use of the `etag` in the
-        # read-modify-write cycle to perform policy updates in order to avoid race
-        # conditions: An `etag` is returned in the response to `getIamPolicy`, and
-        # systems are expected to put that etag in the request to `setIamPolicy` to
-        # ensure that their change will be applied to the same version of the policy.
-        #
-        # **Important:** If you use IAM Conditions, you must include the `etag` field
-        # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
-        # you to overwrite a version `3` policy with a version `1` policy, and all of
-        # the conditions in the version `3` policy are lost.
   }</pre>
 </div>
 
 <div class="method">
-    <code class="details" id="list">list(parent=None, showDeleted=None, pageToken=None, x__xgafv=None, pageSize=None)</code>
+    <code class="details" id="list">list(pageToken=None, pageSize=None, parent=None, showDeleted=None, x__xgafv=None)</code>
   <pre>Lists the Folders that are direct descendants of supplied parent resource.
 List provides a strongly consistent view of the Folders underneath
 the specified parent resource.
@@ -638,6 +657,9 @@
 identified parent.
 
 Args:
+  pageToken: string, Optional. A pagination token returned from a previous call to `ListFolders`
+that indicates where this listing should continue from.
+  pageSize: integer, Optional. The maximum number of Folders to return in the response.
   parent: string, Required. The resource name of the Organization or Folder whose Folders are
 being listed.
 Must be of the form `folders/{folder_id}` or `organizations/{org_id}`.
@@ -646,43 +668,40 @@
   showDeleted: boolean, Optional. Controls whether Folders in the
 DELETE_REQUESTED
 state should be returned. Defaults to false.
-  pageToken: string, Optional. A pagination token returned from a previous call to `ListFolders`
-that indicates where this listing should continue from.
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
       2 - v2 error format
-  pageSize: integer, Optional. The maximum number of Folders to return in the response.
 
 Returns:
   An object of the form:
 
     { # The ListFolders response message.
-    "folders": [ # A possibly paginated list of Folders that are direct descendants of
+    &quot;nextPageToken&quot;: &quot;A String&quot;, # A pagination token returned from a previous call to `ListFolders`
+        # that indicates from where listing should continue.
+    &quot;folders&quot;: [ # A possibly paginated list of Folders that are direct descendants of
         # the specified parent resource.
-      { # A Folder in an Organization's resource hierarchy, used to
-          # organize that Organization's resources.
-        "lifecycleState": "A String", # Output only. The lifecycle state of the folder.
+      { # A Folder in an Organization&#x27;s resource hierarchy, used to
+          # organize that Organization&#x27;s resources.
+        &quot;lifecycleState&quot;: &quot;A String&quot;, # Output only. The lifecycle state of the folder.
             # Updates to the lifecycle_state must be performed via
             # DeleteFolder and
             # UndeleteFolder.
-        "displayName": "A String", # The folder’s display name.
+        &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name of the Folder.
+            # Its format is `folders/{folder_id}`, for example: &quot;folders/1234&quot;.
+        &quot;displayName&quot;: &quot;A String&quot;, # The folder’s display name.
             # A folder’s display name must be unique amongst its siblings, e.g.
             # no two folders with the same parent can share the same display name.
             # The display name must start and end with a letter or digit, may contain
             # letters, digits, spaces, hyphens and underscores and can be no longer
             # than 30 characters. This is captured by the regular expression:
             # [\p{L}\p{N}]([\p{L}\p{N}_- ]{0,28}[\p{L}\p{N}])?.
-        "name": "A String", # Output only. The resource name of the Folder.
-            # Its format is `folders/{folder_id}`, for example: "folders/1234".
-        "parent": "A String", # Required. The Folder’s parent's resource name.
-            # Updates to the folder's parent must be performed via
+        &quot;parent&quot;: &quot;A String&quot;, # Required. The Folder’s parent&#x27;s resource name.
+            # Updates to the folder&#x27;s parent must be performed via
             # MoveFolder.
-        "createTime": "A String", # Output only. Timestamp when the Folder was created. Assigned by the server.
+        &quot;createTime&quot;: &quot;A String&quot;, # Output only. Timestamp when the Folder was created. Assigned by the server.
       },
     ],
-    "nextPageToken": "A String", # A pagination token returned from a previous call to `ListFolders`
-        # that indicates from where listing should continue.
   }</pre>
 </div>
 
@@ -695,7 +714,7 @@
   previous_response: The response from the request for the previous page. (required)
 
 Returns:
-  A request object that you can call 'execute()' on to request the next
+  A request object that you can call &#x27;execute()&#x27; on to request the next
   page. Returns None if there are no more items in the collection.
     </pre>
 </div>
@@ -718,7 +737,7 @@
 or fanout constraints described in the
 CreateFolder documentation.
 The caller must have `resourcemanager.folders.move` permission on the
-folder's current and proposed new parent.
+folder&#x27;s current and proposed new parent.
 
 Args:
   name: string, Required. The resource name of the Folder to move.
@@ -727,7 +746,7 @@
     The object takes the form of:
 
 { # The MoveFolder request message.
-    "destinationParent": "A String", # Required. The resource name of the Folder or Organization to reparent
+    &quot;destinationParent&quot;: &quot;A String&quot;, # Required. The resource name of the Folder or Organization to reparent
         # the folder under.
         # Must be of the form `folders/{folder_id}` or `organizations/{org_id}`.
   }
@@ -742,7 +761,10 @@
 
     { # This resource represents a long-running operation that is the result of a
       # network API call.
-    "response": { # The normal response of the operation in case of success.  If the original
+    &quot;done&quot;: True or False, # If the value is `false`, it means the operation is still in progress.
+        # If `true`, the operation is completed, and either `error` or `response` is
+        # available.
+    &quot;response&quot;: { # The normal response of the operation in case of success.  If the original
         # method returns no data on success, such as `Delete`, the response is
         # `google.protobuf.Empty`.  If the original method is standard
         # `Get`/`Create`/`Update`, the response should be the resource.  For other
@@ -750,38 +772,35 @@
         # is the original method name.  For example, if the original method name
         # is `TakeSnapshot()`, the inferred response type is
         # `TakeSnapshotResponse`.
-      "a_key": "", # Properties of the object. Contains field @type with type URL.
+      &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
     },
-    "metadata": { # Service-specific metadata associated with the operation.  It typically
-        # contains progress information and common metadata such as create time.
-        # Some services might not provide such metadata.  Any method that returns a
-        # long-running operation should document the metadata type, if any.
-      "a_key": "", # Properties of the object. Contains field @type with type URL.
-    },
-    "done": True or False, # If the value is `false`, it means the operation is still in progress.
-        # If `true`, the operation is completed, and either `error` or `response` is
-        # available.
-    "name": "A String", # The server-assigned name, which is only unique within the same service that
+    &quot;name&quot;: &quot;A String&quot;, # The server-assigned name, which is only unique within the same service that
         # originally returns it. If you use the default HTTP mapping, the
         # `name` should be a resource name ending with `operations/{unique_id}`.
-    "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
+    &quot;error&quot;: { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
         # different programming environments, including REST APIs and RPC APIs. It is
         # used by [gRPC](https://github.com/grpc). Each `Status` message contains
         # three pieces of data: error code, error message, and error details.
         #
         # You can find out more about this error model and how to work with it in the
         # [API Design Guide](https://cloud.google.com/apis/design/errors).
-      "message": "A String", # A developer-facing error message, which should be in English. Any
+      &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
+      &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any
           # user-facing error message should be localized and sent in the
           # google.rpc.Status.details field, or localized by the client.
-      "code": 42, # The status code, which should be an enum value of google.rpc.Code.
-      "details": [ # A list of messages that carry the error details.  There is a common set of
+      &quot;details&quot;: [ # A list of messages that carry the error details.  There is a common set of
           # message types for APIs to use.
         {
-          "a_key": "", # Properties of the object. Contains field @type with type URL.
+          &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
         },
       ],
     },
+    &quot;metadata&quot;: { # Service-specific metadata associated with the operation.  It typically
+        # contains progress information and common metadata such as create time.
+        # Some services might not provide such metadata.  Any method that returns a
+        # long-running operation should document the metadata type, if any.
+      &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
+    },
   }</pre>
 </div>
 
@@ -792,7 +811,7 @@
 the display_name formatting rules or naming constraints described in
 the CreateFolder documentation.
 
-The Folder's display name must start and end with a letter or digit,
+The Folder&#x27;s display name must start and end with a letter or digit,
 may contain letters, digits, spaces, hyphens and underscores and can be
 no longer than 30 characters. This is captured by the regular expression:
 [\p{L}\p{N}]([\p{L}\p{N}_- ]{0,28}[\p{L}\p{N}])?.
@@ -805,29 +824,29 @@
 
 Args:
   name: string, Output only. The resource name of the Folder.
-Its format is `folders/{folder_id}`, for example: "folders/1234". (required)
+Its format is `folders/{folder_id}`, for example: &quot;folders/1234&quot;. (required)
   body: object, The request body.
     The object takes the form of:
 
-{ # A Folder in an Organization's resource hierarchy, used to
-    # organize that Organization's resources.
-  "lifecycleState": "A String", # Output only. The lifecycle state of the folder.
+{ # A Folder in an Organization&#x27;s resource hierarchy, used to
+    # organize that Organization&#x27;s resources.
+  &quot;lifecycleState&quot;: &quot;A String&quot;, # Output only. The lifecycle state of the folder.
       # Updates to the lifecycle_state must be performed via
       # DeleteFolder and
       # UndeleteFolder.
-  "displayName": "A String", # The folder’s display name.
+  &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name of the Folder.
+      # Its format is `folders/{folder_id}`, for example: &quot;folders/1234&quot;.
+  &quot;displayName&quot;: &quot;A String&quot;, # The folder’s display name.
       # A folder’s display name must be unique amongst its siblings, e.g.
       # no two folders with the same parent can share the same display name.
       # The display name must start and end with a letter or digit, may contain
       # letters, digits, spaces, hyphens and underscores and can be no longer
       # than 30 characters. This is captured by the regular expression:
       # [\p{L}\p{N}]([\p{L}\p{N}_- ]{0,28}[\p{L}\p{N}])?.
-  "name": "A String", # Output only. The resource name of the Folder.
-      # Its format is `folders/{folder_id}`, for example: "folders/1234".
-  "parent": "A String", # Required. The Folder’s parent's resource name.
-      # Updates to the folder's parent must be performed via
+  &quot;parent&quot;: &quot;A String&quot;, # Required. The Folder’s parent&#x27;s resource name.
+      # Updates to the folder&#x27;s parent must be performed via
       # MoveFolder.
-  "createTime": "A String", # Output only. Timestamp when the Folder was created. Assigned by the server.
+  &quot;createTime&quot;: &quot;A String&quot;, # Output only. Timestamp when the Folder was created. Assigned by the server.
 }
 
   updateMask: string, Required. Fields to be updated.
@@ -840,25 +859,25 @@
 Returns:
   An object of the form:
 
-    { # A Folder in an Organization's resource hierarchy, used to
-      # organize that Organization's resources.
-    "lifecycleState": "A String", # Output only. The lifecycle state of the folder.
+    { # A Folder in an Organization&#x27;s resource hierarchy, used to
+      # organize that Organization&#x27;s resources.
+    &quot;lifecycleState&quot;: &quot;A String&quot;, # Output only. The lifecycle state of the folder.
         # Updates to the lifecycle_state must be performed via
         # DeleteFolder and
         # UndeleteFolder.
-    "displayName": "A String", # The folder’s display name.
+    &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name of the Folder.
+        # Its format is `folders/{folder_id}`, for example: &quot;folders/1234&quot;.
+    &quot;displayName&quot;: &quot;A String&quot;, # The folder’s display name.
         # A folder’s display name must be unique amongst its siblings, e.g.
         # no two folders with the same parent can share the same display name.
         # The display name must start and end with a letter or digit, may contain
         # letters, digits, spaces, hyphens and underscores and can be no longer
         # than 30 characters. This is captured by the regular expression:
         # [\p{L}\p{N}]([\p{L}\p{N}_- ]{0,28}[\p{L}\p{N}])?.
-    "name": "A String", # Output only. The resource name of the Folder.
-        # Its format is `folders/{folder_id}`, for example: "folders/1234".
-    "parent": "A String", # Required. The Folder’s parent's resource name.
-        # Updates to the folder's parent must be performed via
+    &quot;parent&quot;: &quot;A String&quot;, # Required. The Folder’s parent&#x27;s resource name.
+        # Updates to the folder&#x27;s parent must be performed via
         # MoveFolder.
-    "createTime": "A String", # Output only. Timestamp when the Folder was created. Assigned by the server.
+    &quot;createTime&quot;: &quot;A String&quot;, # Output only. Timestamp when the Folder was created. Assigned by the server.
   }</pre>
 </div>
 
@@ -876,10 +895,10 @@
     The object takes the form of:
 
 { # The request message for searching folders.
-    "pageToken": "A String", # Optional. A pagination token returned from a previous call to `SearchFolders`
+    &quot;pageToken&quot;: &quot;A String&quot;, # Optional. A pagination token returned from a previous call to `SearchFolders`
         # that indicates from where search should continue.
-    "pageSize": 42, # Optional. The maximum number of folders to return in the response.
-    "query": "A String", # Search criteria used to select the Folders to return.
+    &quot;pageSize&quot;: 42, # Optional. The maximum number of folders to return in the response.
+    &quot;query&quot;: &quot;A String&quot;, # Search criteria used to select the Folders to return.
         # If no search criteria is specified then all accessible folders will be
         # returned.
         # 
@@ -893,15 +912,15 @@
         # Some example queries are:
         # 
         # * Query `displayName=Test*` returns Folder resources whose display name
-        # starts with "Test".
+        # starts with &quot;Test&quot;.
         # * Query `lifecycleState=ACTIVE` returns Folder resources with
         # `lifecycleState` set to `ACTIVE`.
         # * Query `parent=folders/123` returns Folder resources that have
         # `folders/123` as a parent resource.
         # * Query `parent=folders/123 AND lifecycleState=ACTIVE` returns active
         # Folder resources that have `folders/123` as a parent resource.
-        # * Query `displayName=\\"Test String\\"` returns Folder resources with
-        # display names that include both "Test" and "String".
+        # * Query `displayName=\\&quot;Test String\\&quot;` returns Folder resources with
+        # display names that include both &quot;Test&quot; and &quot;String&quot;.
   }
 
   x__xgafv: string, V1 error format.
@@ -913,31 +932,31 @@
   An object of the form:
 
     { # The response message for searching folders.
-    "folders": [ # A possibly paginated folder search results.
+    &quot;nextPageToken&quot;: &quot;A String&quot;, # A pagination token returned from a previous call to `SearchFolders`
+        # that indicates from where searching should continue.
+    &quot;folders&quot;: [ # A possibly paginated folder search results.
         # the specified parent resource.
-      { # A Folder in an Organization's resource hierarchy, used to
-          # organize that Organization's resources.
-        "lifecycleState": "A String", # Output only. The lifecycle state of the folder.
+      { # A Folder in an Organization&#x27;s resource hierarchy, used to
+          # organize that Organization&#x27;s resources.
+        &quot;lifecycleState&quot;: &quot;A String&quot;, # Output only. The lifecycle state of the folder.
             # Updates to the lifecycle_state must be performed via
             # DeleteFolder and
             # UndeleteFolder.
-        "displayName": "A String", # The folder’s display name.
+        &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name of the Folder.
+            # Its format is `folders/{folder_id}`, for example: &quot;folders/1234&quot;.
+        &quot;displayName&quot;: &quot;A String&quot;, # The folder’s display name.
             # A folder’s display name must be unique amongst its siblings, e.g.
             # no two folders with the same parent can share the same display name.
             # The display name must start and end with a letter or digit, may contain
             # letters, digits, spaces, hyphens and underscores and can be no longer
             # than 30 characters. This is captured by the regular expression:
             # [\p{L}\p{N}]([\p{L}\p{N}_- ]{0,28}[\p{L}\p{N}])?.
-        "name": "A String", # Output only. The resource name of the Folder.
-            # Its format is `folders/{folder_id}`, for example: "folders/1234".
-        "parent": "A String", # Required. The Folder’s parent's resource name.
-            # Updates to the folder's parent must be performed via
+        &quot;parent&quot;: &quot;A String&quot;, # Required. The Folder’s parent&#x27;s resource name.
+            # Updates to the folder&#x27;s parent must be performed via
             # MoveFolder.
-        "createTime": "A String", # Output only. Timestamp when the Folder was created. Assigned by the server.
+        &quot;createTime&quot;: &quot;A String&quot;, # Output only. Timestamp when the Folder was created. Assigned by the server.
       },
     ],
-    "nextPageToken": "A String", # A pagination token returned from a previous call to `SearchFolders`
-        # that indicates from where searching should continue.
   }</pre>
 </div>
 
@@ -950,7 +969,7 @@
   previous_response: The response from the request for the previous page. (required)
 
 Returns:
-  A request object that you can call 'execute()' on to request the next
+  A request object that you can call &#x27;execute()&#x27; on to request the next
   page. Returns None if there are no more items in the collection.
     </pre>
 </div>
@@ -958,8 +977,8 @@
 <div class="method">
     <code class="details" id="setIamPolicy">setIamPolicy(resource, body=None, x__xgafv=None)</code>
   <pre>Sets the access control policy on a Folder, replacing any existing policy.
-The `resource` field should be the Folder's resource name, e.g.
-"folders/1234".
+The `resource` field should be the Folder&#x27;s resource name, e.g.
+&quot;folders/1234&quot;.
 The caller must have `resourcemanager.folders.setIamPolicy` permission
 on the identified folder.
 
@@ -970,7 +989,7 @@
     The object takes the form of:
 
 { # Request message for `SetIamPolicy` method.
-    "policy": { # An Identity and Access Management (IAM) policy, which specifies access # REQUIRED: The complete policy to be applied to the `resource`. The size of
+    &quot;policy&quot;: { # An Identity and Access Management (IAM) policy, which specifies access # REQUIRED: The complete policy to be applied to the `resource`. The size of
         # the policy is limited to a few 10s of KB. An empty policy is a
         # valid policy but certain Cloud Platform services (such as Projects)
         # might reject them.
@@ -983,36 +1002,40 @@
         # permissions; each `role` can be an IAM predefined role or a user-created
         # custom role.
         #
-        # Optionally, a `binding` can specify a `condition`, which is a logical
-        # expression that allows access to a resource only if the expression evaluates
-        # to `true`. A condition can add constraints based on attributes of the
-        # request, the resource, or both.
+        # For some types of Google Cloud resources, a `binding` can also specify a
+        # `condition`, which is a logical expression that allows access to a resource
+        # only if the expression evaluates to `true`. A condition can add constraints
+        # based on attributes of the request, the resource, or both. To learn which
+        # resources support conditions in their IAM policies, see the
+        # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
         #
         # **JSON example:**
         #
         #     {
-        #       "bindings": [
+        #       &quot;bindings&quot;: [
         #         {
-        #           "role": "roles/resourcemanager.organizationAdmin",
-        #           "members": [
-        #             "user:mike@example.com",
-        #             "group:admins@example.com",
-        #             "domain:google.com",
-        #             "serviceAccount:my-project-id@appspot.gserviceaccount.com"
+        #           &quot;role&quot;: &quot;roles/resourcemanager.organizationAdmin&quot;,
+        #           &quot;members&quot;: [
+        #             &quot;user:mike@example.com&quot;,
+        #             &quot;group:admins@example.com&quot;,
+        #             &quot;domain:google.com&quot;,
+        #             &quot;serviceAccount:my-project-id@appspot.gserviceaccount.com&quot;
         #           ]
         #         },
         #         {
-        #           "role": "roles/resourcemanager.organizationViewer",
-        #           "members": ["user:eve@example.com"],
-        #           "condition": {
-        #             "title": "expirable access",
-        #             "description": "Does not grant access after Sep 2020",
-        #             "expression": "request.time &lt; timestamp('2020-10-01T00:00:00.000Z')",
+        #           &quot;role&quot;: &quot;roles/resourcemanager.organizationViewer&quot;,
+        #           &quot;members&quot;: [
+        #             &quot;user:eve@example.com&quot;
+        #           ],
+        #           &quot;condition&quot;: {
+        #             &quot;title&quot;: &quot;expirable access&quot;,
+        #             &quot;description&quot;: &quot;Does not grant access after Sep 2020&quot;,
+        #             &quot;expression&quot;: &quot;request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)&quot;,
         #           }
         #         }
         #       ],
-        #       "etag": "BwWWja0YfJA=",
-        #       "version": 3
+        #       &quot;etag&quot;: &quot;BwWWja0YfJA=&quot;,
+        #       &quot;version&quot;: 3
         #     }
         #
         # **YAML example:**
@@ -1030,98 +1053,25 @@
         #       condition:
         #         title: expirable access
         #         description: Does not grant access after Sep 2020
-        #         expression: request.time &lt; timestamp('2020-10-01T00:00:00.000Z')
+        #         expression: request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)
         #     - etag: BwWWja0YfJA=
         #     - version: 3
         #
         # For a description of IAM and its features, see the
         # [IAM documentation](https://cloud.google.com/iam/docs/).
-      "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
-        { # Specifies the audit configuration for a service.
-            # The configuration determines which permission types are logged, and what
-            # identities, if any, are exempted from logging.
-            # An AuditConfig must have one or more AuditLogConfigs.
-            #
-            # If there are AuditConfigs for both `allServices` and a specific service,
-            # the union of the two AuditConfigs is used for that service: the log_types
-            # specified in each AuditConfig are enabled, and the exempted_members in each
-            # AuditLogConfig are exempted.
-            #
-            # Example Policy with multiple AuditConfigs:
-            #
-            #     {
-            #       "audit_configs": [
-            #         {
-            #           "service": "allServices"
-            #           "audit_log_configs": [
-            #             {
-            #               "log_type": "DATA_READ",
-            #               "exempted_members": [
-            #                 "user:jose@example.com"
-            #               ]
-            #             },
-            #             {
-            #               "log_type": "DATA_WRITE",
-            #             },
-            #             {
-            #               "log_type": "ADMIN_READ",
-            #             }
-            #           ]
-            #         },
-            #         {
-            #           "service": "sampleservice.googleapis.com"
-            #           "audit_log_configs": [
-            #             {
-            #               "log_type": "DATA_READ",
-            #             },
-            #             {
-            #               "log_type": "DATA_WRITE",
-            #               "exempted_members": [
-            #                 "user:aliya@example.com"
-            #               ]
-            #             }
-            #           ]
-            #         }
-            #       ]
-            #     }
-            #
-            # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
-            # logging. It also exempts jose@example.com from DATA_READ logging, and
-            # aliya@example.com from DATA_WRITE logging.
-          "auditLogConfigs": [ # The configuration for logging of each type of permission.
-            { # Provides the configuration for logging a type of permissions.
-                # Example:
-                #
-                #     {
-                #       "audit_log_configs": [
-                #         {
-                #           "log_type": "DATA_READ",
-                #           "exempted_members": [
-                #             "user:jose@example.com"
-                #           ]
-                #         },
-                #         {
-                #           "log_type": "DATA_WRITE",
-                #         }
-                #       ]
-                #     }
-                #
-                # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
-                # jose@example.com from DATA_READ logging.
-              "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
-                  # permission.
-                  # Follows the same format of Binding.members.
-                "A String",
-              ],
-              "logType": "A String", # The log type that this config enables.
-            },
-          ],
-          "service": "A String", # Specifies a service that will be enabled for audit logging.
-              # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
-              # `allServices` is a special value that covers all services.
-        },
-      ],
-      "version": 42, # Specifies the format of the policy.
+      &quot;etag&quot;: &quot;A String&quot;, # `etag` is used for optimistic concurrency control as a way to help
+          # prevent simultaneous updates of a policy from overwriting each other.
+          # It is strongly suggested that systems make use of the `etag` in the
+          # read-modify-write cycle to perform policy updates in order to avoid race
+          # conditions: An `etag` is returned in the response to `getIamPolicy`, and
+          # systems are expected to put that etag in the request to `setIamPolicy` to
+          # ensure that their change will be applied to the same version of the policy.
+          #
+          # **Important:** If you use IAM Conditions, you must include the `etag` field
+          # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+          # you to overwrite a version `3` policy with a version `1` policy, and all of
+          # the conditions in the version `3` policy are lost.
+      &quot;version&quot;: 42, # Specifies the format of the policy.
           #
           # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
           # are rejected.
@@ -1142,57 +1092,153 @@
           #
           # If a policy does not include any conditions, operations on that policy may
           # specify any valid version or leave the field unset.
-      "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a
+          #
+          # To learn which resources support conditions in their IAM policies, see the
+          # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+      &quot;auditConfigs&quot;: [ # Specifies cloud audit logging configuration for this policy.
+        { # Specifies the audit configuration for a service.
+            # The configuration determines which permission types are logged, and what
+            # identities, if any, are exempted from logging.
+            # An AuditConfig must have one or more AuditLogConfigs.
+            #
+            # If there are AuditConfigs for both `allServices` and a specific service,
+            # the union of the two AuditConfigs is used for that service: the log_types
+            # specified in each AuditConfig are enabled, and the exempted_members in each
+            # AuditLogConfig are exempted.
+            #
+            # Example Policy with multiple AuditConfigs:
+            #
+            #     {
+            #       &quot;audit_configs&quot;: [
+            #         {
+            #           &quot;service&quot;: &quot;allServices&quot;
+            #           &quot;audit_log_configs&quot;: [
+            #             {
+            #               &quot;log_type&quot;: &quot;DATA_READ&quot;,
+            #               &quot;exempted_members&quot;: [
+            #                 &quot;user:jose@example.com&quot;
+            #               ]
+            #             },
+            #             {
+            #               &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
+            #             },
+            #             {
+            #               &quot;log_type&quot;: &quot;ADMIN_READ&quot;,
+            #             }
+            #           ]
+            #         },
+            #         {
+            #           &quot;service&quot;: &quot;sampleservice.googleapis.com&quot;
+            #           &quot;audit_log_configs&quot;: [
+            #             {
+            #               &quot;log_type&quot;: &quot;DATA_READ&quot;,
+            #             },
+            #             {
+            #               &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
+            #               &quot;exempted_members&quot;: [
+            #                 &quot;user:aliya@example.com&quot;
+            #               ]
+            #             }
+            #           ]
+            #         }
+            #       ]
+            #     }
+            #
+            # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
+            # logging. It also exempts jose@example.com from DATA_READ logging, and
+            # aliya@example.com from DATA_WRITE logging.
+          &quot;service&quot;: &quot;A String&quot;, # Specifies a service that will be enabled for audit logging.
+              # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
+              # `allServices` is a special value that covers all services.
+          &quot;auditLogConfigs&quot;: [ # The configuration for logging of each type of permission.
+            { # Provides the configuration for logging a type of permissions.
+                # Example:
+                #
+                #     {
+                #       &quot;audit_log_configs&quot;: [
+                #         {
+                #           &quot;log_type&quot;: &quot;DATA_READ&quot;,
+                #           &quot;exempted_members&quot;: [
+                #             &quot;user:jose@example.com&quot;
+                #           ]
+                #         },
+                #         {
+                #           &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
+                #         }
+                #       ]
+                #     }
+                #
+                # This enables &#x27;DATA_READ&#x27; and &#x27;DATA_WRITE&#x27; logging, while exempting
+                # jose@example.com from DATA_READ logging.
+              &quot;exemptedMembers&quot;: [ # Specifies the identities that do not cause logging for this type of
+                  # permission.
+                  # Follows the same format of Binding.members.
+                &quot;A String&quot;,
+              ],
+              &quot;logType&quot;: &quot;A String&quot;, # The log type that this config enables.
+            },
+          ],
+        },
+      ],
+      &quot;bindings&quot;: [ # Associates a list of `members` to a `role`. Optionally, may specify a
           # `condition` that determines how and when the `bindings` are applied. Each
           # of the `bindings` must contain at least one member.
         { # Associates `members` with a `role`.
-          "role": "A String", # Role that is assigned to `members`.
+          &quot;role&quot;: &quot;A String&quot;, # Role that is assigned to `members`.
               # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
-          "condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
-              # NOTE: An unsatisfied condition will not allow user access via current
-              # binding. Different bindings, including their conditions, are examined
-              # independently.
+          &quot;condition&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
+              #
+              # If the condition evaluates to `true`, then this binding applies to the
+              # current request.
+              #
+              # If the condition evaluates to `false`, then this binding does not apply to
+              # the current request. However, a different role binding might grant the same
+              # role to one or more of the members in this binding.
+              #
+              # To learn which resources support conditions in their IAM policies, see the
+              # [IAM
+              # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
               # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
               # are documented at https://github.com/google/cel-spec.
               #
               # Example (Comparison):
               #
-              #     title: "Summary size limit"
-              #     description: "Determines if a summary is less than 100 chars"
-              #     expression: "document.summary.size() &lt; 100"
+              #     title: &quot;Summary size limit&quot;
+              #     description: &quot;Determines if a summary is less than 100 chars&quot;
+              #     expression: &quot;document.summary.size() &lt; 100&quot;
               #
               # Example (Equality):
               #
-              #     title: "Requestor is owner"
-              #     description: "Determines if requestor is the document owner"
-              #     expression: "document.owner == request.auth.claims.email"
+              #     title: &quot;Requestor is owner&quot;
+              #     description: &quot;Determines if requestor is the document owner&quot;
+              #     expression: &quot;document.owner == request.auth.claims.email&quot;
               #
               # Example (Logic):
               #
-              #     title: "Public documents"
-              #     description: "Determine whether the document should be publicly visible"
-              #     expression: "document.type != 'private' &amp;&amp; document.type != 'internal'"
+              #     title: &quot;Public documents&quot;
+              #     description: &quot;Determine whether the document should be publicly visible&quot;
+              #     expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
               #
               # Example (Data Manipulation):
               #
-              #     title: "Notification string"
-              #     description: "Create a notification string with a timestamp."
-              #     expression: "'New message received at ' + string(document.create_time)"
+              #     title: &quot;Notification string&quot;
+              #     description: &quot;Create a notification string with a timestamp.&quot;
+              #     expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
               #
               # The exact variables and functions that may be referenced within an expression
               # are determined by the service that evaluates it. See the service
               # documentation for additional information.
-            "description": "A String", # Optional. Description of the expression. This is a longer text which
-                # describes the expression, e.g. when hovered over it in a UI.
-            "expression": "A String", # Textual representation of an expression in Common Expression Language
-                # syntax.
-            "location": "A String", # Optional. String indicating the location of the expression for error
-                # reporting, e.g. a file name and a position in the file.
-            "title": "A String", # Optional. Title for the expression, i.e. a short string describing
+            &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
                 # its purpose. This can be used e.g. in UIs which allow to enter the
                 # expression.
+            &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
+                # reporting, e.g. a file name and a position in the file.
+            &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
+                # describes the expression, e.g. when hovered over it in a UI.
+            &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
+                # syntax.
           },
-          "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
+          &quot;members&quot;: [ # Specifies the identities requesting access for a Cloud Platform resource.
               # `members` can have the following values:
               #
               # * `allUsers`: A special identifier that represents anyone who is
@@ -1235,28 +1281,16 @@
               # * `domain:{domain}`: The G Suite domain (primary) that represents all the
               #    users of that domain. For example, `google.com` or `example.com`.
               #
-            "A String",
+            &quot;A String&quot;,
           ],
         },
       ],
-      "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
-          # prevent simultaneous updates of a policy from overwriting each other.
-          # It is strongly suggested that systems make use of the `etag` in the
-          # read-modify-write cycle to perform policy updates in order to avoid race
-          # conditions: An `etag` is returned in the response to `getIamPolicy`, and
-          # systems are expected to put that etag in the request to `setIamPolicy` to
-          # ensure that their change will be applied to the same version of the policy.
-          #
-          # **Important:** If you use IAM Conditions, you must include the `etag` field
-          # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
-          # you to overwrite a version `3` policy with a version `1` policy, and all of
-          # the conditions in the version `3` policy are lost.
     },
-    "updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
+    &quot;updateMask&quot;: &quot;A String&quot;, # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
         # the fields in the mask will be modified. If no mask is provided, the
         # following default mask is used:
         # 
-        # `paths: "bindings, etag"`
+        # `paths: &quot;bindings, etag&quot;`
   }
 
   x__xgafv: string, V1 error format.
@@ -1277,36 +1311,40 @@
       # permissions; each `role` can be an IAM predefined role or a user-created
       # custom role.
       #
-      # Optionally, a `binding` can specify a `condition`, which is a logical
-      # expression that allows access to a resource only if the expression evaluates
-      # to `true`. A condition can add constraints based on attributes of the
-      # request, the resource, or both.
+      # For some types of Google Cloud resources, a `binding` can also specify a
+      # `condition`, which is a logical expression that allows access to a resource
+      # only if the expression evaluates to `true`. A condition can add constraints
+      # based on attributes of the request, the resource, or both. To learn which
+      # resources support conditions in their IAM policies, see the
+      # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
       #
       # **JSON example:**
       #
       #     {
-      #       "bindings": [
+      #       &quot;bindings&quot;: [
       #         {
-      #           "role": "roles/resourcemanager.organizationAdmin",
-      #           "members": [
-      #             "user:mike@example.com",
-      #             "group:admins@example.com",
-      #             "domain:google.com",
-      #             "serviceAccount:my-project-id@appspot.gserviceaccount.com"
+      #           &quot;role&quot;: &quot;roles/resourcemanager.organizationAdmin&quot;,
+      #           &quot;members&quot;: [
+      #             &quot;user:mike@example.com&quot;,
+      #             &quot;group:admins@example.com&quot;,
+      #             &quot;domain:google.com&quot;,
+      #             &quot;serviceAccount:my-project-id@appspot.gserviceaccount.com&quot;
       #           ]
       #         },
       #         {
-      #           "role": "roles/resourcemanager.organizationViewer",
-      #           "members": ["user:eve@example.com"],
-      #           "condition": {
-      #             "title": "expirable access",
-      #             "description": "Does not grant access after Sep 2020",
-      #             "expression": "request.time &lt; timestamp('2020-10-01T00:00:00.000Z')",
+      #           &quot;role&quot;: &quot;roles/resourcemanager.organizationViewer&quot;,
+      #           &quot;members&quot;: [
+      #             &quot;user:eve@example.com&quot;
+      #           ],
+      #           &quot;condition&quot;: {
+      #             &quot;title&quot;: &quot;expirable access&quot;,
+      #             &quot;description&quot;: &quot;Does not grant access after Sep 2020&quot;,
+      #             &quot;expression&quot;: &quot;request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)&quot;,
       #           }
       #         }
       #       ],
-      #       "etag": "BwWWja0YfJA=",
-      #       "version": 3
+      #       &quot;etag&quot;: &quot;BwWWja0YfJA=&quot;,
+      #       &quot;version&quot;: 3
       #     }
       #
       # **YAML example:**
@@ -1324,98 +1362,25 @@
       #       condition:
       #         title: expirable access
       #         description: Does not grant access after Sep 2020
-      #         expression: request.time &lt; timestamp('2020-10-01T00:00:00.000Z')
+      #         expression: request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)
       #     - etag: BwWWja0YfJA=
       #     - version: 3
       #
       # For a description of IAM and its features, see the
       # [IAM documentation](https://cloud.google.com/iam/docs/).
-    "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
-      { # Specifies the audit configuration for a service.
-          # The configuration determines which permission types are logged, and what
-          # identities, if any, are exempted from logging.
-          # An AuditConfig must have one or more AuditLogConfigs.
-          #
-          # If there are AuditConfigs for both `allServices` and a specific service,
-          # the union of the two AuditConfigs is used for that service: the log_types
-          # specified in each AuditConfig are enabled, and the exempted_members in each
-          # AuditLogConfig are exempted.
-          #
-          # Example Policy with multiple AuditConfigs:
-          #
-          #     {
-          #       "audit_configs": [
-          #         {
-          #           "service": "allServices"
-          #           "audit_log_configs": [
-          #             {
-          #               "log_type": "DATA_READ",
-          #               "exempted_members": [
-          #                 "user:jose@example.com"
-          #               ]
-          #             },
-          #             {
-          #               "log_type": "DATA_WRITE",
-          #             },
-          #             {
-          #               "log_type": "ADMIN_READ",
-          #             }
-          #           ]
-          #         },
-          #         {
-          #           "service": "sampleservice.googleapis.com"
-          #           "audit_log_configs": [
-          #             {
-          #               "log_type": "DATA_READ",
-          #             },
-          #             {
-          #               "log_type": "DATA_WRITE",
-          #               "exempted_members": [
-          #                 "user:aliya@example.com"
-          #               ]
-          #             }
-          #           ]
-          #         }
-          #       ]
-          #     }
-          #
-          # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
-          # logging. It also exempts jose@example.com from DATA_READ logging, and
-          # aliya@example.com from DATA_WRITE logging.
-        "auditLogConfigs": [ # The configuration for logging of each type of permission.
-          { # Provides the configuration for logging a type of permissions.
-              # Example:
-              #
-              #     {
-              #       "audit_log_configs": [
-              #         {
-              #           "log_type": "DATA_READ",
-              #           "exempted_members": [
-              #             "user:jose@example.com"
-              #           ]
-              #         },
-              #         {
-              #           "log_type": "DATA_WRITE",
-              #         }
-              #       ]
-              #     }
-              #
-              # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
-              # jose@example.com from DATA_READ logging.
-            "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
-                # permission.
-                # Follows the same format of Binding.members.
-              "A String",
-            ],
-            "logType": "A String", # The log type that this config enables.
-          },
-        ],
-        "service": "A String", # Specifies a service that will be enabled for audit logging.
-            # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
-            # `allServices` is a special value that covers all services.
-      },
-    ],
-    "version": 42, # Specifies the format of the policy.
+    &quot;etag&quot;: &quot;A String&quot;, # `etag` is used for optimistic concurrency control as a way to help
+        # prevent simultaneous updates of a policy from overwriting each other.
+        # It is strongly suggested that systems make use of the `etag` in the
+        # read-modify-write cycle to perform policy updates in order to avoid race
+        # conditions: An `etag` is returned in the response to `getIamPolicy`, and
+        # systems are expected to put that etag in the request to `setIamPolicy` to
+        # ensure that their change will be applied to the same version of the policy.
+        #
+        # **Important:** If you use IAM Conditions, you must include the `etag` field
+        # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+        # you to overwrite a version `3` policy with a version `1` policy, and all of
+        # the conditions in the version `3` policy are lost.
+    &quot;version&quot;: 42, # Specifies the format of the policy.
         #
         # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
         # are rejected.
@@ -1436,57 +1401,153 @@
         #
         # If a policy does not include any conditions, operations on that policy may
         # specify any valid version or leave the field unset.
-    "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a
+        #
+        # To learn which resources support conditions in their IAM policies, see the
+        # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    &quot;auditConfigs&quot;: [ # Specifies cloud audit logging configuration for this policy.
+      { # Specifies the audit configuration for a service.
+          # The configuration determines which permission types are logged, and what
+          # identities, if any, are exempted from logging.
+          # An AuditConfig must have one or more AuditLogConfigs.
+          #
+          # If there are AuditConfigs for both `allServices` and a specific service,
+          # the union of the two AuditConfigs is used for that service: the log_types
+          # specified in each AuditConfig are enabled, and the exempted_members in each
+          # AuditLogConfig are exempted.
+          #
+          # Example Policy with multiple AuditConfigs:
+          #
+          #     {
+          #       &quot;audit_configs&quot;: [
+          #         {
+          #           &quot;service&quot;: &quot;allServices&quot;
+          #           &quot;audit_log_configs&quot;: [
+          #             {
+          #               &quot;log_type&quot;: &quot;DATA_READ&quot;,
+          #               &quot;exempted_members&quot;: [
+          #                 &quot;user:jose@example.com&quot;
+          #               ]
+          #             },
+          #             {
+          #               &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
+          #             },
+          #             {
+          #               &quot;log_type&quot;: &quot;ADMIN_READ&quot;,
+          #             }
+          #           ]
+          #         },
+          #         {
+          #           &quot;service&quot;: &quot;sampleservice.googleapis.com&quot;
+          #           &quot;audit_log_configs&quot;: [
+          #             {
+          #               &quot;log_type&quot;: &quot;DATA_READ&quot;,
+          #             },
+          #             {
+          #               &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
+          #               &quot;exempted_members&quot;: [
+          #                 &quot;user:aliya@example.com&quot;
+          #               ]
+          #             }
+          #           ]
+          #         }
+          #       ]
+          #     }
+          #
+          # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
+          # logging. It also exempts jose@example.com from DATA_READ logging, and
+          # aliya@example.com from DATA_WRITE logging.
+        &quot;service&quot;: &quot;A String&quot;, # Specifies a service that will be enabled for audit logging.
+            # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
+            # `allServices` is a special value that covers all services.
+        &quot;auditLogConfigs&quot;: [ # The configuration for logging of each type of permission.
+          { # Provides the configuration for logging a type of permissions.
+              # Example:
+              #
+              #     {
+              #       &quot;audit_log_configs&quot;: [
+              #         {
+              #           &quot;log_type&quot;: &quot;DATA_READ&quot;,
+              #           &quot;exempted_members&quot;: [
+              #             &quot;user:jose@example.com&quot;
+              #           ]
+              #         },
+              #         {
+              #           &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
+              #         }
+              #       ]
+              #     }
+              #
+              # This enables &#x27;DATA_READ&#x27; and &#x27;DATA_WRITE&#x27; logging, while exempting
+              # jose@example.com from DATA_READ logging.
+            &quot;exemptedMembers&quot;: [ # Specifies the identities that do not cause logging for this type of
+                # permission.
+                # Follows the same format of Binding.members.
+              &quot;A String&quot;,
+            ],
+            &quot;logType&quot;: &quot;A String&quot;, # The log type that this config enables.
+          },
+        ],
+      },
+    ],
+    &quot;bindings&quot;: [ # Associates a list of `members` to a `role`. Optionally, may specify a
         # `condition` that determines how and when the `bindings` are applied. Each
         # of the `bindings` must contain at least one member.
       { # Associates `members` with a `role`.
-        "role": "A String", # Role that is assigned to `members`.
+        &quot;role&quot;: &quot;A String&quot;, # Role that is assigned to `members`.
             # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
-        "condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
-            # NOTE: An unsatisfied condition will not allow user access via current
-            # binding. Different bindings, including their conditions, are examined
-            # independently.
+        &quot;condition&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
+            #
+            # If the condition evaluates to `true`, then this binding applies to the
+            # current request.
+            #
+            # If the condition evaluates to `false`, then this binding does not apply to
+            # the current request. However, a different role binding might grant the same
+            # role to one or more of the members in this binding.
+            #
+            # To learn which resources support conditions in their IAM policies, see the
+            # [IAM
+            # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
             # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
             # are documented at https://github.com/google/cel-spec.
             #
             # Example (Comparison):
             #
-            #     title: "Summary size limit"
-            #     description: "Determines if a summary is less than 100 chars"
-            #     expression: "document.summary.size() &lt; 100"
+            #     title: &quot;Summary size limit&quot;
+            #     description: &quot;Determines if a summary is less than 100 chars&quot;
+            #     expression: &quot;document.summary.size() &lt; 100&quot;
             #
             # Example (Equality):
             #
-            #     title: "Requestor is owner"
-            #     description: "Determines if requestor is the document owner"
-            #     expression: "document.owner == request.auth.claims.email"
+            #     title: &quot;Requestor is owner&quot;
+            #     description: &quot;Determines if requestor is the document owner&quot;
+            #     expression: &quot;document.owner == request.auth.claims.email&quot;
             #
             # Example (Logic):
             #
-            #     title: "Public documents"
-            #     description: "Determine whether the document should be publicly visible"
-            #     expression: "document.type != 'private' &amp;&amp; document.type != 'internal'"
+            #     title: &quot;Public documents&quot;
+            #     description: &quot;Determine whether the document should be publicly visible&quot;
+            #     expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
             #
             # Example (Data Manipulation):
             #
-            #     title: "Notification string"
-            #     description: "Create a notification string with a timestamp."
-            #     expression: "'New message received at ' + string(document.create_time)"
+            #     title: &quot;Notification string&quot;
+            #     description: &quot;Create a notification string with a timestamp.&quot;
+            #     expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
             #
             # The exact variables and functions that may be referenced within an expression
             # are determined by the service that evaluates it. See the service
             # documentation for additional information.
-          "description": "A String", # Optional. Description of the expression. This is a longer text which
-              # describes the expression, e.g. when hovered over it in a UI.
-          "expression": "A String", # Textual representation of an expression in Common Expression Language
-              # syntax.
-          "location": "A String", # Optional. String indicating the location of the expression for error
-              # reporting, e.g. a file name and a position in the file.
-          "title": "A String", # Optional. Title for the expression, i.e. a short string describing
+          &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
               # its purpose. This can be used e.g. in UIs which allow to enter the
               # expression.
+          &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
+              # reporting, e.g. a file name and a position in the file.
+          &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
+              # describes the expression, e.g. when hovered over it in a UI.
+          &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
+              # syntax.
         },
-        "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
+        &quot;members&quot;: [ # Specifies the identities requesting access for a Cloud Platform resource.
             # `members` can have the following values:
             #
             # * `allUsers`: A special identifier that represents anyone who is
@@ -1529,30 +1590,18 @@
             # * `domain:{domain}`: The G Suite domain (primary) that represents all the
             #    users of that domain. For example, `google.com` or `example.com`.
             #
-          "A String",
+          &quot;A String&quot;,
         ],
       },
     ],
-    "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
-        # prevent simultaneous updates of a policy from overwriting each other.
-        # It is strongly suggested that systems make use of the `etag` in the
-        # read-modify-write cycle to perform policy updates in order to avoid race
-        # conditions: An `etag` is returned in the response to `getIamPolicy`, and
-        # systems are expected to put that etag in the request to `setIamPolicy` to
-        # ensure that their change will be applied to the same version of the policy.
-        #
-        # **Important:** If you use IAM Conditions, you must include the `etag` field
-        # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
-        # you to overwrite a version `3` policy with a version `1` policy, and all of
-        # the conditions in the version `3` policy are lost.
   }</pre>
 </div>
 
 <div class="method">
     <code class="details" id="testIamPermissions">testIamPermissions(resource, body=None, x__xgafv=None)</code>
   <pre>Returns permissions that a caller has on the specified Folder.
-The `resource` field should be the Folder's resource name,
-e.g. "folders/1234".
+The `resource` field should be the Folder&#x27;s resource name,
+e.g. &quot;folders/1234&quot;.
 
 There are no permissions required for making this API call.
 
@@ -1563,11 +1612,11 @@
     The object takes the form of:
 
 { # Request message for `TestIamPermissions` method.
-    "permissions": [ # The set of permissions to check for the `resource`. Permissions with
-        # wildcards (such as '*' or 'storage.*') are not allowed. For more
+    &quot;permissions&quot;: [ # The set of permissions to check for the `resource`. Permissions with
+        # wildcards (such as &#x27;*&#x27; or &#x27;storage.*&#x27;) are not allowed. For more
         # information see
         # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
-      "A String",
+      &quot;A String&quot;,
     ],
   }
 
@@ -1580,9 +1629,9 @@
   An object of the form:
 
     { # Response message for `TestIamPermissions` method.
-    "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is
+    &quot;permissions&quot;: [ # A subset of `TestPermissionsRequest.permissions` that the caller is
         # allowed.
-      "A String",
+      &quot;A String&quot;,
     ],
   }</pre>
 </div>
@@ -1592,7 +1641,7 @@
   <pre>Cancels the deletion request for a Folder. This method may only be
 called on a Folder in the
 DELETE_REQUESTED state.
-In order to succeed, the Folder's parent must be in the
+In order to succeed, the Folder&#x27;s parent must be in the
 ACTIVE state.
 In addition, reintroducing the folder into the tree must not violate
 folder naming, height and fanout constraints described in the
@@ -1617,25 +1666,25 @@
 Returns:
   An object of the form:
 
-    { # A Folder in an Organization's resource hierarchy, used to
-      # organize that Organization's resources.
-    "lifecycleState": "A String", # Output only. The lifecycle state of the folder.
+    { # A Folder in an Organization&#x27;s resource hierarchy, used to
+      # organize that Organization&#x27;s resources.
+    &quot;lifecycleState&quot;: &quot;A String&quot;, # Output only. The lifecycle state of the folder.
         # Updates to the lifecycle_state must be performed via
         # DeleteFolder and
         # UndeleteFolder.
-    "displayName": "A String", # The folder’s display name.
+    &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name of the Folder.
+        # Its format is `folders/{folder_id}`, for example: &quot;folders/1234&quot;.
+    &quot;displayName&quot;: &quot;A String&quot;, # The folder’s display name.
         # A folder’s display name must be unique amongst its siblings, e.g.
         # no two folders with the same parent can share the same display name.
         # The display name must start and end with a letter or digit, may contain
         # letters, digits, spaces, hyphens and underscores and can be no longer
         # than 30 characters. This is captured by the regular expression:
         # [\p{L}\p{N}]([\p{L}\p{N}_- ]{0,28}[\p{L}\p{N}])?.
-    "name": "A String", # Output only. The resource name of the Folder.
-        # Its format is `folders/{folder_id}`, for example: "folders/1234".
-    "parent": "A String", # Required. The Folder’s parent's resource name.
-        # Updates to the folder's parent must be performed via
+    &quot;parent&quot;: &quot;A String&quot;, # Required. The Folder’s parent&#x27;s resource name.
+        # Updates to the folder&#x27;s parent must be performed via
         # MoveFolder.
-    "createTime": "A String", # Output only. Timestamp when the Folder was created. Assigned by the server.
+    &quot;createTime&quot;: &quot;A String&quot;, # Output only. Timestamp when the Folder was created. Assigned by the server.
   }</pre>
 </div>