docs: docs update (#911)

Thank you for opening a Pull Request! Before submitting your PR, there are a few things you can do to make sure it goes smoothly:
- [ ] Make sure to open an issue as a [bug/issue](https://github.com/googleapis/google-api-python-client/issues/new/choose) before writing your code!  That way we can discuss the change, evaluate designs, and agree on the general idea
- [ ] Ensure the tests and linter pass
- [ ] Code coverage does not decrease (if any source code was changed)
- [ ] Appropriate docs were updated (if necessary)

Fixes #<issue_number_goes_here> 🦕
diff --git a/docs/dyn/servicemanagement_v1.services.html b/docs/dyn/servicemanagement_v1.services.html
index b001510..36b3e13 100644
--- a/docs/dyn/servicemanagement_v1.services.html
+++ b/docs/dyn/servicemanagement_v1.services.html
@@ -108,13 +108,13 @@
   <code><a href="#get">get(serviceName, x__xgafv=None)</a></code></p>
 <p class="firstline">Gets a managed service. Authentication is required unless the service is</p>
 <p class="toc_element">
-  <code><a href="#getConfig">getConfig(serviceName, configId=None, x__xgafv=None, view=None)</a></code></p>
+  <code><a href="#getConfig">getConfig(serviceName, configId=None, view=None, x__xgafv=None)</a></code></p>
 <p class="firstline">Gets a service configuration (version) for a managed service.</p>
 <p class="toc_element">
   <code><a href="#getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</a></code></p>
 <p class="firstline">Gets the access control policy for a resource.</p>
 <p class="toc_element">
-  <code><a href="#list">list(producerProjectId=None, pageSize=None, pageToken=None, consumerId=None, x__xgafv=None)</a></code></p>
+  <code><a href="#list">list(consumerId=None, pageToken=None, pageSize=None, producerProjectId=None, x__xgafv=None)</a></code></p>
 <p class="firstline">Lists managed services.</p>
 <p class="toc_element">
   <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
@@ -149,9 +149,9 @@
 
 { # The full representation of a Service that is managed by
     # Google Service Management.
-  "serviceName": "A String", # The name of the service. See the [overview](/service-management/overview)
+  &quot;producerProjectId&quot;: &quot;A String&quot;, # ID of the project that produces and owns this service.
+  &quot;serviceName&quot;: &quot;A String&quot;, # The name of the service. See the [overview](/service-management/overview)
       # for naming requirements.
-  "producerProjectId": "A String", # ID of the project that produces and owns this service.
 }
 
   x__xgafv: string, V1 error format.
@@ -164,34 +164,16 @@
 
     { # This resource represents a long-running operation that is the result of a
       # network API call.
-    "metadata": { # Service-specific metadata associated with the operation.  It typically
+    &quot;metadata&quot;: { # Service-specific metadata associated with the operation.  It typically
         # contains progress information and common metadata such as create time.
         # Some services might not provide such metadata.  Any method that returns a
         # long-running operation should document the metadata type, if any.
-      "a_key": "", # Properties of the object. Contains field @type with type URL.
+      &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
     },
-    "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
-        # different programming environments, including REST APIs and RPC APIs. It is
-        # used by [gRPC](https://github.com/grpc). Each `Status` message contains
-        # three pieces of data: error code, error message, and error details.
-        #
-        # You can find out more about this error model and how to work with it in the
-        # [API Design Guide](https://cloud.google.com/apis/design/errors).
-      "message": "A String", # A developer-facing error message, which should be in English. Any
-          # user-facing error message should be localized and sent in the
-          # google.rpc.Status.details field, or localized by the client.
-      "code": 42, # The status code, which should be an enum value of google.rpc.Code.
-      "details": [ # A list of messages that carry the error details.  There is a common set of
-          # message types for APIs to use.
-        {
-          "a_key": "", # Properties of the object. Contains field @type with type URL.
-        },
-      ],
-    },
-    "done": True or False, # If the value is `false`, it means the operation is still in progress.
+    &quot;done&quot;: True or False, # If the value is `false`, it means the operation is still in progress.
         # If `true`, the operation is completed, and either `error` or `response` is
         # available.
-    "response": { # The normal response of the operation in case of success.  If the original
+    &quot;response&quot;: { # The normal response of the operation in case of success.  If the original
         # method returns no data on success, such as `Delete`, the response is
         # `google.protobuf.Empty`.  If the original method is standard
         # `Get`/`Create`/`Update`, the response should be the resource.  For other
@@ -199,11 +181,29 @@
         # is the original method name.  For example, if the original method name
         # is `TakeSnapshot()`, the inferred response type is
         # `TakeSnapshotResponse`.
-      "a_key": "", # Properties of the object. Contains field @type with type URL.
+      &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
     },
-    "name": "A String", # The server-assigned name, which is only unique within the same service that
+    &quot;name&quot;: &quot;A String&quot;, # The server-assigned name, which is only unique within the same service that
         # originally returns it. If you use the default HTTP mapping, the
         # `name` should be a resource name ending with `operations/{unique_id}`.
+    &quot;error&quot;: { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
+        # different programming environments, including REST APIs and RPC APIs. It is
+        # used by [gRPC](https://github.com/grpc). Each `Status` message contains
+        # three pieces of data: error code, error message, and error details.
+        #
+        # You can find out more about this error model and how to work with it in the
+        # [API Design Guide](https://cloud.google.com/apis/design/errors).
+      &quot;details&quot;: [ # A list of messages that carry the error details.  There is a common set of
+          # message types for APIs to use.
+        {
+          &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
+        },
+      ],
+      &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
+      &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any
+          # user-facing error message should be localized and sent in the
+          # google.rpc.Status.details field, or localized by the client.
+    },
   }</pre>
 </div>
 
@@ -229,34 +229,16 @@
 
     { # This resource represents a long-running operation that is the result of a
       # network API call.
-    "metadata": { # Service-specific metadata associated with the operation.  It typically
+    &quot;metadata&quot;: { # Service-specific metadata associated with the operation.  It typically
         # contains progress information and common metadata such as create time.
         # Some services might not provide such metadata.  Any method that returns a
         # long-running operation should document the metadata type, if any.
-      "a_key": "", # Properties of the object. Contains field @type with type URL.
+      &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
     },
-    "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
-        # different programming environments, including REST APIs and RPC APIs. It is
-        # used by [gRPC](https://github.com/grpc). Each `Status` message contains
-        # three pieces of data: error code, error message, and error details.
-        #
-        # You can find out more about this error model and how to work with it in the
-        # [API Design Guide](https://cloud.google.com/apis/design/errors).
-      "message": "A String", # A developer-facing error message, which should be in English. Any
-          # user-facing error message should be localized and sent in the
-          # google.rpc.Status.details field, or localized by the client.
-      "code": 42, # The status code, which should be an enum value of google.rpc.Code.
-      "details": [ # A list of messages that carry the error details.  There is a common set of
-          # message types for APIs to use.
-        {
-          "a_key": "", # Properties of the object. Contains field @type with type URL.
-        },
-      ],
-    },
-    "done": True or False, # If the value is `false`, it means the operation is still in progress.
+    &quot;done&quot;: True or False, # If the value is `false`, it means the operation is still in progress.
         # If `true`, the operation is completed, and either `error` or `response` is
         # available.
-    "response": { # The normal response of the operation in case of success.  If the original
+    &quot;response&quot;: { # The normal response of the operation in case of success.  If the original
         # method returns no data on success, such as `Delete`, the response is
         # `google.protobuf.Empty`.  If the original method is standard
         # `Get`/`Create`/`Update`, the response should be the resource.  For other
@@ -264,11 +246,29 @@
         # is the original method name.  For example, if the original method name
         # is `TakeSnapshot()`, the inferred response type is
         # `TakeSnapshotResponse`.
-      "a_key": "", # Properties of the object. Contains field @type with type URL.
+      &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
     },
-    "name": "A String", # The server-assigned name, which is only unique within the same service that
+    &quot;name&quot;: &quot;A String&quot;, # The server-assigned name, which is only unique within the same service that
         # originally returns it. If you use the default HTTP mapping, the
         # `name` should be a resource name ending with `operations/{unique_id}`.
+    &quot;error&quot;: { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
+        # different programming environments, including REST APIs and RPC APIs. It is
+        # used by [gRPC](https://github.com/grpc). Each `Status` message contains
+        # three pieces of data: error code, error message, and error details.
+        #
+        # You can find out more about this error model and how to work with it in the
+        # [API Design Guide](https://cloud.google.com/apis/design/errors).
+      &quot;details&quot;: [ # A list of messages that carry the error details.  There is a common set of
+          # message types for APIs to use.
+        {
+          &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
+        },
+      ],
+      &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
+      &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any
+          # user-facing error message should be localized and sent in the
+          # google.rpc.Status.details field, or localized by the client.
+    },
   }</pre>
 </div>
 
@@ -287,12 +287,12 @@
     The object takes the form of:
 
 { # Request message for DisableService method.
-    "consumerId": "A String", # Required. The identity of consumer resource which service disablement will be
+    &quot;consumerId&quot;: &quot;A String&quot;, # Required. The identity of consumer resource which service disablement will be
         # applied to.
         # 
         # The Google Service Management implementation accepts the following
         # forms:
-        # - "project:&lt;project_id&gt;"
+        # - &quot;project:&lt;project_id&gt;&quot;
         # 
         # Note: this is made compatible with
         # google.api.servicecontrol.v1.Operation.consumer_id.
@@ -308,34 +308,16 @@
 
     { # This resource represents a long-running operation that is the result of a
       # network API call.
-    "metadata": { # Service-specific metadata associated with the operation.  It typically
+    &quot;metadata&quot;: { # Service-specific metadata associated with the operation.  It typically
         # contains progress information and common metadata such as create time.
         # Some services might not provide such metadata.  Any method that returns a
         # long-running operation should document the metadata type, if any.
-      "a_key": "", # Properties of the object. Contains field @type with type URL.
+      &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
     },
-    "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
-        # different programming environments, including REST APIs and RPC APIs. It is
-        # used by [gRPC](https://github.com/grpc). Each `Status` message contains
-        # three pieces of data: error code, error message, and error details.
-        #
-        # You can find out more about this error model and how to work with it in the
-        # [API Design Guide](https://cloud.google.com/apis/design/errors).
-      "message": "A String", # A developer-facing error message, which should be in English. Any
-          # user-facing error message should be localized and sent in the
-          # google.rpc.Status.details field, or localized by the client.
-      "code": 42, # The status code, which should be an enum value of google.rpc.Code.
-      "details": [ # A list of messages that carry the error details.  There is a common set of
-          # message types for APIs to use.
-        {
-          "a_key": "", # Properties of the object. Contains field @type with type URL.
-        },
-      ],
-    },
-    "done": True or False, # If the value is `false`, it means the operation is still in progress.
+    &quot;done&quot;: True or False, # If the value is `false`, it means the operation is still in progress.
         # If `true`, the operation is completed, and either `error` or `response` is
         # available.
-    "response": { # The normal response of the operation in case of success.  If the original
+    &quot;response&quot;: { # The normal response of the operation in case of success.  If the original
         # method returns no data on success, such as `Delete`, the response is
         # `google.protobuf.Empty`.  If the original method is standard
         # `Get`/`Create`/`Update`, the response should be the resource.  For other
@@ -343,11 +325,29 @@
         # is the original method name.  For example, if the original method name
         # is `TakeSnapshot()`, the inferred response type is
         # `TakeSnapshotResponse`.
-      "a_key": "", # Properties of the object. Contains field @type with type URL.
+      &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
     },
-    "name": "A String", # The server-assigned name, which is only unique within the same service that
+    &quot;name&quot;: &quot;A String&quot;, # The server-assigned name, which is only unique within the same service that
         # originally returns it. If you use the default HTTP mapping, the
         # `name` should be a resource name ending with `operations/{unique_id}`.
+    &quot;error&quot;: { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
+        # different programming environments, including REST APIs and RPC APIs. It is
+        # used by [gRPC](https://github.com/grpc). Each `Status` message contains
+        # three pieces of data: error code, error message, and error details.
+        #
+        # You can find out more about this error model and how to work with it in the
+        # [API Design Guide](https://cloud.google.com/apis/design/errors).
+      &quot;details&quot;: [ # A list of messages that carry the error details.  There is a common set of
+          # message types for APIs to use.
+        {
+          &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
+        },
+      ],
+      &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
+      &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any
+          # user-facing error message should be localized and sent in the
+          # google.rpc.Status.details field, or localized by the client.
+    },
   }</pre>
 </div>
 
@@ -367,12 +367,12 @@
     The object takes the form of:
 
 { # Request message for EnableService method.
-    "consumerId": "A String", # Required. The identity of consumer resource which service enablement will be
+    &quot;consumerId&quot;: &quot;A String&quot;, # Required. The identity of consumer resource which service enablement will be
         # applied to.
         # 
         # The Google Service Management implementation accepts the following
         # forms:
-        # - "project:&lt;project_id&gt;"
+        # - &quot;project:&lt;project_id&gt;&quot;
         # 
         # Note: this is made compatible with
         # google.api.servicecontrol.v1.Operation.consumer_id.
@@ -388,34 +388,16 @@
 
     { # This resource represents a long-running operation that is the result of a
       # network API call.
-    "metadata": { # Service-specific metadata associated with the operation.  It typically
+    &quot;metadata&quot;: { # Service-specific metadata associated with the operation.  It typically
         # contains progress information and common metadata such as create time.
         # Some services might not provide such metadata.  Any method that returns a
         # long-running operation should document the metadata type, if any.
-      "a_key": "", # Properties of the object. Contains field @type with type URL.
+      &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
     },
-    "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
-        # different programming environments, including REST APIs and RPC APIs. It is
-        # used by [gRPC](https://github.com/grpc). Each `Status` message contains
-        # three pieces of data: error code, error message, and error details.
-        #
-        # You can find out more about this error model and how to work with it in the
-        # [API Design Guide](https://cloud.google.com/apis/design/errors).
-      "message": "A String", # A developer-facing error message, which should be in English. Any
-          # user-facing error message should be localized and sent in the
-          # google.rpc.Status.details field, or localized by the client.
-      "code": 42, # The status code, which should be an enum value of google.rpc.Code.
-      "details": [ # A list of messages that carry the error details.  There is a common set of
-          # message types for APIs to use.
-        {
-          "a_key": "", # Properties of the object. Contains field @type with type URL.
-        },
-      ],
-    },
-    "done": True or False, # If the value is `false`, it means the operation is still in progress.
+    &quot;done&quot;: True or False, # If the value is `false`, it means the operation is still in progress.
         # If `true`, the operation is completed, and either `error` or `response` is
         # available.
-    "response": { # The normal response of the operation in case of success.  If the original
+    &quot;response&quot;: { # The normal response of the operation in case of success.  If the original
         # method returns no data on success, such as `Delete`, the response is
         # `google.protobuf.Empty`.  If the original method is standard
         # `Get`/`Create`/`Update`, the response should be the resource.  For other
@@ -423,11 +405,29 @@
         # is the original method name.  For example, if the original method name
         # is `TakeSnapshot()`, the inferred response type is
         # `TakeSnapshotResponse`.
-      "a_key": "", # Properties of the object. Contains field @type with type URL.
+      &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
     },
-    "name": "A String", # The server-assigned name, which is only unique within the same service that
+    &quot;name&quot;: &quot;A String&quot;, # The server-assigned name, which is only unique within the same service that
         # originally returns it. If you use the default HTTP mapping, the
         # `name` should be a resource name ending with `operations/{unique_id}`.
+    &quot;error&quot;: { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
+        # different programming environments, including REST APIs and RPC APIs. It is
+        # used by [gRPC](https://github.com/grpc). Each `Status` message contains
+        # three pieces of data: error code, error message, and error details.
+        #
+        # You can find out more about this error model and how to work with it in the
+        # [API Design Guide](https://cloud.google.com/apis/design/errors).
+      &quot;details&quot;: [ # A list of messages that carry the error details.  There is a common set of
+          # message types for APIs to use.
+        {
+          &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
+        },
+      ],
+      &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
+      &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any
+          # user-facing error message should be localized and sent in the
+          # google.rpc.Status.details field, or localized by the client.
+    },
   }</pre>
 </div>
 
@@ -450,19 +450,19 @@
     The object takes the form of:
 
 { # Request message for GenerateConfigReport method.
-    "newConfig": { # Required. Service configuration for which we want to generate the report.
+    &quot;oldConfig&quot;: { # Optional. Service configuration against which the comparison will be done.
         # For this version of API, the supported types are
         # google.api.servicemanagement.v1.ConfigRef,
         # google.api.servicemanagement.v1.ConfigSource,
         # and google.api.Service
-      "a_key": "", # Properties of the object. Contains field @type with type URL.
+      &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
     },
-    "oldConfig": { # Optional. Service configuration against which the comparison will be done.
+    &quot;newConfig&quot;: { # Required. Service configuration for which we want to generate the report.
         # For this version of API, the supported types are
         # google.api.servicemanagement.v1.ConfigRef,
         # google.api.servicemanagement.v1.ConfigSource,
         # and google.api.Service
-      "a_key": "", # Properties of the object. Contains field @type with type URL.
+      &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
     },
   }
 
@@ -475,60 +475,60 @@
   An object of the form:
 
     { # Response message for GenerateConfigReport method.
-    "serviceName": "A String", # Name of the service this report belongs to.
-    "changeReports": [ # list of ChangeReport, each corresponding to comparison between two
+    &quot;changeReports&quot;: [ # list of ChangeReport, each corresponding to comparison between two
         # service configurations.
       { # Change report associated with a particular service configuration.
           #
           # It contains a list of ConfigChanges based on the comparison between
           # two service configurations.
-        "configChanges": [ # List of changes between two service configurations.
+        &quot;configChanges&quot;: [ # List of changes between two service configurations.
             # The changes will be alphabetically sorted based on the identifier
             # of each change.
             # A ConfigChange identifier is a dot separated path to the configuration.
-            # Example: visibility.rules[selector='LibraryService.CreateBook'].restriction
+            # Example: visibility.rules[selector=&#x27;LibraryService.CreateBook&#x27;].restriction
           { # Output generated from semantically comparing two versions of a service
               # configuration.
               #
               # Includes detailed information about a field that have changed with
               # applicable advice about potential consequences for the change, such as
               # backwards-incompatibility.
-            "advices": [ # Collection of advice provided for this change, useful for determining the
+            &quot;element&quot;: &quot;A String&quot;, # Object hierarchy path to the change, with levels separated by a &#x27;.&#x27;
+                # character. For repeated fields, an applicable unique identifier field is
+                # used for the index (usually selector, name, or id). For maps, the term
+                # &#x27;key&#x27; is used. If the field has no unique identifier, the numeric index
+                # is used.
+                # Examples:
+                # - visibility.rules[selector==&quot;google.LibraryService.ListBooks&quot;].restriction
+                # - quota.metric_rules[selector==&quot;google&quot;].metric_costs[key==&quot;reads&quot;].value
+                # - logging.producer_destinations[0]
+            &quot;oldValue&quot;: &quot;A String&quot;, # Value of the changed object in the old Service configuration,
+                # in JSON format. This field will not be populated if ChangeType == ADDED.
+            &quot;advices&quot;: [ # Collection of advice provided for this change, useful for determining the
                 # possible impact of this change.
               { # Generated advice about this change, used for providing more
                   # information about how a change will affect the existing service.
-                "description": "A String", # Useful description for why this advice was applied and what actions should
+                &quot;description&quot;: &quot;A String&quot;, # Useful description for why this advice was applied and what actions should
                     # be taken to mitigate any implied risks.
               },
             ],
-            "changeType": "A String", # The type for this change, either ADDED, REMOVED, or MODIFIED.
-            "newValue": "A String", # Value of the changed object in the new Service configuration,
+            &quot;newValue&quot;: &quot;A String&quot;, # Value of the changed object in the new Service configuration,
                 # in JSON format. This field will not be populated if ChangeType == REMOVED.
-            "oldValue": "A String", # Value of the changed object in the old Service configuration,
-                # in JSON format. This field will not be populated if ChangeType == ADDED.
-            "element": "A String", # Object hierarchy path to the change, with levels separated by a '.'
-                # character. For repeated fields, an applicable unique identifier field is
-                # used for the index (usually selector, name, or id). For maps, the term
-                # 'key' is used. If the field has no unique identifier, the numeric index
-                # is used.
-                # Examples:
-                # - visibility.rules[selector=="google.LibraryService.ListBooks"].restriction
-                # - quota.metric_rules[selector=="google"].metric_costs[key=="reads"].value
-                # - logging.producer_destinations[0]
+            &quot;changeType&quot;: &quot;A String&quot;, # The type for this change, either ADDED, REMOVED, or MODIFIED.
           },
         ],
       },
     ],
-    "id": "A String", # ID of the service configuration this report belongs to.
-    "diagnostics": [ # Errors / Linter warnings associated with the service definition this
+    &quot;id&quot;: &quot;A String&quot;, # ID of the service configuration this report belongs to.
+    &quot;diagnostics&quot;: [ # Errors / Linter warnings associated with the service definition this
         # report
         # belongs to.
       { # Represents a diagnostic message (error or warning)
-        "kind": "A String", # The kind of diagnostic information provided.
-        "message": "A String", # Message describing the error or warning.
-        "location": "A String", # File name and line number of the error or warning.
+        &quot;kind&quot;: &quot;A String&quot;, # The kind of diagnostic information provided.
+        &quot;message&quot;: &quot;A String&quot;, # Message describing the error or warning.
+        &quot;location&quot;: &quot;A String&quot;, # File name and line number of the error or warning.
       },
     ],
+    &quot;serviceName&quot;: &quot;A String&quot;, # Name of the service this report belongs to.
   }</pre>
 </div>
 
@@ -550,14 +550,14 @@
 
     { # The full representation of a Service that is managed by
       # Google Service Management.
-    "serviceName": "A String", # The name of the service. See the [overview](/service-management/overview)
+    &quot;producerProjectId&quot;: &quot;A String&quot;, # ID of the project that produces and owns this service.
+    &quot;serviceName&quot;: &quot;A String&quot;, # The name of the service. See the [overview](/service-management/overview)
         # for naming requirements.
-    "producerProjectId": "A String", # ID of the project that produces and owns this service.
   }</pre>
 </div>
 
 <div class="method">
-    <code class="details" id="getConfig">getConfig(serviceName, configId=None, x__xgafv=None, view=None)</code>
+    <code class="details" id="getConfig">getConfig(serviceName, configId=None, view=None, x__xgafv=None)</code>
   <pre>Gets a service configuration (version) for a managed service.
 
 Args:
@@ -567,12 +567,12 @@
 
 This field must be specified for the server to return all fields, including
 `SourceInfo`.
+  view: string, Specifies which parts of the Service Config should be returned in the
+response.
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
       2 - v2 error format
-  view: string, Specifies which parts of the Service Config should be returned in the
-response.
 
 Returns:
   An object of the form:
@@ -597,240 +597,10 @@
       #         jwks_uri: https://www.googleapis.com/oauth2/v1/certs
       #         issuer: https://securetoken.google.com
       #       rules:
-      #       - selector: "*"
+      #       - selector: &quot;*&quot;
       #         requirements:
       #           provider_id: google_calendar_auth
-    "control": { # Selects and configures the service controller used by the service.  The # Configuration for the service control plane.
-        # service controller handles features like abuse, quota, billing, logging,
-        # monitoring, etc.
-      "environment": "A String", # The service control environment to use. If empty, no control plane
-          # feature (like quota and billing) will be enabled.
-    },
-    "monitoredResources": [ # Defines the monitored resources used by this service. This is required
-        # by the Service.monitoring and Service.logging configurations.
-      { # An object that describes the schema of a MonitoredResource object using a
-          # type name and a set of labels.  For example, the monitored resource
-          # descriptor for Google Compute Engine VM instances has a type of
-          # `"gce_instance"` and specifies the use of the labels `"instance_id"` and
-          # `"zone"` to identify particular VM instances.
-          #
-          # Different APIs can support different monitored resource types. APIs generally
-          # provide a `list` method that returns the monitored resource descriptors used
-          # by the API.
-        "displayName": "A String", # Optional. A concise name for the monitored resource type that might be
-            # displayed in user interfaces. It should be a Title Cased Noun Phrase,
-            # without any article or other determiners. For example,
-            # `"Google Cloud SQL Database"`.
-        "description": "A String", # Optional. A detailed description of the monitored resource type that might
-            # be used in documentation.
-        "labels": [ # Required. A set of labels used to describe instances of this monitored
-            # resource type. For example, an individual Google Cloud SQL database is
-            # identified by values for the labels `"database_id"` and `"zone"`.
-          { # A description of a label.
-            "valueType": "A String", # The type of data that can be assigned to the label.
-            "description": "A String", # A human-readable description for the label.
-            "key": "A String", # The label key.
-          },
-        ],
-        "launchStage": "A String", # Optional. The launch stage of the monitored resource definition.
-        "type": "A String", # Required. The monitored resource type. For example, the type
-            # `"cloudsql_database"` represents databases in Google Cloud SQL.
-            # The maximum length of this value is 256 characters.
-        "name": "A String", # Optional. The resource name of the monitored resource descriptor:
-            # `"projects/{project_id}/monitoredResourceDescriptors/{type}"` where
-            # {type} is the value of the `type` field in this object and
-            # {project_id} is a project ID that provides API-specific context for
-            # accessing the type.  APIs that do not use project information can use the
-            # resource name format `"monitoredResourceDescriptors/{type}"`.
-      },
-    ],
-    "logs": [ # Defines the logs used by this service.
-      { # A description of a log type. Example in YAML format:
-          #
-          #     - name: library.googleapis.com/activity_history
-          #       description: The history of borrowing and returning library items.
-          #       display_name: Activity
-          #       labels:
-          #       - key: /customer_id
-          #         description: Identifier of a library customer
-        "labels": [ # The set of labels that are available to describe a specific log entry.
-            # Runtime requests that contain labels not specified here are
-            # considered invalid.
-          { # A description of a label.
-            "valueType": "A String", # The type of data that can be assigned to the label.
-            "description": "A String", # A human-readable description for the label.
-            "key": "A String", # The label key.
-          },
-        ],
-        "displayName": "A String", # The human-readable name for this log. This information appears on
-            # the user interface and should be concise.
-        "name": "A String", # The name of the log. It must be less than 512 characters long and can
-            # include the following characters: upper- and lower-case alphanumeric
-            # characters [A-Za-z0-9], and punctuation characters including
-            # slash, underscore, hyphen, period [/_-.].
-        "description": "A String", # A human-readable description of this log. This information appears in
-            # the documentation and can contain details.
-      },
-    ],
-    "systemParameters": { # ### System parameter configuration # System parameter configuration.
-        #
-        # A system parameter is a special kind of parameter defined by the API
-        # system, not by an individual API. It is typically mapped to an HTTP header
-        # and/or a URL query parameter. This configuration specifies which methods
-        # change the names of the system parameters.
-      "rules": [ # Define system parameters.
-          #
-          # The parameters defined here will override the default parameters
-          # implemented by the system. If this field is missing from the service
-          # config, default system parameters will be used. Default system parameters
-          # and names is implementation-dependent.
-          #
-          # Example: define api key for all methods
-          #
-          #     system_parameters
-          #       rules:
-          #         - selector: "*"
-          #           parameters:
-          #             - name: api_key
-          #               url_query_parameter: api_key
-          #
-          #
-          # Example: define 2 api key names for a specific method.
-          #
-          #     system_parameters
-          #       rules:
-          #         - selector: "/ListShelves"
-          #           parameters:
-          #             - name: api_key
-          #               http_header: Api-Key1
-          #             - name: api_key
-          #               http_header: Api-Key2
-          #
-          # **NOTE:** All service configuration rules follow "last one wins" order.
-        { # Define a system parameter rule mapping system parameter definitions to
-            # methods.
-          "parameters": [ # Define parameters. Multiple names may be defined for a parameter.
-              # For a given method call, only one of them should be used. If multiple
-              # names are used the behavior is implementation-dependent.
-              # If none of the specified names are present the behavior is
-              # parameter-dependent.
-            { # Define a parameter's name and location. The parameter may be passed as either
-                # an HTTP header or a URL query parameter, and if both are passed the behavior
-                # is implementation-dependent.
-              "urlQueryParameter": "A String", # Define the URL query parameter name to use for the parameter. It is case
-                  # sensitive.
-              "httpHeader": "A String", # Define the HTTP header name to use for the parameter. It is case
-                  # insensitive.
-              "name": "A String", # Define the name of the parameter, such as "api_key" . It is case sensitive.
-            },
-          ],
-          "selector": "A String", # Selects the methods to which this rule applies. Use '*' to indicate all
-              # methods in all APIs.
-              #
-              # Refer to selector for syntax details.
-        },
-      ],
-    },
-    "backend": { # `Backend` defines the backend configuration for a service. # API backend configuration.
-      "rules": [ # A list of API backend rules that apply to individual API methods.
-          #
-          # **NOTE:** All service configuration rules follow "last one wins" order.
-        { # A backend rule provides configuration for an individual API element.
-          "jwtAudience": "A String", # The JWT audience is used when generating a JWT ID token for the backend.
-              # This ID token will be added in the HTTP "authorization" header, and sent
-              # to the backend.
-          "protocol": "A String", # The protocol used for sending a request to the backend.
-              # The supported values are "http/1.1" and "h2".
-              #
-              # The default value is inferred from the scheme in the
-              # address field:
-              #
-              #    SCHEME        PROTOCOL
-              #    http://       http/1.1
-              #    https://      http/1.1
-              #    grpc://       h2
-              #    grpcs://      h2
-              #
-              # For secure HTTP backends (https://) that support HTTP/2, set this field
-              # to "h2" for improved performance.
-              #
-              # Configuring this field to non-default values is only supported for secure
-              # HTTP backends. This field will be ignored for all other backends.
-              #
-              # See
-              # https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids
-              # for more details on the supported values.
-          "pathTranslation": "A String",
-          "minDeadline": 3.14, # Minimum deadline in seconds needed for this method. Calls having deadline
-              # value lower than this will be rejected.
-          "selector": "A String", # Selects the methods to which this rule applies.
-              #
-              # Refer to selector for syntax details.
-          "operationDeadline": 3.14, # The number of seconds to wait for the completion of a long running
-              # operation. The default is no deadline.
-          "deadline": 3.14, # The number of seconds to wait for a response from a request. The default
-              # varies based on the request protocol and deployment environment.
-          "disableAuth": True or False, # When disable_auth is true, a JWT ID token won't be generated and the
-              # original "Authorization" HTTP header will be preserved. If the header is
-              # used to carry the original token and is expected by the backend, this
-              # field must be set to true to preserve the header.
-          "address": "A String", # The address of the API backend.
-              #
-              # The scheme is used to determine the backend protocol and security.
-              # The following schemes are accepted:
-              #
-              #    SCHEME        PROTOCOL    SECURITY
-              #    http://       HTTP        None
-              #    https://      HTTP        TLS
-              #    grpc://       gRPC        None
-              #    grpcs://      gRPC        TLS
-              #
-              # It is recommended to explicitly include a scheme. Leaving out the scheme
-              # may cause constrasting behaviors across platforms.
-              #
-              # If the port is unspecified, the default is:
-              # - 80 for schemes without TLS
-              # - 443 for schemes with TLS
-              #
-              # For HTTP backends, use protocol
-              # to specify the protocol version.
-          "renameTo": "A String", # Unimplemented. Do not use.
-              #
-              # The new name the selected proto elements should be renamed to.
-              #
-              # The package, the service and the method can all be renamed.
-              # The backend server should implement the renamed proto. However, clients
-              # should call the original method, and ESF routes the traffic to the renamed
-              # method.
-              #
-              # HTTP clients should call the URL mapped to the original method.
-              # gRPC and Stubby clients should call the original method with package name.
-              #
-              # For legacy reasons, ESF allows Stubby clients to call with the
-              # short name (without the package name). However, for API Versioning(or
-              # multiple methods mapped to the same short name), all Stubby clients must
-              # call the method's full name with the package name, otherwise the first one
-              # (selector) wins.
-              #
-              # If this `rename_to` is specified with a trailing `*`, the `selector` must
-              # be specified with a trailing `*` as well. The all element short names
-              # matched by the `*` in the selector will be kept in the `rename_to`.
-              #
-              # For example,
-              #     rename_rules:
-              #     - selector: |-
-              #         google.example.library.v1.*
-              #       rename_to: google.example.library.*
-              #
-              # The selector matches `google.example.library.v1.Library.CreateShelf` and
-              # `google.example.library.v1.Library.CreateBook`, they will be renamed to
-              # `google.example.library.Library.CreateShelf` and
-              # `google.example.library.Library.CreateBook`. It essentially renames the
-              # proto package name section of the matched proto service and methods.
-        },
-      ],
-    },
-    "monitoring": { # Monitoring configuration of the service. # Monitoring configuration.
+    &quot;monitoring&quot;: { # Monitoring configuration of the service. # Monitoring configuration.
         #
         # The example below shows how to configure monitored resources and metrics
         # for monitoring. In the example, a monitored resource and two metrics are
@@ -867,23 +637,7 @@
         #         metrics:
         #         - library.googleapis.com/book/returned_count
         #         - library.googleapis.com/book/overdue_count
-      "producerDestinations": [ # Monitoring configurations for sending metrics to the producer project.
-          # There can be multiple producer destinations. A monitored resouce type may
-          # appear in multiple monitoring destinations if different aggregations are
-          # needed for different sets of metrics associated with that monitored
-          # resource type. A monitored resource and metric pair may only be used once
-          # in the Monitoring configuration.
-        { # Configuration of a specific monitoring destination (the producer project
-            # or the consumer project).
-          "monitoredResource": "A String", # The monitored resource type. The type must be defined in
-              # Service.monitored_resources section.
-          "metrics": [ # Types of the metrics to report to this monitoring destination.
-              # Each type must be defined in Service.metrics section.
-            "A String",
-          ],
-        },
-      ],
-      "consumerDestinations": [ # Monitoring configurations for sending metrics to the consumer project.
+      &quot;consumerDestinations&quot;: [ # Monitoring configurations for sending metrics to the consumer project.
           # There can be multiple consumer destinations. A monitored resouce type may
           # appear in multiple monitoring destinations if different aggregations are
           # needed for different sets of metrics associated with that monitored
@@ -891,306 +645,630 @@
           # in the Monitoring configuration.
         { # Configuration of a specific monitoring destination (the producer project
             # or the consumer project).
-          "monitoredResource": "A String", # The monitored resource type. The type must be defined in
+          &quot;monitoredResource&quot;: &quot;A String&quot;, # The monitored resource type. The type must be defined in
               # Service.monitored_resources section.
-          "metrics": [ # Types of the metrics to report to this monitoring destination.
+          &quot;metrics&quot;: [ # Types of the metrics to report to this monitoring destination.
               # Each type must be defined in Service.metrics section.
-            "A String",
+            &quot;A String&quot;,
+          ],
+        },
+      ],
+      &quot;producerDestinations&quot;: [ # Monitoring configurations for sending metrics to the producer project.
+          # There can be multiple producer destinations. A monitored resouce type may
+          # appear in multiple monitoring destinations if different aggregations are
+          # needed for different sets of metrics associated with that monitored
+          # resource type. A monitored resource and metric pair may only be used once
+          # in the Monitoring configuration.
+        { # Configuration of a specific monitoring destination (the producer project
+            # or the consumer project).
+          &quot;monitoredResource&quot;: &quot;A String&quot;, # The monitored resource type. The type must be defined in
+              # Service.monitored_resources section.
+          &quot;metrics&quot;: [ # Types of the metrics to report to this monitoring destination.
+              # Each type must be defined in Service.metrics section.
+            &quot;A String&quot;,
           ],
         },
       ],
     },
-    "billing": { # Billing related configuration of the service. # Billing configuration.
+    &quot;systemTypes&quot;: [ # A list of all proto message types included in this API service.
+        # It serves similar purpose as [google.api.Service.types], except that
+        # these types are not needed by user-defined APIs. Therefore, they will not
+        # show up in the generated discovery doc. This field should only be used
+        # to define system APIs in ESF.
+      { # A protocol buffer message type.
+        &quot;options&quot;: [ # The protocol buffer options.
+          { # A protocol buffer option, which can be attached to a message, field,
+              # enumeration, etc.
+            &quot;value&quot;: { # The option&#x27;s value packed in an Any message. If the value is a primitive,
+                # the corresponding wrapper type defined in google/protobuf/wrappers.proto
+                # should be used. If the value is an enum, it should be stored as an int32
+                # value using the google.protobuf.Int32Value type.
+              &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
+            },
+            &quot;name&quot;: &quot;A String&quot;, # The option&#x27;s name. For protobuf built-in options (options defined in
+                # descriptor.proto), this is the short name. For example, `&quot;map_entry&quot;`.
+                # For custom options, it should be the fully-qualified name. For example,
+                # `&quot;google.api.http&quot;`.
+          },
+        ],
+        &quot;fields&quot;: [ # The list of fields.
+          { # A single field of a message type.
+            &quot;defaultValue&quot;: &quot;A String&quot;, # The string value of the default value of this field. Proto2 syntax only.
+            &quot;name&quot;: &quot;A String&quot;, # The field name.
+            &quot;typeUrl&quot;: &quot;A String&quot;, # The field type URL, without the scheme, for message or enumeration
+                # types. Example: `&quot;type.googleapis.com/google.protobuf.Timestamp&quot;`.
+            &quot;number&quot;: 42, # The field number.
+            &quot;kind&quot;: &quot;A String&quot;, # The field type.
+            &quot;jsonName&quot;: &quot;A String&quot;, # The field JSON name.
+            &quot;options&quot;: [ # The protocol buffer options.
+              { # A protocol buffer option, which can be attached to a message, field,
+                  # enumeration, etc.
+                &quot;value&quot;: { # The option&#x27;s value packed in an Any message. If the value is a primitive,
+                    # the corresponding wrapper type defined in google/protobuf/wrappers.proto
+                    # should be used. If the value is an enum, it should be stored as an int32
+                    # value using the google.protobuf.Int32Value type.
+                  &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
+                },
+                &quot;name&quot;: &quot;A String&quot;, # The option&#x27;s name. For protobuf built-in options (options defined in
+                    # descriptor.proto), this is the short name. For example, `&quot;map_entry&quot;`.
+                    # For custom options, it should be the fully-qualified name. For example,
+                    # `&quot;google.api.http&quot;`.
+              },
+            ],
+            &quot;oneofIndex&quot;: 42, # The index of the field type in `Type.oneofs`, for message or enumeration
+                # types. The first type has index 1; zero means the type is not in the list.
+            &quot;packed&quot;: True or False, # Whether to use alternative packed wire representation.
+            &quot;cardinality&quot;: &quot;A String&quot;, # The field cardinality.
+          },
+        ],
+        &quot;name&quot;: &quot;A String&quot;, # The fully qualified message name.
+        &quot;oneofs&quot;: [ # The list of types appearing in `oneof` definitions in this type.
+          &quot;A String&quot;,
+        ],
+        &quot;syntax&quot;: &quot;A String&quot;, # The source syntax.
+        &quot;sourceContext&quot;: { # `SourceContext` represents information about the source of a # The source context.
+            # protobuf element, like the file in which it is defined.
+          &quot;fileName&quot;: &quot;A String&quot;, # The path-qualified name of the .proto file that contained the associated
+              # protobuf element.  For example: `&quot;google/protobuf/source_context.proto&quot;`.
+        },
+      },
+    ],
+    &quot;producerProjectId&quot;: &quot;A String&quot;, # The Google project that owns this service.
+    &quot;quota&quot;: { # Quota configuration helps to achieve fairness and budgeting in service # Quota configuration.
+        # usage.
+        #
+        # The metric based quota configuration works this way:
+        # - The service configuration defines a set of metrics.
+        # - For API calls, the quota.metric_rules maps methods to metrics with
+        #   corresponding costs.
+        # - The quota.limits defines limits on the metrics, which will be used for
+        #   quota checks at runtime.
+        #
+        # An example quota configuration in yaml format:
+        #
+        #    quota:
+        #      limits:
+        #
+        #      - name: apiWriteQpsPerProject
+        #        metric: library.googleapis.com/write_calls
+        #        unit: &quot;1/min/{project}&quot;  # rate limit for consumer projects
+        #        values:
+        #          STANDARD: 10000
+        #
+        #
+        #      # The metric rules bind all methods to the read_calls metric,
+        #      # except for the UpdateBook and DeleteBook methods. These two methods
+        #      # are mapped to the write_calls metric, with the UpdateBook method
+        #      # consuming at twice rate as the DeleteBook method.
+        #      metric_rules:
+        #      - selector: &quot;*&quot;
+        #        metric_costs:
+        #          library.googleapis.com/read_calls: 1
+        #      - selector: google.example.library.v1.LibraryService.UpdateBook
+        #        metric_costs:
+        #          library.googleapis.com/write_calls: 2
+        #      - selector: google.example.library.v1.LibraryService.DeleteBook
+        #        metric_costs:
+        #          library.googleapis.com/write_calls: 1
+        #
+        #  Corresponding Metric definition:
+        #
+        #      metrics:
+        #      - name: library.googleapis.com/read_calls
+        #        display_name: Read requests
+        #        metric_kind: DELTA
+        #        value_type: INT64
+        #
+        #      - name: library.googleapis.com/write_calls
+        #        display_name: Write requests
+        #        metric_kind: DELTA
+        #        value_type: INT64
+        #
+      &quot;limits&quot;: [ # List of `QuotaLimit` definitions for the service.
+        { # `QuotaLimit` defines a specific limit that applies over a specified duration
+            # for a limit type. There can be at most one limit for a duration and limit
+            # type combination defined within a `QuotaGroup`.
+          &quot;name&quot;: &quot;A String&quot;, # Name of the quota limit.
+              #
+              # The name must be provided, and it must be unique within the service. The
+              # name can only include alphanumeric characters as well as &#x27;-&#x27;.
+              #
+              # The maximum length of the limit name is 64 characters.
+          &quot;freeTier&quot;: &quot;A String&quot;, # Free tier value displayed in the Developers Console for this limit.
+              # The free tier is the number of tokens that will be subtracted from the
+              # billed amount when billing is enabled.
+              # This field can only be set on a limit with duration &quot;1d&quot;, in a billable
+              # group; it is invalid on any other limit. If this field is not set, it
+              # defaults to 0, indicating that there is no free tier for this service.
+              #
+              # Used by group-based quotas only.
+          &quot;duration&quot;: &quot;A String&quot;, # Duration of this limit in textual notation. Must be &quot;100s&quot; or &quot;1d&quot;.
+              #
+              # Used by group-based quotas only.
+          &quot;defaultLimit&quot;: &quot;A String&quot;, # Default number of tokens that can be consumed during the specified
+              # duration. This is the number of tokens assigned when a client
+              # application developer activates the service for his/her project.
+              #
+              # Specifying a value of 0 will block all requests. This can be used if you
+              # are provisioning quota to selected consumers and blocking others.
+              # Similarly, a value of -1 will indicate an unlimited quota. No other
+              # negative values are allowed.
+              #
+              # Used by group-based quotas only.
+          &quot;description&quot;: &quot;A String&quot;, # Optional. User-visible, extended description for this quota limit.
+              # Should be used only when more context is needed to understand this limit
+              # than provided by the limit&#x27;s display name (see: `display_name`).
+          &quot;metric&quot;: &quot;A String&quot;, # The name of the metric this quota limit applies to. The quota limits with
+              # the same metric will be checked together during runtime. The metric must be
+              # defined within the service config.
+          &quot;displayName&quot;: &quot;A String&quot;, # User-visible display name for this limit.
+              # Optional. If not set, the UI will provide a default display name based on
+              # the quota configuration. This field can be used to override the default
+              # display name generated from the configuration.
+          &quot;values&quot;: { # Tiered limit values. You must specify this as a key:value pair, with an
+              # integer value that is the maximum number of requests allowed for the
+              # specified unit. Currently only STANDARD is supported.
+            &quot;a_key&quot;: &quot;A String&quot;,
+          },
+          &quot;unit&quot;: &quot;A String&quot;, # Specify the unit of the quota limit. It uses the same syntax as
+              # Metric.unit. The supported unit kinds are determined by the quota
+              # backend system.
+              #
+              # Here are some examples:
+              # * &quot;1/min/{project}&quot; for quota per minute per project.
+              #
+              # Note: the order of unit components is insignificant.
+              # The &quot;1&quot; at the beginning is required to follow the metric unit syntax.
+          &quot;maxLimit&quot;: &quot;A String&quot;, # Maximum number of tokens that can be consumed during the specified
+              # duration. Client application developers can override the default limit up
+              # to this maximum. If specified, this value cannot be set to a value less
+              # than the default limit. If not specified, it is set to the default limit.
+              #
+              # To allow clients to apply overrides with no upper bound, set this to -1,
+              # indicating unlimited maximum quota.
+              #
+              # Used by group-based quotas only.
+        },
+      ],
+      &quot;metricRules&quot;: [ # List of `MetricRule` definitions, each one mapping a selected method to one
+          # or more metrics.
+        { # Bind API methods to metrics. Binding a method to a metric causes that
+            # metric&#x27;s configured quota behaviors to apply to the method call.
+          &quot;selector&quot;: &quot;A String&quot;, # Selects the methods to which this rule applies.
+              #
+              # Refer to selector for syntax details.
+          &quot;metricCosts&quot;: { # Metrics to update when the selected methods are called, and the associated
+              # cost applied to each metric.
+              #
+              # The key of the map is the metric name, and the values are the amount
+              # increased for the metric against which the quota limits are defined.
+              # The value must not be negative.
+            &quot;a_key&quot;: &quot;A String&quot;,
+          },
+        },
+      ],
+    },
+    &quot;name&quot;: &quot;A String&quot;, # The service name, which is a DNS-like logical identifier for the
+        # service, such as `calendar.googleapis.com`. The service name
+        # typically goes through DNS verification to make sure the owner
+        # of the service also owns the DNS name.
+    &quot;billing&quot;: { # Billing related configuration of the service. # Billing configuration.
         #
         # The following example shows how to configure monitored resources and metrics
-        # for billing:
+        # for billing, `consumer_destinations` is the only supported destination and
+        # the monitored resources need at least one label key
+        # `cloud.googleapis.com/location` to indicate the location of the billing
+        # usage, using different monitored resources between monitoring and billing is
+        # recommended so they can be evolved independently:
+        #
         #
         #     monitored_resources:
-        #     - type: library.googleapis.com/branch
+        #     - type: library.googleapis.com/billing_branch
         #       labels:
-        #       - key: /city
-        #         description: The city where the library branch is located in.
-        #       - key: /name
-        #         description: The name of the branch.
+        #       - key: cloud.googleapis.com/location
+        #         description: |
+        #           Predefined label to support billing location restriction.
+        #       - key: city
+        #         description: |
+        #           Custom label to define the city where the library branch is located
+        #           in.
+        #       - key: name
+        #         description: Custom label to define the name of the library branch.
         #     metrics:
         #     - name: library.googleapis.com/book/borrowed_count
         #       metric_kind: DELTA
         #       value_type: INT64
+        #       unit: &quot;1&quot;
         #     billing:
         #       consumer_destinations:
-        #       - monitored_resource: library.googleapis.com/branch
+        #       - monitored_resource: library.googleapis.com/billing_branch
         #         metrics:
         #         - library.googleapis.com/book/borrowed_count
-      "consumerDestinations": [ # Billing configurations for sending metrics to the consumer project.
+      &quot;consumerDestinations&quot;: [ # Billing configurations for sending metrics to the consumer project.
           # There can be multiple consumer destinations per service, each one must have
           # a different monitored resource type. A metric can be used in at most
           # one consumer destination.
         { # Configuration of a specific billing destination (Currently only support
             # bill against consumer project).
-          "metrics": [ # Names of the metrics to report to this billing destination.
-              # Each name must be defined in Service.metrics section.
-            "A String",
-          ],
-          "monitoredResource": "A String", # The monitored resource type. The type must be defined in
+          &quot;monitoredResource&quot;: &quot;A String&quot;, # The monitored resource type. The type must be defined in
               # Service.monitored_resources section.
+          &quot;metrics&quot;: [ # Names of the metrics to report to this billing destination.
+              # Each name must be defined in Service.metrics section.
+            &quot;A String&quot;,
+          ],
         },
       ],
     },
-    "title": "A String", # The product title for this service.
-    "id": "A String", # A unique ID for a specific instance of this message, typically assigned
-        # by the client for tracking purpose. Must be no longer than 63 characters
-        # and only lower case letters, digits, '.', '_' and '-' are allowed. If
-        # empty, the server may choose to generate one instead.
-    "authentication": { # `Authentication` defines the authentication configuration for an API. # Auth configuration.
+    &quot;customError&quot;: { # Customize service error responses.  For example, list any service # Custom error configuration.
+        # specific protobuf types that can appear in error detail lists of
+        # error responses.
         #
-        # Example for an API targeted for external use:
+        # Example:
         #
-        #     name: calendar.googleapis.com
-        #     authentication:
-        #       providers:
-        #       - id: google_calendar_auth
-        #         jwks_uri: https://www.googleapis.com/oauth2/v1/certs
-        #         issuer: https://securetoken.google.com
-        #       rules:
-        #       - selector: "*"
-        #         requirements:
-        #           provider_id: google_calendar_auth
-      "rules": [ # A list of authentication rules that apply to individual API methods.
+        #     custom_error:
+        #       types:
+        #       - google.foo.v1.CustomError
+        #       - google.foo.v1.AnotherError
+      &quot;rules&quot;: [ # The list of custom error rules that apply to individual API messages.
           #
-          # **NOTE:** All service configuration rules follow "last one wins" order.
-        { # Authentication rules for the service.
-            #
-            # By default, if a method has any authentication requirements, every request
-            # must include a valid credential matching one of the requirements.
-            # It's an error to include more than one kind of credential in a single
-            # request.
-            #
-            # If a method doesn't have any auth requirements, request credentials will be
-            # ignored.
-          "oauth": { # OAuth scopes are a way to define data and permissions on data. For example, # The requirements for OAuth credentials.
-              # there are scopes defined for "Read-only access to Google Calendar" and
-              # "Access to Cloud Platform". Users can consent to a scope for an application,
-              # giving it permission to access that data on their behalf.
-              #
-              # OAuth scope specifications should be fairly coarse grained; a user will need
-              # to see and understand the text description of what your scope means.
-              #
-              # In most cases: use one or at most two OAuth scopes for an entire family of
-              # products. If your product has multiple APIs, you should probably be sharing
-              # the OAuth scope across all of those APIs.
-              #
-              # When you need finer grained OAuth consent screens: talk with your product
-              # management about how developers will use them in practice.
-              #
-              # Please note that even though each of the canonical scopes is enough for a
-              # request to be accepted and passed to the backend, a request can still fail
-              # due to the backend requiring additional scopes or permissions.
-            "canonicalScopes": "A String", # The list of publicly documented OAuth scopes that are allowed access. An
-                # OAuth token containing any of these scopes will be accepted.
-                #
-                # Example:
-                #
-                #      canonical_scopes: https://www.googleapis.com/auth/calendar,
-                #                        https://www.googleapis.com/auth/calendar.read
-          },
-          "requirements": [ # Requirements for additional authentication providers.
-            { # User-defined authentication requirements, including support for
-                # [JSON Web Token
-                # (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32).
-              "providerId": "A String", # id from authentication provider.
-                  #
-                  # Example:
-                  #
-                  #     provider_id: bookstore_auth
-              "audiences": "A String", # NOTE: This will be deprecated soon, once AuthProvider.audiences is
-                  # implemented and accepted in all the runtime components.
-                  #
-                  # The list of JWT
-                  # [audiences](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.3).
-                  # that are allowed to access. A JWT containing any of these audiences will
-                  # be accepted. When this setting is absent, only JWTs with audience
-                  # "https://Service_name/API_name"
-                  # will be accepted. For example, if no audiences are in the setting,
-                  # LibraryService API will only accept JWTs with the following audience
-                  # "https://library-example.googleapis.com/google.example.library.v1.LibraryService".
-                  #
-                  # Example:
-                  #
-                  #     audiences: bookstore_android.apps.googleusercontent.com,
-                  #                bookstore_web.apps.googleusercontent.com
-            },
-          ],
-          "allowWithoutCredential": True or False, # If true, the service accepts API keys without any other credential.
-          "selector": "A String", # Selects the methods to which this rule applies.
+          # **NOTE:** All service configuration rules follow &quot;last one wins&quot; order.
+        { # A custom error rule.
+          &quot;isErrorType&quot;: True or False, # Mark this message as possible payload in error response.  Otherwise,
+              # objects of this type will be filtered when they appear in error payload.
+          &quot;selector&quot;: &quot;A String&quot;, # Selects messages to which this rule applies.
               #
               # Refer to selector for syntax details.
         },
       ],
-      "providers": [ # Defines a set of authentication providers that a service supports.
-        { # Configuration for an authentication provider, including support for
-            # [JSON Web Token
-            # (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32).
-          "jwtLocations": [ # Defines the locations to extract the JWT.
-              #
-              # JWT locations can be either from HTTP headers or URL query parameters.
-              # The rule is that the first match wins. The checking order is: checking
-              # all headers first, then URL query parameters.
-              #
-              # If not specified,  default to use following 3 locations:
-              #    1) Authorization: Bearer
-              #    2) x-goog-iap-jwt-assertion
-              #    3) access_token query parameter
-              #
-              # Default locations can be specified as followings:
-              #    jwt_locations:
-              #    - header: Authorization
-              #      value_prefix: "Bearer "
-              #    - header: x-goog-iap-jwt-assertion
-              #    - query: access_token
-            { # Specifies a location to extract JWT from an API request.
-              "query": "A String", # Specifies URL query parameter name to extract JWT token.
-              "valuePrefix": "A String", # The value prefix. The value format is "value_prefix{token}"
-                  # Only applies to "in" header type. Must be empty for "in" query type.
-                  # If not empty, the header value has to match (case sensitive) this prefix.
-                  # If not matched, JWT will not be extracted. If matched, JWT will be
-                  # extracted after the prefix is removed.
-                  #
-                  # For example, for "Authorization: Bearer {JWT}",
-                  # value_prefix="Bearer " with a space at the end.
-              "header": "A String", # Specifies HTTP header name to extract JWT token.
-            },
-          ],
-          "audiences": "A String", # The list of JWT
-              # [audiences](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.3).
-              # that are allowed to access. A JWT containing any of these audiences will
-              # be accepted. When this setting is absent, JWTs with audiences:
-              #   - "https://[service.name]/[google.protobuf.Api.name]"
-              #   - "https://[service.name]/"
-              # will be accepted.
-              # For example, if no audiences are in the setting, LibraryService API will
-              # accept JWTs with the following audiences:
-              #   -
-              #   https://library-example.googleapis.com/google.example.library.v1.LibraryService
-              #   - https://library-example.googleapis.com/
-              #
-              # Example:
-              #
-              #     audiences: bookstore_android.apps.googleusercontent.com,
-              #                bookstore_web.apps.googleusercontent.com
-          "jwksUri": "A String", # URL of the provider's public key set to validate signature of the JWT. See
-              # [OpenID
-              # Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata).
-              # Optional if the key set document:
-              #  - can be retrieved from
-              #    [OpenID
-              #    Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html of
-              #    the issuer.
-              #  - can be inferred from the email domain of the issuer (e.g. a Google
-              #  service account).
-              #
-              # Example: https://www.googleapis.com/oauth2/v1/certs
-          "id": "A String", # The unique identifier of the auth provider. It will be referred to by
-              # `AuthRequirement.provider_id`.
-              #
-              # Example: "bookstore_auth".
-          "authorizationUrl": "A String", # Redirect URL if JWT token is required but not present or is expired.
-              # Implement authorizationUrl of securityDefinitions in OpenAPI spec.
-          "issuer": "A String", # Identifies the principal that issued the JWT. See
-              # https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.1
-              # Usually a URL or an email address.
-              #
-              # Example: https://securetoken.google.com
-              # Example: 1234567-compute@developer.gserviceaccount.com
-        },
+      &quot;types&quot;: [ # The list of custom error detail types, e.g. &#x27;google.foo.v1.CustomError&#x27;.
+        &quot;A String&quot;,
       ],
     },
-    "usage": { # Configuration controlling usage of a service. # Configuration controlling usage of this service.
-      "rules": [ # A list of usage rules that apply to individual API methods.
+    &quot;title&quot;: &quot;A String&quot;, # The product title for this service.
+    &quot;endpoints&quot;: [ # Configuration for network endpoints.  If this is empty, then an endpoint
+        # with the same name as the service is automatically generated to service all
+        # defined APIs.
+      { # `Endpoint` describes a network endpoint that serves a set of APIs.
+          # A service may expose any number of endpoints, and all endpoints share the
+          # same service configuration, such as quota configuration and monitoring
+          # configuration.
           #
-          # **NOTE:** All service configuration rules follow "last one wins" order.
-        { # Usage configuration rules for the service.
-            #
-            # NOTE: Under development.
-            #
-            #
-            # Use this rule to configure unregistered calls for the service. Unregistered
-            # calls are calls that do not contain consumer project identity.
-            # (Example: calls that do not contain an API key).
-            # By default, API methods do not allow unregistered calls, and each method call
-            # must be identified by a consumer project identity. Use this rule to
-            # allow/disallow unregistered calls.
-            #
-            # Example of an API that wants to allow unregistered calls for entire service.
-            #
-            #     usage:
-            #       rules:
-            #       - selector: "*"
-            #         allow_unregistered_calls: true
-            #
-            # Example of a method that wants to allow unregistered calls.
-            #
-            #     usage:
-            #       rules:
-            #       - selector: "google.example.library.v1.LibraryService.CreateBook"
-            #         allow_unregistered_calls: true
-          "selector": "A String", # Selects the methods to which this rule applies. Use '*' to indicate all
-              # methods in all APIs.
-              #
-              # Refer to selector for syntax details.
-          "skipServiceControl": True or False, # If true, the selected method should skip service control and the control
-              # plane features, such as quota and billing, will not be available.
-              # This flag is used by Google Cloud Endpoints to bypass checks for internal
-              # methods, such as service health check methods.
-          "allowUnregisteredCalls": True or False, # If true, the selected method allows unregistered calls, e.g. calls
-              # that don't identify any user or application.
-        },
-      ],
-      "serviceIdentity": { # The per-product per-project service identity for a service. # The configuration of a per-product per-project service identity.
+          # Example service configuration:
           #
-          #
-          # Use this field to configure per-product per-project service identity.
-          # Example of a service identity configuration.
-          #
-          #     usage:
-          #       service_identity:
-          #       - service_account_parent: "projects/123456789"
-          #         display_name: "Cloud XXX Service Agent"
-          #         description: "Used as the identity of Cloud XXX to access resources"
-        "displayName": "A String", # Optional. A user-specified name for the service account.
-            # Must be less than or equal to 100 UTF-8 bytes.
-        "description": "A String", # Optional. A user-specified opaque description of the service account.
-            # Must be less than or equal to 256 UTF-8 bytes.
-        "serviceAccountParent": "A String", # A service account project that hosts the service accounts.
+          #     name: library-example.googleapis.com
+          #     endpoints:
+          #       # Below entry makes &#x27;google.example.library.v1.Library&#x27;
+          #       # API be served from endpoint address library-example.googleapis.com.
+          #       # It also allows HTTP OPTIONS calls to be passed to the backend, for
+          #       # it to decide whether the subsequent cross-origin request is
+          #       # allowed to proceed.
+          #     - name: library-example.googleapis.com
+          #       allow_cors: true
+        &quot;aliases&quot;: [ # DEPRECATED: This field is no longer supported. Instead of using aliases,
+            # please specify multiple google.api.Endpoint for each of the intended
+            # aliases.
             #
-            # An example name would be:
-            # `projects/123456789`
+            # Additional names that this endpoint will be hosted on.
+          &quot;A String&quot;,
+        ],
+        &quot;features&quot;: [ # The list of features enabled on this endpoint.
+          &quot;A String&quot;,
+        ],
+        &quot;allowCors&quot;: True or False, # Allowing
+            # [CORS](https://en.wikipedia.org/wiki/Cross-origin_resource_sharing), aka
+            # cross-domain traffic, would allow the backends served from this endpoint to
+            # receive and respond to HTTP OPTIONS requests. The response will be used by
+            # the browser to determine whether the subsequent cross-origin request is
+            # allowed to proceed.
+        &quot;name&quot;: &quot;A String&quot;, # The canonical name of this endpoint.
+        &quot;target&quot;: &quot;A String&quot;, # The specification of an Internet routable address of API frontend that will
+            # handle requests to this [API
+            # Endpoint](https://cloud.google.com/apis/design/glossary). It should be
+            # either a valid IPv4 address or a fully-qualified domain name. For example,
+            # &quot;8.8.8.8&quot; or &quot;myservice.appspot.com&quot;.
       },
-      "producerNotificationChannel": "A String", # The full resource name of a channel used for sending notifications to the
-          # service producer.
+    ],
+    &quot;logs&quot;: [ # Defines the logs used by this service.
+      { # A description of a log type. Example in YAML format:
           #
-          # Google Service Management currently only supports
-          # [Google Cloud Pub/Sub](https://cloud.google.com/pubsub) as a notification
-          # channel. To use Google Cloud Pub/Sub as the channel, this must be the name
-          # of a Cloud Pub/Sub topic that uses the Cloud Pub/Sub topic name format
-          # documented in https://cloud.google.com/pubsub/docs/overview.
-      "requirements": [ # Requirements that must be satisfied before a consumer project can use the
-          # service. Each requirement is of the form &lt;service.name&gt;/&lt;requirement-id&gt;;
-          # for example 'serviceusage.googleapis.com/billing-enabled'.
-        "A String",
+          #     - name: library.googleapis.com/activity_history
+          #       description: The history of borrowing and returning library items.
+          #       display_name: Activity
+          #       labels:
+          #       - key: /customer_id
+          #         description: Identifier of a library customer
+        &quot;labels&quot;: [ # The set of labels that are available to describe a specific log entry.
+            # Runtime requests that contain labels not specified here are
+            # considered invalid.
+          { # A description of a label.
+            &quot;key&quot;: &quot;A String&quot;, # The label key.
+            &quot;description&quot;: &quot;A String&quot;, # A human-readable description for the label.
+            &quot;valueType&quot;: &quot;A String&quot;, # The type of data that can be assigned to the label.
+          },
+        ],
+        &quot;name&quot;: &quot;A String&quot;, # The name of the log. It must be less than 512 characters long and can
+            # include the following characters: upper- and lower-case alphanumeric
+            # characters [A-Za-z0-9], and punctuation characters including
+            # slash, underscore, hyphen, period [/_-.].
+        &quot;description&quot;: &quot;A String&quot;, # A human-readable description of this log. This information appears in
+            # the documentation and can contain details.
+        &quot;displayName&quot;: &quot;A String&quot;, # The human-readable name for this log. This information appears on
+            # the user interface and should be concise.
+      },
+    ],
+    &quot;apis&quot;: [ # A list of API interfaces exported by this service. Only the `name` field
+        # of the google.protobuf.Api needs to be provided by the configuration
+        # author, as the remaining fields will be derived from the IDL during the
+        # normalization process. It is an error to specify an API interface here
+        # which cannot be resolved against the associated IDL files.
+      { # Api is a light-weight descriptor for an API Interface.
+          #
+          # Interfaces are also described as &quot;protocol buffer services&quot; in some contexts,
+          # such as by the &quot;service&quot; keyword in a .proto file, but they are different
+          # from API Services, which represent a concrete implementation of an interface
+          # as opposed to simply a description of methods and bindings. They are also
+          # sometimes simply referred to as &quot;APIs&quot; in other contexts, such as the name of
+          # this message itself. See https://cloud.google.com/apis/design/glossary for
+          # detailed terminology.
+        &quot;options&quot;: [ # Any metadata attached to the interface.
+          { # A protocol buffer option, which can be attached to a message, field,
+              # enumeration, etc.
+            &quot;value&quot;: { # The option&#x27;s value packed in an Any message. If the value is a primitive,
+                # the corresponding wrapper type defined in google/protobuf/wrappers.proto
+                # should be used. If the value is an enum, it should be stored as an int32
+                # value using the google.protobuf.Int32Value type.
+              &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
+            },
+            &quot;name&quot;: &quot;A String&quot;, # The option&#x27;s name. For protobuf built-in options (options defined in
+                # descriptor.proto), this is the short name. For example, `&quot;map_entry&quot;`.
+                # For custom options, it should be the fully-qualified name. For example,
+                # `&quot;google.api.http&quot;`.
+          },
+        ],
+        &quot;methods&quot;: [ # The methods of this interface, in unspecified order.
+          { # Method represents a method of an API interface.
+            &quot;responseTypeUrl&quot;: &quot;A String&quot;, # The URL of the output message type.
+            &quot;options&quot;: [ # Any metadata attached to the method.
+              { # A protocol buffer option, which can be attached to a message, field,
+                  # enumeration, etc.
+                &quot;value&quot;: { # The option&#x27;s value packed in an Any message. If the value is a primitive,
+                    # the corresponding wrapper type defined in google/protobuf/wrappers.proto
+                    # should be used. If the value is an enum, it should be stored as an int32
+                    # value using the google.protobuf.Int32Value type.
+                  &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
+                },
+                &quot;name&quot;: &quot;A String&quot;, # The option&#x27;s name. For protobuf built-in options (options defined in
+                    # descriptor.proto), this is the short name. For example, `&quot;map_entry&quot;`.
+                    # For custom options, it should be the fully-qualified name. For example,
+                    # `&quot;google.api.http&quot;`.
+              },
+            ],
+            &quot;responseStreaming&quot;: True or False, # If true, the response is streamed.
+            &quot;name&quot;: &quot;A String&quot;, # The simple name of this method.
+            &quot;requestTypeUrl&quot;: &quot;A String&quot;, # A URL of the input message type.
+            &quot;requestStreaming&quot;: True or False, # If true, the request is streamed.
+            &quot;syntax&quot;: &quot;A String&quot;, # The source syntax of this method.
+          },
+        ],
+        &quot;name&quot;: &quot;A String&quot;, # The fully qualified name of this interface, including package name
+            # followed by the interface&#x27;s simple name.
+        &quot;sourceContext&quot;: { # `SourceContext` represents information about the source of a # Source context for the protocol buffer service represented by this
+            # message.
+            # protobuf element, like the file in which it is defined.
+          &quot;fileName&quot;: &quot;A String&quot;, # The path-qualified name of the .proto file that contained the associated
+              # protobuf element.  For example: `&quot;google/protobuf/source_context.proto&quot;`.
+        },
+        &quot;syntax&quot;: &quot;A String&quot;, # The source syntax of the service.
+        &quot;version&quot;: &quot;A String&quot;, # A version string for this interface. If specified, must have the form
+            # `major-version.minor-version`, as in `1.10`. If the minor version is
+            # omitted, it defaults to zero. If the entire version field is empty, the
+            # major version is derived from the package name, as outlined below. If the
+            # field is not empty, the version in the package name will be verified to be
+            # consistent with what is provided here.
+            #
+            # The versioning schema uses [semantic
+            # versioning](http://semver.org) where the major version number
+            # indicates a breaking change and the minor version an additive,
+            # non-breaking change. Both version numbers are signals to users
+            # what to expect from different versions, and should be carefully
+            # chosen based on the product plan.
+            #
+            # The major version is also reflected in the package name of the
+            # interface, which must end in `v&lt;major-version&gt;`, as in
+            # `google.feature.v1`. For major versions 0 and 1, the suffix can
+            # be omitted. Zero major versions must only be used for
+            # experimental, non-GA interfaces.
+        &quot;mixins&quot;: [ # Included interfaces. See Mixin.
+          { # Declares an API Interface to be included in this interface. The including
+              # interface must redeclare all the methods from the included interface, but
+              # documentation and options are inherited as follows:
+              #
+              # - If after comment and whitespace stripping, the documentation
+              #   string of the redeclared method is empty, it will be inherited
+              #   from the original method.
+              #
+              # - Each annotation belonging to the service config (http,
+              #   visibility) which is not set in the redeclared method will be
+              #   inherited.
+              #
+              # - If an http annotation is inherited, the path pattern will be
+              #   modified as follows. Any version prefix will be replaced by the
+              #   version of the including interface plus the root path if
+              #   specified.
+              #
+              # Example of a simple mixin:
+              #
+              #     package google.acl.v1;
+              #     service AccessControl {
+              #       // Get the underlying ACL object.
+              #       rpc GetAcl(GetAclRequest) returns (Acl) {
+              #         option (google.api.http).get = &quot;/v1/{resource=**}:getAcl&quot;;
+              #       }
+              #     }
+              #
+              #     package google.storage.v2;
+              #     service Storage {
+              #       //       rpc GetAcl(GetAclRequest) returns (Acl);
+              #
+              #       // Get a data record.
+              #       rpc GetData(GetDataRequest) returns (Data) {
+              #         option (google.api.http).get = &quot;/v2/{resource=**}&quot;;
+              #       }
+              #     }
+              #
+              # Example of a mixin configuration:
+              #
+              #     apis:
+              #     - name: google.storage.v2.Storage
+              #       mixins:
+              #       - name: google.acl.v1.AccessControl
+              #
+              # The mixin construct implies that all methods in `AccessControl` are
+              # also declared with same name and request/response types in
+              # `Storage`. A documentation generator or annotation processor will
+              # see the effective `Storage.GetAcl` method after inherting
+              # documentation and annotations as follows:
+              #
+              #     service Storage {
+              #       // Get the underlying ACL object.
+              #       rpc GetAcl(GetAclRequest) returns (Acl) {
+              #         option (google.api.http).get = &quot;/v2/{resource=**}:getAcl&quot;;
+              #       }
+              #       ...
+              #     }
+              #
+              # Note how the version in the path pattern changed from `v1` to `v2`.
+              #
+              # If the `root` field in the mixin is specified, it should be a
+              # relative path under which inherited HTTP paths are placed. Example:
+              #
+              #     apis:
+              #     - name: google.storage.v2.Storage
+              #       mixins:
+              #       - name: google.acl.v1.AccessControl
+              #         root: acls
+              #
+              # This implies the following inherited HTTP annotation:
+              #
+              #     service Storage {
+              #       // Get the underlying ACL object.
+              #       rpc GetAcl(GetAclRequest) returns (Acl) {
+              #         option (google.api.http).get = &quot;/v2/acls/{resource=**}:getAcl&quot;;
+              #       }
+              #       ...
+              #     }
+            &quot;name&quot;: &quot;A String&quot;, # The fully qualified name of the interface which is included.
+            &quot;root&quot;: &quot;A String&quot;, # If non-empty specifies a path under which inherited HTTP paths
+                # are rooted.
+          },
+        ],
+      },
+    ],
+    &quot;types&quot;: [ # A list of all proto message types included in this API service.
+        # Types referenced directly or indirectly by the `apis` are
+        # automatically included.  Messages which are not referenced but
+        # shall be included, such as types used by the `google.protobuf.Any` type,
+        # should be listed here by name. Example:
+        #
+        #     types:
+        #     - name: google.protobuf.Int32
+      { # A protocol buffer message type.
+        &quot;options&quot;: [ # The protocol buffer options.
+          { # A protocol buffer option, which can be attached to a message, field,
+              # enumeration, etc.
+            &quot;value&quot;: { # The option&#x27;s value packed in an Any message. If the value is a primitive,
+                # the corresponding wrapper type defined in google/protobuf/wrappers.proto
+                # should be used. If the value is an enum, it should be stored as an int32
+                # value using the google.protobuf.Int32Value type.
+              &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
+            },
+            &quot;name&quot;: &quot;A String&quot;, # The option&#x27;s name. For protobuf built-in options (options defined in
+                # descriptor.proto), this is the short name. For example, `&quot;map_entry&quot;`.
+                # For custom options, it should be the fully-qualified name. For example,
+                # `&quot;google.api.http&quot;`.
+          },
+        ],
+        &quot;fields&quot;: [ # The list of fields.
+          { # A single field of a message type.
+            &quot;defaultValue&quot;: &quot;A String&quot;, # The string value of the default value of this field. Proto2 syntax only.
+            &quot;name&quot;: &quot;A String&quot;, # The field name.
+            &quot;typeUrl&quot;: &quot;A String&quot;, # The field type URL, without the scheme, for message or enumeration
+                # types. Example: `&quot;type.googleapis.com/google.protobuf.Timestamp&quot;`.
+            &quot;number&quot;: 42, # The field number.
+            &quot;kind&quot;: &quot;A String&quot;, # The field type.
+            &quot;jsonName&quot;: &quot;A String&quot;, # The field JSON name.
+            &quot;options&quot;: [ # The protocol buffer options.
+              { # A protocol buffer option, which can be attached to a message, field,
+                  # enumeration, etc.
+                &quot;value&quot;: { # The option&#x27;s value packed in an Any message. If the value is a primitive,
+                    # the corresponding wrapper type defined in google/protobuf/wrappers.proto
+                    # should be used. If the value is an enum, it should be stored as an int32
+                    # value using the google.protobuf.Int32Value type.
+                  &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
+                },
+                &quot;name&quot;: &quot;A String&quot;, # The option&#x27;s name. For protobuf built-in options (options defined in
+                    # descriptor.proto), this is the short name. For example, `&quot;map_entry&quot;`.
+                    # For custom options, it should be the fully-qualified name. For example,
+                    # `&quot;google.api.http&quot;`.
+              },
+            ],
+            &quot;oneofIndex&quot;: 42, # The index of the field type in `Type.oneofs`, for message or enumeration
+                # types. The first type has index 1; zero means the type is not in the list.
+            &quot;packed&quot;: True or False, # Whether to use alternative packed wire representation.
+            &quot;cardinality&quot;: &quot;A String&quot;, # The field cardinality.
+          },
+        ],
+        &quot;name&quot;: &quot;A String&quot;, # The fully qualified message name.
+        &quot;oneofs&quot;: [ # The list of types appearing in `oneof` definitions in this type.
+          &quot;A String&quot;,
+        ],
+        &quot;syntax&quot;: &quot;A String&quot;, # The source syntax.
+        &quot;sourceContext&quot;: { # `SourceContext` represents information about the source of a # The source context.
+            # protobuf element, like the file in which it is defined.
+          &quot;fileName&quot;: &quot;A String&quot;, # The path-qualified name of the .proto file that contained the associated
+              # protobuf element.  For example: `&quot;google/protobuf/source_context.proto&quot;`.
+        },
+      },
+    ],
+    &quot;sourceInfo&quot;: { # Source information used to create a Service Config # Output only. The source information for this configuration if available.
+      &quot;sourceFiles&quot;: [ # All files used during config generation.
+        {
+          &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
+        },
       ],
     },
-    "configVersion": 42, # The semantic version of the service configuration. The config version
-        # affects the interpretation of the service configuration. For example,
-        # certain features are enabled by default for certain config versions.
-        #
-        # The latest config version is `3`.
-    "producerProjectId": "A String", # The Google project that owns this service.
-    "http": { # Defines the HTTP configuration for an API service. It contains a list of # HTTP configuration.
+    &quot;http&quot;: { # Defines the HTTP configuration for an API service. It contains a list of # HTTP configuration.
         # HttpRule, each specifying the mapping of an RPC method
         # to one or more HTTP REST API methods.
-      "rules": [ # A list of HTTP configuration rules that apply to individual API methods.
+      &quot;fullyDecodeReservedExpansion&quot;: True or False, # When set to true, URL path parameters will be fully URI-decoded except in
+          # cases of single segment matches in reserved expansion, where &quot;%2F&quot; will be
+          # left encoded.
           #
-          # **NOTE:** All service configuration rules follow "last one wins" order.
+          # The default behavior is to not decode RFC 6570 reserved characters in multi
+          # segment matches.
+      &quot;rules&quot;: [ # A list of HTTP configuration rules that apply to individual API methods.
+          #
+          # **NOTE:** All service configuration rules follow &quot;last one wins&quot; order.
         { # # gRPC Transcoding
             #
             # gRPC Transcoding is a feature for mapping between a gRPC method and one or
@@ -1219,7 +1297,7 @@
             #     service Messaging {
             #       rpc GetMessage(GetMessageRequest) returns (Message) {
             #         option (google.api.http) = {
-            #             get: "/v1/{name=messages/*}"
+            #             get: &quot;/v1/{name=messages/*}&quot;
             #         };
             #       }
             #     }
@@ -1234,7 +1312,7 @@
             #
             # HTTP | gRPC
             # -----|-----
-            # `GET /v1/messages/123456`  | `GetMessage(name: "messages/123456")`
+            # `GET /v1/messages/123456`  | `GetMessage(name: &quot;messages/123456&quot;)`
             #
             # Any fields in the request message which are not bound by the path template
             # automatically become HTTP query parameters if there is no HTTP request body.
@@ -1243,7 +1321,7 @@
             #     service Messaging {
             #       rpc GetMessage(GetMessageRequest) returns (Message) {
             #         option (google.api.http) = {
-            #             get:"/v1/messages/{message_id}"
+            #             get:&quot;/v1/messages/{message_id}&quot;
             #         };
             #       }
             #     }
@@ -1261,8 +1339,8 @@
             # HTTP | gRPC
             # -----|-----
             # `GET /v1/messages/123456?revision=2&amp;sub.subfield=foo` |
-            # `GetMessage(message_id: "123456" revision: 2 sub: SubMessage(subfield:
-            # "foo"))`
+            # `GetMessage(message_id: &quot;123456&quot; revision: 2 sub: SubMessage(subfield:
+            # &quot;foo&quot;))`
             #
             # Note that fields which are mapped to URL query parameters must have a
             # primitive type or a repeated primitive type or a non-repeated message type.
@@ -1278,8 +1356,8 @@
             #     service Messaging {
             #       rpc UpdateMessage(UpdateMessageRequest) returns (Message) {
             #         option (google.api.http) = {
-            #           patch: "/v1/messages/{message_id}"
-            #           body: "message"
+            #           patch: &quot;/v1/messages/{message_id}&quot;
+            #           body: &quot;message&quot;
             #         };
             #       }
             #     }
@@ -1294,8 +1372,8 @@
             #
             # HTTP | gRPC
             # -----|-----
-            # `PATCH /v1/messages/123456 { "text": "Hi!" }` | `UpdateMessage(message_id:
-            # "123456" message { text: "Hi!" })`
+            # `PATCH /v1/messages/123456 { &quot;text&quot;: &quot;Hi!&quot; }` | `UpdateMessage(message_id:
+            # &quot;123456&quot; message { text: &quot;Hi!&quot; })`
             #
             # The special name `*` can be used in the body mapping to define that
             # every field not bound by the path template should be mapped to the
@@ -1305,8 +1383,8 @@
             #     service Messaging {
             #       rpc UpdateMessage(Message) returns (Message) {
             #         option (google.api.http) = {
-            #           patch: "/v1/messages/{message_id}"
-            #           body: "*"
+            #           patch: &quot;/v1/messages/{message_id}&quot;
+            #           body: &quot;*&quot;
             #         };
             #       }
             #     }
@@ -1320,14 +1398,14 @@
             #
             # HTTP | gRPC
             # -----|-----
-            # `PATCH /v1/messages/123456 { "text": "Hi!" }` | `UpdateMessage(message_id:
-            # "123456" text: "Hi!")`
+            # `PATCH /v1/messages/123456 { &quot;text&quot;: &quot;Hi!&quot; }` | `UpdateMessage(message_id:
+            # &quot;123456&quot; text: &quot;Hi!&quot;)`
             #
             # Note that when using `*` in the body mapping, it is not possible to
             # have HTTP parameters, as all fields not bound by the path end in
             # the body. This makes this option more rarely used in practice when
             # defining REST APIs. The common usage of `*` is in custom methods
-            # which don't use the URL at all for transferring data.
+            # which don&#x27;t use the URL at all for transferring data.
             #
             # It is possible to define multiple HTTP methods for one RPC by using
             # the `additional_bindings` option. Example:
@@ -1335,9 +1413,9 @@
             #     service Messaging {
             #       rpc GetMessage(GetMessageRequest) returns (Message) {
             #         option (google.api.http) = {
-            #           get: "/v1/messages/{message_id}"
+            #           get: &quot;/v1/messages/{message_id}&quot;
             #           additional_bindings {
-            #             get: "/v1/users/{user_id}/messages/{message_id}"
+            #             get: &quot;/v1/users/{user_id}/messages/{message_id}&quot;
             #           }
             #         };
             #       }
@@ -1351,9 +1429,9 @@
             #
             # HTTP | gRPC
             # -----|-----
-            # `GET /v1/messages/123456` | `GetMessage(message_id: "123456")`
-            # `GET /v1/users/me/messages/123456` | `GetMessage(user_id: "me" message_id:
-            # "123456")`
+            # `GET /v1/messages/123456` | `GetMessage(message_id: &quot;123456&quot;)`
+            # `GET /v1/users/me/messages/123456` | `GetMessage(user_id: &quot;me&quot; message_id:
+            # &quot;123456&quot;)`
             #
             # ## Rules for HTTP mapping
             #
@@ -1366,19 +1444,19 @@
             #      parameter name is the field path in the request message. A repeated
             #      field can be represented as multiple query parameters under the same
             #      name.
-            #  2. If HttpRule.body is "*", there is no URL query parameter, all fields
+            #  2. If HttpRule.body is &quot;*&quot;, there is no URL query parameter, all fields
             #     are passed via URL path and HTTP request body.
             #  3. If HttpRule.body is omitted, there is no HTTP request body, all
             #     fields are passed via URL path and URL query parameters.
             #
             # ### Path template syntax
             #
-            #     Template = "/" Segments [ Verb ] ;
-            #     Segments = Segment { "/" Segment } ;
-            #     Segment  = "*" | "**" | LITERAL | Variable ;
-            #     Variable = "{" FieldPath [ "=" Segments ] "}" ;
-            #     FieldPath = IDENT { "." IDENT } ;
-            #     Verb     = ":" LITERAL ;
+            #     Template = &quot;/&quot; Segments [ Verb ] ;
+            #     Segments = Segment { &quot;/&quot; Segment } ;
+            #     Segment  = &quot;*&quot; | &quot;**&quot; | LITERAL | Variable ;
+            #     Variable = &quot;{&quot; FieldPath [ &quot;=&quot; Segments ] &quot;}&quot; ;
+            #     FieldPath = IDENT { &quot;.&quot; IDENT } ;
+            #     Verb     = &quot;:&quot; LITERAL ;
             #
             # The syntax `*` matches a single URL path segment. The syntax `**` matches
             # zero or more URL path segments, which must be the last part of the URL path
@@ -1393,18 +1471,18 @@
             # contains any reserved character, such characters should be percent-encoded
             # before the matching.
             #
-            # If a variable contains exactly one path segment, such as `"{var}"` or
-            # `"{var=*}"`, when such a variable is expanded into a URL path on the client
+            # If a variable contains exactly one path segment, such as `&quot;{var}&quot;` or
+            # `&quot;{var=*}&quot;`, when such a variable is expanded into a URL path on the client
             # side, all characters except `[-_.~0-9a-zA-Z]` are percent-encoded. The
             # server side does the reverse decoding. Such variables show up in the
             # [Discovery
             # Document](https://developers.google.com/discovery/v1/reference/apis) as
             # `{var}`.
             #
-            # If a variable contains multiple path segments, such as `"{var=foo/*}"`
-            # or `"{var=**}"`, when such a variable is expanded into a URL path on the
+            # If a variable contains multiple path segments, such as `&quot;{var=foo/*}&quot;`
+            # or `&quot;{var=**}&quot;`, when such a variable is expanded into a URL path on the
             # client side, all characters except `[-_.~/0-9a-zA-Z]` are percent-encoded.
-            # The server side does the reverse decoding, except "%2F" and "%2f" are left
+            # The server side does the reverse decoding, except &quot;%2F&quot; and &quot;%2f&quot; are left
             # unchanged. Such variables show up in the
             # [Discovery
             # Document](https://developers.google.com/discovery/v1/reference/apis) as
@@ -1450,8 +1528,8 @@
             # The path variables **must not** refer to any repeated or mapped field,
             # because client libraries are not capable of handling such variable expansion.
             #
-            # The path variables **must not** capture the leading "/" character. The reason
-            # is that the most common use case "{var}" does not capture the leading "/"
+            # The path variables **must not** capture the leading &quot;/&quot; character. The reason
+            # is that the most common use case &quot;{var}&quot; does not capture the leading &quot;/&quot;
             # character. For consistency, all path variables must share the same behavior.
             #
             # Repeated message fields must not be mapped to URL query parameters, because
@@ -1460,429 +1538,644 @@
             # If an API needs to use a JSON array for request or response body, it can map
             # the request or response body to a repeated field. However, some gRPC
             # Transcoding implementations may not support this feature.
-          "body": "A String", # The name of the request field whose value is mapped to the HTTP request
-              # body, or `*` for mapping all request fields not captured by the path
-              # pattern to the HTTP body, or omitted for not having any HTTP request body.
-              #
-              # NOTE: the referred field must be present at the top-level of the request
-              # message type.
-          "get": "A String", # Maps to HTTP GET. Used for listing and getting information about
-              # resources.
-          "additionalBindings": [ # Additional HTTP bindings for the selector. Nested bindings must
+          &quot;delete&quot;: &quot;A String&quot;, # Maps to HTTP DELETE. Used for deleting a resource.
+          &quot;additionalBindings&quot;: [ # Additional HTTP bindings for the selector. Nested bindings must
               # not contain an `additional_bindings` field themselves (that is,
               # the nesting may only be one level deep).
             # Object with schema name: HttpRule
           ],
-          "selector": "A String", # Selects a method to which this rule applies.
-              #
-              # Refer to selector for syntax details.
-          "responseBody": "A String", # Optional. The name of the response field whose value is mapped to the HTTP
+          &quot;responseBody&quot;: &quot;A String&quot;, # Optional. The name of the response field whose value is mapped to the HTTP
               # response body. When omitted, the entire response message will be used
               # as the HTTP response body.
               #
               # NOTE: The referred field must be present at the top-level of the response
               # message type.
-          "allowHalfDuplex": True or False, # When this flag is set to true, HTTP requests will be allowed to invoke a
-              # half-duplex streaming method.
-          "put": "A String", # Maps to HTTP PUT. Used for replacing a resource.
-          "patch": "A String", # Maps to HTTP PATCH. Used for updating a resource.
-          "post": "A String", # Maps to HTTP POST. Used for creating a resource or performing an action.
-          "custom": { # A custom pattern is used for defining custom HTTP verb. # The custom pattern is used for specifying an HTTP method that is not
-              # included in the `pattern` field, such as HEAD, or "*" to leave the
+          &quot;body&quot;: &quot;A String&quot;, # The name of the request field whose value is mapped to the HTTP request
+              # body, or `*` for mapping all request fields not captured by the path
+              # pattern to the HTTP body, or omitted for not having any HTTP request body.
+              #
+              # NOTE: the referred field must be present at the top-level of the request
+              # message type.
+          &quot;selector&quot;: &quot;A String&quot;, # Selects a method to which this rule applies.
+              #
+              # Refer to selector for syntax details.
+          &quot;post&quot;: &quot;A String&quot;, # Maps to HTTP POST. Used for creating a resource or performing an action.
+          &quot;custom&quot;: { # A custom pattern is used for defining custom HTTP verb. # The custom pattern is used for specifying an HTTP method that is not
+              # included in the `pattern` field, such as HEAD, or &quot;*&quot; to leave the
               # HTTP method unspecified for this rule. The wild-card rule is useful
               # for services that provide content to Web (HTML) clients.
-            "path": "A String", # The path matched by this custom verb.
-            "kind": "A String", # The name of this custom HTTP verb.
+            &quot;kind&quot;: &quot;A String&quot;, # The name of this custom HTTP verb.
+            &quot;path&quot;: &quot;A String&quot;, # The path matched by this custom verb.
           },
-          "delete": "A String", # Maps to HTTP DELETE. Used for deleting a resource.
+          &quot;patch&quot;: &quot;A String&quot;, # Maps to HTTP PATCH. Used for updating a resource.
+          &quot;get&quot;: &quot;A String&quot;, # Maps to HTTP GET. Used for listing and getting information about
+              # resources.
+          &quot;allowHalfDuplex&quot;: True or False, # When this flag is set to true, HTTP requests will be allowed to invoke a
+              # half-duplex streaming method.
+          &quot;put&quot;: &quot;A String&quot;, # Maps to HTTP PUT. Used for replacing a resource.
         },
       ],
-      "fullyDecodeReservedExpansion": True or False, # When set to true, URL path parameters will be fully URI-decoded except in
-          # cases of single segment matches in reserved expansion, where "%2F" will be
-          # left encoded.
-          #
-          # The default behavior is to not decode RFC 6570 reserved characters in multi
-          # segment matches.
     },
-    "apis": [ # A list of API interfaces exported by this service. Only the `name` field
-        # of the google.protobuf.Api needs to be provided by the configuration
-        # author, as the remaining fields will be derived from the IDL during the
-        # normalization process. It is an error to specify an API interface here
-        # which cannot be resolved against the associated IDL files.
-      { # Api is a light-weight descriptor for an API Interface.
+    &quot;systemParameters&quot;: { # ### System parameter configuration # System parameter configuration.
+        #
+        # A system parameter is a special kind of parameter defined by the API
+        # system, not by an individual API. It is typically mapped to an HTTP header
+        # and/or a URL query parameter. This configuration specifies which methods
+        # change the names of the system parameters.
+      &quot;rules&quot;: [ # Define system parameters.
           #
-          # Interfaces are also described as "protocol buffer services" in some contexts,
-          # such as by the "service" keyword in a .proto file, but they are different
-          # from API Services, which represent a concrete implementation of an interface
-          # as opposed to simply a description of methods and bindings. They are also
-          # sometimes simply referred to as "APIs" in other contexts, such as the name of
-          # this message itself. See https://cloud.google.com/apis/design/glossary for
-          # detailed terminology.
-        "name": "A String", # The fully qualified name of this interface, including package name
-            # followed by the interface's simple name.
-        "sourceContext": { # `SourceContext` represents information about the source of a # Source context for the protocol buffer service represented by this
-            # message.
-            # protobuf element, like the file in which it is defined.
-          "fileName": "A String", # The path-qualified name of the .proto file that contained the associated
-              # protobuf element.  For example: `"google/protobuf/source_context.proto"`.
-        },
-        "mixins": [ # Included interfaces. See Mixin.
-          { # Declares an API Interface to be included in this interface. The including
-              # interface must redeclare all the methods from the included interface, but
-              # documentation and options are inherited as follows:
-              #
-              # - If after comment and whitespace stripping, the documentation
-              #   string of the redeclared method is empty, it will be inherited
-              #   from the original method.
-              #
-              # - Each annotation belonging to the service config (http,
-              #   visibility) which is not set in the redeclared method will be
-              #   inherited.
-              #
-              # - If an http annotation is inherited, the path pattern will be
-              #   modified as follows. Any version prefix will be replaced by the
-              #   version of the including interface plus the root path if
-              #   specified.
-              #
-              # Example of a simple mixin:
-              #
-              #     package google.acl.v1;
-              #     service AccessControl {
-              #       // Get the underlying ACL object.
-              #       rpc GetAcl(GetAclRequest) returns (Acl) {
-              #         option (google.api.http).get = "/v1/{resource=**}:getAcl";
-              #       }
-              #     }
-              #
-              #     package google.storage.v2;
-              #     service Storage {
-              #       //       rpc GetAcl(GetAclRequest) returns (Acl);
-              #
-              #       // Get a data record.
-              #       rpc GetData(GetDataRequest) returns (Data) {
-              #         option (google.api.http).get = "/v2/{resource=**}";
-              #       }
-              #     }
-              #
-              # Example of a mixin configuration:
-              #
-              #     apis:
-              #     - name: google.storage.v2.Storage
-              #       mixins:
-              #       - name: google.acl.v1.AccessControl
-              #
-              # The mixin construct implies that all methods in `AccessControl` are
-              # also declared with same name and request/response types in
-              # `Storage`. A documentation generator or annotation processor will
-              # see the effective `Storage.GetAcl` method after inherting
-              # documentation and annotations as follows:
-              #
-              #     service Storage {
-              #       // Get the underlying ACL object.
-              #       rpc GetAcl(GetAclRequest) returns (Acl) {
-              #         option (google.api.http).get = "/v2/{resource=**}:getAcl";
-              #       }
-              #       ...
-              #     }
-              #
-              # Note how the version in the path pattern changed from `v1` to `v2`.
-              #
-              # If the `root` field in the mixin is specified, it should be a
-              # relative path under which inherited HTTP paths are placed. Example:
-              #
-              #     apis:
-              #     - name: google.storage.v2.Storage
-              #       mixins:
-              #       - name: google.acl.v1.AccessControl
-              #         root: acls
-              #
-              # This implies the following inherited HTTP annotation:
-              #
-              #     service Storage {
-              #       // Get the underlying ACL object.
-              #       rpc GetAcl(GetAclRequest) returns (Acl) {
-              #         option (google.api.http).get = "/v2/acls/{resource=**}:getAcl";
-              #       }
-              #       ...
-              #     }
-            "root": "A String", # If non-empty specifies a path under which inherited HTTP paths
-                # are rooted.
-            "name": "A String", # The fully qualified name of the interface which is included.
-          },
-        ],
-        "syntax": "A String", # The source syntax of the service.
-        "version": "A String", # A version string for this interface. If specified, must have the form
-            # `major-version.minor-version`, as in `1.10`. If the minor version is
-            # omitted, it defaults to zero. If the entire version field is empty, the
-            # major version is derived from the package name, as outlined below. If the
-            # field is not empty, the version in the package name will be verified to be
-            # consistent with what is provided here.
-            #
-            # The versioning schema uses [semantic
-            # versioning](http://semver.org) where the major version number
-            # indicates a breaking change and the minor version an additive,
-            # non-breaking change. Both version numbers are signals to users
-            # what to expect from different versions, and should be carefully
-            # chosen based on the product plan.
-            #
-            # The major version is also reflected in the package name of the
-            # interface, which must end in `v&lt;major-version&gt;`, as in
-            # `google.feature.v1`. For major versions 0 and 1, the suffix can
-            # be omitted. Zero major versions must only be used for
-            # experimental, non-GA interfaces.
-        "options": [ # Any metadata attached to the interface.
-          { # A protocol buffer option, which can be attached to a message, field,
-              # enumeration, etc.
-            "name": "A String", # The option's name. For protobuf built-in options (options defined in
-                # descriptor.proto), this is the short name. For example, `"map_entry"`.
-                # For custom options, it should be the fully-qualified name. For example,
-                # `"google.api.http"`.
-            "value": { # The option's value packed in an Any message. If the value is a primitive,
-                # the corresponding wrapper type defined in google/protobuf/wrappers.proto
-                # should be used. If the value is an enum, it should be stored as an int32
-                # value using the google.protobuf.Int32Value type.
-              "a_key": "", # Properties of the object. Contains field @type with type URL.
+          # The parameters defined here will override the default parameters
+          # implemented by the system. If this field is missing from the service
+          # config, default system parameters will be used. Default system parameters
+          # and names is implementation-dependent.
+          #
+          # Example: define api key for all methods
+          #
+          #     system_parameters
+          #       rules:
+          #         - selector: &quot;*&quot;
+          #           parameters:
+          #             - name: api_key
+          #               url_query_parameter: api_key
+          #
+          #
+          # Example: define 2 api key names for a specific method.
+          #
+          #     system_parameters
+          #       rules:
+          #         - selector: &quot;/ListShelves&quot;
+          #           parameters:
+          #             - name: api_key
+          #               http_header: Api-Key1
+          #             - name: api_key
+          #               http_header: Api-Key2
+          #
+          # **NOTE:** All service configuration rules follow &quot;last one wins&quot; order.
+        { # Define a system parameter rule mapping system parameter definitions to
+            # methods.
+          &quot;parameters&quot;: [ # Define parameters. Multiple names may be defined for a parameter.
+              # For a given method call, only one of them should be used. If multiple
+              # names are used the behavior is implementation-dependent.
+              # If none of the specified names are present the behavior is
+              # parameter-dependent.
+            { # Define a parameter&#x27;s name and location. The parameter may be passed as either
+                # an HTTP header or a URL query parameter, and if both are passed the behavior
+                # is implementation-dependent.
+              &quot;httpHeader&quot;: &quot;A String&quot;, # Define the HTTP header name to use for the parameter. It is case
+                  # insensitive.
+              &quot;name&quot;: &quot;A String&quot;, # Define the name of the parameter, such as &quot;api_key&quot; . It is case sensitive.
+              &quot;urlQueryParameter&quot;: &quot;A String&quot;, # Define the URL query parameter name to use for the parameter. It is case
+                  # sensitive.
             },
+          ],
+          &quot;selector&quot;: &quot;A String&quot;, # Selects the methods to which this rule applies. Use &#x27;*&#x27; to indicate all
+              # methods in all APIs.
+              #
+              # Refer to selector for syntax details.
+        },
+      ],
+    },
+    &quot;backend&quot;: { # `Backend` defines the backend configuration for a service. # API backend configuration.
+      &quot;rules&quot;: [ # A list of API backend rules that apply to individual API methods.
+          #
+          # **NOTE:** All service configuration rules follow &quot;last one wins&quot; order.
+        { # A backend rule provides configuration for an individual API element.
+          &quot;protocol&quot;: &quot;A String&quot;, # The protocol used for sending a request to the backend.
+              # The supported values are &quot;http/1.1&quot; and &quot;h2&quot;.
+              #
+              # The default value is inferred from the scheme in the
+              # address field:
+              #
+              #    SCHEME        PROTOCOL
+              #    http://       http/1.1
+              #    https://      http/1.1
+              #    grpc://       h2
+              #    grpcs://      h2
+              #
+              # For secure HTTP backends (https://) that support HTTP/2, set this field
+              # to &quot;h2&quot; for improved performance.
+              #
+              # Configuring this field to non-default values is only supported for secure
+              # HTTP backends. This field will be ignored for all other backends.
+              #
+              # See
+              # https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids
+              # for more details on the supported values.
+          &quot;selector&quot;: &quot;A String&quot;, # Selects the methods to which this rule applies.
+              #
+              # Refer to selector for syntax details.
+          &quot;operationDeadline&quot;: 3.14, # The number of seconds to wait for the completion of a long running
+              # operation. The default is no deadline.
+          &quot;deadline&quot;: 3.14, # The number of seconds to wait for a response from a request. The default
+              # varies based on the request protocol and deployment environment.
+          &quot;minDeadline&quot;: 3.14, # Minimum deadline in seconds needed for this method. Calls having deadline
+              # value lower than this will be rejected.
+          &quot;address&quot;: &quot;A String&quot;, # The address of the API backend.
+              #
+              # The scheme is used to determine the backend protocol and security.
+              # The following schemes are accepted:
+              #
+              #    SCHEME        PROTOCOL    SECURITY
+              #    http://       HTTP        None
+              #    https://      HTTP        TLS
+              #    grpc://       gRPC        None
+              #    grpcs://      gRPC        TLS
+              #
+              # It is recommended to explicitly include a scheme. Leaving out the scheme
+              # may cause constrasting behaviors across platforms.
+              #
+              # If the port is unspecified, the default is:
+              # - 80 for schemes without TLS
+              # - 443 for schemes with TLS
+              #
+              # For HTTP backends, use protocol
+              # to specify the protocol version.
+          &quot;pathTranslation&quot;: &quot;A String&quot;,
+          &quot;jwtAudience&quot;: &quot;A String&quot;, # The JWT audience is used when generating a JWT ID token for the backend.
+              # This ID token will be added in the HTTP &quot;authorization&quot; header, and sent
+              # to the backend.
+          &quot;disableAuth&quot;: True or False, # When disable_auth is true, a JWT ID token won&#x27;t be generated and the
+              # original &quot;Authorization&quot; HTTP header will be preserved. If the header is
+              # used to carry the original token and is expected by the backend, this
+              # field must be set to true to preserve the header.
+          &quot;renameTo&quot;: &quot;A String&quot;, # Unimplemented. Do not use.
+              #
+              # The new name the selected proto elements should be renamed to.
+              #
+              # The package, the service and the method can all be renamed.
+              # The backend server should implement the renamed proto. However, clients
+              # should call the original method, and ESF routes the traffic to the renamed
+              # method.
+              #
+              # HTTP clients should call the URL mapped to the original method.
+              # gRPC and Stubby clients should call the original method with package name.
+              #
+              # For legacy reasons, ESF allows Stubby clients to call with the
+              # short name (without the package name). However, for API Versioning(or
+              # multiple methods mapped to the same short name), all Stubby clients must
+              # call the method&#x27;s full name with the package name, otherwise the first one
+              # (selector) wins.
+              #
+              # If this `rename_to` is specified with a trailing `*`, the `selector` must
+              # be specified with a trailing `*` as well. The all element short names
+              # matched by the `*` in the selector will be kept in the `rename_to`.
+              #
+              # For example,
+              #     rename_rules:
+              #     - selector: |-
+              #         google.example.library.v1.*
+              #       rename_to: google.example.library.*
+              #
+              # The selector matches `google.example.library.v1.Library.CreateShelf` and
+              # `google.example.library.v1.Library.CreateBook`, they will be renamed to
+              # `google.example.library.Library.CreateShelf` and
+              # `google.example.library.Library.CreateBook`. It essentially renames the
+              # proto package name section of the matched proto service and methods.
+        },
+      ],
+    },
+    &quot;documentation&quot;: { # `Documentation` provides the information for describing a service. # Additional API documentation.
+        #
+        # Example:
+        # &lt;pre&gt;&lt;code&gt;documentation:
+        #   summary: &gt;
+        #     The Google Calendar API gives access
+        #     to most calendar features.
+        #   pages:
+        #   - name: Overview
+        #     content: &amp;#40;== include google/foo/overview.md ==&amp;#41;
+        #   - name: Tutorial
+        #     content: &amp;#40;== include google/foo/tutorial.md ==&amp;#41;
+        #     subpages;
+        #     - name: Java
+        #       content: &amp;#40;== include google/foo/tutorial_java.md ==&amp;#41;
+        #   rules:
+        #   - selector: google.calendar.Calendar.Get
+        #     description: &gt;
+        #       ...
+        #   - selector: google.calendar.Calendar.Put
+        #     description: &gt;
+        #       ...
+        # &lt;/code&gt;&lt;/pre&gt;
+        # Documentation is provided in markdown syntax. In addition to
+        # standard markdown features, definition lists, tables and fenced
+        # code blocks are supported. Section headers can be provided and are
+        # interpreted relative to the section nesting of the context where
+        # a documentation fragment is embedded.
+        #
+        # Documentation from the IDL is merged with documentation defined
+        # via the config at normalization time, where documentation provided
+        # by config rules overrides IDL provided.
+        #
+        # A number of constructs specific to the API platform are supported
+        # in documentation text.
+        #
+        # In order to reference a proto element, the following
+        # notation can be used:
+        # &lt;pre&gt;&lt;code&gt;&amp;#91;fully.qualified.proto.name]&amp;#91;]&lt;/code&gt;&lt;/pre&gt;
+        # To override the display text used for the link, this can be used:
+        # &lt;pre&gt;&lt;code&gt;&amp;#91;display text]&amp;#91;fully.qualified.proto.name]&lt;/code&gt;&lt;/pre&gt;
+        # Text can be excluded from doc using the following notation:
+        # &lt;pre&gt;&lt;code&gt;&amp;#40;-- internal comment --&amp;#41;&lt;/code&gt;&lt;/pre&gt;
+        #
+        # A few directives are available in documentation. Note that
+        # directives must appear on a single line to be properly
+        # identified. The `include` directive includes a markdown file from
+        # an external source:
+        # &lt;pre&gt;&lt;code&gt;&amp;#40;== include path/to/file ==&amp;#41;&lt;/code&gt;&lt;/pre&gt;
+        # The `resource_for` directive marks a message to be the resource of
+        # a collection in REST view. If it is not specified, tools attempt
+        # to infer the resource from the operations in a collection:
+        # &lt;pre&gt;&lt;code&gt;&amp;#40;== resource_for v1.shelves.books ==&amp;#41;&lt;/code&gt;&lt;/pre&gt;
+        # The directive `suppress_warning` does not directly affect documentation
+        # and is documented together with service config validation.
+      &quot;documentationRootUrl&quot;: &quot;A String&quot;, # The URL to the root of documentation.
+      &quot;rules&quot;: [ # A list of documentation rules that apply to individual API elements.
+          #
+          # **NOTE:** All service configuration rules follow &quot;last one wins&quot; order.
+        { # A documentation rule provides information about individual API elements.
+          &quot;deprecationDescription&quot;: &quot;A String&quot;, # Deprecation description of the selected element(s). It can be provided if
+              # an element is marked as `deprecated`.
+          &quot;selector&quot;: &quot;A String&quot;, # The selector is a comma-separated list of patterns. Each pattern is a
+              # qualified name of the element which may end in &quot;*&quot;, indicating a wildcard.
+              # Wildcards are only allowed at the end and for a whole component of the
+              # qualified name, i.e. &quot;foo.*&quot; is ok, but not &quot;foo.b*&quot; or &quot;foo.*.bar&quot;. A
+              # wildcard will match one or more components. To specify a default for all
+              # applicable elements, the whole pattern &quot;*&quot; is used.
+          &quot;description&quot;: &quot;A String&quot;, # Description of the selected API(s).
+        },
+      ],
+      &quot;summary&quot;: &quot;A String&quot;, # A short summary of what the service does. Can only be provided by
+          # plain text.
+      &quot;overview&quot;: &quot;A String&quot;, # Declares a single overview page. For example:
+          # &lt;pre&gt;&lt;code&gt;documentation:
+          #   summary: ...
+          #   overview: &amp;#40;== include overview.md ==&amp;#41;
+          # &lt;/code&gt;&lt;/pre&gt;
+          # This is a shortcut for the following declaration (using pages style):
+          # &lt;pre&gt;&lt;code&gt;documentation:
+          #   summary: ...
+          #   pages:
+          #   - name: Overview
+          #     content: &amp;#40;== include overview.md ==&amp;#41;
+          # &lt;/code&gt;&lt;/pre&gt;
+          # Note: you cannot specify both `overview` field and `pages` field.
+      &quot;pages&quot;: [ # The top level pages for the documentation set.
+        { # Represents a documentation page. A page can contain subpages to represent
+            # nested documentation set structure.
+          &quot;name&quot;: &quot;A String&quot;, # The name of the page. It will be used as an identity of the page to
+              # generate URI of the page, text of the link to this page in navigation,
+              # etc. The full page name (start from the root page name to this page
+              # concatenated with `.`) can be used as reference to the page in your
+              # documentation. For example:
+              # &lt;pre&gt;&lt;code&gt;pages:
+              # - name: Tutorial
+              #   content: &amp;#40;== include tutorial.md ==&amp;#41;
+              #   subpages:
+              #   - name: Java
+              #     content: &amp;#40;== include tutorial_java.md ==&amp;#41;
+              # &lt;/code&gt;&lt;/pre&gt;
+              # You can reference `Java` page using Markdown reference link syntax:
+              # `Java`.
+          &quot;content&quot;: &quot;A String&quot;, # The Markdown content of the page. You can use &lt;code&gt;&amp;#40;== include {path}
+              # ==&amp;#41;&lt;/code&gt; to include content from a Markdown file.
+          &quot;subpages&quot;: [ # Subpages of this page. The order of subpages specified here will be
+              # honored in the generated docset.
+            # Object with schema name: Page
+          ],
+        },
+      ],
+      &quot;serviceRootUrl&quot;: &quot;A String&quot;, # Specifies the service root url if the default one (the service name
+          # from the yaml file) is not suitable. This can be seen in any fully
+          # specified service urls as well as sections that show a base that other
+          # urls are relative to.
+    },
+    &quot;logging&quot;: { # Logging configuration of the service. # Logging configuration.
+        #
+        # The following example shows how to configure logs to be sent to the
+        # producer and consumer projects. In the example, the `activity_history`
+        # log is sent to both the producer and consumer projects, whereas the
+        # `purchase_history` log is only sent to the producer project.
+        #
+        #     monitored_resources:
+        #     - type: library.googleapis.com/branch
+        #       labels:
+        #       - key: /city
+        #         description: The city where the library branch is located in.
+        #       - key: /name
+        #         description: The name of the branch.
+        #     logs:
+        #     - name: activity_history
+        #       labels:
+        #       - key: /customer_id
+        #     - name: purchase_history
+        #     logging:
+        #       producer_destinations:
+        #       - monitored_resource: library.googleapis.com/branch
+        #         logs:
+        #         - activity_history
+        #         - purchase_history
+        #       consumer_destinations:
+        #       - monitored_resource: library.googleapis.com/branch
+        #         logs:
+        #         - activity_history
+      &quot;producerDestinations&quot;: [ # Logging configurations for sending logs to the producer project.
+          # There can be multiple producer destinations, each one must have a
+          # different monitored resource type. A log can be used in at most
+          # one producer destination.
+        { # Configuration of a specific logging destination (the producer project
+            # or the consumer project).
+          &quot;logs&quot;: [ # Names of the logs to be sent to this destination. Each name must
+              # be defined in the Service.logs section. If the log name is
+              # not a domain scoped name, it will be automatically prefixed with
+              # the service name followed by &quot;/&quot;.
+            &quot;A String&quot;,
+          ],
+          &quot;monitoredResource&quot;: &quot;A String&quot;, # The monitored resource type. The type must be defined in the
+              # Service.monitored_resources section.
+        },
+      ],
+      &quot;consumerDestinations&quot;: [ # Logging configurations for sending logs to the consumer project.
+          # There can be multiple consumer destinations, each one must have a
+          # different monitored resource type. A log can be used in at most
+          # one consumer destination.
+        { # Configuration of a specific logging destination (the producer project
+            # or the consumer project).
+          &quot;logs&quot;: [ # Names of the logs to be sent to this destination. Each name must
+              # be defined in the Service.logs section. If the log name is
+              # not a domain scoped name, it will be automatically prefixed with
+              # the service name followed by &quot;/&quot;.
+            &quot;A String&quot;,
+          ],
+          &quot;monitoredResource&quot;: &quot;A String&quot;, # The monitored resource type. The type must be defined in the
+              # Service.monitored_resources section.
+        },
+      ],
+    },
+    &quot;monitoredResources&quot;: [ # Defines the monitored resources used by this service. This is required
+        # by the Service.monitoring and Service.logging configurations.
+      { # An object that describes the schema of a MonitoredResource object using a
+          # type name and a set of labels.  For example, the monitored resource
+          # descriptor for Google Compute Engine VM instances has a type of
+          # `&quot;gce_instance&quot;` and specifies the use of the labels `&quot;instance_id&quot;` and
+          # `&quot;zone&quot;` to identify particular VM instances.
+          #
+          # Different APIs can support different monitored resource types. APIs generally
+          # provide a `list` method that returns the monitored resource descriptors used
+          # by the API.
+        &quot;displayName&quot;: &quot;A String&quot;, # Optional. A concise name for the monitored resource type that might be
+            # displayed in user interfaces. It should be a Title Cased Noun Phrase,
+            # without any article or other determiners. For example,
+            # `&quot;Google Cloud SQL Database&quot;`.
+        &quot;description&quot;: &quot;A String&quot;, # Optional. A detailed description of the monitored resource type that might
+            # be used in documentation.
+        &quot;launchStage&quot;: &quot;A String&quot;, # Optional. The launch stage of the monitored resource definition.
+        &quot;labels&quot;: [ # Required. A set of labels used to describe instances of this monitored
+            # resource type. For example, an individual Google Cloud SQL database is
+            # identified by values for the labels `&quot;database_id&quot;` and `&quot;zone&quot;`.
+          { # A description of a label.
+            &quot;key&quot;: &quot;A String&quot;, # The label key.
+            &quot;description&quot;: &quot;A String&quot;, # A human-readable description for the label.
+            &quot;valueType&quot;: &quot;A String&quot;, # The type of data that can be assigned to the label.
           },
         ],
-        "methods": [ # The methods of this interface, in unspecified order.
-          { # Method represents a method of an API interface.
-            "name": "A String", # The simple name of this method.
-            "requestStreaming": True or False, # If true, the request is streamed.
-            "responseTypeUrl": "A String", # The URL of the output message type.
-            "requestTypeUrl": "A String", # A URL of the input message type.
-            "responseStreaming": True or False, # If true, the response is streamed.
-            "syntax": "A String", # The source syntax of this method.
-            "options": [ # Any metadata attached to the method.
-              { # A protocol buffer option, which can be attached to a message, field,
-                  # enumeration, etc.
-                "name": "A String", # The option's name. For protobuf built-in options (options defined in
-                    # descriptor.proto), this is the short name. For example, `"map_entry"`.
-                    # For custom options, it should be the fully-qualified name. For example,
-                    # `"google.api.http"`.
-                "value": { # The option's value packed in an Any message. If the value is a primitive,
-                    # the corresponding wrapper type defined in google/protobuf/wrappers.proto
-                    # should be used. If the value is an enum, it should be stored as an int32
-                    # value using the google.protobuf.Int32Value type.
-                  "a_key": "", # Properties of the object. Contains field @type with type URL.
-                },
-              },
-            ],
-          },
-        ],
+        &quot;name&quot;: &quot;A String&quot;, # Optional. The resource name of the monitored resource descriptor:
+            # `&quot;projects/{project_id}/monitoredResourceDescriptors/{type}&quot;` where
+            # {type} is the value of the `type` field in this object and
+            # {project_id} is a project ID that provides API-specific context for
+            # accessing the type.  APIs that do not use project information can use the
+            # resource name format `&quot;monitoredResourceDescriptors/{type}&quot;`.
+        &quot;type&quot;: &quot;A String&quot;, # Required. The monitored resource type. For example, the type
+            # `&quot;cloudsql_database&quot;` represents databases in Google Cloud SQL.
+            # The maximum length of this value is 256 characters.
       },
     ],
-    "customError": { # Customize service error responses.  For example, list any service # Custom error configuration.
-        # specific protobuf types that can appear in error detail lists of
-        # error responses.
+    &quot;context&quot;: { # `Context` defines which contexts an API requests. # Context configuration.
         #
         # Example:
         #
-        #     custom_error:
-        #       types:
-        #       - google.foo.v1.CustomError
-        #       - google.foo.v1.AnotherError
-      "rules": [ # The list of custom error rules that apply to individual API messages.
+        #     context:
+        #       rules:
+        #       - selector: &quot;*&quot;
+        #         requested:
+        #         - google.rpc.context.ProjectContext
+        #         - google.rpc.context.OriginContext
+        #
+        # The above specifies that all methods in the API request
+        # `google.rpc.context.ProjectContext` and
+        # `google.rpc.context.OriginContext`.
+        #
+        # Available context types are defined in package
+        # `google.rpc.context`.
+        #
+        # This also provides mechanism to whitelist any protobuf message extension that
+        # can be sent in grpc metadata using “x-goog-ext-&lt;extension_id&gt;-bin” and
+        # “x-goog-ext-&lt;extension_id&gt;-jspb” format. For example, list any service
+        # specific protobuf types that can appear in grpc metadata as follows in your
+        # yaml file:
+        #
+        # Example:
+        #
+        #     context:
+        #       rules:
+        #        - selector: &quot;google.example.library.v1.LibraryService.CreateBook&quot;
+        #          allowed_request_extensions:
+        #          - google.foo.v1.NewExtension
+        #          allowed_response_extensions:
+        #          - google.foo.v1.NewExtension
+        #
+        # You can also specify extension ID instead of fully qualified extension name
+        # here.
+      &quot;rules&quot;: [ # A list of RPC context rules that apply to individual API methods.
           #
-          # **NOTE:** All service configuration rules follow "last one wins" order.
-        { # A custom error rule.
-          "isErrorType": True or False, # Mark this message as possible payload in error response.  Otherwise,
-              # objects of this type will be filtered when they appear in error payload.
-          "selector": "A String", # Selects messages to which this rule applies.
+          # **NOTE:** All service configuration rules follow &quot;last one wins&quot; order.
+        { # A context rule provides information about the context for an individual API
+            # element.
+          &quot;requested&quot;: [ # A list of full type names of requested contexts.
+            &quot;A String&quot;,
+          ],
+          &quot;allowedRequestExtensions&quot;: [ # A list of full type names or extension IDs of extensions allowed in grpc
+              # side channel from client to backend.
+            &quot;A String&quot;,
+          ],
+          &quot;allowedResponseExtensions&quot;: [ # A list of full type names or extension IDs of extensions allowed in grpc
+              # side channel from backend to client.
+            &quot;A String&quot;,
+          ],
+          &quot;selector&quot;: &quot;A String&quot;, # Selects the methods to which this rule applies.
               #
               # Refer to selector for syntax details.
-        },
-      ],
-      "types": [ # The list of custom error detail types, e.g. 'google.foo.v1.CustomError'.
-        "A String",
-      ],
-    },
-    "quota": { # Quota configuration helps to achieve fairness and budgeting in service # Quota configuration.
-        # usage.
-        #
-        # The metric based quota configuration works this way:
-        # - The service configuration defines a set of metrics.
-        # - For API calls, the quota.metric_rules maps methods to metrics with
-        #   corresponding costs.
-        # - The quota.limits defines limits on the metrics, which will be used for
-        #   quota checks at runtime.
-        #
-        # An example quota configuration in yaml format:
-        #
-        #    quota:
-        #      limits:
-        #
-        #      - name: apiWriteQpsPerProject
-        #        metric: library.googleapis.com/write_calls
-        #        unit: "1/min/{project}"  # rate limit for consumer projects
-        #        values:
-        #          STANDARD: 10000
-        #
-        #
-        #      # The metric rules bind all methods to the read_calls metric,
-        #      # except for the UpdateBook and DeleteBook methods. These two methods
-        #      # are mapped to the write_calls metric, with the UpdateBook method
-        #      # consuming at twice rate as the DeleteBook method.
-        #      metric_rules:
-        #      - selector: "*"
-        #        metric_costs:
-        #          library.googleapis.com/read_calls: 1
-        #      - selector: google.example.library.v1.LibraryService.UpdateBook
-        #        metric_costs:
-        #          library.googleapis.com/write_calls: 2
-        #      - selector: google.example.library.v1.LibraryService.DeleteBook
-        #        metric_costs:
-        #          library.googleapis.com/write_calls: 1
-        #
-        #  Corresponding Metric definition:
-        #
-        #      metrics:
-        #      - name: library.googleapis.com/read_calls
-        #        display_name: Read requests
-        #        metric_kind: DELTA
-        #        value_type: INT64
-        #
-        #      - name: library.googleapis.com/write_calls
-        #        display_name: Write requests
-        #        metric_kind: DELTA
-        #        value_type: INT64
-        #
-      "metricRules": [ # List of `MetricRule` definitions, each one mapping a selected method to one
-          # or more metrics.
-        { # Bind API methods to metrics. Binding a method to a metric causes that
-            # metric's configured quota behaviors to apply to the method call.
-          "metricCosts": { # Metrics to update when the selected methods are called, and the associated
-              # cost applied to each metric.
-              #
-              # The key of the map is the metric name, and the values are the amount
-              # increased for the metric against which the quota limits are defined.
-              # The value must not be negative.
-            "a_key": "A String",
-          },
-          "selector": "A String", # Selects the methods to which this rule applies.
-              #
-              # Refer to selector for syntax details.
-        },
-      ],
-      "limits": [ # List of `QuotaLimit` definitions for the service.
-        { # `QuotaLimit` defines a specific limit that applies over a specified duration
-            # for a limit type. There can be at most one limit for a duration and limit
-            # type combination defined within a `QuotaGroup`.
-          "displayName": "A String", # User-visible display name for this limit.
-              # Optional. If not set, the UI will provide a default display name based on
-              # the quota configuration. This field can be used to override the default
-              # display name generated from the configuration.
-          "description": "A String", # Optional. User-visible, extended description for this quota limit.
-              # Should be used only when more context is needed to understand this limit
-              # than provided by the limit's display name (see: `display_name`).
-          "defaultLimit": "A String", # Default number of tokens that can be consumed during the specified
-              # duration. This is the number of tokens assigned when a client
-              # application developer activates the service for his/her project.
-              #
-              # Specifying a value of 0 will block all requests. This can be used if you
-              # are provisioning quota to selected consumers and blocking others.
-              # Similarly, a value of -1 will indicate an unlimited quota. No other
-              # negative values are allowed.
-              #
-              # Used by group-based quotas only.
-          "metric": "A String", # The name of the metric this quota limit applies to. The quota limits with
-              # the same metric will be checked together during runtime. The metric must be
-              # defined within the service config.
-          "values": { # Tiered limit values. You must specify this as a key:value pair, with an
-              # integer value that is the maximum number of requests allowed for the
-              # specified unit. Currently only STANDARD is supported.
-            "a_key": "A String",
-          },
-          "maxLimit": "A String", # Maximum number of tokens that can be consumed during the specified
-              # duration. Client application developers can override the default limit up
-              # to this maximum. If specified, this value cannot be set to a value less
-              # than the default limit. If not specified, it is set to the default limit.
-              #
-              # To allow clients to apply overrides with no upper bound, set this to -1,
-              # indicating unlimited maximum quota.
-              #
-              # Used by group-based quotas only.
-          "duration": "A String", # Duration of this limit in textual notation. Must be "100s" or "1d".
-              #
-              # Used by group-based quotas only.
-          "freeTier": "A String", # Free tier value displayed in the Developers Console for this limit.
-              # The free tier is the number of tokens that will be subtracted from the
-              # billed amount when billing is enabled.
-              # This field can only be set on a limit with duration "1d", in a billable
-              # group; it is invalid on any other limit. If this field is not set, it
-              # defaults to 0, indicating that there is no free tier for this service.
-              #
-              # Used by group-based quotas only.
-          "unit": "A String", # Specify the unit of the quota limit. It uses the same syntax as
-              # Metric.unit. The supported unit kinds are determined by the quota
-              # backend system.
-              #
-              # Here are some examples:
-              # * "1/min/{project}" for quota per minute per project.
-              #
-              # Note: the order of unit components is insignificant.
-              # The "1" at the beginning is required to follow the metric unit syntax.
-          "name": "A String", # Name of the quota limit.
-              #
-              # The name must be provided, and it must be unique within the service. The
-              # name can only include alphanumeric characters as well as '-'.
-              #
-              # The maximum length of the limit name is 64 characters.
+          &quot;provided&quot;: [ # A list of full type names of provided contexts.
+            &quot;A String&quot;,
+          ],
         },
       ],
     },
-    "metrics": [ # Defines the metrics used by this service.
+    &quot;enums&quot;: [ # A list of all enum types included in this API service.  Enums
+        # referenced directly or indirectly by the `apis` are automatically
+        # included.  Enums which are not referenced but shall be included
+        # should be listed here by name. Example:
+        #
+        #     enums:
+        #     - name: google.someapi.v1.SomeEnum
+      { # Enum type definition.
+        &quot;name&quot;: &quot;A String&quot;, # Enum type name.
+        &quot;enumvalue&quot;: [ # Enum value definitions.
+          { # Enum value definition.
+            &quot;name&quot;: &quot;A String&quot;, # Enum value name.
+            &quot;options&quot;: [ # Protocol buffer options.
+              { # A protocol buffer option, which can be attached to a message, field,
+                  # enumeration, etc.
+                &quot;value&quot;: { # The option&#x27;s value packed in an Any message. If the value is a primitive,
+                    # the corresponding wrapper type defined in google/protobuf/wrappers.proto
+                    # should be used. If the value is an enum, it should be stored as an int32
+                    # value using the google.protobuf.Int32Value type.
+                  &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
+                },
+                &quot;name&quot;: &quot;A String&quot;, # The option&#x27;s name. For protobuf built-in options (options defined in
+                    # descriptor.proto), this is the short name. For example, `&quot;map_entry&quot;`.
+                    # For custom options, it should be the fully-qualified name. For example,
+                    # `&quot;google.api.http&quot;`.
+              },
+            ],
+            &quot;number&quot;: 42, # Enum value number.
+          },
+        ],
+        &quot;options&quot;: [ # Protocol buffer options.
+          { # A protocol buffer option, which can be attached to a message, field,
+              # enumeration, etc.
+            &quot;value&quot;: { # The option&#x27;s value packed in an Any message. If the value is a primitive,
+                # the corresponding wrapper type defined in google/protobuf/wrappers.proto
+                # should be used. If the value is an enum, it should be stored as an int32
+                # value using the google.protobuf.Int32Value type.
+              &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
+            },
+            &quot;name&quot;: &quot;A String&quot;, # The option&#x27;s name. For protobuf built-in options (options defined in
+                # descriptor.proto), this is the short name. For example, `&quot;map_entry&quot;`.
+                # For custom options, it should be the fully-qualified name. For example,
+                # `&quot;google.api.http&quot;`.
+          },
+        ],
+        &quot;sourceContext&quot;: { # `SourceContext` represents information about the source of a # The source context.
+            # protobuf element, like the file in which it is defined.
+          &quot;fileName&quot;: &quot;A String&quot;, # The path-qualified name of the .proto file that contained the associated
+              # protobuf element.  For example: `&quot;google/protobuf/source_context.proto&quot;`.
+        },
+        &quot;syntax&quot;: &quot;A String&quot;, # The source syntax.
+      },
+    ],
+    &quot;id&quot;: &quot;A String&quot;, # A unique ID for a specific instance of this message, typically assigned
+        # by the client for tracking purpose. Must be no longer than 63 characters
+        # and only lower case letters, digits, &#x27;.&#x27;, &#x27;_&#x27; and &#x27;-&#x27; are allowed. If
+        # empty, the server may choose to generate one instead.
+    &quot;usage&quot;: { # Configuration controlling usage of a service. # Configuration controlling usage of this service.
+      &quot;producerNotificationChannel&quot;: &quot;A String&quot;, # The full resource name of a channel used for sending notifications to the
+          # service producer.
+          #
+          # Google Service Management currently only supports
+          # [Google Cloud Pub/Sub](https://cloud.google.com/pubsub) as a notification
+          # channel. To use Google Cloud Pub/Sub as the channel, this must be the name
+          # of a Cloud Pub/Sub topic that uses the Cloud Pub/Sub topic name format
+          # documented in https://cloud.google.com/pubsub/docs/overview.
+      &quot;rules&quot;: [ # A list of usage rules that apply to individual API methods.
+          #
+          # **NOTE:** All service configuration rules follow &quot;last one wins&quot; order.
+        { # Usage configuration rules for the service.
+            #
+            # NOTE: Under development.
+            #
+            #
+            # Use this rule to configure unregistered calls for the service. Unregistered
+            # calls are calls that do not contain consumer project identity.
+            # (Example: calls that do not contain an API key).
+            # By default, API methods do not allow unregistered calls, and each method call
+            # must be identified by a consumer project identity. Use this rule to
+            # allow/disallow unregistered calls.
+            #
+            # Example of an API that wants to allow unregistered calls for entire service.
+            #
+            #     usage:
+            #       rules:
+            #       - selector: &quot;*&quot;
+            #         allow_unregistered_calls: true
+            #
+            # Example of a method that wants to allow unregistered calls.
+            #
+            #     usage:
+            #       rules:
+            #       - selector: &quot;google.example.library.v1.LibraryService.CreateBook&quot;
+            #         allow_unregistered_calls: true
+          &quot;selector&quot;: &quot;A String&quot;, # Selects the methods to which this rule applies. Use &#x27;*&#x27; to indicate all
+              # methods in all APIs.
+              #
+              # Refer to selector for syntax details.
+          &quot;skipServiceControl&quot;: True or False, # If true, the selected method should skip service control and the control
+              # plane features, such as quota and billing, will not be available.
+              # This flag is used by Google Cloud Endpoints to bypass checks for internal
+              # methods, such as service health check methods.
+          &quot;allowUnregisteredCalls&quot;: True or False, # If true, the selected method allows unregistered calls, e.g. calls
+              # that don&#x27;t identify any user or application.
+        },
+      ],
+      &quot;serviceIdentity&quot;: { # The per-product per-project service identity for a service. # The configuration of a per-product per-project service identity.
+          #
+          #
+          # Use this field to configure per-product per-project service identity.
+          # Example of a service identity configuration.
+          #
+          #     usage:
+          #       service_identity:
+          #       - service_account_parent: &quot;projects/123456789&quot;
+          #         display_name: &quot;Cloud XXX Service Agent&quot;
+          #         description: &quot;Used as the identity of Cloud XXX to access resources&quot;
+        &quot;serviceAccountParent&quot;: &quot;A String&quot;, # A service account project that hosts the service accounts.
+            #
+            # An example name would be:
+            # `projects/123456789`
+        &quot;displayName&quot;: &quot;A String&quot;, # Optional. A user-specified name for the service account.
+            # Must be less than or equal to 100 UTF-8 bytes.
+        &quot;description&quot;: &quot;A String&quot;, # Optional. A user-specified opaque description of the service account.
+            # Must be less than or equal to 256 UTF-8 bytes.
+      },
+      &quot;requirements&quot;: [ # Requirements that must be satisfied before a consumer project can use the
+          # service. Each requirement is of the form &lt;service.name&gt;/&lt;requirement-id&gt;;
+          # for example &#x27;serviceusage.googleapis.com/billing-enabled&#x27;.
+        &quot;A String&quot;,
+      ],
+    },
+    &quot;metrics&quot;: [ # Defines the metrics used by this service.
       { # Defines a metric type and its schema. Once a metric descriptor is created,
-          # deleting or altering it stops data collection and makes the metric type's
+          # deleting or altering it stops data collection and makes the metric type&#x27;s
           # existing data unusable.
-        "displayName": "A String", # A concise name for the metric, which can be displayed in user interfaces.
-            # Use sentence case without an ending period, for example "Request count".
-            # This field is optional but it is recommended to be set for any metrics
-            # associated with user-visible concepts, such as Quota.
-        "description": "A String", # A detailed description of the metric, which can be used in documentation.
-        "metricKind": "A String", # Whether the metric records instantaneous values, changes to a value, etc.
-            # Some combinations of `metric_kind` and `value_type` might not be supported.
-        "valueType": "A String", # Whether the measurement is an integer, a floating-point number, etc.
-            # Some combinations of `metric_kind` and `value_type` might not be supported.
-        "labels": [ # The set of labels that can be used to describe a specific
-            # instance of this metric type. For example, the
-            # `appengine.googleapis.com/http/server/response_latencies` metric
-            # type has a label for the HTTP response code, `response_code`, so
-            # you can look at latencies for successful responses or just
-            # for responses that failed.
-          { # A description of a label.
-            "valueType": "A String", # The type of data that can be assigned to the label.
-            "description": "A String", # A human-readable description for the label.
-            "key": "A String", # The label key.
-          },
-        ],
-        "launchStage": "A String", # Optional. The launch stage of the metric definition.
-        "monitoredResourceTypes": [ # Read-only. If present, then a time
-            # series, which is identified partially by
-            # a metric type and a MonitoredResourceDescriptor, that is associated
-            # with this metric type can only be associated with one of the monitored
-            # resource types listed here.
-          "A String",
-        ],
-        "metadata": { # Additional annotations that can be used to guide the usage of a metric. # Optional. Metadata which can be used to guide usage of the metric.
-          "launchStage": "A String", # Deprecated. Must use the MetricDescriptor.launch_stage instead.
-          "ingestDelay": "A String", # The delay of data points caused by ingestion. Data points older than this
-              # age are guaranteed to be ingested and available to be read, excluding
-              # data loss due to errors.
-          "samplePeriod": "A String", # The sampling period of metric data points. For metrics which are written
-              # periodically, consecutive data points are stored at this time interval,
-              # excluding data loss due to errors. Metrics with a higher granularity have
-              # a smaller sampling period.
-        },
-        "type": "A String", # The metric type, including its DNS name prefix. The type is not
+        &quot;name&quot;: &quot;A String&quot;, # The resource name of the metric descriptor.
+        &quot;type&quot;: &quot;A String&quot;, # The metric type, including its DNS name prefix. The type is not
             # URL-encoded.  All user-defined metric types have the DNS name
             # `custom.googleapis.com` or `external.googleapis.com`.  Metric types should
             # use a natural hierarchical grouping. For example:
             #
-            #     "custom.googleapis.com/invoice/paid/amount"
-            #     "external.googleapis.com/prometheus/up"
-            #     "appengine.googleapis.com/http/server/response_latencies"
-        "unit": "A String", # The units in which the metric value is reported. It is only applicable
+            #     &quot;custom.googleapis.com/invoice/paid/amount&quot;
+            #     &quot;external.googleapis.com/prometheus/up&quot;
+            #     &quot;appengine.googleapis.com/http/server/response_latencies&quot;
+        &quot;metadata&quot;: { # Additional annotations that can be used to guide the usage of a metric. # Optional. Metadata which can be used to guide usage of the metric.
+          &quot;ingestDelay&quot;: &quot;A String&quot;, # The delay of data points caused by ingestion. Data points older than this
+              # age are guaranteed to be ingested and available to be read, excluding
+              # data loss due to errors.
+          &quot;launchStage&quot;: &quot;A String&quot;, # Deprecated. Must use the MetricDescriptor.launch_stage instead.
+          &quot;samplePeriod&quot;: &quot;A String&quot;, # The sampling period of metric data points. For metrics which are written
+              # periodically, consecutive data points are stored at this time interval,
+              # excluding data loss due to errors. Metrics with a higher granularity have
+              # a smaller sampling period.
+        },
+        &quot;valueType&quot;: &quot;A String&quot;, # Whether the measurement is an integer, a floating-point number, etc.
+            # Some combinations of `metric_kind` and `value_type` might not be supported.
+        &quot;metricKind&quot;: &quot;A String&quot;, # Whether the metric records instantaneous values, changes to a value, etc.
+            # Some combinations of `metric_kind` and `value_type` might not be supported.
+        &quot;description&quot;: &quot;A String&quot;, # A detailed description of the metric, which can be used in documentation.
+        &quot;displayName&quot;: &quot;A String&quot;, # A concise name for the metric, which can be displayed in user interfaces.
+            # Use sentence case without an ending period, for example &quot;Request count&quot;.
+            # This field is optional but it is recommended to be set for any metrics
+            # associated with user-visible concepts, such as Quota.
+        &quot;unit&quot;: &quot;A String&quot;, # The units in which the metric value is reported. It is only applicable
             # if the `value_type` is `INT64`, `DOUBLE`, or `DISTRIBUTION`. The `unit`
             # defines the representation of the stored metric values.
             #
@@ -1953,14 +2246,14 @@
             #
             # The grammar for a unit is as follows:
             #
-            #     Expression = Component { "." Component } { "/" Component } ;
+            #     Expression = Component { &quot;.&quot; Component } { &quot;/&quot; Component } ;
             #
-            #     Component = ( [ PREFIX ] UNIT | "%" ) [ Annotation ]
+            #     Component = ( [ PREFIX ] UNIT | &quot;%&quot; ) [ Annotation ]
             #               | Annotation
-            #               | "1"
+            #               | &quot;1&quot;
             #               ;
             #
-            #     Annotation = "{" NAME "}" ;
+            #     Annotation = &quot;{&quot; NAME &quot;}&quot; ;
             #
             # Notes:
             #
@@ -1972,495 +2265,213 @@
             # * `1` represents a unitary [dimensionless
             #    unit](https://en.wikipedia.org/wiki/Dimensionless_quantity) of 1, such
             #    as in `1/s`. It is typically used when none of the basic units are
-            #    appropriate. For example, "new users per day" can be represented as
-            #    `1/d` or `{new-users}/d` (and a metric value `5` would mean "5 new
-            #    users). Alternatively, "thousands of page views per day" would be
+            #    appropriate. For example, &quot;new users per day&quot; can be represented as
+            #    `1/d` or `{new-users}/d` (and a metric value `5` would mean &quot;5 new
+            #    users). Alternatively, &quot;thousands of page views per day&quot; would be
             #    represented as `1000/d` or `k1/d` or `k{page_views}/d` (and a metric
-            #    value of `5.3` would mean "5300 page views per day").
+            #    value of `5.3` would mean &quot;5300 page views per day&quot;).
             # * `%` represents dimensionless value of 1/100, and annotates values giving
             #    a percentage (so the metric values are typically in the range of 0..100,
-            #    and a metric value `3` means "3 percent").
+            #    and a metric value `3` means &quot;3 percent&quot;).
             # * `10^2.%` indicates a metric contains a ratio, typically in the range
             #    0..1, that will be multiplied by 100 and displayed as a percentage
-            #    (so a metric value `0.03` means "3 percent").
-        "name": "A String", # The resource name of the metric descriptor.
-      },
-    ],
-    "enums": [ # A list of all enum types included in this API service.  Enums
-        # referenced directly or indirectly by the `apis` are automatically
-        # included.  Enums which are not referenced but shall be included
-        # should be listed here by name. Example:
-        #
-        #     enums:
-        #     - name: google.someapi.v1.SomeEnum
-      { # Enum type definition.
-        "syntax": "A String", # The source syntax.
-        "sourceContext": { # `SourceContext` represents information about the source of a # The source context.
-            # protobuf element, like the file in which it is defined.
-          "fileName": "A String", # The path-qualified name of the .proto file that contained the associated
-              # protobuf element.  For example: `"google/protobuf/source_context.proto"`.
-        },
-        "options": [ # Protocol buffer options.
-          { # A protocol buffer option, which can be attached to a message, field,
-              # enumeration, etc.
-            "name": "A String", # The option's name. For protobuf built-in options (options defined in
-                # descriptor.proto), this is the short name. For example, `"map_entry"`.
-                # For custom options, it should be the fully-qualified name. For example,
-                # `"google.api.http"`.
-            "value": { # The option's value packed in an Any message. If the value is a primitive,
-                # the corresponding wrapper type defined in google/protobuf/wrappers.proto
-                # should be used. If the value is an enum, it should be stored as an int32
-                # value using the google.protobuf.Int32Value type.
-              "a_key": "", # Properties of the object. Contains field @type with type URL.
-            },
-          },
+            #    (so a metric value `0.03` means &quot;3 percent&quot;).
+        &quot;monitoredResourceTypes&quot;: [ # Read-only. If present, then a time
+            # series, which is identified partially by
+            # a metric type and a MonitoredResourceDescriptor, that is associated
+            # with this metric type can only be associated with one of the monitored
+            # resource types listed here.
+          &quot;A String&quot;,
         ],
-        "name": "A String", # Enum type name.
-        "enumvalue": [ # Enum value definitions.
-          { # Enum value definition.
-            "options": [ # Protocol buffer options.
-              { # A protocol buffer option, which can be attached to a message, field,
-                  # enumeration, etc.
-                "name": "A String", # The option's name. For protobuf built-in options (options defined in
-                    # descriptor.proto), this is the short name. For example, `"map_entry"`.
-                    # For custom options, it should be the fully-qualified name. For example,
-                    # `"google.api.http"`.
-                "value": { # The option's value packed in an Any message. If the value is a primitive,
-                    # the corresponding wrapper type defined in google/protobuf/wrappers.proto
-                    # should be used. If the value is an enum, it should be stored as an int32
-                    # value using the google.protobuf.Int32Value type.
-                  "a_key": "", # Properties of the object. Contains field @type with type URL.
-                },
-              },
-            ],
-            "number": 42, # Enum value number.
-            "name": "A String", # Enum value name.
+        &quot;launchStage&quot;: &quot;A String&quot;, # Optional. The launch stage of the metric definition.
+        &quot;labels&quot;: [ # The set of labels that can be used to describe a specific
+            # instance of this metric type. For example, the
+            # `appengine.googleapis.com/http/server/response_latencies` metric
+            # type has a label for the HTTP response code, `response_code`, so
+            # you can look at latencies for successful responses or just
+            # for responses that failed.
+          { # A description of a label.
+            &quot;key&quot;: &quot;A String&quot;, # The label key.
+            &quot;description&quot;: &quot;A String&quot;, # A human-readable description for the label.
+            &quot;valueType&quot;: &quot;A String&quot;, # The type of data that can be assigned to the label.
           },
         ],
       },
     ],
-    "types": [ # A list of all proto message types included in this API service.
-        # Types referenced directly or indirectly by the `apis` are
-        # automatically included.  Messages which are not referenced but
-        # shall be included, such as types used by the `google.protobuf.Any` type,
-        # should be listed here by name. Example:
+    &quot;authentication&quot;: { # `Authentication` defines the authentication configuration for an API. # Auth configuration.
         #
-        #     types:
-        #     - name: google.protobuf.Int32
-      { # A protocol buffer message type.
-        "oneofs": [ # The list of types appearing in `oneof` definitions in this type.
-          "A String",
-        ],
-        "name": "A String", # The fully qualified message name.
-        "fields": [ # The list of fields.
-          { # A single field of a message type.
-            "kind": "A String", # The field type.
-            "oneofIndex": 42, # The index of the field type in `Type.oneofs`, for message or enumeration
-                # types. The first type has index 1; zero means the type is not in the list.
-            "typeUrl": "A String", # The field type URL, without the scheme, for message or enumeration
-                # types. Example: `"type.googleapis.com/google.protobuf.Timestamp"`.
-            "name": "A String", # The field name.
-            "defaultValue": "A String", # The string value of the default value of this field. Proto2 syntax only.
-            "jsonName": "A String", # The field JSON name.
-            "number": 42, # The field number.
-            "cardinality": "A String", # The field cardinality.
-            "options": [ # The protocol buffer options.
-              { # A protocol buffer option, which can be attached to a message, field,
-                  # enumeration, etc.
-                "name": "A String", # The option's name. For protobuf built-in options (options defined in
-                    # descriptor.proto), this is the short name. For example, `"map_entry"`.
-                    # For custom options, it should be the fully-qualified name. For example,
-                    # `"google.api.http"`.
-                "value": { # The option's value packed in an Any message. If the value is a primitive,
-                    # the corresponding wrapper type defined in google/protobuf/wrappers.proto
-                    # should be used. If the value is an enum, it should be stored as an int32
-                    # value using the google.protobuf.Int32Value type.
-                  "a_key": "", # Properties of the object. Contains field @type with type URL.
-                },
-              },
-            ],
-            "packed": True or False, # Whether to use alternative packed wire representation.
-          },
-        ],
-        "syntax": "A String", # The source syntax.
-        "sourceContext": { # `SourceContext` represents information about the source of a # The source context.
-            # protobuf element, like the file in which it is defined.
-          "fileName": "A String", # The path-qualified name of the .proto file that contained the associated
-              # protobuf element.  For example: `"google/protobuf/source_context.proto"`.
-        },
-        "options": [ # The protocol buffer options.
-          { # A protocol buffer option, which can be attached to a message, field,
-              # enumeration, etc.
-            "name": "A String", # The option's name. For protobuf built-in options (options defined in
-                # descriptor.proto), this is the short name. For example, `"map_entry"`.
-                # For custom options, it should be the fully-qualified name. For example,
-                # `"google.api.http"`.
-            "value": { # The option's value packed in an Any message. If the value is a primitive,
-                # the corresponding wrapper type defined in google/protobuf/wrappers.proto
-                # should be used. If the value is an enum, it should be stored as an int32
-                # value using the google.protobuf.Int32Value type.
-              "a_key": "", # Properties of the object. Contains field @type with type URL.
-            },
-          },
-        ],
-      },
-    ],
-    "logging": { # Logging configuration of the service. # Logging configuration.
+        # Example for an API targeted for external use:
         #
-        # The following example shows how to configure logs to be sent to the
-        # producer and consumer projects. In the example, the `activity_history`
-        # log is sent to both the producer and consumer projects, whereas the
-        # `purchase_history` log is only sent to the producer project.
-        #
-        #     monitored_resources:
-        #     - type: library.googleapis.com/branch
-        #       labels:
-        #       - key: /city
-        #         description: The city where the library branch is located in.
-        #       - key: /name
-        #         description: The name of the branch.
-        #     logs:
-        #     - name: activity_history
-        #       labels:
-        #       - key: /customer_id
-        #     - name: purchase_history
-        #     logging:
-        #       producer_destinations:
-        #       - monitored_resource: library.googleapis.com/branch
-        #         logs:
-        #         - activity_history
-        #         - purchase_history
-        #       consumer_destinations:
-        #       - monitored_resource: library.googleapis.com/branch
-        #         logs:
-        #         - activity_history
-      "producerDestinations": [ # Logging configurations for sending logs to the producer project.
-          # There can be multiple producer destinations, each one must have a
-          # different monitored resource type. A log can be used in at most
-          # one producer destination.
-        { # Configuration of a specific logging destination (the producer project
-            # or the consumer project).
-          "monitoredResource": "A String", # The monitored resource type. The type must be defined in the
-              # Service.monitored_resources section.
-          "logs": [ # Names of the logs to be sent to this destination. Each name must
-              # be defined in the Service.logs section. If the log name is
-              # not a domain scoped name, it will be automatically prefixed with
-              # the service name followed by "/".
-            "A String",
-          ],
-        },
-      ],
-      "consumerDestinations": [ # Logging configurations for sending logs to the consumer project.
-          # There can be multiple consumer destinations, each one must have a
-          # different monitored resource type. A log can be used in at most
-          # one consumer destination.
-        { # Configuration of a specific logging destination (the producer project
-            # or the consumer project).
-          "monitoredResource": "A String", # The monitored resource type. The type must be defined in the
-              # Service.monitored_resources section.
-          "logs": [ # Names of the logs to be sent to this destination. Each name must
-              # be defined in the Service.logs section. If the log name is
-              # not a domain scoped name, it will be automatically prefixed with
-              # the service name followed by "/".
-            "A String",
-          ],
-        },
-      ],
-    },
-    "name": "A String", # The service name, which is a DNS-like logical identifier for the
-        # service, such as `calendar.googleapis.com`. The service name
-        # typically goes through DNS verification to make sure the owner
-        # of the service also owns the DNS name.
-    "documentation": { # `Documentation` provides the information for describing a service. # Additional API documentation.
-        #
-        # Example:
-        # &lt;pre&gt;&lt;code&gt;documentation:
-        #   summary: &gt;
-        #     The Google Calendar API gives access
-        #     to most calendar features.
-        #   pages:
-        #   - name: Overview
-        #     content: &amp;#40;== include google/foo/overview.md ==&amp;#41;
-        #   - name: Tutorial
-        #     content: &amp;#40;== include google/foo/tutorial.md ==&amp;#41;
-        #     subpages;
-        #     - name: Java
-        #       content: &amp;#40;== include google/foo/tutorial_java.md ==&amp;#41;
-        #   rules:
-        #   - selector: google.calendar.Calendar.Get
-        #     description: &gt;
-        #       ...
-        #   - selector: google.calendar.Calendar.Put
-        #     description: &gt;
-        #       ...
-        # &lt;/code&gt;&lt;/pre&gt;
-        # Documentation is provided in markdown syntax. In addition to
-        # standard markdown features, definition lists, tables and fenced
-        # code blocks are supported. Section headers can be provided and are
-        # interpreted relative to the section nesting of the context where
-        # a documentation fragment is embedded.
-        #
-        # Documentation from the IDL is merged with documentation defined
-        # via the config at normalization time, where documentation provided
-        # by config rules overrides IDL provided.
-        #
-        # A number of constructs specific to the API platform are supported
-        # in documentation text.
-        #
-        # In order to reference a proto element, the following
-        # notation can be used:
-        # &lt;pre&gt;&lt;code&gt;&amp;#91;fully.qualified.proto.name]&amp;#91;]&lt;/code&gt;&lt;/pre&gt;
-        # To override the display text used for the link, this can be used:
-        # &lt;pre&gt;&lt;code&gt;&amp;#91;display text]&amp;#91;fully.qualified.proto.name]&lt;/code&gt;&lt;/pre&gt;
-        # Text can be excluded from doc using the following notation:
-        # &lt;pre&gt;&lt;code&gt;&amp;#40;-- internal comment --&amp;#41;&lt;/code&gt;&lt;/pre&gt;
-        #
-        # A few directives are available in documentation. Note that
-        # directives must appear on a single line to be properly
-        # identified. The `include` directive includes a markdown file from
-        # an external source:
-        # &lt;pre&gt;&lt;code&gt;&amp;#40;== include path/to/file ==&amp;#41;&lt;/code&gt;&lt;/pre&gt;
-        # The `resource_for` directive marks a message to be the resource of
-        # a collection in REST view. If it is not specified, tools attempt
-        # to infer the resource from the operations in a collection:
-        # &lt;pre&gt;&lt;code&gt;&amp;#40;== resource_for v1.shelves.books ==&amp;#41;&lt;/code&gt;&lt;/pre&gt;
-        # The directive `suppress_warning` does not directly affect documentation
-        # and is documented together with service config validation.
-      "rules": [ # A list of documentation rules that apply to individual API elements.
-          #
-          # **NOTE:** All service configuration rules follow "last one wins" order.
-        { # A documentation rule provides information about individual API elements.
-          "description": "A String", # Description of the selected API(s).
-          "deprecationDescription": "A String", # Deprecation description of the selected element(s). It can be provided if
-              # an element is marked as `deprecated`.
-          "selector": "A String", # The selector is a comma-separated list of patterns. Each pattern is a
-              # qualified name of the element which may end in "*", indicating a wildcard.
-              # Wildcards are only allowed at the end and for a whole component of the
-              # qualified name, i.e. "foo.*" is ok, but not "foo.b*" or "foo.*.bar". A
-              # wildcard will match one or more components. To specify a default for all
-              # applicable elements, the whole pattern "*" is used.
-        },
-      ],
-      "documentationRootUrl": "A String", # The URL to the root of documentation.
-      "summary": "A String", # A short summary of what the service does. Can only be provided by
-          # plain text.
-      "serviceRootUrl": "A String", # Specifies the service root url if the default one (the service name
-          # from the yaml file) is not suitable. This can be seen in any fully
-          # specified service urls as well as sections that show a base that other
-          # urls are relative to.
-      "overview": "A String", # Declares a single overview page. For example:
-          # &lt;pre&gt;&lt;code&gt;documentation:
-          #   summary: ...
-          #   overview: &amp;#40;== include overview.md ==&amp;#41;
-          # &lt;/code&gt;&lt;/pre&gt;
-          # This is a shortcut for the following declaration (using pages style):
-          # &lt;pre&gt;&lt;code&gt;documentation:
-          #   summary: ...
-          #   pages:
-          #   - name: Overview
-          #     content: &amp;#40;== include overview.md ==&amp;#41;
-          # &lt;/code&gt;&lt;/pre&gt;
-          # Note: you cannot specify both `overview` field and `pages` field.
-      "pages": [ # The top level pages for the documentation set.
-        { # Represents a documentation page. A page can contain subpages to represent
-            # nested documentation set structure.
-          "content": "A String", # The Markdown content of the page. You can use &lt;code&gt;&amp;#40;== include {path}
-              # ==&amp;#41;&lt;/code&gt; to include content from a Markdown file.
-          "subpages": [ # Subpages of this page. The order of subpages specified here will be
-              # honored in the generated docset.
-            # Object with schema name: Page
-          ],
-          "name": "A String", # The name of the page. It will be used as an identity of the page to
-              # generate URI of the page, text of the link to this page in navigation,
-              # etc. The full page name (start from the root page name to this page
-              # concatenated with `.`) can be used as reference to the page in your
-              # documentation. For example:
-              # &lt;pre&gt;&lt;code&gt;pages:
-              # - name: Tutorial
-              #   content: &amp;#40;== include tutorial.md ==&amp;#41;
-              #   subpages:
-              #   - name: Java
-              #     content: &amp;#40;== include tutorial_java.md ==&amp;#41;
-              # &lt;/code&gt;&lt;/pre&gt;
-              # You can reference `Java` page using Markdown reference link syntax:
-              # `Java`.
-        },
-      ],
-    },
-    "sourceInfo": { # Source information used to create a Service Config # Output only. The source information for this configuration if available.
-      "sourceFiles": [ # All files used during config generation.
-        {
-          "a_key": "", # Properties of the object. Contains field @type with type URL.
-        },
-      ],
-    },
-    "systemTypes": [ # A list of all proto message types included in this API service.
-        # It serves similar purpose as [google.api.Service.types], except that
-        # these types are not needed by user-defined APIs. Therefore, they will not
-        # show up in the generated discovery doc. This field should only be used
-        # to define system APIs in ESF.
-      { # A protocol buffer message type.
-        "oneofs": [ # The list of types appearing in `oneof` definitions in this type.
-          "A String",
-        ],
-        "name": "A String", # The fully qualified message name.
-        "fields": [ # The list of fields.
-          { # A single field of a message type.
-            "kind": "A String", # The field type.
-            "oneofIndex": 42, # The index of the field type in `Type.oneofs`, for message or enumeration
-                # types. The first type has index 1; zero means the type is not in the list.
-            "typeUrl": "A String", # The field type URL, without the scheme, for message or enumeration
-                # types. Example: `"type.googleapis.com/google.protobuf.Timestamp"`.
-            "name": "A String", # The field name.
-            "defaultValue": "A String", # The string value of the default value of this field. Proto2 syntax only.
-            "jsonName": "A String", # The field JSON name.
-            "number": 42, # The field number.
-            "cardinality": "A String", # The field cardinality.
-            "options": [ # The protocol buffer options.
-              { # A protocol buffer option, which can be attached to a message, field,
-                  # enumeration, etc.
-                "name": "A String", # The option's name. For protobuf built-in options (options defined in
-                    # descriptor.proto), this is the short name. For example, `"map_entry"`.
-                    # For custom options, it should be the fully-qualified name. For example,
-                    # `"google.api.http"`.
-                "value": { # The option's value packed in an Any message. If the value is a primitive,
-                    # the corresponding wrapper type defined in google/protobuf/wrappers.proto
-                    # should be used. If the value is an enum, it should be stored as an int32
-                    # value using the google.protobuf.Int32Value type.
-                  "a_key": "", # Properties of the object. Contains field @type with type URL.
-                },
-              },
-            ],
-            "packed": True or False, # Whether to use alternative packed wire representation.
-          },
-        ],
-        "syntax": "A String", # The source syntax.
-        "sourceContext": { # `SourceContext` represents information about the source of a # The source context.
-            # protobuf element, like the file in which it is defined.
-          "fileName": "A String", # The path-qualified name of the .proto file that contained the associated
-              # protobuf element.  For example: `"google/protobuf/source_context.proto"`.
-        },
-        "options": [ # The protocol buffer options.
-          { # A protocol buffer option, which can be attached to a message, field,
-              # enumeration, etc.
-            "name": "A String", # The option's name. For protobuf built-in options (options defined in
-                # descriptor.proto), this is the short name. For example, `"map_entry"`.
-                # For custom options, it should be the fully-qualified name. For example,
-                # `"google.api.http"`.
-            "value": { # The option's value packed in an Any message. If the value is a primitive,
-                # the corresponding wrapper type defined in google/protobuf/wrappers.proto
-                # should be used. If the value is an enum, it should be stored as an int32
-                # value using the google.protobuf.Int32Value type.
-              "a_key": "", # Properties of the object. Contains field @type with type URL.
-            },
-          },
-        ],
-      },
-    ],
-    "context": { # `Context` defines which contexts an API requests. # Context configuration.
-        #
-        # Example:
-        #
-        #     context:
+        #     name: calendar.googleapis.com
+        #     authentication:
+        #       providers:
+        #       - id: google_calendar_auth
+        #         jwks_uri: https://www.googleapis.com/oauth2/v1/certs
+        #         issuer: https://securetoken.google.com
         #       rules:
-        #       - selector: "*"
-        #         requested:
-        #         - google.rpc.context.ProjectContext
-        #         - google.rpc.context.OriginContext
-        #
-        # The above specifies that all methods in the API request
-        # `google.rpc.context.ProjectContext` and
-        # `google.rpc.context.OriginContext`.
-        #
-        # Available context types are defined in package
-        # `google.rpc.context`.
-        #
-        # This also provides mechanism to whitelist any protobuf message extension that
-        # can be sent in grpc metadata using “x-goog-ext-&lt;extension_id&gt;-bin” and
-        # “x-goog-ext-&lt;extension_id&gt;-jspb” format. For example, list any service
-        # specific protobuf types that can appear in grpc metadata as follows in your
-        # yaml file:
-        #
-        # Example:
-        #
-        #     context:
-        #       rules:
-        #        - selector: "google.example.library.v1.LibraryService.CreateBook"
-        #          allowed_request_extensions:
-        #          - google.foo.v1.NewExtension
-        #          allowed_response_extensions:
-        #          - google.foo.v1.NewExtension
-        #
-        # You can also specify extension ID instead of fully qualified extension name
-        # here.
-      "rules": [ # A list of RPC context rules that apply to individual API methods.
+        #       - selector: &quot;*&quot;
+        #         requirements:
+        #           provider_id: google_calendar_auth
+      &quot;rules&quot;: [ # A list of authentication rules that apply to individual API methods.
           #
-          # **NOTE:** All service configuration rules follow "last one wins" order.
-        { # A context rule provides information about the context for an individual API
-            # element.
-          "provided": [ # A list of full type names of provided contexts.
-            "A String",
+          # **NOTE:** All service configuration rules follow &quot;last one wins&quot; order.
+        { # Authentication rules for the service.
+            #
+            # By default, if a method has any authentication requirements, every request
+            # must include a valid credential matching one of the requirements.
+            # It&#x27;s an error to include more than one kind of credential in a single
+            # request.
+            #
+            # If a method doesn&#x27;t have any auth requirements, request credentials will be
+            # ignored.
+          &quot;requirements&quot;: [ # Requirements for additional authentication providers.
+            { # User-defined authentication requirements, including support for
+                # [JSON Web Token
+                # (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32).
+              &quot;providerId&quot;: &quot;A String&quot;, # id from authentication provider.
+                  #
+                  # Example:
+                  #
+                  #     provider_id: bookstore_auth
+              &quot;audiences&quot;: &quot;A String&quot;, # NOTE: This will be deprecated soon, once AuthProvider.audiences is
+                  # implemented and accepted in all the runtime components.
+                  #
+                  # The list of JWT
+                  # [audiences](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.3).
+                  # that are allowed to access. A JWT containing any of these audiences will
+                  # be accepted. When this setting is absent, only JWTs with audience
+                  # &quot;https://Service_name/API_name&quot;
+                  # will be accepted. For example, if no audiences are in the setting,
+                  # LibraryService API will only accept JWTs with the following audience
+                  # &quot;https://library-example.googleapis.com/google.example.library.v1.LibraryService&quot;.
+                  #
+                  # Example:
+                  #
+                  #     audiences: bookstore_android.apps.googleusercontent.com,
+                  #                bookstore_web.apps.googleusercontent.com
+            },
           ],
-          "allowedResponseExtensions": [ # A list of full type names or extension IDs of extensions allowed in grpc
-              # side channel from backend to client.
-            "A String",
-          ],
-          "allowedRequestExtensions": [ # A list of full type names or extension IDs of extensions allowed in grpc
-              # side channel from client to backend.
-            "A String",
-          ],
-          "requested": [ # A list of full type names of requested contexts.
-            "A String",
-          ],
-          "selector": "A String", # Selects the methods to which this rule applies.
+          &quot;selector&quot;: &quot;A String&quot;, # Selects the methods to which this rule applies.
               #
               # Refer to selector for syntax details.
+          &quot;allowWithoutCredential&quot;: True or False, # If true, the service accepts API keys without any other credential.
+          &quot;oauth&quot;: { # OAuth scopes are a way to define data and permissions on data. For example, # The requirements for OAuth credentials.
+              # there are scopes defined for &quot;Read-only access to Google Calendar&quot; and
+              # &quot;Access to Cloud Platform&quot;. Users can consent to a scope for an application,
+              # giving it permission to access that data on their behalf.
+              #
+              # OAuth scope specifications should be fairly coarse grained; a user will need
+              # to see and understand the text description of what your scope means.
+              #
+              # In most cases: use one or at most two OAuth scopes for an entire family of
+              # products. If your product has multiple APIs, you should probably be sharing
+              # the OAuth scope across all of those APIs.
+              #
+              # When you need finer grained OAuth consent screens: talk with your product
+              # management about how developers will use them in practice.
+              #
+              # Please note that even though each of the canonical scopes is enough for a
+              # request to be accepted and passed to the backend, a request can still fail
+              # due to the backend requiring additional scopes or permissions.
+            &quot;canonicalScopes&quot;: &quot;A String&quot;, # The list of publicly documented OAuth scopes that are allowed access. An
+                # OAuth token containing any of these scopes will be accepted.
+                #
+                # Example:
+                #
+                #      canonical_scopes: https://www.googleapis.com/auth/calendar,
+                #                        https://www.googleapis.com/auth/calendar.read
+          },
+        },
+      ],
+      &quot;providers&quot;: [ # Defines a set of authentication providers that a service supports.
+        { # Configuration for an authentication provider, including support for
+            # [JSON Web Token
+            # (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32).
+          &quot;jwksUri&quot;: &quot;A String&quot;, # URL of the provider&#x27;s public key set to validate signature of the JWT. See
+              # [OpenID
+              # Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata).
+              # Optional if the key set document:
+              #  - can be retrieved from
+              #    [OpenID
+              #    Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html of
+              #    the issuer.
+              #  - can be inferred from the email domain of the issuer (e.g. a Google
+              #  service account).
+              #
+              # Example: https://www.googleapis.com/oauth2/v1/certs
+          &quot;audiences&quot;: &quot;A String&quot;, # The list of JWT
+              # [audiences](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.3).
+              # that are allowed to access. A JWT containing any of these audiences will
+              # be accepted. When this setting is absent, JWTs with audiences:
+              #   - &quot;https://[service.name]/[google.protobuf.Api.name]&quot;
+              #   - &quot;https://[service.name]/&quot;
+              # will be accepted.
+              # For example, if no audiences are in the setting, LibraryService API will
+              # accept JWTs with the following audiences:
+              #   -
+              #   https://library-example.googleapis.com/google.example.library.v1.LibraryService
+              #   - https://library-example.googleapis.com/
+              #
+              # Example:
+              #
+              #     audiences: bookstore_android.apps.googleusercontent.com,
+              #                bookstore_web.apps.googleusercontent.com
+          &quot;authorizationUrl&quot;: &quot;A String&quot;, # Redirect URL if JWT token is required but not present or is expired.
+              # Implement authorizationUrl of securityDefinitions in OpenAPI spec.
+          &quot;issuer&quot;: &quot;A String&quot;, # Identifies the principal that issued the JWT. See
+              # https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.1
+              # Usually a URL or an email address.
+              #
+              # Example: https://securetoken.google.com
+              # Example: 1234567-compute@developer.gserviceaccount.com
+          &quot;id&quot;: &quot;A String&quot;, # The unique identifier of the auth provider. It will be referred to by
+              # `AuthRequirement.provider_id`.
+              #
+              # Example: &quot;bookstore_auth&quot;.
+          &quot;jwtLocations&quot;: [ # Defines the locations to extract the JWT.
+              #
+              # JWT locations can be either from HTTP headers or URL query parameters.
+              # The rule is that the first match wins. The checking order is: checking
+              # all headers first, then URL query parameters.
+              #
+              # If not specified,  default to use following 3 locations:
+              #    1) Authorization: Bearer
+              #    2) x-goog-iap-jwt-assertion
+              #    3) access_token query parameter
+              #
+              # Default locations can be specified as followings:
+              #    jwt_locations:
+              #    - header: Authorization
+              #      value_prefix: &quot;Bearer &quot;
+              #    - header: x-goog-iap-jwt-assertion
+              #    - query: access_token
+            { # Specifies a location to extract JWT from an API request.
+              &quot;header&quot;: &quot;A String&quot;, # Specifies HTTP header name to extract JWT token.
+              &quot;valuePrefix&quot;: &quot;A String&quot;, # The value prefix. The value format is &quot;value_prefix{token}&quot;
+                  # Only applies to &quot;in&quot; header type. Must be empty for &quot;in&quot; query type.
+                  # If not empty, the header value has to match (case sensitive) this prefix.
+                  # If not matched, JWT will not be extracted. If matched, JWT will be
+                  # extracted after the prefix is removed.
+                  #
+                  # For example, for &quot;Authorization: Bearer {JWT}&quot;,
+                  # value_prefix=&quot;Bearer &quot; with a space at the end.
+              &quot;query&quot;: &quot;A String&quot;, # Specifies URL query parameter name to extract JWT token.
+            },
+          ],
         },
       ],
     },
-    "endpoints": [ # Configuration for network endpoints.  If this is empty, then an endpoint
-        # with the same name as the service is automatically generated to service all
-        # defined APIs.
-      { # `Endpoint` describes a network endpoint that serves a set of APIs.
-          # A service may expose any number of endpoints, and all endpoints share the
-          # same service configuration, such as quota configuration and monitoring
-          # configuration.
-          #
-          # Example service configuration:
-          #
-          #     name: library-example.googleapis.com
-          #     endpoints:
-          #       # Below entry makes 'google.example.library.v1.Library'
-          #       # API be served from endpoint address library-example.googleapis.com.
-          #       # It also allows HTTP OPTIONS calls to be passed to the backend, for
-          #       # it to decide whether the subsequent cross-origin request is
-          #       # allowed to proceed.
-          #     - name: library-example.googleapis.com
-          #       allow_cors: true
-        "allowCors": True or False, # Allowing
-            # [CORS](https://en.wikipedia.org/wiki/Cross-origin_resource_sharing), aka
-            # cross-domain traffic, would allow the backends served from this endpoint to
-            # receive and respond to HTTP OPTIONS requests. The response will be used by
-            # the browser to determine whether the subsequent cross-origin request is
-            # allowed to proceed.
-        "target": "A String", # The specification of an Internet routable address of API frontend that will
-            # handle requests to this [API
-            # Endpoint](https://cloud.google.com/apis/design/glossary). It should be
-            # either a valid IPv4 address or a fully-qualified domain name. For example,
-            # "8.8.8.8" or "myservice.appspot.com".
-        "features": [ # The list of features enabled on this endpoint.
-          "A String",
-        ],
-        "name": "A String", # The canonical name of this endpoint.
-        "aliases": [ # DEPRECATED: This field is no longer supported. Instead of using aliases,
-            # please specify multiple google.api.Endpoint for each of the intended
-            # aliases.
-            #
-            # Additional names that this endpoint will be hosted on.
-          "A String",
-        ],
-      },
-    ],
+    &quot;control&quot;: { # Selects and configures the service controller used by the service.  The # Configuration for the service control plane.
+        # service controller handles features like abuse, quota, billing, logging,
+        # monitoring, etc.
+      &quot;environment&quot;: &quot;A String&quot;, # The service control environment to use. If empty, no control plane
+          # feature (like quota and billing) will be enabled.
+    },
+    &quot;configVersion&quot;: 42, # The semantic version of the service configuration. The config version
+        # affects the interpretation of the service configuration. For example,
+        # certain features are enabled by default for certain config versions.
+        #
+        # The latest config version is `3`.
   }</pre>
 </div>
 
@@ -2477,9 +2488,9 @@
     The object takes the form of:
 
 { # Request message for `GetIamPolicy` method.
-    "options": { # Encapsulates settings provided to GetIamPolicy. # OPTIONAL: A `GetPolicyOptions` object for specifying options to
-        # `GetIamPolicy`. This field is only used by Cloud IAM.
-      "requestedPolicyVersion": 42, # Optional. The policy format version to be returned.
+    &quot;options&quot;: { # Encapsulates settings provided to GetIamPolicy. # OPTIONAL: A `GetPolicyOptions` object for specifying options to
+        # `GetIamPolicy`.
+      &quot;requestedPolicyVersion&quot;: 42, # Optional. The policy format version to be returned.
           #
           # Valid values are 0, 1, and 3. Requests specifying an invalid value will be
           # rejected.
@@ -2487,6 +2498,10 @@
           # Requests for policies with any conditional bindings must specify version 3.
           # Policies without any conditional bindings may specify any valid value or
           # leave the field unset.
+          #
+          # To learn which resources support conditions in their IAM policies, see the
+          # [IAM
+          # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
     },
   }
 
@@ -2508,36 +2523,40 @@
       # permissions; each `role` can be an IAM predefined role or a user-created
       # custom role.
       #
-      # Optionally, a `binding` can specify a `condition`, which is a logical
-      # expression that allows access to a resource only if the expression evaluates
-      # to `true`. A condition can add constraints based on attributes of the
-      # request, the resource, or both.
+      # For some types of Google Cloud resources, a `binding` can also specify a
+      # `condition`, which is a logical expression that allows access to a resource
+      # only if the expression evaluates to `true`. A condition can add constraints
+      # based on attributes of the request, the resource, or both. To learn which
+      # resources support conditions in their IAM policies, see the
+      # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
       #
       # **JSON example:**
       #
       #     {
-      #       "bindings": [
+      #       &quot;bindings&quot;: [
       #         {
-      #           "role": "roles/resourcemanager.organizationAdmin",
-      #           "members": [
-      #             "user:mike@example.com",
-      #             "group:admins@example.com",
-      #             "domain:google.com",
-      #             "serviceAccount:my-project-id@appspot.gserviceaccount.com"
+      #           &quot;role&quot;: &quot;roles/resourcemanager.organizationAdmin&quot;,
+      #           &quot;members&quot;: [
+      #             &quot;user:mike@example.com&quot;,
+      #             &quot;group:admins@example.com&quot;,
+      #             &quot;domain:google.com&quot;,
+      #             &quot;serviceAccount:my-project-id@appspot.gserviceaccount.com&quot;
       #           ]
       #         },
       #         {
-      #           "role": "roles/resourcemanager.organizationViewer",
-      #           "members": ["user:eve@example.com"],
-      #           "condition": {
-      #             "title": "expirable access",
-      #             "description": "Does not grant access after Sep 2020",
-      #             "expression": "request.time &lt; timestamp('2020-10-01T00:00:00.000Z')",
+      #           &quot;role&quot;: &quot;roles/resourcemanager.organizationViewer&quot;,
+      #           &quot;members&quot;: [
+      #             &quot;user:eve@example.com&quot;
+      #           ],
+      #           &quot;condition&quot;: {
+      #             &quot;title&quot;: &quot;expirable access&quot;,
+      #             &quot;description&quot;: &quot;Does not grant access after Sep 2020&quot;,
+      #             &quot;expression&quot;: &quot;request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)&quot;,
       #           }
       #         }
       #       ],
-      #       "etag": "BwWWja0YfJA=",
-      #       "version": 3
+      #       &quot;etag&quot;: &quot;BwWWja0YfJA=&quot;,
+      #       &quot;version&quot;: 3
       #     }
       #
       # **YAML example:**
@@ -2555,63 +2574,190 @@
       #       condition:
       #         title: expirable access
       #         description: Does not grant access after Sep 2020
-      #         expression: request.time &lt; timestamp('2020-10-01T00:00:00.000Z')
+      #         expression: request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)
       #     - etag: BwWWja0YfJA=
       #     - version: 3
       #
       # For a description of IAM and its features, see the
       # [IAM documentation](https://cloud.google.com/iam/docs/).
-    "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a
+    &quot;etag&quot;: &quot;A String&quot;, # `etag` is used for optimistic concurrency control as a way to help
+        # prevent simultaneous updates of a policy from overwriting each other.
+        # It is strongly suggested that systems make use of the `etag` in the
+        # read-modify-write cycle to perform policy updates in order to avoid race
+        # conditions: An `etag` is returned in the response to `getIamPolicy`, and
+        # systems are expected to put that etag in the request to `setIamPolicy` to
+        # ensure that their change will be applied to the same version of the policy.
+        #
+        # **Important:** If you use IAM Conditions, you must include the `etag` field
+        # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+        # you to overwrite a version `3` policy with a version `1` policy, and all of
+        # the conditions in the version `3` policy are lost.
+    &quot;version&quot;: 42, # Specifies the format of the policy.
+        #
+        # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
+        # are rejected.
+        #
+        # Any operation that affects conditional role bindings must specify version
+        # `3`. This requirement applies to the following operations:
+        #
+        # * Getting a policy that includes a conditional role binding
+        # * Adding a conditional role binding to a policy
+        # * Changing a conditional role binding in a policy
+        # * Removing any role binding, with or without a condition, from a policy
+        #   that includes conditions
+        #
+        # **Important:** If you use IAM Conditions, you must include the `etag` field
+        # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+        # you to overwrite a version `3` policy with a version `1` policy, and all of
+        # the conditions in the version `3` policy are lost.
+        #
+        # If a policy does not include any conditions, operations on that policy may
+        # specify any valid version or leave the field unset.
+        #
+        # To learn which resources support conditions in their IAM policies, see the
+        # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    &quot;auditConfigs&quot;: [ # Specifies cloud audit logging configuration for this policy.
+      { # Specifies the audit configuration for a service.
+          # The configuration determines which permission types are logged, and what
+          # identities, if any, are exempted from logging.
+          # An AuditConfig must have one or more AuditLogConfigs.
+          #
+          # If there are AuditConfigs for both `allServices` and a specific service,
+          # the union of the two AuditConfigs is used for that service: the log_types
+          # specified in each AuditConfig are enabled, and the exempted_members in each
+          # AuditLogConfig are exempted.
+          #
+          # Example Policy with multiple AuditConfigs:
+          #
+          #     {
+          #       &quot;audit_configs&quot;: [
+          #         {
+          #           &quot;service&quot;: &quot;allServices&quot;
+          #           &quot;audit_log_configs&quot;: [
+          #             {
+          #               &quot;log_type&quot;: &quot;DATA_READ&quot;,
+          #               &quot;exempted_members&quot;: [
+          #                 &quot;user:jose@example.com&quot;
+          #               ]
+          #             },
+          #             {
+          #               &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
+          #             },
+          #             {
+          #               &quot;log_type&quot;: &quot;ADMIN_READ&quot;,
+          #             }
+          #           ]
+          #         },
+          #         {
+          #           &quot;service&quot;: &quot;sampleservice.googleapis.com&quot;
+          #           &quot;audit_log_configs&quot;: [
+          #             {
+          #               &quot;log_type&quot;: &quot;DATA_READ&quot;,
+          #             },
+          #             {
+          #               &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
+          #               &quot;exempted_members&quot;: [
+          #                 &quot;user:aliya@example.com&quot;
+          #               ]
+          #             }
+          #           ]
+          #         }
+          #       ]
+          #     }
+          #
+          # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
+          # logging. It also exempts jose@example.com from DATA_READ logging, and
+          # aliya@example.com from DATA_WRITE logging.
+        &quot;auditLogConfigs&quot;: [ # The configuration for logging of each type of permission.
+          { # Provides the configuration for logging a type of permissions.
+              # Example:
+              #
+              #     {
+              #       &quot;audit_log_configs&quot;: [
+              #         {
+              #           &quot;log_type&quot;: &quot;DATA_READ&quot;,
+              #           &quot;exempted_members&quot;: [
+              #             &quot;user:jose@example.com&quot;
+              #           ]
+              #         },
+              #         {
+              #           &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
+              #         }
+              #       ]
+              #     }
+              #
+              # This enables &#x27;DATA_READ&#x27; and &#x27;DATA_WRITE&#x27; logging, while exempting
+              # jose@example.com from DATA_READ logging.
+            &quot;exemptedMembers&quot;: [ # Specifies the identities that do not cause logging for this type of
+                # permission.
+                # Follows the same format of Binding.members.
+              &quot;A String&quot;,
+            ],
+            &quot;logType&quot;: &quot;A String&quot;, # The log type that this config enables.
+          },
+        ],
+        &quot;service&quot;: &quot;A String&quot;, # Specifies a service that will be enabled for audit logging.
+            # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
+            # `allServices` is a special value that covers all services.
+      },
+    ],
+    &quot;bindings&quot;: [ # Associates a list of `members` to a `role`. Optionally, may specify a
         # `condition` that determines how and when the `bindings` are applied. Each
         # of the `bindings` must contain at least one member.
       { # Associates `members` with a `role`.
-        "role": "A String", # Role that is assigned to `members`.
-            # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
-        "condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
-            # NOTE: An unsatisfied condition will not allow user access via current
-            # binding. Different bindings, including their conditions, are examined
-            # independently.
+        &quot;condition&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
+            #
+            # If the condition evaluates to `true`, then this binding applies to the
+            # current request.
+            #
+            # If the condition evaluates to `false`, then this binding does not apply to
+            # the current request. However, a different role binding might grant the same
+            # role to one or more of the members in this binding.
+            #
+            # To learn which resources support conditions in their IAM policies, see the
+            # [IAM
+            # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
             # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
             # are documented at https://github.com/google/cel-spec.
             #
             # Example (Comparison):
             #
-            #     title: "Summary size limit"
-            #     description: "Determines if a summary is less than 100 chars"
-            #     expression: "document.summary.size() &lt; 100"
+            #     title: &quot;Summary size limit&quot;
+            #     description: &quot;Determines if a summary is less than 100 chars&quot;
+            #     expression: &quot;document.summary.size() &lt; 100&quot;
             #
             # Example (Equality):
             #
-            #     title: "Requestor is owner"
-            #     description: "Determines if requestor is the document owner"
-            #     expression: "document.owner == request.auth.claims.email"
+            #     title: &quot;Requestor is owner&quot;
+            #     description: &quot;Determines if requestor is the document owner&quot;
+            #     expression: &quot;document.owner == request.auth.claims.email&quot;
             #
             # Example (Logic):
             #
-            #     title: "Public documents"
-            #     description: "Determine whether the document should be publicly visible"
-            #     expression: "document.type != 'private' &amp;&amp; document.type != 'internal'"
+            #     title: &quot;Public documents&quot;
+            #     description: &quot;Determine whether the document should be publicly visible&quot;
+            #     expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
             #
             # Example (Data Manipulation):
             #
-            #     title: "Notification string"
-            #     description: "Create a notification string with a timestamp."
-            #     expression: "'New message received at ' + string(document.create_time)"
+            #     title: &quot;Notification string&quot;
+            #     description: &quot;Create a notification string with a timestamp.&quot;
+            #     expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
             #
             # The exact variables and functions that may be referenced within an expression
             # are determined by the service that evaluates it. See the service
             # documentation for additional information.
-          "description": "A String", # Optional. Description of the expression. This is a longer text which
-              # describes the expression, e.g. when hovered over it in a UI.
-          "expression": "A String", # Textual representation of an expression in Common Expression Language
-              # syntax.
-          "location": "A String", # Optional. String indicating the location of the expression for error
-              # reporting, e.g. a file name and a position in the file.
-          "title": "A String", # Optional. Title for the expression, i.e. a short string describing
+          &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
               # its purpose. This can be used e.g. in UIs which allow to enter the
               # expression.
+          &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
+              # reporting, e.g. a file name and a position in the file.
+          &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
+              # describes the expression, e.g. when hovered over it in a UI.
+          &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
+              # syntax.
         },
-        "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
+        &quot;members&quot;: [ # Specifies the identities requesting access for a Cloud Platform resource.
             # `members` can have the following values:
             #
             # * `allUsers`: A special identifier that represents anyone who is
@@ -2654,154 +2800,38 @@
             # * `domain:{domain}`: The G Suite domain (primary) that represents all the
             #    users of that domain. For example, `google.com` or `example.com`.
             #
-          "A String",
+          &quot;A String&quot;,
         ],
+        &quot;role&quot;: &quot;A String&quot;, # Role that is assigned to `members`.
+            # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
       },
     ],
-    "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
-      { # Specifies the audit configuration for a service.
-          # The configuration determines which permission types are logged, and what
-          # identities, if any, are exempted from logging.
-          # An AuditConfig must have one or more AuditLogConfigs.
-          #
-          # If there are AuditConfigs for both `allServices` and a specific service,
-          # the union of the two AuditConfigs is used for that service: the log_types
-          # specified in each AuditConfig are enabled, and the exempted_members in each
-          # AuditLogConfig are exempted.
-          #
-          # Example Policy with multiple AuditConfigs:
-          #
-          #     {
-          #       "audit_configs": [
-          #         {
-          #           "service": "allServices"
-          #           "audit_log_configs": [
-          #             {
-          #               "log_type": "DATA_READ",
-          #               "exempted_members": [
-          #                 "user:jose@example.com"
-          #               ]
-          #             },
-          #             {
-          #               "log_type": "DATA_WRITE",
-          #             },
-          #             {
-          #               "log_type": "ADMIN_READ",
-          #             }
-          #           ]
-          #         },
-          #         {
-          #           "service": "sampleservice.googleapis.com"
-          #           "audit_log_configs": [
-          #             {
-          #               "log_type": "DATA_READ",
-          #             },
-          #             {
-          #               "log_type": "DATA_WRITE",
-          #               "exempted_members": [
-          #                 "user:aliya@example.com"
-          #               ]
-          #             }
-          #           ]
-          #         }
-          #       ]
-          #     }
-          #
-          # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
-          # logging. It also exempts jose@example.com from DATA_READ logging, and
-          # aliya@example.com from DATA_WRITE logging.
-        "auditLogConfigs": [ # The configuration for logging of each type of permission.
-          { # Provides the configuration for logging a type of permissions.
-              # Example:
-              #
-              #     {
-              #       "audit_log_configs": [
-              #         {
-              #           "log_type": "DATA_READ",
-              #           "exempted_members": [
-              #             "user:jose@example.com"
-              #           ]
-              #         },
-              #         {
-              #           "log_type": "DATA_WRITE",
-              #         }
-              #       ]
-              #     }
-              #
-              # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
-              # jose@example.com from DATA_READ logging.
-            "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
-                # permission.
-                # Follows the same format of Binding.members.
-              "A String",
-            ],
-            "logType": "A String", # The log type that this config enables.
-          },
-        ],
-        "service": "A String", # Specifies a service that will be enabled for audit logging.
-            # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
-            # `allServices` is a special value that covers all services.
-      },
-    ],
-    "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
-        # prevent simultaneous updates of a policy from overwriting each other.
-        # It is strongly suggested that systems make use of the `etag` in the
-        # read-modify-write cycle to perform policy updates in order to avoid race
-        # conditions: An `etag` is returned in the response to `getIamPolicy`, and
-        # systems are expected to put that etag in the request to `setIamPolicy` to
-        # ensure that their change will be applied to the same version of the policy.
-        #
-        # **Important:** If you use IAM Conditions, you must include the `etag` field
-        # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
-        # you to overwrite a version `3` policy with a version `1` policy, and all of
-        # the conditions in the version `3` policy are lost.
-    "version": 42, # Specifies the format of the policy.
-        #
-        # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
-        # are rejected.
-        #
-        # Any operation that affects conditional role bindings must specify version
-        # `3`. This requirement applies to the following operations:
-        #
-        # * Getting a policy that includes a conditional role binding
-        # * Adding a conditional role binding to a policy
-        # * Changing a conditional role binding in a policy
-        # * Removing any role binding, with or without a condition, from a policy
-        #   that includes conditions
-        #
-        # **Important:** If you use IAM Conditions, you must include the `etag` field
-        # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
-        # you to overwrite a version `3` policy with a version `1` policy, and all of
-        # the conditions in the version `3` policy are lost.
-        #
-        # If a policy does not include any conditions, operations on that policy may
-        # specify any valid version or leave the field unset.
   }</pre>
 </div>
 
 <div class="method">
-    <code class="details" id="list">list(producerProjectId=None, pageSize=None, pageToken=None, consumerId=None, x__xgafv=None)</code>
+    <code class="details" id="list">list(consumerId=None, pageToken=None, pageSize=None, producerProjectId=None, x__xgafv=None)</code>
   <pre>Lists managed services.
 
 Returns all public services. For authenticated users, also returns all
-services the calling user has "servicemanagement.services.get" permission
+services the calling user has &quot;servicemanagement.services.get&quot; permission
 for.
 
 **BETA:** If the caller specifies the `consumer_id`, it returns only the
 services enabled on the consumer. The `consumer_id` must have the format
-of "project:{PROJECT-ID}".
+of &quot;project:{PROJECT-ID}&quot;.
 
 Args:
-  producerProjectId: string, Include services produced by the specified project.
-  pageSize: integer, The max number of items to include in the response list. Page size is 50
-if not specified. Maximum value is 100.
-  pageToken: string, Token identifying which result to start with; returned by a previous list
-call.
   consumerId: string, Include services consumed by the specified consumer.
 
 The Google Service Management implementation accepts the following
 forms:
 - project:&lt;project_id&gt;
+  pageToken: string, Token identifying which result to start with; returned by a previous list
+call.
+  pageSize: integer, The max number of items to include in the response list. Page size is 50
+if not specified. Maximum value is 100.
+  producerProjectId: string, Include services produced by the specified project.
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
@@ -2811,15 +2841,15 @@
   An object of the form:
 
     { # Response message for `ListServices` method.
-    "services": [ # The returned services will only have the name field set.
+    &quot;services&quot;: [ # The returned services will only have the name field set.
       { # The full representation of a Service that is managed by
           # Google Service Management.
-        "serviceName": "A String", # The name of the service. See the [overview](/service-management/overview)
+        &quot;producerProjectId&quot;: &quot;A String&quot;, # ID of the project that produces and owns this service.
+        &quot;serviceName&quot;: &quot;A String&quot;, # The name of the service. See the [overview](/service-management/overview)
             # for naming requirements.
-        "producerProjectId": "A String", # ID of the project that produces and owns this service.
       },
     ],
-    "nextPageToken": "A String", # Token that can be passed to `ListServices` to resume a paginated query.
+    &quot;nextPageToken&quot;: &quot;A String&quot;, # Token that can be passed to `ListServices` to resume a paginated query.
   }</pre>
 </div>
 
@@ -2832,7 +2862,7 @@
   previous_response: The response from the request for the previous page. (required)
 
 Returns:
-  A request object that you can call 'execute()' on to request the next
+  A request object that you can call &#x27;execute()&#x27; on to request the next
   page. Returns None if there are no more items in the collection.
     </pre>
 </div>
@@ -2842,7 +2872,7 @@
   <pre>Sets the access control policy on the specified resource. Replaces any
 existing policy.
 
-Can return Public Errors: NOT_FOUND, INVALID_ARGUMENT and PERMISSION_DENIED
+Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.
 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being specified.
@@ -2851,7 +2881,12 @@
     The object takes the form of:
 
 { # Request message for `SetIamPolicy` method.
-    "policy": { # An Identity and Access Management (IAM) policy, which specifies access # REQUIRED: The complete policy to be applied to the `resource`. The size of
+    &quot;updateMask&quot;: &quot;A String&quot;, # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
+        # the fields in the mask will be modified. If no mask is provided, the
+        # following default mask is used:
+        # 
+        # `paths: &quot;bindings, etag&quot;`
+    &quot;policy&quot;: { # An Identity and Access Management (IAM) policy, which specifies access # REQUIRED: The complete policy to be applied to the `resource`. The size of
         # the policy is limited to a few 10s of KB. An empty policy is a
         # valid policy but certain Cloud Platform services (such as Projects)
         # might reject them.
@@ -2864,36 +2899,40 @@
         # permissions; each `role` can be an IAM predefined role or a user-created
         # custom role.
         #
-        # Optionally, a `binding` can specify a `condition`, which is a logical
-        # expression that allows access to a resource only if the expression evaluates
-        # to `true`. A condition can add constraints based on attributes of the
-        # request, the resource, or both.
+        # For some types of Google Cloud resources, a `binding` can also specify a
+        # `condition`, which is a logical expression that allows access to a resource
+        # only if the expression evaluates to `true`. A condition can add constraints
+        # based on attributes of the request, the resource, or both. To learn which
+        # resources support conditions in their IAM policies, see the
+        # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
         #
         # **JSON example:**
         #
         #     {
-        #       "bindings": [
+        #       &quot;bindings&quot;: [
         #         {
-        #           "role": "roles/resourcemanager.organizationAdmin",
-        #           "members": [
-        #             "user:mike@example.com",
-        #             "group:admins@example.com",
-        #             "domain:google.com",
-        #             "serviceAccount:my-project-id@appspot.gserviceaccount.com"
+        #           &quot;role&quot;: &quot;roles/resourcemanager.organizationAdmin&quot;,
+        #           &quot;members&quot;: [
+        #             &quot;user:mike@example.com&quot;,
+        #             &quot;group:admins@example.com&quot;,
+        #             &quot;domain:google.com&quot;,
+        #             &quot;serviceAccount:my-project-id@appspot.gserviceaccount.com&quot;
         #           ]
         #         },
         #         {
-        #           "role": "roles/resourcemanager.organizationViewer",
-        #           "members": ["user:eve@example.com"],
-        #           "condition": {
-        #             "title": "expirable access",
-        #             "description": "Does not grant access after Sep 2020",
-        #             "expression": "request.time &lt; timestamp('2020-10-01T00:00:00.000Z')",
+        #           &quot;role&quot;: &quot;roles/resourcemanager.organizationViewer&quot;,
+        #           &quot;members&quot;: [
+        #             &quot;user:eve@example.com&quot;
+        #           ],
+        #           &quot;condition&quot;: {
+        #             &quot;title&quot;: &quot;expirable access&quot;,
+        #             &quot;description&quot;: &quot;Does not grant access after Sep 2020&quot;,
+        #             &quot;expression&quot;: &quot;request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)&quot;,
         #           }
         #         }
         #       ],
-        #       "etag": "BwWWja0YfJA=",
-        #       "version": 3
+        #       &quot;etag&quot;: &quot;BwWWja0YfJA=&quot;,
+        #       &quot;version&quot;: 3
         #     }
         #
         # **YAML example:**
@@ -2911,63 +2950,190 @@
         #       condition:
         #         title: expirable access
         #         description: Does not grant access after Sep 2020
-        #         expression: request.time &lt; timestamp('2020-10-01T00:00:00.000Z')
+        #         expression: request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)
         #     - etag: BwWWja0YfJA=
         #     - version: 3
         #
         # For a description of IAM and its features, see the
         # [IAM documentation](https://cloud.google.com/iam/docs/).
-      "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a
+      &quot;etag&quot;: &quot;A String&quot;, # `etag` is used for optimistic concurrency control as a way to help
+          # prevent simultaneous updates of a policy from overwriting each other.
+          # It is strongly suggested that systems make use of the `etag` in the
+          # read-modify-write cycle to perform policy updates in order to avoid race
+          # conditions: An `etag` is returned in the response to `getIamPolicy`, and
+          # systems are expected to put that etag in the request to `setIamPolicy` to
+          # ensure that their change will be applied to the same version of the policy.
+          #
+          # **Important:** If you use IAM Conditions, you must include the `etag` field
+          # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+          # you to overwrite a version `3` policy with a version `1` policy, and all of
+          # the conditions in the version `3` policy are lost.
+      &quot;version&quot;: 42, # Specifies the format of the policy.
+          #
+          # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
+          # are rejected.
+          #
+          # Any operation that affects conditional role bindings must specify version
+          # `3`. This requirement applies to the following operations:
+          #
+          # * Getting a policy that includes a conditional role binding
+          # * Adding a conditional role binding to a policy
+          # * Changing a conditional role binding in a policy
+          # * Removing any role binding, with or without a condition, from a policy
+          #   that includes conditions
+          #
+          # **Important:** If you use IAM Conditions, you must include the `etag` field
+          # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+          # you to overwrite a version `3` policy with a version `1` policy, and all of
+          # the conditions in the version `3` policy are lost.
+          #
+          # If a policy does not include any conditions, operations on that policy may
+          # specify any valid version or leave the field unset.
+          #
+          # To learn which resources support conditions in their IAM policies, see the
+          # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+      &quot;auditConfigs&quot;: [ # Specifies cloud audit logging configuration for this policy.
+        { # Specifies the audit configuration for a service.
+            # The configuration determines which permission types are logged, and what
+            # identities, if any, are exempted from logging.
+            # An AuditConfig must have one or more AuditLogConfigs.
+            #
+            # If there are AuditConfigs for both `allServices` and a specific service,
+            # the union of the two AuditConfigs is used for that service: the log_types
+            # specified in each AuditConfig are enabled, and the exempted_members in each
+            # AuditLogConfig are exempted.
+            #
+            # Example Policy with multiple AuditConfigs:
+            #
+            #     {
+            #       &quot;audit_configs&quot;: [
+            #         {
+            #           &quot;service&quot;: &quot;allServices&quot;
+            #           &quot;audit_log_configs&quot;: [
+            #             {
+            #               &quot;log_type&quot;: &quot;DATA_READ&quot;,
+            #               &quot;exempted_members&quot;: [
+            #                 &quot;user:jose@example.com&quot;
+            #               ]
+            #             },
+            #             {
+            #               &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
+            #             },
+            #             {
+            #               &quot;log_type&quot;: &quot;ADMIN_READ&quot;,
+            #             }
+            #           ]
+            #         },
+            #         {
+            #           &quot;service&quot;: &quot;sampleservice.googleapis.com&quot;
+            #           &quot;audit_log_configs&quot;: [
+            #             {
+            #               &quot;log_type&quot;: &quot;DATA_READ&quot;,
+            #             },
+            #             {
+            #               &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
+            #               &quot;exempted_members&quot;: [
+            #                 &quot;user:aliya@example.com&quot;
+            #               ]
+            #             }
+            #           ]
+            #         }
+            #       ]
+            #     }
+            #
+            # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
+            # logging. It also exempts jose@example.com from DATA_READ logging, and
+            # aliya@example.com from DATA_WRITE logging.
+          &quot;auditLogConfigs&quot;: [ # The configuration for logging of each type of permission.
+            { # Provides the configuration for logging a type of permissions.
+                # Example:
+                #
+                #     {
+                #       &quot;audit_log_configs&quot;: [
+                #         {
+                #           &quot;log_type&quot;: &quot;DATA_READ&quot;,
+                #           &quot;exempted_members&quot;: [
+                #             &quot;user:jose@example.com&quot;
+                #           ]
+                #         },
+                #         {
+                #           &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
+                #         }
+                #       ]
+                #     }
+                #
+                # This enables &#x27;DATA_READ&#x27; and &#x27;DATA_WRITE&#x27; logging, while exempting
+                # jose@example.com from DATA_READ logging.
+              &quot;exemptedMembers&quot;: [ # Specifies the identities that do not cause logging for this type of
+                  # permission.
+                  # Follows the same format of Binding.members.
+                &quot;A String&quot;,
+              ],
+              &quot;logType&quot;: &quot;A String&quot;, # The log type that this config enables.
+            },
+          ],
+          &quot;service&quot;: &quot;A String&quot;, # Specifies a service that will be enabled for audit logging.
+              # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
+              # `allServices` is a special value that covers all services.
+        },
+      ],
+      &quot;bindings&quot;: [ # Associates a list of `members` to a `role`. Optionally, may specify a
           # `condition` that determines how and when the `bindings` are applied. Each
           # of the `bindings` must contain at least one member.
         { # Associates `members` with a `role`.
-          "role": "A String", # Role that is assigned to `members`.
-              # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
-          "condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
-              # NOTE: An unsatisfied condition will not allow user access via current
-              # binding. Different bindings, including their conditions, are examined
-              # independently.
+          &quot;condition&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
+              #
+              # If the condition evaluates to `true`, then this binding applies to the
+              # current request.
+              #
+              # If the condition evaluates to `false`, then this binding does not apply to
+              # the current request. However, a different role binding might grant the same
+              # role to one or more of the members in this binding.
+              #
+              # To learn which resources support conditions in their IAM policies, see the
+              # [IAM
+              # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
               # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
               # are documented at https://github.com/google/cel-spec.
               #
               # Example (Comparison):
               #
-              #     title: "Summary size limit"
-              #     description: "Determines if a summary is less than 100 chars"
-              #     expression: "document.summary.size() &lt; 100"
+              #     title: &quot;Summary size limit&quot;
+              #     description: &quot;Determines if a summary is less than 100 chars&quot;
+              #     expression: &quot;document.summary.size() &lt; 100&quot;
               #
               # Example (Equality):
               #
-              #     title: "Requestor is owner"
-              #     description: "Determines if requestor is the document owner"
-              #     expression: "document.owner == request.auth.claims.email"
+              #     title: &quot;Requestor is owner&quot;
+              #     description: &quot;Determines if requestor is the document owner&quot;
+              #     expression: &quot;document.owner == request.auth.claims.email&quot;
               #
               # Example (Logic):
               #
-              #     title: "Public documents"
-              #     description: "Determine whether the document should be publicly visible"
-              #     expression: "document.type != 'private' &amp;&amp; document.type != 'internal'"
+              #     title: &quot;Public documents&quot;
+              #     description: &quot;Determine whether the document should be publicly visible&quot;
+              #     expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
               #
               # Example (Data Manipulation):
               #
-              #     title: "Notification string"
-              #     description: "Create a notification string with a timestamp."
-              #     expression: "'New message received at ' + string(document.create_time)"
+              #     title: &quot;Notification string&quot;
+              #     description: &quot;Create a notification string with a timestamp.&quot;
+              #     expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
               #
               # The exact variables and functions that may be referenced within an expression
               # are determined by the service that evaluates it. See the service
               # documentation for additional information.
-            "description": "A String", # Optional. Description of the expression. This is a longer text which
-                # describes the expression, e.g. when hovered over it in a UI.
-            "expression": "A String", # Textual representation of an expression in Common Expression Language
-                # syntax.
-            "location": "A String", # Optional. String indicating the location of the expression for error
-                # reporting, e.g. a file name and a position in the file.
-            "title": "A String", # Optional. Title for the expression, i.e. a short string describing
+            &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
                 # its purpose. This can be used e.g. in UIs which allow to enter the
                 # expression.
+            &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
+                # reporting, e.g. a file name and a position in the file.
+            &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
+                # describes the expression, e.g. when hovered over it in a UI.
+            &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
+                # syntax.
           },
-          "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
+          &quot;members&quot;: [ # Specifies the identities requesting access for a Cloud Platform resource.
               # `members` can have the following values:
               #
               # * `allUsers`: A special identifier that represents anyone who is
@@ -3010,134 +3176,13 @@
               # * `domain:{domain}`: The G Suite domain (primary) that represents all the
               #    users of that domain. For example, `google.com` or `example.com`.
               #
-            "A String",
+            &quot;A String&quot;,
           ],
+          &quot;role&quot;: &quot;A String&quot;, # Role that is assigned to `members`.
+              # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
         },
       ],
-      "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
-        { # Specifies the audit configuration for a service.
-            # The configuration determines which permission types are logged, and what
-            # identities, if any, are exempted from logging.
-            # An AuditConfig must have one or more AuditLogConfigs.
-            #
-            # If there are AuditConfigs for both `allServices` and a specific service,
-            # the union of the two AuditConfigs is used for that service: the log_types
-            # specified in each AuditConfig are enabled, and the exempted_members in each
-            # AuditLogConfig are exempted.
-            #
-            # Example Policy with multiple AuditConfigs:
-            #
-            #     {
-            #       "audit_configs": [
-            #         {
-            #           "service": "allServices"
-            #           "audit_log_configs": [
-            #             {
-            #               "log_type": "DATA_READ",
-            #               "exempted_members": [
-            #                 "user:jose@example.com"
-            #               ]
-            #             },
-            #             {
-            #               "log_type": "DATA_WRITE",
-            #             },
-            #             {
-            #               "log_type": "ADMIN_READ",
-            #             }
-            #           ]
-            #         },
-            #         {
-            #           "service": "sampleservice.googleapis.com"
-            #           "audit_log_configs": [
-            #             {
-            #               "log_type": "DATA_READ",
-            #             },
-            #             {
-            #               "log_type": "DATA_WRITE",
-            #               "exempted_members": [
-            #                 "user:aliya@example.com"
-            #               ]
-            #             }
-            #           ]
-            #         }
-            #       ]
-            #     }
-            #
-            # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
-            # logging. It also exempts jose@example.com from DATA_READ logging, and
-            # aliya@example.com from DATA_WRITE logging.
-          "auditLogConfigs": [ # The configuration for logging of each type of permission.
-            { # Provides the configuration for logging a type of permissions.
-                # Example:
-                #
-                #     {
-                #       "audit_log_configs": [
-                #         {
-                #           "log_type": "DATA_READ",
-                #           "exempted_members": [
-                #             "user:jose@example.com"
-                #           ]
-                #         },
-                #         {
-                #           "log_type": "DATA_WRITE",
-                #         }
-                #       ]
-                #     }
-                #
-                # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
-                # jose@example.com from DATA_READ logging.
-              "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
-                  # permission.
-                  # Follows the same format of Binding.members.
-                "A String",
-              ],
-              "logType": "A String", # The log type that this config enables.
-            },
-          ],
-          "service": "A String", # Specifies a service that will be enabled for audit logging.
-              # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
-              # `allServices` is a special value that covers all services.
-        },
-      ],
-      "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
-          # prevent simultaneous updates of a policy from overwriting each other.
-          # It is strongly suggested that systems make use of the `etag` in the
-          # read-modify-write cycle to perform policy updates in order to avoid race
-          # conditions: An `etag` is returned in the response to `getIamPolicy`, and
-          # systems are expected to put that etag in the request to `setIamPolicy` to
-          # ensure that their change will be applied to the same version of the policy.
-          #
-          # **Important:** If you use IAM Conditions, you must include the `etag` field
-          # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
-          # you to overwrite a version `3` policy with a version `1` policy, and all of
-          # the conditions in the version `3` policy are lost.
-      "version": 42, # Specifies the format of the policy.
-          #
-          # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
-          # are rejected.
-          #
-          # Any operation that affects conditional role bindings must specify version
-          # `3`. This requirement applies to the following operations:
-          #
-          # * Getting a policy that includes a conditional role binding
-          # * Adding a conditional role binding to a policy
-          # * Changing a conditional role binding in a policy
-          # * Removing any role binding, with or without a condition, from a policy
-          #   that includes conditions
-          #
-          # **Important:** If you use IAM Conditions, you must include the `etag` field
-          # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
-          # you to overwrite a version `3` policy with a version `1` policy, and all of
-          # the conditions in the version `3` policy are lost.
-          #
-          # If a policy does not include any conditions, operations on that policy may
-          # specify any valid version or leave the field unset.
     },
-    "updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
-        # the fields in the mask will be modified. If no mask is provided, the
-        # following default mask is used:
-        # paths: "bindings, etag"
-        # This field is only used by Cloud IAM.
   }
 
   x__xgafv: string, V1 error format.
@@ -3158,36 +3203,40 @@
       # permissions; each `role` can be an IAM predefined role or a user-created
       # custom role.
       #
-      # Optionally, a `binding` can specify a `condition`, which is a logical
-      # expression that allows access to a resource only if the expression evaluates
-      # to `true`. A condition can add constraints based on attributes of the
-      # request, the resource, or both.
+      # For some types of Google Cloud resources, a `binding` can also specify a
+      # `condition`, which is a logical expression that allows access to a resource
+      # only if the expression evaluates to `true`. A condition can add constraints
+      # based on attributes of the request, the resource, or both. To learn which
+      # resources support conditions in their IAM policies, see the
+      # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
       #
       # **JSON example:**
       #
       #     {
-      #       "bindings": [
+      #       &quot;bindings&quot;: [
       #         {
-      #           "role": "roles/resourcemanager.organizationAdmin",
-      #           "members": [
-      #             "user:mike@example.com",
-      #             "group:admins@example.com",
-      #             "domain:google.com",
-      #             "serviceAccount:my-project-id@appspot.gserviceaccount.com"
+      #           &quot;role&quot;: &quot;roles/resourcemanager.organizationAdmin&quot;,
+      #           &quot;members&quot;: [
+      #             &quot;user:mike@example.com&quot;,
+      #             &quot;group:admins@example.com&quot;,
+      #             &quot;domain:google.com&quot;,
+      #             &quot;serviceAccount:my-project-id@appspot.gserviceaccount.com&quot;
       #           ]
       #         },
       #         {
-      #           "role": "roles/resourcemanager.organizationViewer",
-      #           "members": ["user:eve@example.com"],
-      #           "condition": {
-      #             "title": "expirable access",
-      #             "description": "Does not grant access after Sep 2020",
-      #             "expression": "request.time &lt; timestamp('2020-10-01T00:00:00.000Z')",
+      #           &quot;role&quot;: &quot;roles/resourcemanager.organizationViewer&quot;,
+      #           &quot;members&quot;: [
+      #             &quot;user:eve@example.com&quot;
+      #           ],
+      #           &quot;condition&quot;: {
+      #             &quot;title&quot;: &quot;expirable access&quot;,
+      #             &quot;description&quot;: &quot;Does not grant access after Sep 2020&quot;,
+      #             &quot;expression&quot;: &quot;request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)&quot;,
       #           }
       #         }
       #       ],
-      #       "etag": "BwWWja0YfJA=",
-      #       "version": 3
+      #       &quot;etag&quot;: &quot;BwWWja0YfJA=&quot;,
+      #       &quot;version&quot;: 3
       #     }
       #
       # **YAML example:**
@@ -3205,63 +3254,190 @@
       #       condition:
       #         title: expirable access
       #         description: Does not grant access after Sep 2020
-      #         expression: request.time &lt; timestamp('2020-10-01T00:00:00.000Z')
+      #         expression: request.time &lt; timestamp(&#x27;2020-10-01T00:00:00.000Z&#x27;)
       #     - etag: BwWWja0YfJA=
       #     - version: 3
       #
       # For a description of IAM and its features, see the
       # [IAM documentation](https://cloud.google.com/iam/docs/).
-    "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a
+    &quot;etag&quot;: &quot;A String&quot;, # `etag` is used for optimistic concurrency control as a way to help
+        # prevent simultaneous updates of a policy from overwriting each other.
+        # It is strongly suggested that systems make use of the `etag` in the
+        # read-modify-write cycle to perform policy updates in order to avoid race
+        # conditions: An `etag` is returned in the response to `getIamPolicy`, and
+        # systems are expected to put that etag in the request to `setIamPolicy` to
+        # ensure that their change will be applied to the same version of the policy.
+        #
+        # **Important:** If you use IAM Conditions, you must include the `etag` field
+        # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+        # you to overwrite a version `3` policy with a version `1` policy, and all of
+        # the conditions in the version `3` policy are lost.
+    &quot;version&quot;: 42, # Specifies the format of the policy.
+        #
+        # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
+        # are rejected.
+        #
+        # Any operation that affects conditional role bindings must specify version
+        # `3`. This requirement applies to the following operations:
+        #
+        # * Getting a policy that includes a conditional role binding
+        # * Adding a conditional role binding to a policy
+        # * Changing a conditional role binding in a policy
+        # * Removing any role binding, with or without a condition, from a policy
+        #   that includes conditions
+        #
+        # **Important:** If you use IAM Conditions, you must include the `etag` field
+        # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+        # you to overwrite a version `3` policy with a version `1` policy, and all of
+        # the conditions in the version `3` policy are lost.
+        #
+        # If a policy does not include any conditions, operations on that policy may
+        # specify any valid version or leave the field unset.
+        #
+        # To learn which resources support conditions in their IAM policies, see the
+        # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    &quot;auditConfigs&quot;: [ # Specifies cloud audit logging configuration for this policy.
+      { # Specifies the audit configuration for a service.
+          # The configuration determines which permission types are logged, and what
+          # identities, if any, are exempted from logging.
+          # An AuditConfig must have one or more AuditLogConfigs.
+          #
+          # If there are AuditConfigs for both `allServices` and a specific service,
+          # the union of the two AuditConfigs is used for that service: the log_types
+          # specified in each AuditConfig are enabled, and the exempted_members in each
+          # AuditLogConfig are exempted.
+          #
+          # Example Policy with multiple AuditConfigs:
+          #
+          #     {
+          #       &quot;audit_configs&quot;: [
+          #         {
+          #           &quot;service&quot;: &quot;allServices&quot;
+          #           &quot;audit_log_configs&quot;: [
+          #             {
+          #               &quot;log_type&quot;: &quot;DATA_READ&quot;,
+          #               &quot;exempted_members&quot;: [
+          #                 &quot;user:jose@example.com&quot;
+          #               ]
+          #             },
+          #             {
+          #               &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
+          #             },
+          #             {
+          #               &quot;log_type&quot;: &quot;ADMIN_READ&quot;,
+          #             }
+          #           ]
+          #         },
+          #         {
+          #           &quot;service&quot;: &quot;sampleservice.googleapis.com&quot;
+          #           &quot;audit_log_configs&quot;: [
+          #             {
+          #               &quot;log_type&quot;: &quot;DATA_READ&quot;,
+          #             },
+          #             {
+          #               &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
+          #               &quot;exempted_members&quot;: [
+          #                 &quot;user:aliya@example.com&quot;
+          #               ]
+          #             }
+          #           ]
+          #         }
+          #       ]
+          #     }
+          #
+          # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
+          # logging. It also exempts jose@example.com from DATA_READ logging, and
+          # aliya@example.com from DATA_WRITE logging.
+        &quot;auditLogConfigs&quot;: [ # The configuration for logging of each type of permission.
+          { # Provides the configuration for logging a type of permissions.
+              # Example:
+              #
+              #     {
+              #       &quot;audit_log_configs&quot;: [
+              #         {
+              #           &quot;log_type&quot;: &quot;DATA_READ&quot;,
+              #           &quot;exempted_members&quot;: [
+              #             &quot;user:jose@example.com&quot;
+              #           ]
+              #         },
+              #         {
+              #           &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
+              #         }
+              #       ]
+              #     }
+              #
+              # This enables &#x27;DATA_READ&#x27; and &#x27;DATA_WRITE&#x27; logging, while exempting
+              # jose@example.com from DATA_READ logging.
+            &quot;exemptedMembers&quot;: [ # Specifies the identities that do not cause logging for this type of
+                # permission.
+                # Follows the same format of Binding.members.
+              &quot;A String&quot;,
+            ],
+            &quot;logType&quot;: &quot;A String&quot;, # The log type that this config enables.
+          },
+        ],
+        &quot;service&quot;: &quot;A String&quot;, # Specifies a service that will be enabled for audit logging.
+            # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
+            # `allServices` is a special value that covers all services.
+      },
+    ],
+    &quot;bindings&quot;: [ # Associates a list of `members` to a `role`. Optionally, may specify a
         # `condition` that determines how and when the `bindings` are applied. Each
         # of the `bindings` must contain at least one member.
       { # Associates `members` with a `role`.
-        "role": "A String", # Role that is assigned to `members`.
-            # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
-        "condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
-            # NOTE: An unsatisfied condition will not allow user access via current
-            # binding. Different bindings, including their conditions, are examined
-            # independently.
+        &quot;condition&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
+            #
+            # If the condition evaluates to `true`, then this binding applies to the
+            # current request.
+            #
+            # If the condition evaluates to `false`, then this binding does not apply to
+            # the current request. However, a different role binding might grant the same
+            # role to one or more of the members in this binding.
+            #
+            # To learn which resources support conditions in their IAM policies, see the
+            # [IAM
+            # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
             # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
             # are documented at https://github.com/google/cel-spec.
             #
             # Example (Comparison):
             #
-            #     title: "Summary size limit"
-            #     description: "Determines if a summary is less than 100 chars"
-            #     expression: "document.summary.size() &lt; 100"
+            #     title: &quot;Summary size limit&quot;
+            #     description: &quot;Determines if a summary is less than 100 chars&quot;
+            #     expression: &quot;document.summary.size() &lt; 100&quot;
             #
             # Example (Equality):
             #
-            #     title: "Requestor is owner"
-            #     description: "Determines if requestor is the document owner"
-            #     expression: "document.owner == request.auth.claims.email"
+            #     title: &quot;Requestor is owner&quot;
+            #     description: &quot;Determines if requestor is the document owner&quot;
+            #     expression: &quot;document.owner == request.auth.claims.email&quot;
             #
             # Example (Logic):
             #
-            #     title: "Public documents"
-            #     description: "Determine whether the document should be publicly visible"
-            #     expression: "document.type != 'private' &amp;&amp; document.type != 'internal'"
+            #     title: &quot;Public documents&quot;
+            #     description: &quot;Determine whether the document should be publicly visible&quot;
+            #     expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot;
             #
             # Example (Data Manipulation):
             #
-            #     title: "Notification string"
-            #     description: "Create a notification string with a timestamp."
-            #     expression: "'New message received at ' + string(document.create_time)"
+            #     title: &quot;Notification string&quot;
+            #     description: &quot;Create a notification string with a timestamp.&quot;
+            #     expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot;
             #
             # The exact variables and functions that may be referenced within an expression
             # are determined by the service that evaluates it. See the service
             # documentation for additional information.
-          "description": "A String", # Optional. Description of the expression. This is a longer text which
-              # describes the expression, e.g. when hovered over it in a UI.
-          "expression": "A String", # Textual representation of an expression in Common Expression Language
-              # syntax.
-          "location": "A String", # Optional. String indicating the location of the expression for error
-              # reporting, e.g. a file name and a position in the file.
-          "title": "A String", # Optional. Title for the expression, i.e. a short string describing
+          &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
               # its purpose. This can be used e.g. in UIs which allow to enter the
               # expression.
+          &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
+              # reporting, e.g. a file name and a position in the file.
+          &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
+              # describes the expression, e.g. when hovered over it in a UI.
+          &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
+              # syntax.
         },
-        "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
+        &quot;members&quot;: [ # Specifies the identities requesting access for a Cloud Platform resource.
             # `members` can have the following values:
             #
             # * `allUsers`: A special identifier that represents anyone who is
@@ -3304,128 +3480,12 @@
             # * `domain:{domain}`: The G Suite domain (primary) that represents all the
             #    users of that domain. For example, `google.com` or `example.com`.
             #
-          "A String",
+          &quot;A String&quot;,
         ],
+        &quot;role&quot;: &quot;A String&quot;, # Role that is assigned to `members`.
+            # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
       },
     ],
-    "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
-      { # Specifies the audit configuration for a service.
-          # The configuration determines which permission types are logged, and what
-          # identities, if any, are exempted from logging.
-          # An AuditConfig must have one or more AuditLogConfigs.
-          #
-          # If there are AuditConfigs for both `allServices` and a specific service,
-          # the union of the two AuditConfigs is used for that service: the log_types
-          # specified in each AuditConfig are enabled, and the exempted_members in each
-          # AuditLogConfig are exempted.
-          #
-          # Example Policy with multiple AuditConfigs:
-          #
-          #     {
-          #       "audit_configs": [
-          #         {
-          #           "service": "allServices"
-          #           "audit_log_configs": [
-          #             {
-          #               "log_type": "DATA_READ",
-          #               "exempted_members": [
-          #                 "user:jose@example.com"
-          #               ]
-          #             },
-          #             {
-          #               "log_type": "DATA_WRITE",
-          #             },
-          #             {
-          #               "log_type": "ADMIN_READ",
-          #             }
-          #           ]
-          #         },
-          #         {
-          #           "service": "sampleservice.googleapis.com"
-          #           "audit_log_configs": [
-          #             {
-          #               "log_type": "DATA_READ",
-          #             },
-          #             {
-          #               "log_type": "DATA_WRITE",
-          #               "exempted_members": [
-          #                 "user:aliya@example.com"
-          #               ]
-          #             }
-          #           ]
-          #         }
-          #       ]
-          #     }
-          #
-          # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
-          # logging. It also exempts jose@example.com from DATA_READ logging, and
-          # aliya@example.com from DATA_WRITE logging.
-        "auditLogConfigs": [ # The configuration for logging of each type of permission.
-          { # Provides the configuration for logging a type of permissions.
-              # Example:
-              #
-              #     {
-              #       "audit_log_configs": [
-              #         {
-              #           "log_type": "DATA_READ",
-              #           "exempted_members": [
-              #             "user:jose@example.com"
-              #           ]
-              #         },
-              #         {
-              #           "log_type": "DATA_WRITE",
-              #         }
-              #       ]
-              #     }
-              #
-              # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
-              # jose@example.com from DATA_READ logging.
-            "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
-                # permission.
-                # Follows the same format of Binding.members.
-              "A String",
-            ],
-            "logType": "A String", # The log type that this config enables.
-          },
-        ],
-        "service": "A String", # Specifies a service that will be enabled for audit logging.
-            # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
-            # `allServices` is a special value that covers all services.
-      },
-    ],
-    "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
-        # prevent simultaneous updates of a policy from overwriting each other.
-        # It is strongly suggested that systems make use of the `etag` in the
-        # read-modify-write cycle to perform policy updates in order to avoid race
-        # conditions: An `etag` is returned in the response to `getIamPolicy`, and
-        # systems are expected to put that etag in the request to `setIamPolicy` to
-        # ensure that their change will be applied to the same version of the policy.
-        #
-        # **Important:** If you use IAM Conditions, you must include the `etag` field
-        # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
-        # you to overwrite a version `3` policy with a version `1` policy, and all of
-        # the conditions in the version `3` policy are lost.
-    "version": 42, # Specifies the format of the policy.
-        #
-        # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
-        # are rejected.
-        #
-        # Any operation that affects conditional role bindings must specify version
-        # `3`. This requirement applies to the following operations:
-        #
-        # * Getting a policy that includes a conditional role binding
-        # * Adding a conditional role binding to a policy
-        # * Changing a conditional role binding in a policy
-        # * Removing any role binding, with or without a condition, from a policy
-        #   that includes conditions
-        #
-        # **Important:** If you use IAM Conditions, you must include the `etag` field
-        # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
-        # you to overwrite a version `3` policy with a version `1` policy, and all of
-        # the conditions in the version `3` policy are lost.
-        #
-        # If a policy does not include any conditions, operations on that policy may
-        # specify any valid version or leave the field unset.
   }</pre>
 </div>
 
@@ -3433,11 +3493,11 @@
     <code class="details" id="testIamPermissions">testIamPermissions(resource, body=None, x__xgafv=None)</code>
   <pre>Returns permissions that a caller has on the specified resource.
 If the resource does not exist, this will return an empty set of
-permissions, not a NOT_FOUND error.
+permissions, not a `NOT_FOUND` error.
 
 Note: This operation is designed to be used for building permission-aware
 UIs and command-line tools, not for authorization checking. This operation
-may "fail open" without warning.
+may &quot;fail open&quot; without warning.
 
 Args:
   resource: string, REQUIRED: The resource for which the policy detail is being requested.
@@ -3446,11 +3506,11 @@
     The object takes the form of:
 
 { # Request message for `TestIamPermissions` method.
-    "permissions": [ # The set of permissions to check for the `resource`. Permissions with
-        # wildcards (such as '*' or 'storage.*') are not allowed. For more
+    &quot;permissions&quot;: [ # The set of permissions to check for the `resource`. Permissions with
+        # wildcards (such as &#x27;*&#x27; or &#x27;storage.*&#x27;) are not allowed. For more
         # information see
         # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
-      "A String",
+      &quot;A String&quot;,
     ],
   }
 
@@ -3463,9 +3523,9 @@
   An object of the form:
 
     { # Response message for `TestIamPermissions` method.
-    "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is
+    &quot;permissions&quot;: [ # A subset of `TestPermissionsRequest.permissions` that the caller is
         # allowed.
-      "A String",
+      &quot;A String&quot;,
     ],
   }</pre>
 </div>
@@ -3492,34 +3552,16 @@
 
     { # This resource represents a long-running operation that is the result of a
       # network API call.
-    "metadata": { # Service-specific metadata associated with the operation.  It typically
+    &quot;metadata&quot;: { # Service-specific metadata associated with the operation.  It typically
         # contains progress information and common metadata such as create time.
         # Some services might not provide such metadata.  Any method that returns a
         # long-running operation should document the metadata type, if any.
-      "a_key": "", # Properties of the object. Contains field @type with type URL.
+      &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
     },
-    "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
-        # different programming environments, including REST APIs and RPC APIs. It is
-        # used by [gRPC](https://github.com/grpc). Each `Status` message contains
-        # three pieces of data: error code, error message, and error details.
-        #
-        # You can find out more about this error model and how to work with it in the
-        # [API Design Guide](https://cloud.google.com/apis/design/errors).
-      "message": "A String", # A developer-facing error message, which should be in English. Any
-          # user-facing error message should be localized and sent in the
-          # google.rpc.Status.details field, or localized by the client.
-      "code": 42, # The status code, which should be an enum value of google.rpc.Code.
-      "details": [ # A list of messages that carry the error details.  There is a common set of
-          # message types for APIs to use.
-        {
-          "a_key": "", # Properties of the object. Contains field @type with type URL.
-        },
-      ],
-    },
-    "done": True or False, # If the value is `false`, it means the operation is still in progress.
+    &quot;done&quot;: True or False, # If the value is `false`, it means the operation is still in progress.
         # If `true`, the operation is completed, and either `error` or `response` is
         # available.
-    "response": { # The normal response of the operation in case of success.  If the original
+    &quot;response&quot;: { # The normal response of the operation in case of success.  If the original
         # method returns no data on success, such as `Delete`, the response is
         # `google.protobuf.Empty`.  If the original method is standard
         # `Get`/`Create`/`Update`, the response should be the resource.  For other
@@ -3527,11 +3569,29 @@
         # is the original method name.  For example, if the original method name
         # is `TakeSnapshot()`, the inferred response type is
         # `TakeSnapshotResponse`.
-      "a_key": "", # Properties of the object. Contains field @type with type URL.
+      &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
     },
-    "name": "A String", # The server-assigned name, which is only unique within the same service that
+    &quot;name&quot;: &quot;A String&quot;, # The server-assigned name, which is only unique within the same service that
         # originally returns it. If you use the default HTTP mapping, the
         # `name` should be a resource name ending with `operations/{unique_id}`.
+    &quot;error&quot;: { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
+        # different programming environments, including REST APIs and RPC APIs. It is
+        # used by [gRPC](https://github.com/grpc). Each `Status` message contains
+        # three pieces of data: error code, error message, and error details.
+        #
+        # You can find out more about this error model and how to work with it in the
+        # [API Design Guide](https://cloud.google.com/apis/design/errors).
+      &quot;details&quot;: [ # A list of messages that carry the error details.  There is a common set of
+          # message types for APIs to use.
+        {
+          &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
+        },
+      ],
+      &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
+      &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any
+          # user-facing error message should be localized and sent in the
+          # google.rpc.Status.details field, or localized by the client.
+    },
   }</pre>
 </div>