docs: update generated docs (#981)

diff --git a/docs/dyn/cloudresourcemanager_v1.projects.html b/docs/dyn/cloudresourcemanager_v1.projects.html
index 5675bb0..0e0328a 100644
--- a/docs/dyn/cloudresourcemanager_v1.projects.html
+++ b/docs/dyn/cloudresourcemanager_v1.projects.html
@@ -99,7 +99,7 @@
   <code><a href="#getOrgPolicy">getOrgPolicy(resource, body=None, x__xgafv=None)</a></code></p>
 <p class="firstline">Gets a `Policy` on a resource.</p>
 <p class="toc_element">
-  <code><a href="#list">list(pageToken=None, pageSize=None, filter=None, x__xgafv=None)</a></code></p>
+  <code><a href="#list">list(pageSize=None, filter=None, pageToken=None, x__xgafv=None)</a></code></p>
 <p class="firstline">Lists Projects that the caller has the `resourcemanager.projects.get`</p>
 <p class="toc_element">
   <code><a href="#listAvailableOrgPolicyConstraints">listAvailableOrgPolicyConstraints(resource, body=None, x__xgafv=None)</a></code></p>
@@ -118,7 +118,7 @@
 <p class="firstline">Retrieves the next page of results.</p>
 <p class="toc_element">
   <code><a href="#setIamPolicy">setIamPolicy(resource, body=None, x__xgafv=None)</a></code></p>
-<p class="firstline">Sets the IAM access control policy for the specified Project. Overwrites</p>
+<p class="firstline">Sets the IAM access control policy for the specified Project.</p>
 <p class="toc_element">
   <code><a href="#setOrgPolicy">setOrgPolicy(resource, body=None, x__xgafv=None)</a></code></p>
 <p class="firstline">Updates the specified `Policy` on the resource. Creates a new `Policy` for</p>
@@ -192,13 +192,10 @@
 { # A Project is a high-level Google Cloud Platform entity.  It is a
       # container for ACLs, APIs, App Engine Apps, VMs, and other
       # Google Cloud Platform resources.
-    &quot;name&quot;: &quot;A String&quot;, # The optional user-assigned display name of the Project.
-        # When present it must be between 4 to 30 characters.
-        # Allowed characters are: lowercase and uppercase letters, numbers,
-        # hyphen, single-quote, double-quote, space, and exclamation point.
+    &quot;projectNumber&quot;: &quot;A String&quot;, # The number uniquely identifying the project.
         # 
-        # Example: &lt;code&gt;My Project&lt;/code&gt;
-        # Read-write.
+        # Example: &lt;code&gt;415104041262&lt;/code&gt;
+        # Read-only.
     &quot;projectId&quot;: &quot;A String&quot;, # The unique, user-assigned ID of the Project.
         # It must be 6 to 30 lowercase letters, digits, or hyphens.
         # It must start with a letter.
@@ -206,13 +203,36 @@
         # 
         # Example: &lt;code&gt;tokyo-rain-123&lt;/code&gt;
         # Read-only after creation.
+    &quot;createTime&quot;: &quot;A String&quot;, # Creation time.
+        # 
+        # Read-only.
+    &quot;labels&quot;: { # The labels associated with this Project.
+        # 
+        # Label keys must be between 1 and 63 characters long and must conform
+        # to the following regular expression: a-z{0,62}.
+        # 
+        # Label values must be between 0 and 63 characters long and must conform
+        # to the regular expression [a-z0-9_-]{0,63}. A label value can be empty.
+        # 
+        # No more than 256 labels can be associated with a given resource.
+        # 
+        # Clients should store labels in a representation such as JSON that does not
+        # depend on specific characters being disallowed.
+        # 
+        # Example: &lt;code&gt;&quot;environment&quot; : &quot;dev&quot;&lt;/code&gt;
+        # Read-write.
+      &quot;a_key&quot;: &quot;A String&quot;,
+    },
     &quot;lifecycleState&quot;: &quot;A String&quot;, # The Project lifecycle state.
         # 
         # Read-only.
-    &quot;projectNumber&quot;: &quot;A String&quot;, # The number uniquely identifying the project.
+    &quot;name&quot;: &quot;A String&quot;, # The optional user-assigned display name of the Project.
+        # When present it must be between 4 to 30 characters.
+        # Allowed characters are: lowercase and uppercase letters, numbers,
+        # hyphen, single-quote, double-quote, space, and exclamation point.
         # 
-        # Example: &lt;code&gt;415104041262&lt;/code&gt;
-        # Read-only.
+        # Example: &lt;code&gt;My Project&lt;/code&gt;
+        # Read-write.
     &quot;parent&quot;: { # A container to reference an id for any resource type. A `resource` in Google # An optional reference to a parent Resource.
         # 
         # Supported parent types include &quot;organization&quot; and &quot;folder&quot;. Once set, the
@@ -229,27 +249,6 @@
       &quot;id&quot;: &quot;A String&quot;, # Required field for the type-specific id. This should correspond to the id
           # used in the type-specific API&#x27;s.
     },
-    &quot;createTime&quot;: &quot;A String&quot;, # Creation time.
-        # 
-        # Read-only.
-    &quot;labels&quot;: { # The labels associated with this Project.
-        # 
-        # Label keys must be between 1 and 63 characters long and must conform
-        # to the following regular expression: \[a-z\](\[-a-z0-9\]*\[a-z0-9\])?.
-        # 
-        # Label values must be between 0 and 63 characters long and must conform
-        # to the regular expression (\[a-z\](\[-a-z0-9\]*\[a-z0-9\])?)?. A label
-        # value can be empty.
-        # 
-        # No more than 256 labels can be associated with a given resource.
-        # 
-        # Clients should store labels in a representation such as JSON that does not
-        # depend on specific characters being disallowed.
-        # 
-        # Example: &lt;code&gt;&quot;environment&quot; : &quot;dev&quot;&lt;/code&gt;
-        # Read-write.
-      &quot;a_key&quot;: &quot;A String&quot;,
-    },
   }
 
   x__xgafv: string, V1 error format.
@@ -262,11 +261,23 @@
 
     { # This resource represents a long-running operation that is the result of a
       # network API call.
-    &quot;metadata&quot;: { # Service-specific metadata associated with the operation.  It typically
-        # contains progress information and common metadata such as create time.
-        # Some services might not provide such metadata.  Any method that returns a
-        # long-running operation should document the metadata type, if any.
-      &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
+    &quot;error&quot;: { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
+        # different programming environments, including REST APIs and RPC APIs. It is
+        # used by [gRPC](https://github.com/grpc). Each `Status` message contains
+        # three pieces of data: error code, error message, and error details.
+        #
+        # You can find out more about this error model and how to work with it in the
+        # [API Design Guide](https://cloud.google.com/apis/design/errors).
+      &quot;details&quot;: [ # A list of messages that carry the error details.  There is a common set of
+          # message types for APIs to use.
+        {
+          &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
+        },
+      ],
+      &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any
+          # user-facing error message should be localized and sent in the
+          # google.rpc.Status.details field, or localized by the client.
+      &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
     },
     &quot;done&quot;: True or False, # If the value is `false`, it means the operation is still in progress.
         # If `true`, the operation is completed, and either `error` or `response` is
@@ -284,23 +295,11 @@
     &quot;name&quot;: &quot;A String&quot;, # The server-assigned name, which is only unique within the same service that
         # originally returns it. If you use the default HTTP mapping, the
         # `name` should be a resource name ending with `operations/{unique_id}`.
-    &quot;error&quot;: { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation.
-        # different programming environments, including REST APIs and RPC APIs. It is
-        # used by [gRPC](https://github.com/grpc). Each `Status` message contains
-        # three pieces of data: error code, error message, and error details.
-        #
-        # You can find out more about this error model and how to work with it in the
-        # [API Design Guide](https://cloud.google.com/apis/design/errors).
-      &quot;message&quot;: &quot;A String&quot;, # A developer-facing error message, which should be in English. Any
-          # user-facing error message should be localized and sent in the
-          # google.rpc.Status.details field, or localized by the client.
-      &quot;details&quot;: [ # A list of messages that carry the error details.  There is a common set of
-          # message types for APIs to use.
-        {
-          &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
-        },
-      ],
-      &quot;code&quot;: 42, # The status code, which should be an enum value of google.rpc.Code.
+    &quot;metadata&quot;: { # Service-specific metadata associated with the operation.  It typically
+        # contains progress information and common metadata such as create time.
+        # Some services might not provide such metadata.  Any method that returns a
+        # long-running operation should document the metadata type, if any.
+      &quot;a_key&quot;: &quot;&quot;, # Properties of the object. Contains field @type with type URL.
     },
   }</pre>
 </div>
@@ -375,13 +374,10 @@
     { # A Project is a high-level Google Cloud Platform entity.  It is a
         # container for ACLs, APIs, App Engine Apps, VMs, and other
         # Google Cloud Platform resources.
-      &quot;name&quot;: &quot;A String&quot;, # The optional user-assigned display name of the Project.
-          # When present it must be between 4 to 30 characters.
-          # Allowed characters are: lowercase and uppercase letters, numbers,
-          # hyphen, single-quote, double-quote, space, and exclamation point.
+      &quot;projectNumber&quot;: &quot;A String&quot;, # The number uniquely identifying the project.
           #
-          # Example: &lt;code&gt;My Project&lt;/code&gt;
-          # Read-write.
+          # Example: &lt;code&gt;415104041262&lt;/code&gt;
+          # Read-only.
       &quot;projectId&quot;: &quot;A String&quot;, # The unique, user-assigned ID of the Project.
           # It must be 6 to 30 lowercase letters, digits, or hyphens.
           # It must start with a letter.
@@ -389,13 +385,36 @@
           #
           # Example: &lt;code&gt;tokyo-rain-123&lt;/code&gt;
           # Read-only after creation.
+      &quot;createTime&quot;: &quot;A String&quot;, # Creation time.
+          #
+          # Read-only.
+      &quot;labels&quot;: { # The labels associated with this Project.
+          #
+          # Label keys must be between 1 and 63 characters long and must conform
+          # to the following regular expression: a-z{0,62}.
+          #
+          # Label values must be between 0 and 63 characters long and must conform
+          # to the regular expression [a-z0-9_-]{0,63}. A label value can be empty.
+          #
+          # No more than 256 labels can be associated with a given resource.
+          #
+          # Clients should store labels in a representation such as JSON that does not
+          # depend on specific characters being disallowed.
+          #
+          # Example: &lt;code&gt;&quot;environment&quot; : &quot;dev&quot;&lt;/code&gt;
+          # Read-write.
+        &quot;a_key&quot;: &quot;A String&quot;,
+      },
       &quot;lifecycleState&quot;: &quot;A String&quot;, # The Project lifecycle state.
           #
           # Read-only.
-      &quot;projectNumber&quot;: &quot;A String&quot;, # The number uniquely identifying the project.
+      &quot;name&quot;: &quot;A String&quot;, # The optional user-assigned display name of the Project.
+          # When present it must be between 4 to 30 characters.
+          # Allowed characters are: lowercase and uppercase letters, numbers,
+          # hyphen, single-quote, double-quote, space, and exclamation point.
           #
-          # Example: &lt;code&gt;415104041262&lt;/code&gt;
-          # Read-only.
+          # Example: &lt;code&gt;My Project&lt;/code&gt;
+          # Read-write.
       &quot;parent&quot;: { # A container to reference an id for any resource type. A `resource` in Google # An optional reference to a parent Resource.
           #
           # Supported parent types include &quot;organization&quot; and &quot;folder&quot;. Once set, the
@@ -412,27 +431,6 @@
         &quot;id&quot;: &quot;A String&quot;, # Required field for the type-specific id. This should correspond to the id
             # used in the type-specific API&#x27;s.
       },
-      &quot;createTime&quot;: &quot;A String&quot;, # Creation time.
-          #
-          # Read-only.
-      &quot;labels&quot;: { # The labels associated with this Project.
-          #
-          # Label keys must be between 1 and 63 characters long and must conform
-          # to the following regular expression: \[a-z\](\[-a-z0-9\]*\[a-z0-9\])?.
-          #
-          # Label values must be between 0 and 63 characters long and must conform
-          # to the regular expression (\[a-z\](\[-a-z0-9\]*\[a-z0-9\])?)?. A label
-          # value can be empty.
-          #
-          # No more than 256 labels can be associated with a given resource.
-          #
-          # Clients should store labels in a representation such as JSON that does not
-          # depend on specific characters being disallowed.
-          #
-          # Example: &lt;code&gt;&quot;environment&quot; : &quot;dev&quot;&lt;/code&gt;
-          # Read-write.
-        &quot;a_key&quot;: &quot;A String&quot;,
-      },
     }</pre>
 </div>
 
@@ -463,7 +461,9 @@
 Returns:
   An object of the form:
 
-    { # Response from the GetAncestry method.
+    { # Response from the
+      # projects.getAncestry
+      # method.
     &quot;ancestor&quot;: [ # Ancestors are ordered from bottom to top of the resource hierarchy. The
         # first ancestor is the project itself, followed by the project&#x27;s parent,
         # etc..
@@ -509,6 +509,95 @@
 
     { # Defines a Cloud Organization `Policy` which is used to specify `Constraints`
       # for configurations of Cloud Platform resources.
+    &quot;booleanPolicy&quot;: { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not.
+        # resource.
+      &quot;enforced&quot;: True or False, # If `true`, then the `Policy` is enforced. If `false`, then any
+          # configuration is acceptable.
+          #
+          # Suppose you have a `Constraint`
+          # `constraints/compute.disableSerialPortAccess` with `constraint_default`
+          # set to `ALLOW`. A `Policy` for that `Constraint` exhibits the following
+          # behavior:
+          #   - If the `Policy` at this resource has enforced set to `false`, serial
+          #     port connection attempts will be allowed.
+          #   - If the `Policy` at this resource has enforced set to `true`, serial
+          #     port connection attempts will be refused.
+          #   - If the `Policy` at this resource is `RestoreDefault`, serial port
+          #     connection attempts will be allowed.
+          #   - If no `Policy` is set at this resource or anywhere higher in the
+          #     resource hierarchy, serial port connection attempts will be allowed.
+          #   - If no `Policy` is set at this resource, but one exists higher in the
+          #     resource hierarchy, the behavior is as if the`Policy` were set at
+          #     this resource.
+          #
+          # The following examples demonstrate the different possible layerings:
+          #
+          # Example 1 (nearest `Constraint` wins):
+          #   `organizations/foo` has a `Policy` with:
+          #     {enforced: false}
+          #   `projects/bar` has no `Policy` set.
+          # The constraint at `projects/bar` and `organizations/foo` will not be
+          # enforced.
+          #
+          # Example 2 (enforcement gets replaced):
+          #   `organizations/foo` has a `Policy` with:
+          #     {enforced: false}
+          #   `projects/bar` has a `Policy` with:
+          #     {enforced: true}
+          # The constraint at `organizations/foo` is not enforced.
+          # The constraint at `projects/bar` is enforced.
+          #
+          # Example 3 (RestoreDefault):
+          #   `organizations/foo` has a `Policy` with:
+          #     {enforced: true}
+          #   `projects/bar` has a `Policy` with:
+          #     {RestoreDefault: {}}
+          # The constraint at `organizations/foo` is enforced.
+          # The constraint at `projects/bar` is not enforced, because
+          # `constraint_default` for the `Constraint` is `ALLOW`.
+    },
+    &quot;restoreDefault&quot;: { # Ignores policies set above this resource and restores the # Restores the default behavior of the constraint; independent of
+        # `Constraint` type.
+        # `constraint_default` enforcement behavior of the specific `Constraint` at
+        # this resource.
+        #
+        # Suppose that `constraint_default` is set to `ALLOW` for the
+        # `Constraint` `constraints/serviceuser.services`. Suppose that organization
+        # foo.com sets a `Policy` at their Organization resource node that restricts
+        # the allowed service activations to deny all service activations. They
+        # could then set a `Policy` with the `policy_type` `restore_default` on
+        # several experimental projects, restoring the `constraint_default`
+        # enforcement of the `Constraint` for only those projects, allowing those
+        # projects to have all services activated.
+    },
+    &quot;updateTime&quot;: &quot;A String&quot;, # The time stamp the `Policy` was previously updated. This is set by the
+        # server, not specified by the caller, and represents the last time a call to
+        # `SetOrgPolicy` was made for that `Policy`. Any value set by the client will
+        # be ignored.
+    &quot;version&quot;: 42, # Version of the `Policy`. Default version is 0;
+    &quot;etag&quot;: &quot;A String&quot;, # An opaque tag indicating the current version of the `Policy`, used for
+        # concurrency control.
+        #
+        # When the `Policy` is returned from either a `GetPolicy` or a
+        # `ListOrgPolicy` request, this `etag` indicates the version of the current
+        # `Policy` to use when executing a read-modify-write loop.
+        #
+        # When the `Policy` is returned from a `GetEffectivePolicy` request, the
+        # `etag` will be unset.
+        #
+        # When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value
+        # that was returned from a `GetOrgPolicy` request as part of a
+        # read-modify-write loop for concurrency control. Not setting the `etag`in a
+        # `SetOrgPolicy` request will result in an unconditional write of the
+        # `Policy`.
+    &quot;constraint&quot;: &quot;A String&quot;, # The name of the `Constraint` the `Policy` is configuring, for example,
+        # `constraints/serviceuser.services`.
+        #
+        # A [list of available
+        # constraints](/resource-manager/docs/organization-policy/org-policy-constraints)
+        # is available.
+        #
+        # Immutable after creation.
     &quot;listPolicy&quot;: { # Used in `policy_type` to specify how `list_policy` behaves at this # List of values either allowed or disallowed.
         # resource.
         #
@@ -531,7 +620,7 @@
         # values. If `all_values` is set to either `ALLOW` or `DENY`,
         # `allowed_values` and `denied_values` must be unset.
       &quot;allValues&quot;: &quot;A String&quot;, # The policy all_values state.
-      &quot;allowedValues&quot;: [ # List of values allowed  at this resource. Can only be set if `all_values`
+      &quot;deniedValues&quot;: [ # List of values denied at this resource. Can only be set if `all_values`
           # is set to `ALL_VALUES_UNSPECIFIED`.
         &quot;A String&quot;,
       ],
@@ -539,9 +628,13 @@
           # that matches the value specified in this `Policy`. If `suggested_value`
           # is not set, it will inherit the value specified higher in the hierarchy,
           # unless `inherit_from_parent` is `false`.
+      &quot;allowedValues&quot;: [ # List of values allowed  at this resource. Can only be set if `all_values`
+          # is set to `ALL_VALUES_UNSPECIFIED`.
+        &quot;A String&quot;,
+      ],
       &quot;inheritFromParent&quot;: True or False, # Determines the inheritance behavior for this `Policy`.
           #
-          # By default, a `ListPolicy` set at a resource supercedes any `Policy` set
+          # By default, a `ListPolicy` set at a resource supersedes any `Policy` set
           # anywhere up the resource hierarchy. However, if `inherit_from_parent` is
           # set to `true`, then the values from the effective `Policy` of the parent
           # resource are inherited, meaning the values set in this `Policy` are
@@ -636,95 +729,6 @@
           #   `projects/P3`.
           # The accepted values at `projects/bar` are `organizations/O1`,
           #   `folders/F1`, `projects/P1`.
-      &quot;deniedValues&quot;: [ # List of values denied at this resource. Can only be set if `all_values`
-          # is set to `ALL_VALUES_UNSPECIFIED`.
-        &quot;A String&quot;,
-      ],
-    },
-    &quot;etag&quot;: &quot;A String&quot;, # An opaque tag indicating the current version of the `Policy`, used for
-        # concurrency control.
-        #
-        # When the `Policy` is returned from either a `GetPolicy` or a
-        # `ListOrgPolicy` request, this `etag` indicates the version of the current
-        # `Policy` to use when executing a read-modify-write loop.
-        #
-        # When the `Policy` is returned from a `GetEffectivePolicy` request, the
-        # `etag` will be unset.
-        #
-        # When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value
-        # that was returned from a `GetOrgPolicy` request as part of a
-        # read-modify-write loop for concurrency control. Not setting the `etag`in a
-        # `SetOrgPolicy` request will result in an unconditional write of the
-        # `Policy`.
-    &quot;booleanPolicy&quot;: { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not.
-        # resource.
-      &quot;enforced&quot;: True or False, # If `true`, then the `Policy` is enforced. If `false`, then any
-          # configuration is acceptable.
-          #
-          # Suppose you have a `Constraint`
-          # `constraints/compute.disableSerialPortAccess` with `constraint_default`
-          # set to `ALLOW`. A `Policy` for that `Constraint` exhibits the following
-          # behavior:
-          #   - If the `Policy` at this resource has enforced set to `false`, serial
-          #     port connection attempts will be allowed.
-          #   - If the `Policy` at this resource has enforced set to `true`, serial
-          #     port connection attempts will be refused.
-          #   - If the `Policy` at this resource is `RestoreDefault`, serial port
-          #     connection attempts will be allowed.
-          #   - If no `Policy` is set at this resource or anywhere higher in the
-          #     resource hierarchy, serial port connection attempts will be allowed.
-          #   - If no `Policy` is set at this resource, but one exists higher in the
-          #     resource hierarchy, the behavior is as if the`Policy` were set at
-          #     this resource.
-          #
-          # The following examples demonstrate the different possible layerings:
-          #
-          # Example 1 (nearest `Constraint` wins):
-          #   `organizations/foo` has a `Policy` with:
-          #     {enforced: false}
-          #   `projects/bar` has no `Policy` set.
-          # The constraint at `projects/bar` and `organizations/foo` will not be
-          # enforced.
-          #
-          # Example 2 (enforcement gets replaced):
-          #   `organizations/foo` has a `Policy` with:
-          #     {enforced: false}
-          #   `projects/bar` has a `Policy` with:
-          #     {enforced: true}
-          # The constraint at `organizations/foo` is not enforced.
-          # The constraint at `projects/bar` is enforced.
-          #
-          # Example 3 (RestoreDefault):
-          #   `organizations/foo` has a `Policy` with:
-          #     {enforced: true}
-          #   `projects/bar` has a `Policy` with:
-          #     {RestoreDefault: {}}
-          # The constraint at `organizations/foo` is enforced.
-          # The constraint at `projects/bar` is not enforced, because
-          # `constraint_default` for the `Constraint` is `ALLOW`.
-    },
-    &quot;constraint&quot;: &quot;A String&quot;, # The name of the `Constraint` the `Policy` is configuring, for example,
-        # `constraints/serviceuser.services`.
-        #
-        # Immutable after creation.
-    &quot;updateTime&quot;: &quot;A String&quot;, # The time stamp the `Policy` was previously updated. This is set by the
-        # server, not specified by the caller, and represents the last time a call to
-        # `SetOrgPolicy` was made for that `Policy`. Any value set by the client will
-        # be ignored.
-    &quot;version&quot;: 42, # Version of the `Policy`. Default version is 0;
-    &quot;restoreDefault&quot;: { # Ignores policies set above this resource and restores the # Restores the default behavior of the constraint; independent of
-        # `Constraint` type.
-        # `constraint_default` enforcement behavior of the specific `Constraint` at
-        # this resource.
-        #
-        # Suppose that `constraint_default` is set to `ALLOW` for the
-        # `Constraint` `constraints/serviceuser.services`. Suppose that organization
-        # foo.com sets a `Policy` at their Organization resource node that restricts
-        # the allowed service activations to deny all service activations. They
-        # could then set a `Policy` with the `policy_type` `restore_default` on
-        # several experimental projects, restoring the `constraint_default`
-        # enforcement of the `Constraint` for only those projects, allowing those
-        # projects to have all services activated.
     },
   }</pre>
 </div>
@@ -737,8 +741,8 @@
 Authorization requires the Google IAM permission
 `resourcemanager.projects.getIamPolicy` on the project.
 
-For additional information about resource structure and identification,
-see [Resource Names](/apis/design/resource_names).
+For additional information about `resource` (e.g. my-project-id) structure
+and identification, see [Resource Names](/apis/design/resource_names).
 
 Args:
   resource: string, REQUIRED: The resource for which the policy is being requested.
@@ -839,18 +843,6 @@
       #
       # For a description of IAM and its features, see the
       # [IAM documentation](https://cloud.google.com/iam/docs/).
-    &quot;etag&quot;: &quot;A String&quot;, # `etag` is used for optimistic concurrency control as a way to help
-        # prevent simultaneous updates of a policy from overwriting each other.
-        # It is strongly suggested that systems make use of the `etag` in the
-        # read-modify-write cycle to perform policy updates in order to avoid race
-        # conditions: An `etag` is returned in the response to `getIamPolicy`, and
-        # systems are expected to put that etag in the request to `setIamPolicy` to
-        # ensure that their change will be applied to the same version of the policy.
-        #
-        # **Important:** If you use IAM Conditions, you must include the `etag` field
-        # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
-        # you to overwrite a version `3` policy with a version `1` policy, and all of
-        # the conditions in the version `3` policy are lost.
     &quot;version&quot;: 42, # Specifies the format of the policy.
         #
         # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
@@ -875,6 +867,18 @@
         #
         # To learn which resources support conditions in their IAM policies, see the
         # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    &quot;etag&quot;: &quot;A String&quot;, # `etag` is used for optimistic concurrency control as a way to help
+        # prevent simultaneous updates of a policy from overwriting each other.
+        # It is strongly suggested that systems make use of the `etag` in the
+        # read-modify-write cycle to perform policy updates in order to avoid race
+        # conditions: An `etag` is returned in the response to `getIamPolicy`, and
+        # systems are expected to put that etag in the request to `setIamPolicy` to
+        # ensure that their change will be applied to the same version of the policy.
+        #
+        # **Important:** If you use IAM Conditions, you must include the `etag` field
+        # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+        # you to overwrite a version `3` policy with a version `1` policy, and all of
+        # the conditions in the version `3` policy are lost.
     &quot;auditConfigs&quot;: [ # Specifies cloud audit logging configuration for this policy.
       { # Specifies the audit configuration for a service.
           # The configuration determines which permission types are logged, and what
@@ -891,7 +895,7 @@
           #     {
           #       &quot;audit_configs&quot;: [
           #         {
-          #           &quot;service&quot;: &quot;allServices&quot;
+          #           &quot;service&quot;: &quot;allServices&quot;,
           #           &quot;audit_log_configs&quot;: [
           #             {
           #               &quot;log_type&quot;: &quot;DATA_READ&quot;,
@@ -900,18 +904,18 @@
           #               ]
           #             },
           #             {
-          #               &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
+          #               &quot;log_type&quot;: &quot;DATA_WRITE&quot;
           #             },
           #             {
-          #               &quot;log_type&quot;: &quot;ADMIN_READ&quot;,
+          #               &quot;log_type&quot;: &quot;ADMIN_READ&quot;
           #             }
           #           ]
           #         },
           #         {
-          #           &quot;service&quot;: &quot;sampleservice.googleapis.com&quot;
+          #           &quot;service&quot;: &quot;sampleservice.googleapis.com&quot;,
           #           &quot;audit_log_configs&quot;: [
           #             {
-          #               &quot;log_type&quot;: &quot;DATA_READ&quot;,
+          #               &quot;log_type&quot;: &quot;DATA_READ&quot;
           #             },
           #             {
           #               &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
@@ -943,19 +947,19 @@
               #           ]
               #         },
               #         {
-              #           &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
+              #           &quot;log_type&quot;: &quot;DATA_WRITE&quot;
               #         }
               #       ]
               #     }
               #
               # This enables &#x27;DATA_READ&#x27; and &#x27;DATA_WRITE&#x27; logging, while exempting
               # jose@example.com from DATA_READ logging.
+            &quot;logType&quot;: &quot;A String&quot;, # The log type that this config enables.
             &quot;exemptedMembers&quot;: [ # Specifies the identities that do not cause logging for this type of
                 # permission.
                 # Follows the same format of Binding.members.
               &quot;A String&quot;,
             ],
-            &quot;logType&quot;: &quot;A String&quot;, # The log type that this config enables.
           },
         ],
       },
@@ -964,6 +968,8 @@
         # `condition` that determines how and when the `bindings` are applied. Each
         # of the `bindings` must contain at least one member.
       { # Associates `members` with a `role`.
+        &quot;role&quot;: &quot;A String&quot;, # Role that is assigned to `members`.
+            # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
         &quot;condition&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
             #
             # If the condition evaluates to `true`, then this binding applies to the
@@ -1009,12 +1015,12 @@
           &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
               # its purpose. This can be used e.g. in UIs which allow to enter the
               # expression.
+          &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
+              # syntax.
           &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
               # reporting, e.g. a file name and a position in the file.
           &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
               # describes the expression, e.g. when hovered over it in a UI.
-          &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
-              # syntax.
         },
         &quot;members&quot;: [ # Specifies the identities requesting access for a Cloud Platform resource.
             # `members` can have the following values:
@@ -1061,8 +1067,6 @@
             #
           &quot;A String&quot;,
         ],
-        &quot;role&quot;: &quot;A String&quot;, # Role that is assigned to `members`.
-            # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
       },
     ],
   }</pre>
@@ -1096,6 +1100,95 @@
 
     { # Defines a Cloud Organization `Policy` which is used to specify `Constraints`
       # for configurations of Cloud Platform resources.
+    &quot;booleanPolicy&quot;: { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not.
+        # resource.
+      &quot;enforced&quot;: True or False, # If `true`, then the `Policy` is enforced. If `false`, then any
+          # configuration is acceptable.
+          #
+          # Suppose you have a `Constraint`
+          # `constraints/compute.disableSerialPortAccess` with `constraint_default`
+          # set to `ALLOW`. A `Policy` for that `Constraint` exhibits the following
+          # behavior:
+          #   - If the `Policy` at this resource has enforced set to `false`, serial
+          #     port connection attempts will be allowed.
+          #   - If the `Policy` at this resource has enforced set to `true`, serial
+          #     port connection attempts will be refused.
+          #   - If the `Policy` at this resource is `RestoreDefault`, serial port
+          #     connection attempts will be allowed.
+          #   - If no `Policy` is set at this resource or anywhere higher in the
+          #     resource hierarchy, serial port connection attempts will be allowed.
+          #   - If no `Policy` is set at this resource, but one exists higher in the
+          #     resource hierarchy, the behavior is as if the`Policy` were set at
+          #     this resource.
+          #
+          # The following examples demonstrate the different possible layerings:
+          #
+          # Example 1 (nearest `Constraint` wins):
+          #   `organizations/foo` has a `Policy` with:
+          #     {enforced: false}
+          #   `projects/bar` has no `Policy` set.
+          # The constraint at `projects/bar` and `organizations/foo` will not be
+          # enforced.
+          #
+          # Example 2 (enforcement gets replaced):
+          #   `organizations/foo` has a `Policy` with:
+          #     {enforced: false}
+          #   `projects/bar` has a `Policy` with:
+          #     {enforced: true}
+          # The constraint at `organizations/foo` is not enforced.
+          # The constraint at `projects/bar` is enforced.
+          #
+          # Example 3 (RestoreDefault):
+          #   `organizations/foo` has a `Policy` with:
+          #     {enforced: true}
+          #   `projects/bar` has a `Policy` with:
+          #     {RestoreDefault: {}}
+          # The constraint at `organizations/foo` is enforced.
+          # The constraint at `projects/bar` is not enforced, because
+          # `constraint_default` for the `Constraint` is `ALLOW`.
+    },
+    &quot;restoreDefault&quot;: { # Ignores policies set above this resource and restores the # Restores the default behavior of the constraint; independent of
+        # `Constraint` type.
+        # `constraint_default` enforcement behavior of the specific `Constraint` at
+        # this resource.
+        #
+        # Suppose that `constraint_default` is set to `ALLOW` for the
+        # `Constraint` `constraints/serviceuser.services`. Suppose that organization
+        # foo.com sets a `Policy` at their Organization resource node that restricts
+        # the allowed service activations to deny all service activations. They
+        # could then set a `Policy` with the `policy_type` `restore_default` on
+        # several experimental projects, restoring the `constraint_default`
+        # enforcement of the `Constraint` for only those projects, allowing those
+        # projects to have all services activated.
+    },
+    &quot;updateTime&quot;: &quot;A String&quot;, # The time stamp the `Policy` was previously updated. This is set by the
+        # server, not specified by the caller, and represents the last time a call to
+        # `SetOrgPolicy` was made for that `Policy`. Any value set by the client will
+        # be ignored.
+    &quot;version&quot;: 42, # Version of the `Policy`. Default version is 0;
+    &quot;etag&quot;: &quot;A String&quot;, # An opaque tag indicating the current version of the `Policy`, used for
+        # concurrency control.
+        #
+        # When the `Policy` is returned from either a `GetPolicy` or a
+        # `ListOrgPolicy` request, this `etag` indicates the version of the current
+        # `Policy` to use when executing a read-modify-write loop.
+        #
+        # When the `Policy` is returned from a `GetEffectivePolicy` request, the
+        # `etag` will be unset.
+        #
+        # When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value
+        # that was returned from a `GetOrgPolicy` request as part of a
+        # read-modify-write loop for concurrency control. Not setting the `etag`in a
+        # `SetOrgPolicy` request will result in an unconditional write of the
+        # `Policy`.
+    &quot;constraint&quot;: &quot;A String&quot;, # The name of the `Constraint` the `Policy` is configuring, for example,
+        # `constraints/serviceuser.services`.
+        #
+        # A [list of available
+        # constraints](/resource-manager/docs/organization-policy/org-policy-constraints)
+        # is available.
+        #
+        # Immutable after creation.
     &quot;listPolicy&quot;: { # Used in `policy_type` to specify how `list_policy` behaves at this # List of values either allowed or disallowed.
         # resource.
         #
@@ -1118,7 +1211,7 @@
         # values. If `all_values` is set to either `ALLOW` or `DENY`,
         # `allowed_values` and `denied_values` must be unset.
       &quot;allValues&quot;: &quot;A String&quot;, # The policy all_values state.
-      &quot;allowedValues&quot;: [ # List of values allowed  at this resource. Can only be set if `all_values`
+      &quot;deniedValues&quot;: [ # List of values denied at this resource. Can only be set if `all_values`
           # is set to `ALL_VALUES_UNSPECIFIED`.
         &quot;A String&quot;,
       ],
@@ -1126,9 +1219,13 @@
           # that matches the value specified in this `Policy`. If `suggested_value`
           # is not set, it will inherit the value specified higher in the hierarchy,
           # unless `inherit_from_parent` is `false`.
+      &quot;allowedValues&quot;: [ # List of values allowed  at this resource. Can only be set if `all_values`
+          # is set to `ALL_VALUES_UNSPECIFIED`.
+        &quot;A String&quot;,
+      ],
       &quot;inheritFromParent&quot;: True or False, # Determines the inheritance behavior for this `Policy`.
           #
-          # By default, a `ListPolicy` set at a resource supercedes any `Policy` set
+          # By default, a `ListPolicy` set at a resource supersedes any `Policy` set
           # anywhere up the resource hierarchy. However, if `inherit_from_parent` is
           # set to `true`, then the values from the effective `Policy` of the parent
           # resource are inherited, meaning the values set in this `Policy` are
@@ -1223,101 +1320,12 @@
           #   `projects/P3`.
           # The accepted values at `projects/bar` are `organizations/O1`,
           #   `folders/F1`, `projects/P1`.
-      &quot;deniedValues&quot;: [ # List of values denied at this resource. Can only be set if `all_values`
-          # is set to `ALL_VALUES_UNSPECIFIED`.
-        &quot;A String&quot;,
-      ],
-    },
-    &quot;etag&quot;: &quot;A String&quot;, # An opaque tag indicating the current version of the `Policy`, used for
-        # concurrency control.
-        #
-        # When the `Policy` is returned from either a `GetPolicy` or a
-        # `ListOrgPolicy` request, this `etag` indicates the version of the current
-        # `Policy` to use when executing a read-modify-write loop.
-        #
-        # When the `Policy` is returned from a `GetEffectivePolicy` request, the
-        # `etag` will be unset.
-        #
-        # When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value
-        # that was returned from a `GetOrgPolicy` request as part of a
-        # read-modify-write loop for concurrency control. Not setting the `etag`in a
-        # `SetOrgPolicy` request will result in an unconditional write of the
-        # `Policy`.
-    &quot;booleanPolicy&quot;: { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not.
-        # resource.
-      &quot;enforced&quot;: True or False, # If `true`, then the `Policy` is enforced. If `false`, then any
-          # configuration is acceptable.
-          #
-          # Suppose you have a `Constraint`
-          # `constraints/compute.disableSerialPortAccess` with `constraint_default`
-          # set to `ALLOW`. A `Policy` for that `Constraint` exhibits the following
-          # behavior:
-          #   - If the `Policy` at this resource has enforced set to `false`, serial
-          #     port connection attempts will be allowed.
-          #   - If the `Policy` at this resource has enforced set to `true`, serial
-          #     port connection attempts will be refused.
-          #   - If the `Policy` at this resource is `RestoreDefault`, serial port
-          #     connection attempts will be allowed.
-          #   - If no `Policy` is set at this resource or anywhere higher in the
-          #     resource hierarchy, serial port connection attempts will be allowed.
-          #   - If no `Policy` is set at this resource, but one exists higher in the
-          #     resource hierarchy, the behavior is as if the`Policy` were set at
-          #     this resource.
-          #
-          # The following examples demonstrate the different possible layerings:
-          #
-          # Example 1 (nearest `Constraint` wins):
-          #   `organizations/foo` has a `Policy` with:
-          #     {enforced: false}
-          #   `projects/bar` has no `Policy` set.
-          # The constraint at `projects/bar` and `organizations/foo` will not be
-          # enforced.
-          #
-          # Example 2 (enforcement gets replaced):
-          #   `organizations/foo` has a `Policy` with:
-          #     {enforced: false}
-          #   `projects/bar` has a `Policy` with:
-          #     {enforced: true}
-          # The constraint at `organizations/foo` is not enforced.
-          # The constraint at `projects/bar` is enforced.
-          #
-          # Example 3 (RestoreDefault):
-          #   `organizations/foo` has a `Policy` with:
-          #     {enforced: true}
-          #   `projects/bar` has a `Policy` with:
-          #     {RestoreDefault: {}}
-          # The constraint at `organizations/foo` is enforced.
-          # The constraint at `projects/bar` is not enforced, because
-          # `constraint_default` for the `Constraint` is `ALLOW`.
-    },
-    &quot;constraint&quot;: &quot;A String&quot;, # The name of the `Constraint` the `Policy` is configuring, for example,
-        # `constraints/serviceuser.services`.
-        #
-        # Immutable after creation.
-    &quot;updateTime&quot;: &quot;A String&quot;, # The time stamp the `Policy` was previously updated. This is set by the
-        # server, not specified by the caller, and represents the last time a call to
-        # `SetOrgPolicy` was made for that `Policy`. Any value set by the client will
-        # be ignored.
-    &quot;version&quot;: 42, # Version of the `Policy`. Default version is 0;
-    &quot;restoreDefault&quot;: { # Ignores policies set above this resource and restores the # Restores the default behavior of the constraint; independent of
-        # `Constraint` type.
-        # `constraint_default` enforcement behavior of the specific `Constraint` at
-        # this resource.
-        #
-        # Suppose that `constraint_default` is set to `ALLOW` for the
-        # `Constraint` `constraints/serviceuser.services`. Suppose that organization
-        # foo.com sets a `Policy` at their Organization resource node that restricts
-        # the allowed service activations to deny all service activations. They
-        # could then set a `Policy` with the `policy_type` `restore_default` on
-        # several experimental projects, restoring the `constraint_default`
-        # enforcement of the `Constraint` for only those projects, allowing those
-        # projects to have all services activated.
     },
   }</pre>
 </div>
 
 <div class="method">
-    <code class="details" id="list">list(pageToken=None, pageSize=None, filter=None, x__xgafv=None)</code>
+    <code class="details" id="list">list(pageSize=None, filter=None, pageToken=None, x__xgafv=None)</code>
   <pre>Lists Projects that the caller has the `resourcemanager.projects.get`
 permission on and satisfy the specified filter.
 
@@ -1336,25 +1344,22 @@
 difference.
 
 Args:
-  pageToken: string, A pagination token returned from a previous call to ListProjects
-that indicates from where listing should continue.
-
-Optional.
   pageSize: integer, The maximum number of Projects to return in the response.
 The server can return fewer Projects than requested.
 If unspecified, server picks an appropriate default.
 
 Optional.
   filter: string, An expression for filtering the results of the request.  Filter rules are
-case insensitive. The fields eligible for filtering are:
+case insensitive. Some eligible fields for filtering are:
 
 + `name`
 + `id`
 + `labels.&lt;key&gt;` (where *key* is the name of a label)
 + `parent.type`
 + `parent.id`
++ `lifecycleState`
 
-Some examples of using labels as filters:
+Some examples of filter strings:
 
 | Filter           | Description                                         |
 |------------------|-----------------------------------------------------|
@@ -1364,8 +1369,12 @@
 | NAME:howl        | Equivalent to above.                                |
 | labels.color:*   | The project has the label `color`.                  |
 | labels.color:red | The project&#x27;s label `color` has the value `red`.    |
-| labels.color:red&amp;nbsp;labels.size:big |The project&#x27;s label `color` has
-  the value `red` and its label `size` has the value `big`.              |
+| labels.color:red&amp;nbsp;labels.size:big | The project&#x27;s label `color`    |
+:                                       : has the value `red` and its    :
+:                                       : label`size` has the value      :
+:                                       : `big`.                         :
+| lifecycleState:DELETE_REQUESTED       | Only show projects that are    |
+:                                       : pending deletion.              :
 
 If no filter is specified, the call will return projects for which the user
 has the `resourcemanager.projects.get` permission.
@@ -1378,6 +1387,10 @@
 search index is used which provides more consistent results.
 
 Optional.
+  pageToken: string, A pagination token returned from a previous call to ListProjects
+that indicates from where listing should continue.
+
+Optional.
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
@@ -1393,18 +1406,26 @@
       # A paginated response where more pages are available has
       # `next_page_token` set. This token can be used in a subsequent request to
       # retrieve the next request page.
+    &quot;nextPageToken&quot;: &quot;A String&quot;, # Pagination token.
+        #
+        # If the result set is too large to fit in a single response, this token
+        # is returned. It encodes the position of the current result cursor.
+        # Feeding this value into a new list request with the `page_token` parameter
+        # gives the next page of the results.
+        #
+        # When `next_page_token` is not filled in, there is no next page and
+        # the list returned is the last page in the result set.
+        #
+        # Pagination tokens have a limited lifetime.
     &quot;projects&quot;: [ # The list of Projects that matched the list filter. This list can
         # be paginated.
       { # A Project is a high-level Google Cloud Platform entity.  It is a
             # container for ACLs, APIs, App Engine Apps, VMs, and other
             # Google Cloud Platform resources.
-          &quot;name&quot;: &quot;A String&quot;, # The optional user-assigned display name of the Project.
-              # When present it must be between 4 to 30 characters.
-              # Allowed characters are: lowercase and uppercase letters, numbers,
-              # hyphen, single-quote, double-quote, space, and exclamation point.
+          &quot;projectNumber&quot;: &quot;A String&quot;, # The number uniquely identifying the project.
               #
-              # Example: &lt;code&gt;My Project&lt;/code&gt;
-              # Read-write.
+              # Example: &lt;code&gt;415104041262&lt;/code&gt;
+              # Read-only.
           &quot;projectId&quot;: &quot;A String&quot;, # The unique, user-assigned ID of the Project.
               # It must be 6 to 30 lowercase letters, digits, or hyphens.
               # It must start with a letter.
@@ -1412,13 +1433,36 @@
               #
               # Example: &lt;code&gt;tokyo-rain-123&lt;/code&gt;
               # Read-only after creation.
+          &quot;createTime&quot;: &quot;A String&quot;, # Creation time.
+              #
+              # Read-only.
+          &quot;labels&quot;: { # The labels associated with this Project.
+              #
+              # Label keys must be between 1 and 63 characters long and must conform
+              # to the following regular expression: a-z{0,62}.
+              #
+              # Label values must be between 0 and 63 characters long and must conform
+              # to the regular expression [a-z0-9_-]{0,63}. A label value can be empty.
+              #
+              # No more than 256 labels can be associated with a given resource.
+              #
+              # Clients should store labels in a representation such as JSON that does not
+              # depend on specific characters being disallowed.
+              #
+              # Example: &lt;code&gt;&quot;environment&quot; : &quot;dev&quot;&lt;/code&gt;
+              # Read-write.
+            &quot;a_key&quot;: &quot;A String&quot;,
+          },
           &quot;lifecycleState&quot;: &quot;A String&quot;, # The Project lifecycle state.
               #
               # Read-only.
-          &quot;projectNumber&quot;: &quot;A String&quot;, # The number uniquely identifying the project.
+          &quot;name&quot;: &quot;A String&quot;, # The optional user-assigned display name of the Project.
+              # When present it must be between 4 to 30 characters.
+              # Allowed characters are: lowercase and uppercase letters, numbers,
+              # hyphen, single-quote, double-quote, space, and exclamation point.
               #
-              # Example: &lt;code&gt;415104041262&lt;/code&gt;
-              # Read-only.
+              # Example: &lt;code&gt;My Project&lt;/code&gt;
+              # Read-write.
           &quot;parent&quot;: { # A container to reference an id for any resource type. A `resource` in Google # An optional reference to a parent Resource.
               #
               # Supported parent types include &quot;organization&quot; and &quot;folder&quot;. Once set, the
@@ -1435,40 +1479,8 @@
             &quot;id&quot;: &quot;A String&quot;, # Required field for the type-specific id. This should correspond to the id
                 # used in the type-specific API&#x27;s.
           },
-          &quot;createTime&quot;: &quot;A String&quot;, # Creation time.
-              #
-              # Read-only.
-          &quot;labels&quot;: { # The labels associated with this Project.
-              #
-              # Label keys must be between 1 and 63 characters long and must conform
-              # to the following regular expression: \[a-z\](\[-a-z0-9\]*\[a-z0-9\])?.
-              #
-              # Label values must be between 0 and 63 characters long and must conform
-              # to the regular expression (\[a-z\](\[-a-z0-9\]*\[a-z0-9\])?)?. A label
-              # value can be empty.
-              #
-              # No more than 256 labels can be associated with a given resource.
-              #
-              # Clients should store labels in a representation such as JSON that does not
-              # depend on specific characters being disallowed.
-              #
-              # Example: &lt;code&gt;&quot;environment&quot; : &quot;dev&quot;&lt;/code&gt;
-              # Read-write.
-            &quot;a_key&quot;: &quot;A String&quot;,
-          },
         },
     ],
-    &quot;nextPageToken&quot;: &quot;A String&quot;, # Pagination token.
-        #
-        # If the result set is too large to fit in a single response, this token
-        # is returned. It encodes the position of the current result cursor.
-        # Feeding this value into a new list request with the `page_token` parameter
-        # gives the next page of the results.
-        #
-        # When `next_page_token` is not filled in, there is no next page and
-        # the list returned is the last page in the result set.
-        #
-        # Pagination tokens have a limited lifetime.
   }</pre>
 </div>
 
@@ -1481,8 +1493,8 @@
   body: object, The request body.
     The object takes the form of:
 
-{ # The request sent to the [ListAvailableOrgPolicyConstraints]
-      # google.cloud.OrgPolicy.v1.ListAvailableOrgPolicyConstraints] method.
+{ # The request sent to the `ListAvailableOrgPolicyConstraints` method on the
+      # project, folder, or organization.
     &quot;pageToken&quot;: &quot;A String&quot;, # Page token used to retrieve the next page. This is currently unsupported
         # and will be ignored. The server may at any point start using this field.
     &quot;pageSize&quot;: 42, # Size of the pages to be returned. This is currently unsupported and will
@@ -1498,7 +1510,7 @@
 Returns:
   An object of the form:
 
-    { # The response returned from the ListAvailableOrgPolicyConstraints method.
+    { # The response returned from the `ListAvailableOrgPolicyConstraints` method.
       # Returns all `Constraints` that could be set at this level of the hierarchy
       # (contrast with the response from `ListPolicies`, which returns all policies
       # which are set).
@@ -1507,18 +1519,28 @@
           # restricted. For example, it controls which cloud services can be activated
           # across an organization, or whether a Compute Engine instance can have
           # serial port connections established. `Constraints` can be configured by the
-          # organization&#x27;s policy adminstrator to fit the needs of the organzation by
+          # organization&#x27;s policy administrator to fit the needs of the organzation by
           # setting Policies for `Constraints` at different locations in the
           # organization&#x27;s resource hierarchy. Policies are inherited down the resource
           # hierarchy from higher levels, but can also be overridden. For details about
           # the inheritance rules please read about
-          # Policies.
+          # [Policies](/resource-manager/reference/rest/v1/Policy).
           #
           # `Constraints` have a default behavior determined by the `constraint_default`
           # field, which is the enforcement behavior that is used in the absence of a
           # `Policy` being defined or inherited for the resource in question.
+        &quot;booleanConstraint&quot;: { # A `Constraint` that is either enforced or not. # Defines this constraint as being a BooleanConstraint.
+            #
+            # For example a constraint `constraints/compute.disableSerialPortAccess`.
+            # If it is enforced on a VM instance, serial port connections will not be
+            # opened to that instance.
+        },
         &quot;name&quot;: &quot;A String&quot;, # Immutable value, required to globally be unique. For example,
             # `constraints/serviceuser.services`
+        &quot;displayName&quot;: &quot;A String&quot;, # The human readable name.
+            #
+            # Mutable.
+        &quot;version&quot;: 42, # Version of the `Constraint`. Default version is 0;
         &quot;listConstraint&quot;: { # A `Constraint` that allows or disallows a list of string values, which are # Defines this constraint as being a ListConstraint.
             # configured by an Organization&#x27;s policy administrator with a `Policy`.
           &quot;suggestedValue&quot;: &quot;A String&quot;, # Optional. The Google Cloud Console will try to default to a configuration
@@ -1528,21 +1550,11 @@
               # example, `&quot;under:folders/123&quot;` would match any resource under the
               # &#x27;folders/123&#x27; folder.
         },
-        &quot;version&quot;: 42, # Version of the `Constraint`. Default version is 0;
+        &quot;constraintDefault&quot;: &quot;A String&quot;, # The evaluation behavior of this constraint in the absence of &#x27;Policy&#x27;.
         &quot;description&quot;: &quot;A String&quot;, # Detailed description of what this `Constraint` controls as well as how and
             # where it is enforced.
             #
             # Mutable.
-        &quot;displayName&quot;: &quot;A String&quot;, # The human readable name.
-            #
-            # Mutable.
-        &quot;booleanConstraint&quot;: { # A `Constraint` that is either enforced or not. # Defines this constraint as being a BooleanConstraint.
-            #
-            # For example a constraint `constraints/compute.disableSerialPortAccess`.
-            # If it is enforced on a VM instance, serial port connections will not be
-            # opened to that instance.
-        },
-        &quot;constraintDefault&quot;: &quot;A String&quot;, # The evaluation behavior of this constraint in the absense of &#x27;Policy&#x27;.
       },
     ],
     &quot;nextPageToken&quot;: &quot;A String&quot;, # Page token used to retrieve the next page. This is currently not used.
@@ -1573,11 +1585,11 @@
     The object takes the form of:
 
 { # The request sent to the ListOrgPolicies method.
-    &quot;pageToken&quot;: &quot;A String&quot;, # Page token used to retrieve the next page. This is currently unsupported
-        # and will be ignored. The server may at any point start using this field.
     &quot;pageSize&quot;: 42, # Size of the pages to be returned. This is currently unsupported and will
         # be ignored. The server may at any point start using this field to limit
         # page size.
+    &quot;pageToken&quot;: &quot;A String&quot;, # Page token used to retrieve the next page. This is currently unsupported
+        # and will be ignored. The server may at any point start using this field.
   }
 
   x__xgafv: string, V1 error format.
@@ -1588,7 +1600,7 @@
 Returns:
   An object of the form:
 
-    { # The response returned from the ListOrgPolicies method. It will be empty
+    { # The response returned from the `ListOrgPolicies` method. It will be empty
       # if no `Policies` are set on the resource.
     &quot;nextPageToken&quot;: &quot;A String&quot;, # Page token used to retrieve the next page. This is currently not used, but
         # the server may at any point start supplying a valid token.
@@ -1596,6 +1608,95 @@
         # `Policies` are set.
       { # Defines a Cloud Organization `Policy` which is used to specify `Constraints`
           # for configurations of Cloud Platform resources.
+        &quot;booleanPolicy&quot;: { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not.
+            # resource.
+          &quot;enforced&quot;: True or False, # If `true`, then the `Policy` is enforced. If `false`, then any
+              # configuration is acceptable.
+              #
+              # Suppose you have a `Constraint`
+              # `constraints/compute.disableSerialPortAccess` with `constraint_default`
+              # set to `ALLOW`. A `Policy` for that `Constraint` exhibits the following
+              # behavior:
+              #   - If the `Policy` at this resource has enforced set to `false`, serial
+              #     port connection attempts will be allowed.
+              #   - If the `Policy` at this resource has enforced set to `true`, serial
+              #     port connection attempts will be refused.
+              #   - If the `Policy` at this resource is `RestoreDefault`, serial port
+              #     connection attempts will be allowed.
+              #   - If no `Policy` is set at this resource or anywhere higher in the
+              #     resource hierarchy, serial port connection attempts will be allowed.
+              #   - If no `Policy` is set at this resource, but one exists higher in the
+              #     resource hierarchy, the behavior is as if the`Policy` were set at
+              #     this resource.
+              #
+              # The following examples demonstrate the different possible layerings:
+              #
+              # Example 1 (nearest `Constraint` wins):
+              #   `organizations/foo` has a `Policy` with:
+              #     {enforced: false}
+              #   `projects/bar` has no `Policy` set.
+              # The constraint at `projects/bar` and `organizations/foo` will not be
+              # enforced.
+              #
+              # Example 2 (enforcement gets replaced):
+              #   `organizations/foo` has a `Policy` with:
+              #     {enforced: false}
+              #   `projects/bar` has a `Policy` with:
+              #     {enforced: true}
+              # The constraint at `organizations/foo` is not enforced.
+              # The constraint at `projects/bar` is enforced.
+              #
+              # Example 3 (RestoreDefault):
+              #   `organizations/foo` has a `Policy` with:
+              #     {enforced: true}
+              #   `projects/bar` has a `Policy` with:
+              #     {RestoreDefault: {}}
+              # The constraint at `organizations/foo` is enforced.
+              # The constraint at `projects/bar` is not enforced, because
+              # `constraint_default` for the `Constraint` is `ALLOW`.
+        },
+        &quot;restoreDefault&quot;: { # Ignores policies set above this resource and restores the # Restores the default behavior of the constraint; independent of
+            # `Constraint` type.
+            # `constraint_default` enforcement behavior of the specific `Constraint` at
+            # this resource.
+            #
+            # Suppose that `constraint_default` is set to `ALLOW` for the
+            # `Constraint` `constraints/serviceuser.services`. Suppose that organization
+            # foo.com sets a `Policy` at their Organization resource node that restricts
+            # the allowed service activations to deny all service activations. They
+            # could then set a `Policy` with the `policy_type` `restore_default` on
+            # several experimental projects, restoring the `constraint_default`
+            # enforcement of the `Constraint` for only those projects, allowing those
+            # projects to have all services activated.
+        },
+        &quot;updateTime&quot;: &quot;A String&quot;, # The time stamp the `Policy` was previously updated. This is set by the
+            # server, not specified by the caller, and represents the last time a call to
+            # `SetOrgPolicy` was made for that `Policy`. Any value set by the client will
+            # be ignored.
+        &quot;version&quot;: 42, # Version of the `Policy`. Default version is 0;
+        &quot;etag&quot;: &quot;A String&quot;, # An opaque tag indicating the current version of the `Policy`, used for
+            # concurrency control.
+            #
+            # When the `Policy` is returned from either a `GetPolicy` or a
+            # `ListOrgPolicy` request, this `etag` indicates the version of the current
+            # `Policy` to use when executing a read-modify-write loop.
+            #
+            # When the `Policy` is returned from a `GetEffectivePolicy` request, the
+            # `etag` will be unset.
+            #
+            # When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value
+            # that was returned from a `GetOrgPolicy` request as part of a
+            # read-modify-write loop for concurrency control. Not setting the `etag`in a
+            # `SetOrgPolicy` request will result in an unconditional write of the
+            # `Policy`.
+        &quot;constraint&quot;: &quot;A String&quot;, # The name of the `Constraint` the `Policy` is configuring, for example,
+            # `constraints/serviceuser.services`.
+            #
+            # A [list of available
+            # constraints](/resource-manager/docs/organization-policy/org-policy-constraints)
+            # is available.
+            #
+            # Immutable after creation.
         &quot;listPolicy&quot;: { # Used in `policy_type` to specify how `list_policy` behaves at this # List of values either allowed or disallowed.
             # resource.
             #
@@ -1618,7 +1719,7 @@
             # values. If `all_values` is set to either `ALLOW` or `DENY`,
             # `allowed_values` and `denied_values` must be unset.
           &quot;allValues&quot;: &quot;A String&quot;, # The policy all_values state.
-          &quot;allowedValues&quot;: [ # List of values allowed  at this resource. Can only be set if `all_values`
+          &quot;deniedValues&quot;: [ # List of values denied at this resource. Can only be set if `all_values`
               # is set to `ALL_VALUES_UNSPECIFIED`.
             &quot;A String&quot;,
           ],
@@ -1626,9 +1727,13 @@
               # that matches the value specified in this `Policy`. If `suggested_value`
               # is not set, it will inherit the value specified higher in the hierarchy,
               # unless `inherit_from_parent` is `false`.
+          &quot;allowedValues&quot;: [ # List of values allowed  at this resource. Can only be set if `all_values`
+              # is set to `ALL_VALUES_UNSPECIFIED`.
+            &quot;A String&quot;,
+          ],
           &quot;inheritFromParent&quot;: True or False, # Determines the inheritance behavior for this `Policy`.
               #
-              # By default, a `ListPolicy` set at a resource supercedes any `Policy` set
+              # By default, a `ListPolicy` set at a resource supersedes any `Policy` set
               # anywhere up the resource hierarchy. However, if `inherit_from_parent` is
               # set to `true`, then the values from the effective `Policy` of the parent
               # resource are inherited, meaning the values set in this `Policy` are
@@ -1723,95 +1828,6 @@
               #   `projects/P3`.
               # The accepted values at `projects/bar` are `organizations/O1`,
               #   `folders/F1`, `projects/P1`.
-          &quot;deniedValues&quot;: [ # List of values denied at this resource. Can only be set if `all_values`
-              # is set to `ALL_VALUES_UNSPECIFIED`.
-            &quot;A String&quot;,
-          ],
-        },
-        &quot;etag&quot;: &quot;A String&quot;, # An opaque tag indicating the current version of the `Policy`, used for
-            # concurrency control.
-            #
-            # When the `Policy` is returned from either a `GetPolicy` or a
-            # `ListOrgPolicy` request, this `etag` indicates the version of the current
-            # `Policy` to use when executing a read-modify-write loop.
-            #
-            # When the `Policy` is returned from a `GetEffectivePolicy` request, the
-            # `etag` will be unset.
-            #
-            # When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value
-            # that was returned from a `GetOrgPolicy` request as part of a
-            # read-modify-write loop for concurrency control. Not setting the `etag`in a
-            # `SetOrgPolicy` request will result in an unconditional write of the
-            # `Policy`.
-        &quot;booleanPolicy&quot;: { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not.
-            # resource.
-          &quot;enforced&quot;: True or False, # If `true`, then the `Policy` is enforced. If `false`, then any
-              # configuration is acceptable.
-              #
-              # Suppose you have a `Constraint`
-              # `constraints/compute.disableSerialPortAccess` with `constraint_default`
-              # set to `ALLOW`. A `Policy` for that `Constraint` exhibits the following
-              # behavior:
-              #   - If the `Policy` at this resource has enforced set to `false`, serial
-              #     port connection attempts will be allowed.
-              #   - If the `Policy` at this resource has enforced set to `true`, serial
-              #     port connection attempts will be refused.
-              #   - If the `Policy` at this resource is `RestoreDefault`, serial port
-              #     connection attempts will be allowed.
-              #   - If no `Policy` is set at this resource or anywhere higher in the
-              #     resource hierarchy, serial port connection attempts will be allowed.
-              #   - If no `Policy` is set at this resource, but one exists higher in the
-              #     resource hierarchy, the behavior is as if the`Policy` were set at
-              #     this resource.
-              #
-              # The following examples demonstrate the different possible layerings:
-              #
-              # Example 1 (nearest `Constraint` wins):
-              #   `organizations/foo` has a `Policy` with:
-              #     {enforced: false}
-              #   `projects/bar` has no `Policy` set.
-              # The constraint at `projects/bar` and `organizations/foo` will not be
-              # enforced.
-              #
-              # Example 2 (enforcement gets replaced):
-              #   `organizations/foo` has a `Policy` with:
-              #     {enforced: false}
-              #   `projects/bar` has a `Policy` with:
-              #     {enforced: true}
-              # The constraint at `organizations/foo` is not enforced.
-              # The constraint at `projects/bar` is enforced.
-              #
-              # Example 3 (RestoreDefault):
-              #   `organizations/foo` has a `Policy` with:
-              #     {enforced: true}
-              #   `projects/bar` has a `Policy` with:
-              #     {RestoreDefault: {}}
-              # The constraint at `organizations/foo` is enforced.
-              # The constraint at `projects/bar` is not enforced, because
-              # `constraint_default` for the `Constraint` is `ALLOW`.
-        },
-        &quot;constraint&quot;: &quot;A String&quot;, # The name of the `Constraint` the `Policy` is configuring, for example,
-            # `constraints/serviceuser.services`.
-            #
-            # Immutable after creation.
-        &quot;updateTime&quot;: &quot;A String&quot;, # The time stamp the `Policy` was previously updated. This is set by the
-            # server, not specified by the caller, and represents the last time a call to
-            # `SetOrgPolicy` was made for that `Policy`. Any value set by the client will
-            # be ignored.
-        &quot;version&quot;: 42, # Version of the `Policy`. Default version is 0;
-        &quot;restoreDefault&quot;: { # Ignores policies set above this resource and restores the # Restores the default behavior of the constraint; independent of
-            # `Constraint` type.
-            # `constraint_default` enforcement behavior of the specific `Constraint` at
-            # this resource.
-            #
-            # Suppose that `constraint_default` is set to `ALLOW` for the
-            # `Constraint` `constraints/serviceuser.services`. Suppose that organization
-            # foo.com sets a `Policy` at their Organization resource node that restricts
-            # the allowed service activations to deny all service activations. They
-            # could then set a `Policy` with the `policy_type` `restore_default` on
-            # several experimental projects, restoring the `constraint_default`
-            # enforcement of the `Constraint` for only those projects, allowing those
-            # projects to have all services activated.
         },
       },
     ],
@@ -1848,8 +1864,17 @@
 
 <div class="method">
     <code class="details" id="setIamPolicy">setIamPolicy(resource, body=None, x__xgafv=None)</code>
-  <pre>Sets the IAM access control policy for the specified Project. Overwrites
-any existing policy.
+  <pre>Sets the IAM access control policy for the specified Project.
+
+CAUTION: This method will replace the existing policy, and cannot be used
+to append additional IAM settings.
+
+NOTE: Removing service accounts from policies or changing their roles can
+render services completely inoperable. It is important to understand how
+the service account is being used before removing or updating its roles.
+
+For additional information about `resource` (e.g. my-project-id) structure
+and identification, see [Resource Names](/apis/design/resource_names).
 
 The following constraints apply when using `setIamPolicy()`:
 
@@ -1887,14 +1912,6 @@
 IAM policies will be rejected until the lack of a ToS-accepting owner is
 rectified.
 
-+ This method will replace the existing policy, and cannot be used to
-append additional IAM settings.
-
-Note: Removing service accounts from policies or changing their roles
-can render services completely inoperable. It is important to understand
-how the service account is being used before removing or updating its
-roles.
-
 Authorization requires the Google IAM permission
 `resourcemanager.projects.setIamPolicy` on the project
 
@@ -1975,18 +1992,6 @@
         #
         # For a description of IAM and its features, see the
         # [IAM documentation](https://cloud.google.com/iam/docs/).
-      &quot;etag&quot;: &quot;A String&quot;, # `etag` is used for optimistic concurrency control as a way to help
-          # prevent simultaneous updates of a policy from overwriting each other.
-          # It is strongly suggested that systems make use of the `etag` in the
-          # read-modify-write cycle to perform policy updates in order to avoid race
-          # conditions: An `etag` is returned in the response to `getIamPolicy`, and
-          # systems are expected to put that etag in the request to `setIamPolicy` to
-          # ensure that their change will be applied to the same version of the policy.
-          #
-          # **Important:** If you use IAM Conditions, you must include the `etag` field
-          # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
-          # you to overwrite a version `3` policy with a version `1` policy, and all of
-          # the conditions in the version `3` policy are lost.
       &quot;version&quot;: 42, # Specifies the format of the policy.
           #
           # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
@@ -2011,6 +2016,18 @@
           #
           # To learn which resources support conditions in their IAM policies, see the
           # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+      &quot;etag&quot;: &quot;A String&quot;, # `etag` is used for optimistic concurrency control as a way to help
+          # prevent simultaneous updates of a policy from overwriting each other.
+          # It is strongly suggested that systems make use of the `etag` in the
+          # read-modify-write cycle to perform policy updates in order to avoid race
+          # conditions: An `etag` is returned in the response to `getIamPolicy`, and
+          # systems are expected to put that etag in the request to `setIamPolicy` to
+          # ensure that their change will be applied to the same version of the policy.
+          #
+          # **Important:** If you use IAM Conditions, you must include the `etag` field
+          # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+          # you to overwrite a version `3` policy with a version `1` policy, and all of
+          # the conditions in the version `3` policy are lost.
       &quot;auditConfigs&quot;: [ # Specifies cloud audit logging configuration for this policy.
         { # Specifies the audit configuration for a service.
             # The configuration determines which permission types are logged, and what
@@ -2027,7 +2044,7 @@
             #     {
             #       &quot;audit_configs&quot;: [
             #         {
-            #           &quot;service&quot;: &quot;allServices&quot;
+            #           &quot;service&quot;: &quot;allServices&quot;,
             #           &quot;audit_log_configs&quot;: [
             #             {
             #               &quot;log_type&quot;: &quot;DATA_READ&quot;,
@@ -2036,18 +2053,18 @@
             #               ]
             #             },
             #             {
-            #               &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
+            #               &quot;log_type&quot;: &quot;DATA_WRITE&quot;
             #             },
             #             {
-            #               &quot;log_type&quot;: &quot;ADMIN_READ&quot;,
+            #               &quot;log_type&quot;: &quot;ADMIN_READ&quot;
             #             }
             #           ]
             #         },
             #         {
-            #           &quot;service&quot;: &quot;sampleservice.googleapis.com&quot;
+            #           &quot;service&quot;: &quot;sampleservice.googleapis.com&quot;,
             #           &quot;audit_log_configs&quot;: [
             #             {
-            #               &quot;log_type&quot;: &quot;DATA_READ&quot;,
+            #               &quot;log_type&quot;: &quot;DATA_READ&quot;
             #             },
             #             {
             #               &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
@@ -2079,19 +2096,19 @@
                 #           ]
                 #         },
                 #         {
-                #           &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
+                #           &quot;log_type&quot;: &quot;DATA_WRITE&quot;
                 #         }
                 #       ]
                 #     }
                 #
                 # This enables &#x27;DATA_READ&#x27; and &#x27;DATA_WRITE&#x27; logging, while exempting
                 # jose@example.com from DATA_READ logging.
+              &quot;logType&quot;: &quot;A String&quot;, # The log type that this config enables.
               &quot;exemptedMembers&quot;: [ # Specifies the identities that do not cause logging for this type of
                   # permission.
                   # Follows the same format of Binding.members.
                 &quot;A String&quot;,
               ],
-              &quot;logType&quot;: &quot;A String&quot;, # The log type that this config enables.
             },
           ],
         },
@@ -2100,6 +2117,8 @@
           # `condition` that determines how and when the `bindings` are applied. Each
           # of the `bindings` must contain at least one member.
         { # Associates `members` with a `role`.
+          &quot;role&quot;: &quot;A String&quot;, # Role that is assigned to `members`.
+              # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
           &quot;condition&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
               #
               # If the condition evaluates to `true`, then this binding applies to the
@@ -2145,12 +2164,12 @@
             &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
                 # its purpose. This can be used e.g. in UIs which allow to enter the
                 # expression.
+            &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
+                # syntax.
             &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
                 # reporting, e.g. a file name and a position in the file.
             &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
                 # describes the expression, e.g. when hovered over it in a UI.
-            &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
-                # syntax.
           },
           &quot;members&quot;: [ # Specifies the identities requesting access for a Cloud Platform resource.
               # `members` can have the following values:
@@ -2197,8 +2216,6 @@
               #
             &quot;A String&quot;,
           ],
-          &quot;role&quot;: &quot;A String&quot;, # Role that is assigned to `members`.
-              # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
         },
       ],
     },
@@ -2284,18 +2301,6 @@
       #
       # For a description of IAM and its features, see the
       # [IAM documentation](https://cloud.google.com/iam/docs/).
-    &quot;etag&quot;: &quot;A String&quot;, # `etag` is used for optimistic concurrency control as a way to help
-        # prevent simultaneous updates of a policy from overwriting each other.
-        # It is strongly suggested that systems make use of the `etag` in the
-        # read-modify-write cycle to perform policy updates in order to avoid race
-        # conditions: An `etag` is returned in the response to `getIamPolicy`, and
-        # systems are expected to put that etag in the request to `setIamPolicy` to
-        # ensure that their change will be applied to the same version of the policy.
-        #
-        # **Important:** If you use IAM Conditions, you must include the `etag` field
-        # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
-        # you to overwrite a version `3` policy with a version `1` policy, and all of
-        # the conditions in the version `3` policy are lost.
     &quot;version&quot;: 42, # Specifies the format of the policy.
         #
         # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
@@ -2320,6 +2325,18 @@
         #
         # To learn which resources support conditions in their IAM policies, see the
         # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+    &quot;etag&quot;: &quot;A String&quot;, # `etag` is used for optimistic concurrency control as a way to help
+        # prevent simultaneous updates of a policy from overwriting each other.
+        # It is strongly suggested that systems make use of the `etag` in the
+        # read-modify-write cycle to perform policy updates in order to avoid race
+        # conditions: An `etag` is returned in the response to `getIamPolicy`, and
+        # systems are expected to put that etag in the request to `setIamPolicy` to
+        # ensure that their change will be applied to the same version of the policy.
+        #
+        # **Important:** If you use IAM Conditions, you must include the `etag` field
+        # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
+        # you to overwrite a version `3` policy with a version `1` policy, and all of
+        # the conditions in the version `3` policy are lost.
     &quot;auditConfigs&quot;: [ # Specifies cloud audit logging configuration for this policy.
       { # Specifies the audit configuration for a service.
           # The configuration determines which permission types are logged, and what
@@ -2336,7 +2353,7 @@
           #     {
           #       &quot;audit_configs&quot;: [
           #         {
-          #           &quot;service&quot;: &quot;allServices&quot;
+          #           &quot;service&quot;: &quot;allServices&quot;,
           #           &quot;audit_log_configs&quot;: [
           #             {
           #               &quot;log_type&quot;: &quot;DATA_READ&quot;,
@@ -2345,18 +2362,18 @@
           #               ]
           #             },
           #             {
-          #               &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
+          #               &quot;log_type&quot;: &quot;DATA_WRITE&quot;
           #             },
           #             {
-          #               &quot;log_type&quot;: &quot;ADMIN_READ&quot;,
+          #               &quot;log_type&quot;: &quot;ADMIN_READ&quot;
           #             }
           #           ]
           #         },
           #         {
-          #           &quot;service&quot;: &quot;sampleservice.googleapis.com&quot;
+          #           &quot;service&quot;: &quot;sampleservice.googleapis.com&quot;,
           #           &quot;audit_log_configs&quot;: [
           #             {
-          #               &quot;log_type&quot;: &quot;DATA_READ&quot;,
+          #               &quot;log_type&quot;: &quot;DATA_READ&quot;
           #             },
           #             {
           #               &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
@@ -2388,19 +2405,19 @@
               #           ]
               #         },
               #         {
-              #           &quot;log_type&quot;: &quot;DATA_WRITE&quot;,
+              #           &quot;log_type&quot;: &quot;DATA_WRITE&quot;
               #         }
               #       ]
               #     }
               #
               # This enables &#x27;DATA_READ&#x27; and &#x27;DATA_WRITE&#x27; logging, while exempting
               # jose@example.com from DATA_READ logging.
+            &quot;logType&quot;: &quot;A String&quot;, # The log type that this config enables.
             &quot;exemptedMembers&quot;: [ # Specifies the identities that do not cause logging for this type of
                 # permission.
                 # Follows the same format of Binding.members.
               &quot;A String&quot;,
             ],
-            &quot;logType&quot;: &quot;A String&quot;, # The log type that this config enables.
           },
         ],
       },
@@ -2409,6 +2426,8 @@
         # `condition` that determines how and when the `bindings` are applied. Each
         # of the `bindings` must contain at least one member.
       { # Associates `members` with a `role`.
+        &quot;role&quot;: &quot;A String&quot;, # Role that is assigned to `members`.
+            # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
         &quot;condition&quot;: { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding.
             #
             # If the condition evaluates to `true`, then this binding applies to the
@@ -2454,12 +2473,12 @@
           &quot;title&quot;: &quot;A String&quot;, # Optional. Title for the expression, i.e. a short string describing
               # its purpose. This can be used e.g. in UIs which allow to enter the
               # expression.
+          &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
+              # syntax.
           &quot;location&quot;: &quot;A String&quot;, # Optional. String indicating the location of the expression for error
               # reporting, e.g. a file name and a position in the file.
           &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which
               # describes the expression, e.g. when hovered over it in a UI.
-          &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language
-              # syntax.
         },
         &quot;members&quot;: [ # Specifies the identities requesting access for a Cloud Platform resource.
             # `members` can have the following values:
@@ -2506,8 +2525,6 @@
             #
           &quot;A String&quot;,
         ],
-        &quot;role&quot;: &quot;A String&quot;, # Role that is assigned to `members`.
-            # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
       },
     ],
   }</pre>
@@ -2529,6 +2546,95 @@
 { # The request sent to the SetOrgPolicyRequest method.
     &quot;policy&quot;: { # Defines a Cloud Organization `Policy` which is used to specify `Constraints` # `Policy` to set on the resource.
         # for configurations of Cloud Platform resources.
+      &quot;booleanPolicy&quot;: { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not.
+          # resource.
+        &quot;enforced&quot;: True or False, # If `true`, then the `Policy` is enforced. If `false`, then any
+            # configuration is acceptable.
+            #
+            # Suppose you have a `Constraint`
+            # `constraints/compute.disableSerialPortAccess` with `constraint_default`
+            # set to `ALLOW`. A `Policy` for that `Constraint` exhibits the following
+            # behavior:
+            #   - If the `Policy` at this resource has enforced set to `false`, serial
+            #     port connection attempts will be allowed.
+            #   - If the `Policy` at this resource has enforced set to `true`, serial
+            #     port connection attempts will be refused.
+            #   - If the `Policy` at this resource is `RestoreDefault`, serial port
+            #     connection attempts will be allowed.
+            #   - If no `Policy` is set at this resource or anywhere higher in the
+            #     resource hierarchy, serial port connection attempts will be allowed.
+            #   - If no `Policy` is set at this resource, but one exists higher in the
+            #     resource hierarchy, the behavior is as if the`Policy` were set at
+            #     this resource.
+            #
+            # The following examples demonstrate the different possible layerings:
+            #
+            # Example 1 (nearest `Constraint` wins):
+            #   `organizations/foo` has a `Policy` with:
+            #     {enforced: false}
+            #   `projects/bar` has no `Policy` set.
+            # The constraint at `projects/bar` and `organizations/foo` will not be
+            # enforced.
+            #
+            # Example 2 (enforcement gets replaced):
+            #   `organizations/foo` has a `Policy` with:
+            #     {enforced: false}
+            #   `projects/bar` has a `Policy` with:
+            #     {enforced: true}
+            # The constraint at `organizations/foo` is not enforced.
+            # The constraint at `projects/bar` is enforced.
+            #
+            # Example 3 (RestoreDefault):
+            #   `organizations/foo` has a `Policy` with:
+            #     {enforced: true}
+            #   `projects/bar` has a `Policy` with:
+            #     {RestoreDefault: {}}
+            # The constraint at `organizations/foo` is enforced.
+            # The constraint at `projects/bar` is not enforced, because
+            # `constraint_default` for the `Constraint` is `ALLOW`.
+      },
+      &quot;restoreDefault&quot;: { # Ignores policies set above this resource and restores the # Restores the default behavior of the constraint; independent of
+          # `Constraint` type.
+          # `constraint_default` enforcement behavior of the specific `Constraint` at
+          # this resource.
+          #
+          # Suppose that `constraint_default` is set to `ALLOW` for the
+          # `Constraint` `constraints/serviceuser.services`. Suppose that organization
+          # foo.com sets a `Policy` at their Organization resource node that restricts
+          # the allowed service activations to deny all service activations. They
+          # could then set a `Policy` with the `policy_type` `restore_default` on
+          # several experimental projects, restoring the `constraint_default`
+          # enforcement of the `Constraint` for only those projects, allowing those
+          # projects to have all services activated.
+      },
+      &quot;updateTime&quot;: &quot;A String&quot;, # The time stamp the `Policy` was previously updated. This is set by the
+          # server, not specified by the caller, and represents the last time a call to
+          # `SetOrgPolicy` was made for that `Policy`. Any value set by the client will
+          # be ignored.
+      &quot;version&quot;: 42, # Version of the `Policy`. Default version is 0;
+      &quot;etag&quot;: &quot;A String&quot;, # An opaque tag indicating the current version of the `Policy`, used for
+          # concurrency control.
+          #
+          # When the `Policy` is returned from either a `GetPolicy` or a
+          # `ListOrgPolicy` request, this `etag` indicates the version of the current
+          # `Policy` to use when executing a read-modify-write loop.
+          #
+          # When the `Policy` is returned from a `GetEffectivePolicy` request, the
+          # `etag` will be unset.
+          #
+          # When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value
+          # that was returned from a `GetOrgPolicy` request as part of a
+          # read-modify-write loop for concurrency control. Not setting the `etag`in a
+          # `SetOrgPolicy` request will result in an unconditional write of the
+          # `Policy`.
+      &quot;constraint&quot;: &quot;A String&quot;, # The name of the `Constraint` the `Policy` is configuring, for example,
+          # `constraints/serviceuser.services`.
+          #
+          # A [list of available
+          # constraints](/resource-manager/docs/organization-policy/org-policy-constraints)
+          # is available.
+          #
+          # Immutable after creation.
       &quot;listPolicy&quot;: { # Used in `policy_type` to specify how `list_policy` behaves at this # List of values either allowed or disallowed.
           # resource.
           #
@@ -2551,7 +2657,7 @@
           # values. If `all_values` is set to either `ALLOW` or `DENY`,
           # `allowed_values` and `denied_values` must be unset.
         &quot;allValues&quot;: &quot;A String&quot;, # The policy all_values state.
-        &quot;allowedValues&quot;: [ # List of values allowed  at this resource. Can only be set if `all_values`
+        &quot;deniedValues&quot;: [ # List of values denied at this resource. Can only be set if `all_values`
             # is set to `ALL_VALUES_UNSPECIFIED`.
           &quot;A String&quot;,
         ],
@@ -2559,9 +2665,13 @@
             # that matches the value specified in this `Policy`. If `suggested_value`
             # is not set, it will inherit the value specified higher in the hierarchy,
             # unless `inherit_from_parent` is `false`.
+        &quot;allowedValues&quot;: [ # List of values allowed  at this resource. Can only be set if `all_values`
+            # is set to `ALL_VALUES_UNSPECIFIED`.
+          &quot;A String&quot;,
+        ],
         &quot;inheritFromParent&quot;: True or False, # Determines the inheritance behavior for this `Policy`.
             #
-            # By default, a `ListPolicy` set at a resource supercedes any `Policy` set
+            # By default, a `ListPolicy` set at a resource supersedes any `Policy` set
             # anywhere up the resource hierarchy. However, if `inherit_from_parent` is
             # set to `true`, then the values from the effective `Policy` of the parent
             # resource are inherited, meaning the values set in this `Policy` are
@@ -2656,95 +2766,6 @@
             #   `projects/P3`.
             # The accepted values at `projects/bar` are `organizations/O1`,
             #   `folders/F1`, `projects/P1`.
-        &quot;deniedValues&quot;: [ # List of values denied at this resource. Can only be set if `all_values`
-            # is set to `ALL_VALUES_UNSPECIFIED`.
-          &quot;A String&quot;,
-        ],
-      },
-      &quot;etag&quot;: &quot;A String&quot;, # An opaque tag indicating the current version of the `Policy`, used for
-          # concurrency control.
-          #
-          # When the `Policy` is returned from either a `GetPolicy` or a
-          # `ListOrgPolicy` request, this `etag` indicates the version of the current
-          # `Policy` to use when executing a read-modify-write loop.
-          #
-          # When the `Policy` is returned from a `GetEffectivePolicy` request, the
-          # `etag` will be unset.
-          #
-          # When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value
-          # that was returned from a `GetOrgPolicy` request as part of a
-          # read-modify-write loop for concurrency control. Not setting the `etag`in a
-          # `SetOrgPolicy` request will result in an unconditional write of the
-          # `Policy`.
-      &quot;booleanPolicy&quot;: { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not.
-          # resource.
-        &quot;enforced&quot;: True or False, # If `true`, then the `Policy` is enforced. If `false`, then any
-            # configuration is acceptable.
-            #
-            # Suppose you have a `Constraint`
-            # `constraints/compute.disableSerialPortAccess` with `constraint_default`
-            # set to `ALLOW`. A `Policy` for that `Constraint` exhibits the following
-            # behavior:
-            #   - If the `Policy` at this resource has enforced set to `false`, serial
-            #     port connection attempts will be allowed.
-            #   - If the `Policy` at this resource has enforced set to `true`, serial
-            #     port connection attempts will be refused.
-            #   - If the `Policy` at this resource is `RestoreDefault`, serial port
-            #     connection attempts will be allowed.
-            #   - If no `Policy` is set at this resource or anywhere higher in the
-            #     resource hierarchy, serial port connection attempts will be allowed.
-            #   - If no `Policy` is set at this resource, but one exists higher in the
-            #     resource hierarchy, the behavior is as if the`Policy` were set at
-            #     this resource.
-            #
-            # The following examples demonstrate the different possible layerings:
-            #
-            # Example 1 (nearest `Constraint` wins):
-            #   `organizations/foo` has a `Policy` with:
-            #     {enforced: false}
-            #   `projects/bar` has no `Policy` set.
-            # The constraint at `projects/bar` and `organizations/foo` will not be
-            # enforced.
-            #
-            # Example 2 (enforcement gets replaced):
-            #   `organizations/foo` has a `Policy` with:
-            #     {enforced: false}
-            #   `projects/bar` has a `Policy` with:
-            #     {enforced: true}
-            # The constraint at `organizations/foo` is not enforced.
-            # The constraint at `projects/bar` is enforced.
-            #
-            # Example 3 (RestoreDefault):
-            #   `organizations/foo` has a `Policy` with:
-            #     {enforced: true}
-            #   `projects/bar` has a `Policy` with:
-            #     {RestoreDefault: {}}
-            # The constraint at `organizations/foo` is enforced.
-            # The constraint at `projects/bar` is not enforced, because
-            # `constraint_default` for the `Constraint` is `ALLOW`.
-      },
-      &quot;constraint&quot;: &quot;A String&quot;, # The name of the `Constraint` the `Policy` is configuring, for example,
-          # `constraints/serviceuser.services`.
-          #
-          # Immutable after creation.
-      &quot;updateTime&quot;: &quot;A String&quot;, # The time stamp the `Policy` was previously updated. This is set by the
-          # server, not specified by the caller, and represents the last time a call to
-          # `SetOrgPolicy` was made for that `Policy`. Any value set by the client will
-          # be ignored.
-      &quot;version&quot;: 42, # Version of the `Policy`. Default version is 0;
-      &quot;restoreDefault&quot;: { # Ignores policies set above this resource and restores the # Restores the default behavior of the constraint; independent of
-          # `Constraint` type.
-          # `constraint_default` enforcement behavior of the specific `Constraint` at
-          # this resource.
-          #
-          # Suppose that `constraint_default` is set to `ALLOW` for the
-          # `Constraint` `constraints/serviceuser.services`. Suppose that organization
-          # foo.com sets a `Policy` at their Organization resource node that restricts
-          # the allowed service activations to deny all service activations. They
-          # could then set a `Policy` with the `policy_type` `restore_default` on
-          # several experimental projects, restoring the `constraint_default`
-          # enforcement of the `Constraint` for only those projects, allowing those
-          # projects to have all services activated.
       },
     },
   }
@@ -2759,6 +2780,95 @@
 
     { # Defines a Cloud Organization `Policy` which is used to specify `Constraints`
       # for configurations of Cloud Platform resources.
+    &quot;booleanPolicy&quot;: { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not.
+        # resource.
+      &quot;enforced&quot;: True or False, # If `true`, then the `Policy` is enforced. If `false`, then any
+          # configuration is acceptable.
+          #
+          # Suppose you have a `Constraint`
+          # `constraints/compute.disableSerialPortAccess` with `constraint_default`
+          # set to `ALLOW`. A `Policy` for that `Constraint` exhibits the following
+          # behavior:
+          #   - If the `Policy` at this resource has enforced set to `false`, serial
+          #     port connection attempts will be allowed.
+          #   - If the `Policy` at this resource has enforced set to `true`, serial
+          #     port connection attempts will be refused.
+          #   - If the `Policy` at this resource is `RestoreDefault`, serial port
+          #     connection attempts will be allowed.
+          #   - If no `Policy` is set at this resource or anywhere higher in the
+          #     resource hierarchy, serial port connection attempts will be allowed.
+          #   - If no `Policy` is set at this resource, but one exists higher in the
+          #     resource hierarchy, the behavior is as if the`Policy` were set at
+          #     this resource.
+          #
+          # The following examples demonstrate the different possible layerings:
+          #
+          # Example 1 (nearest `Constraint` wins):
+          #   `organizations/foo` has a `Policy` with:
+          #     {enforced: false}
+          #   `projects/bar` has no `Policy` set.
+          # The constraint at `projects/bar` and `organizations/foo` will not be
+          # enforced.
+          #
+          # Example 2 (enforcement gets replaced):
+          #   `organizations/foo` has a `Policy` with:
+          #     {enforced: false}
+          #   `projects/bar` has a `Policy` with:
+          #     {enforced: true}
+          # The constraint at `organizations/foo` is not enforced.
+          # The constraint at `projects/bar` is enforced.
+          #
+          # Example 3 (RestoreDefault):
+          #   `organizations/foo` has a `Policy` with:
+          #     {enforced: true}
+          #   `projects/bar` has a `Policy` with:
+          #     {RestoreDefault: {}}
+          # The constraint at `organizations/foo` is enforced.
+          # The constraint at `projects/bar` is not enforced, because
+          # `constraint_default` for the `Constraint` is `ALLOW`.
+    },
+    &quot;restoreDefault&quot;: { # Ignores policies set above this resource and restores the # Restores the default behavior of the constraint; independent of
+        # `Constraint` type.
+        # `constraint_default` enforcement behavior of the specific `Constraint` at
+        # this resource.
+        #
+        # Suppose that `constraint_default` is set to `ALLOW` for the
+        # `Constraint` `constraints/serviceuser.services`. Suppose that organization
+        # foo.com sets a `Policy` at their Organization resource node that restricts
+        # the allowed service activations to deny all service activations. They
+        # could then set a `Policy` with the `policy_type` `restore_default` on
+        # several experimental projects, restoring the `constraint_default`
+        # enforcement of the `Constraint` for only those projects, allowing those
+        # projects to have all services activated.
+    },
+    &quot;updateTime&quot;: &quot;A String&quot;, # The time stamp the `Policy` was previously updated. This is set by the
+        # server, not specified by the caller, and represents the last time a call to
+        # `SetOrgPolicy` was made for that `Policy`. Any value set by the client will
+        # be ignored.
+    &quot;version&quot;: 42, # Version of the `Policy`. Default version is 0;
+    &quot;etag&quot;: &quot;A String&quot;, # An opaque tag indicating the current version of the `Policy`, used for
+        # concurrency control.
+        #
+        # When the `Policy` is returned from either a `GetPolicy` or a
+        # `ListOrgPolicy` request, this `etag` indicates the version of the current
+        # `Policy` to use when executing a read-modify-write loop.
+        #
+        # When the `Policy` is returned from a `GetEffectivePolicy` request, the
+        # `etag` will be unset.
+        #
+        # When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value
+        # that was returned from a `GetOrgPolicy` request as part of a
+        # read-modify-write loop for concurrency control. Not setting the `etag`in a
+        # `SetOrgPolicy` request will result in an unconditional write of the
+        # `Policy`.
+    &quot;constraint&quot;: &quot;A String&quot;, # The name of the `Constraint` the `Policy` is configuring, for example,
+        # `constraints/serviceuser.services`.
+        #
+        # A [list of available
+        # constraints](/resource-manager/docs/organization-policy/org-policy-constraints)
+        # is available.
+        #
+        # Immutable after creation.
     &quot;listPolicy&quot;: { # Used in `policy_type` to specify how `list_policy` behaves at this # List of values either allowed or disallowed.
         # resource.
         #
@@ -2781,7 +2891,7 @@
         # values. If `all_values` is set to either `ALLOW` or `DENY`,
         # `allowed_values` and `denied_values` must be unset.
       &quot;allValues&quot;: &quot;A String&quot;, # The policy all_values state.
-      &quot;allowedValues&quot;: [ # List of values allowed  at this resource. Can only be set if `all_values`
+      &quot;deniedValues&quot;: [ # List of values denied at this resource. Can only be set if `all_values`
           # is set to `ALL_VALUES_UNSPECIFIED`.
         &quot;A String&quot;,
       ],
@@ -2789,9 +2899,13 @@
           # that matches the value specified in this `Policy`. If `suggested_value`
           # is not set, it will inherit the value specified higher in the hierarchy,
           # unless `inherit_from_parent` is `false`.
+      &quot;allowedValues&quot;: [ # List of values allowed  at this resource. Can only be set if `all_values`
+          # is set to `ALL_VALUES_UNSPECIFIED`.
+        &quot;A String&quot;,
+      ],
       &quot;inheritFromParent&quot;: True or False, # Determines the inheritance behavior for this `Policy`.
           #
-          # By default, a `ListPolicy` set at a resource supercedes any `Policy` set
+          # By default, a `ListPolicy` set at a resource supersedes any `Policy` set
           # anywhere up the resource hierarchy. However, if `inherit_from_parent` is
           # set to `true`, then the values from the effective `Policy` of the parent
           # resource are inherited, meaning the values set in this `Policy` are
@@ -2886,95 +3000,6 @@
           #   `projects/P3`.
           # The accepted values at `projects/bar` are `organizations/O1`,
           #   `folders/F1`, `projects/P1`.
-      &quot;deniedValues&quot;: [ # List of values denied at this resource. Can only be set if `all_values`
-          # is set to `ALL_VALUES_UNSPECIFIED`.
-        &quot;A String&quot;,
-      ],
-    },
-    &quot;etag&quot;: &quot;A String&quot;, # An opaque tag indicating the current version of the `Policy`, used for
-        # concurrency control.
-        #
-        # When the `Policy` is returned from either a `GetPolicy` or a
-        # `ListOrgPolicy` request, this `etag` indicates the version of the current
-        # `Policy` to use when executing a read-modify-write loop.
-        #
-        # When the `Policy` is returned from a `GetEffectivePolicy` request, the
-        # `etag` will be unset.
-        #
-        # When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value
-        # that was returned from a `GetOrgPolicy` request as part of a
-        # read-modify-write loop for concurrency control. Not setting the `etag`in a
-        # `SetOrgPolicy` request will result in an unconditional write of the
-        # `Policy`.
-    &quot;booleanPolicy&quot;: { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not.
-        # resource.
-      &quot;enforced&quot;: True or False, # If `true`, then the `Policy` is enforced. If `false`, then any
-          # configuration is acceptable.
-          #
-          # Suppose you have a `Constraint`
-          # `constraints/compute.disableSerialPortAccess` with `constraint_default`
-          # set to `ALLOW`. A `Policy` for that `Constraint` exhibits the following
-          # behavior:
-          #   - If the `Policy` at this resource has enforced set to `false`, serial
-          #     port connection attempts will be allowed.
-          #   - If the `Policy` at this resource has enforced set to `true`, serial
-          #     port connection attempts will be refused.
-          #   - If the `Policy` at this resource is `RestoreDefault`, serial port
-          #     connection attempts will be allowed.
-          #   - If no `Policy` is set at this resource or anywhere higher in the
-          #     resource hierarchy, serial port connection attempts will be allowed.
-          #   - If no `Policy` is set at this resource, but one exists higher in the
-          #     resource hierarchy, the behavior is as if the`Policy` were set at
-          #     this resource.
-          #
-          # The following examples demonstrate the different possible layerings:
-          #
-          # Example 1 (nearest `Constraint` wins):
-          #   `organizations/foo` has a `Policy` with:
-          #     {enforced: false}
-          #   `projects/bar` has no `Policy` set.
-          # The constraint at `projects/bar` and `organizations/foo` will not be
-          # enforced.
-          #
-          # Example 2 (enforcement gets replaced):
-          #   `organizations/foo` has a `Policy` with:
-          #     {enforced: false}
-          #   `projects/bar` has a `Policy` with:
-          #     {enforced: true}
-          # The constraint at `organizations/foo` is not enforced.
-          # The constraint at `projects/bar` is enforced.
-          #
-          # Example 3 (RestoreDefault):
-          #   `organizations/foo` has a `Policy` with:
-          #     {enforced: true}
-          #   `projects/bar` has a `Policy` with:
-          #     {RestoreDefault: {}}
-          # The constraint at `organizations/foo` is enforced.
-          # The constraint at `projects/bar` is not enforced, because
-          # `constraint_default` for the `Constraint` is `ALLOW`.
-    },
-    &quot;constraint&quot;: &quot;A String&quot;, # The name of the `Constraint` the `Policy` is configuring, for example,
-        # `constraints/serviceuser.services`.
-        #
-        # Immutable after creation.
-    &quot;updateTime&quot;: &quot;A String&quot;, # The time stamp the `Policy` was previously updated. This is set by the
-        # server, not specified by the caller, and represents the last time a call to
-        # `SetOrgPolicy` was made for that `Policy`. Any value set by the client will
-        # be ignored.
-    &quot;version&quot;: 42, # Version of the `Policy`. Default version is 0;
-    &quot;restoreDefault&quot;: { # Ignores policies set above this resource and restores the # Restores the default behavior of the constraint; independent of
-        # `Constraint` type.
-        # `constraint_default` enforcement behavior of the specific `Constraint` at
-        # this resource.
-        #
-        # Suppose that `constraint_default` is set to `ALLOW` for the
-        # `Constraint` `constraints/serviceuser.services`. Suppose that organization
-        # foo.com sets a `Policy` at their Organization resource node that restricts
-        # the allowed service activations to deny all service activations. They
-        # could then set a `Policy` with the `policy_type` `restore_default` on
-        # several experimental projects, restoring the `constraint_default`
-        # enforcement of the `Constraint` for only those projects, allowing those
-        # projects to have all services activated.
     },
   }</pre>
 </div>
@@ -2983,6 +3008,9 @@
     <code class="details" id="testIamPermissions">testIamPermissions(resource, body=None, x__xgafv=None)</code>
   <pre>Returns permissions that a caller has on the specified Project.
 
+For additional information about `resource` (e.g. my-project-id) structure
+and identification, see [Resource Names](/apis/design/resource_names).
+
 There are no permissions required for making this API call.
 
 Args:
@@ -3074,13 +3102,10 @@
 { # A Project is a high-level Google Cloud Platform entity.  It is a
       # container for ACLs, APIs, App Engine Apps, VMs, and other
       # Google Cloud Platform resources.
-    &quot;name&quot;: &quot;A String&quot;, # The optional user-assigned display name of the Project.
-        # When present it must be between 4 to 30 characters.
-        # Allowed characters are: lowercase and uppercase letters, numbers,
-        # hyphen, single-quote, double-quote, space, and exclamation point.
+    &quot;projectNumber&quot;: &quot;A String&quot;, # The number uniquely identifying the project.
         # 
-        # Example: &lt;code&gt;My Project&lt;/code&gt;
-        # Read-write.
+        # Example: &lt;code&gt;415104041262&lt;/code&gt;
+        # Read-only.
     &quot;projectId&quot;: &quot;A String&quot;, # The unique, user-assigned ID of the Project.
         # It must be 6 to 30 lowercase letters, digits, or hyphens.
         # It must start with a letter.
@@ -3088,13 +3113,36 @@
         # 
         # Example: &lt;code&gt;tokyo-rain-123&lt;/code&gt;
         # Read-only after creation.
+    &quot;createTime&quot;: &quot;A String&quot;, # Creation time.
+        # 
+        # Read-only.
+    &quot;labels&quot;: { # The labels associated with this Project.
+        # 
+        # Label keys must be between 1 and 63 characters long and must conform
+        # to the following regular expression: a-z{0,62}.
+        # 
+        # Label values must be between 0 and 63 characters long and must conform
+        # to the regular expression [a-z0-9_-]{0,63}. A label value can be empty.
+        # 
+        # No more than 256 labels can be associated with a given resource.
+        # 
+        # Clients should store labels in a representation such as JSON that does not
+        # depend on specific characters being disallowed.
+        # 
+        # Example: &lt;code&gt;&quot;environment&quot; : &quot;dev&quot;&lt;/code&gt;
+        # Read-write.
+      &quot;a_key&quot;: &quot;A String&quot;,
+    },
     &quot;lifecycleState&quot;: &quot;A String&quot;, # The Project lifecycle state.
         # 
         # Read-only.
-    &quot;projectNumber&quot;: &quot;A String&quot;, # The number uniquely identifying the project.
+    &quot;name&quot;: &quot;A String&quot;, # The optional user-assigned display name of the Project.
+        # When present it must be between 4 to 30 characters.
+        # Allowed characters are: lowercase and uppercase letters, numbers,
+        # hyphen, single-quote, double-quote, space, and exclamation point.
         # 
-        # Example: &lt;code&gt;415104041262&lt;/code&gt;
-        # Read-only.
+        # Example: &lt;code&gt;My Project&lt;/code&gt;
+        # Read-write.
     &quot;parent&quot;: { # A container to reference an id for any resource type. A `resource` in Google # An optional reference to a parent Resource.
         # 
         # Supported parent types include &quot;organization&quot; and &quot;folder&quot;. Once set, the
@@ -3111,27 +3159,6 @@
       &quot;id&quot;: &quot;A String&quot;, # Required field for the type-specific id. This should correspond to the id
           # used in the type-specific API&#x27;s.
     },
-    &quot;createTime&quot;: &quot;A String&quot;, # Creation time.
-        # 
-        # Read-only.
-    &quot;labels&quot;: { # The labels associated with this Project.
-        # 
-        # Label keys must be between 1 and 63 characters long and must conform
-        # to the following regular expression: \[a-z\](\[-a-z0-9\]*\[a-z0-9\])?.
-        # 
-        # Label values must be between 0 and 63 characters long and must conform
-        # to the regular expression (\[a-z\](\[-a-z0-9\]*\[a-z0-9\])?)?. A label
-        # value can be empty.
-        # 
-        # No more than 256 labels can be associated with a given resource.
-        # 
-        # Clients should store labels in a representation such as JSON that does not
-        # depend on specific characters being disallowed.
-        # 
-        # Example: &lt;code&gt;&quot;environment&quot; : &quot;dev&quot;&lt;/code&gt;
-        # Read-write.
-      &quot;a_key&quot;: &quot;A String&quot;,
-    },
   }
 
   x__xgafv: string, V1 error format.
@@ -3145,13 +3172,10 @@
     { # A Project is a high-level Google Cloud Platform entity.  It is a
         # container for ACLs, APIs, App Engine Apps, VMs, and other
         # Google Cloud Platform resources.
-      &quot;name&quot;: &quot;A String&quot;, # The optional user-assigned display name of the Project.
-          # When present it must be between 4 to 30 characters.
-          # Allowed characters are: lowercase and uppercase letters, numbers,
-          # hyphen, single-quote, double-quote, space, and exclamation point.
+      &quot;projectNumber&quot;: &quot;A String&quot;, # The number uniquely identifying the project.
           #
-          # Example: &lt;code&gt;My Project&lt;/code&gt;
-          # Read-write.
+          # Example: &lt;code&gt;415104041262&lt;/code&gt;
+          # Read-only.
       &quot;projectId&quot;: &quot;A String&quot;, # The unique, user-assigned ID of the Project.
           # It must be 6 to 30 lowercase letters, digits, or hyphens.
           # It must start with a letter.
@@ -3159,13 +3183,36 @@
           #
           # Example: &lt;code&gt;tokyo-rain-123&lt;/code&gt;
           # Read-only after creation.
+      &quot;createTime&quot;: &quot;A String&quot;, # Creation time.
+          #
+          # Read-only.
+      &quot;labels&quot;: { # The labels associated with this Project.
+          #
+          # Label keys must be between 1 and 63 characters long and must conform
+          # to the following regular expression: a-z{0,62}.
+          #
+          # Label values must be between 0 and 63 characters long and must conform
+          # to the regular expression [a-z0-9_-]{0,63}. A label value can be empty.
+          #
+          # No more than 256 labels can be associated with a given resource.
+          #
+          # Clients should store labels in a representation such as JSON that does not
+          # depend on specific characters being disallowed.
+          #
+          # Example: &lt;code&gt;&quot;environment&quot; : &quot;dev&quot;&lt;/code&gt;
+          # Read-write.
+        &quot;a_key&quot;: &quot;A String&quot;,
+      },
       &quot;lifecycleState&quot;: &quot;A String&quot;, # The Project lifecycle state.
           #
           # Read-only.
-      &quot;projectNumber&quot;: &quot;A String&quot;, # The number uniquely identifying the project.
+      &quot;name&quot;: &quot;A String&quot;, # The optional user-assigned display name of the Project.
+          # When present it must be between 4 to 30 characters.
+          # Allowed characters are: lowercase and uppercase letters, numbers,
+          # hyphen, single-quote, double-quote, space, and exclamation point.
           #
-          # Example: &lt;code&gt;415104041262&lt;/code&gt;
-          # Read-only.
+          # Example: &lt;code&gt;My Project&lt;/code&gt;
+          # Read-write.
       &quot;parent&quot;: { # A container to reference an id for any resource type. A `resource` in Google # An optional reference to a parent Resource.
           #
           # Supported parent types include &quot;organization&quot; and &quot;folder&quot;. Once set, the
@@ -3182,27 +3229,6 @@
         &quot;id&quot;: &quot;A String&quot;, # Required field for the type-specific id. This should correspond to the id
             # used in the type-specific API&#x27;s.
       },
-      &quot;createTime&quot;: &quot;A String&quot;, # Creation time.
-          #
-          # Read-only.
-      &quot;labels&quot;: { # The labels associated with this Project.
-          #
-          # Label keys must be between 1 and 63 characters long and must conform
-          # to the following regular expression: \[a-z\](\[-a-z0-9\]*\[a-z0-9\])?.
-          #
-          # Label values must be between 0 and 63 characters long and must conform
-          # to the regular expression (\[a-z\](\[-a-z0-9\]*\[a-z0-9\])?)?. A label
-          # value can be empty.
-          #
-          # No more than 256 labels can be associated with a given resource.
-          #
-          # Clients should store labels in a representation such as JSON that does not
-          # depend on specific characters being disallowed.
-          #
-          # Example: &lt;code&gt;&quot;environment&quot; : &quot;dev&quot;&lt;/code&gt;
-          # Read-write.
-        &quot;a_key&quot;: &quot;A String&quot;,
-      },
     }</pre>
 </div>