*
* @param jsonFactory JSON factory, which may be:
*
diff --git a/clients/google-api-services-policytroubleshooter/v3/2.0.0/README.md b/clients/google-api-services-policytroubleshooter/v3/2.0.0/README.md
new file mode 100644
index 00000000000..8410cee9bdf
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3/2.0.0/README.md
@@ -0,0 +1,44 @@
+# Policy Troubleshooter API Client Library for Java
+
+
+
+This page contains information about getting started with the Policy Troubleshooter API
+using the Google API Client Library for Java. In addition, you may be interested
+in the following documentation:
+
+* Browse the [Javadoc reference for the Policy Troubleshooter API][javadoc]
+* Read the [Developer's Guide for the Google API Client Library for Java][google-api-client].
+* Interact with this API in your browser using the [APIs Explorer for the Policy Troubleshooter API][api-explorer]
+
+## Installation
+
+### Maven
+
+Add the following lines to your `pom.xml` file:
+
+```xml
+
+
+
+ com.google.apis
+ google-api-services-policytroubleshooter
+ v3-rev20260111-2.0.0
+
+
+
+```
+
+### Gradle
+
+```gradle
+repositories {
+ mavenCentral()
+}
+dependencies {
+ implementation 'com.google.apis:google-api-services-policytroubleshooter:v3-rev20260111-2.0.0'
+}
+```
+
+[javadoc]: https://googleapis.dev/java/google-api-services-policytroubleshooter/latest/index.html
+[google-api-client]: https://github.com/googleapis/google-api-java-client/
+[api-explorer]: https://developers.google.com/apis-explorer/#p/policytroubleshooter/v1/
diff --git a/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/PolicyTroubleshooter.java b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/PolicyTroubleshooter.java
new file mode 100644
index 00000000000..1f888a3e09c
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/PolicyTroubleshooter.java
@@ -0,0 +1,384 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3;
+
+/**
+ * Service definition for PolicyTroubleshooter (v3).
+ *
+ *
+ *
+ *
+ *
+ *
+ * For more information about this service, see the
+ * API Documentation
+ *
+ *
+ *
+ * This service uses {@link PolicyTroubleshooterRequestInitializer} to initialize global parameters via its
+ * {@link Builder}.
+ *
+ *
+ * @since 1.3
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public class PolicyTroubleshooter extends com.google.api.client.googleapis.services.json.AbstractGoogleJsonClient {
+
+ // Note: Leave this static initializer at the top of the file.
+ static {
+ com.google.api.client.util.Preconditions.checkState(
+ (com.google.api.client.googleapis.GoogleUtils.MAJOR_VERSION == 1 &&
+ (com.google.api.client.googleapis.GoogleUtils.MINOR_VERSION >= 32 ||
+ (com.google.api.client.googleapis.GoogleUtils.MINOR_VERSION == 31 &&
+ com.google.api.client.googleapis.GoogleUtils.BUGFIX_VERSION >= 1))) ||
+ com.google.api.client.googleapis.GoogleUtils.MAJOR_VERSION >= 2,
+ "You are currently running with version %s of google-api-client. " +
+ "You need at least version 1.31.1 of google-api-client to run version " +
+ "2.0.0 of the Policy Troubleshooter API library.", com.google.api.client.googleapis.GoogleUtils.VERSION);
+ }
+
+ /**
+ * The default encoded root URL of the service. This is determined when the library is generated
+ * and normally should not be changed.
+ *
+ * @since 1.7
+ */
+ public static final String DEFAULT_ROOT_URL = "https://policytroubleshooter.googleapis.com/";
+
+ /**
+ * The default encoded mTLS root URL of the service. This is determined when the library is generated
+ * and normally should not be changed.
+ *
+ * @since 1.31
+ */
+ public static final String DEFAULT_MTLS_ROOT_URL = "https://policytroubleshooter.mtls.googleapis.com/";
+
+ /**
+ * The default encoded service path of the service. This is determined when the library is
+ * generated and normally should not be changed.
+ *
+ * @since 1.7
+ */
+ public static final String DEFAULT_SERVICE_PATH = "";
+
+ /**
+ * The default encoded batch path of the service. This is determined when the library is
+ * generated and normally should not be changed.
+ *
+ * @since 1.23
+ */
+ public static final String DEFAULT_BATCH_PATH = "batch";
+
+ /**
+ * The default encoded base URL of the service. This is determined when the library is generated
+ * and normally should not be changed.
+ */
+ public static final String DEFAULT_BASE_URL = DEFAULT_ROOT_URL + DEFAULT_SERVICE_PATH;
+
+ /**
+ * Constructor.
+ *
+ *
+ * Use {@link Builder} if you need to specify any of the optional parameters.
+ *
+ *
+ * @param transport HTTP transport, which should normally be:
+ *
+ *
Google App Engine:
+ * {@code com.google.api.client.extensions.appengine.http.UrlFetchTransport}
+ *
Android: {@code newCompatibleTransport} from
+ * {@code com.google.api.client.extensions.android.http.AndroidHttp}
+ *
+ * @return the resource collection
+ */
+ public Iam iam() {
+ return new Iam();
+ }
+
+ /**
+ * The "iam" collection of methods.
+ */
+ public class Iam {
+
+ /**
+ * Checks whether a principal has a specific permission for a specific resource, and explains why
+ * the principal does or doesn't have that permission.
+ *
+ * Create a request for the method "iam.troubleshoot".
+ *
+ * This request holds the parameters needed by the policytroubleshooter server. After setting any
+ * optional parameters, call the {@link Troubleshoot#execute()} method to invoke the remote
+ * operation.
+ *
+ * @param content the {@link com.google.api.services.policytroubleshooter.v3.model.GoogleCloudPolicytroubleshooterIamV3TroubleshootIamPolicyRequest}
+ * @return the request
+ */
+ public Troubleshoot troubleshoot(com.google.api.services.policytroubleshooter.v3.model.GoogleCloudPolicytroubleshooterIamV3TroubleshootIamPolicyRequest content) throws java.io.IOException {
+ Troubleshoot result = new Troubleshoot(content);
+ initialize(result);
+ return result;
+ }
+
+ public class Troubleshoot extends PolicyTroubleshooterRequest {
+
+ private static final String REST_PATH = "v3/iam:troubleshoot";
+
+ /**
+ * Checks whether a principal has a specific permission for a specific resource, and explains why
+ * the principal does or doesn't have that permission.
+ *
+ * Create a request for the method "iam.troubleshoot".
+ *
+ * This request holds the parameters needed by the the policytroubleshooter server. After setting
+ * any optional parameters, call the {@link Troubleshoot#execute()} method to invoke the remote
+ * operation.
{@link
+ * Troubleshoot#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)}
+ * must be called to initialize this instance immediately after invoking the constructor.
+ *
+ * @since 1.3.0
+ */
+ public static final class Builder extends com.google.api.client.googleapis.services.json.AbstractGoogleJsonClient.Builder {
+
+ private static String chooseEndpoint(com.google.api.client.http.HttpTransport transport) {
+ // If the GOOGLE_API_USE_MTLS_ENDPOINT environment variable value is "always", use mTLS endpoint.
+ // If the env variable is "auto", use mTLS endpoint if and only if the transport is mTLS.
+ // Use the regular endpoint for all other cases.
+ String useMtlsEndpoint = System.getenv("GOOGLE_API_USE_MTLS_ENDPOINT");
+ useMtlsEndpoint = useMtlsEndpoint == null ? "auto" : useMtlsEndpoint;
+ if ("always".equals(useMtlsEndpoint) || ("auto".equals(useMtlsEndpoint) && transport != null && transport.isMtls())) {
+ return DEFAULT_MTLS_ROOT_URL;
+ }
+ return DEFAULT_ROOT_URL;
+ }
+
+ /**
+ * Returns an instance of a new builder.
+ *
+ * @param transport HTTP transport, which should normally be:
+ *
+ *
Google App Engine:
+ * {@code com.google.api.client.extensions.appengine.http.UrlFetchTransport}
+ *
Android: {@code newCompatibleTransport} from
+ * {@code com.google.api.client.extensions.android.http.AndroidHttp}
Google GSON: {@code com.google.api.client.json.gson.GsonFactory}
+ *
Android Honeycomb or higher:
+ * {@code com.google.api.client.extensions.android.json.AndroidJsonFactory}
+ *
+ * @param httpRequestInitializer HTTP request initializer or {@code null} for none
+ * @since 1.7
+ */
+ public Builder(com.google.api.client.http.HttpTransport transport, com.google.api.client.json.JsonFactory jsonFactory,
+ com.google.api.client.http.HttpRequestInitializer httpRequestInitializer) {
+ super(
+ transport,
+ jsonFactory,
+ Builder.chooseEndpoint(transport),
+ DEFAULT_SERVICE_PATH,
+ httpRequestInitializer,
+ false);
+ setBatchPath(DEFAULT_BATCH_PATH);
+ }
+
+ /** Builds a new instance of {@link PolicyTroubleshooter}. */
+ @Override
+ public PolicyTroubleshooter build() {
+ return new PolicyTroubleshooter(this);
+ }
+
+ @Override
+ public Builder setRootUrl(String rootUrl) {
+ return (Builder) super.setRootUrl(rootUrl);
+ }
+
+ @Override
+ public Builder setServicePath(String servicePath) {
+ return (Builder) super.setServicePath(servicePath);
+ }
+
+ @Override
+ public Builder setBatchPath(String batchPath) {
+ return (Builder) super.setBatchPath(batchPath);
+ }
+
+ @Override
+ public Builder setHttpRequestInitializer(com.google.api.client.http.HttpRequestInitializer httpRequestInitializer) {
+ return (Builder) super.setHttpRequestInitializer(httpRequestInitializer);
+ }
+
+ @Override
+ public Builder setApplicationName(String applicationName) {
+ return (Builder) super.setApplicationName(applicationName);
+ }
+
+ @Override
+ public Builder setSuppressPatternChecks(boolean suppressPatternChecks) {
+ return (Builder) super.setSuppressPatternChecks(suppressPatternChecks);
+ }
+
+ @Override
+ public Builder setSuppressRequiredParameterChecks(boolean suppressRequiredParameterChecks) {
+ return (Builder) super.setSuppressRequiredParameterChecks(suppressRequiredParameterChecks);
+ }
+
+ @Override
+ public Builder setSuppressAllChecks(boolean suppressAllChecks) {
+ return (Builder) super.setSuppressAllChecks(suppressAllChecks);
+ }
+
+ /**
+ * Set the {@link PolicyTroubleshooterRequestInitializer}.
+ *
+ * @since 1.12
+ */
+ public Builder setPolicyTroubleshooterRequestInitializer(
+ PolicyTroubleshooterRequestInitializer policytroubleshooterRequestInitializer) {
+ return (Builder) super.setGoogleClientRequestInitializer(policytroubleshooterRequestInitializer);
+ }
+
+ @Override
+ public Builder setGoogleClientRequestInitializer(
+ com.google.api.client.googleapis.services.GoogleClientRequestInitializer googleClientRequestInitializer) {
+ return (Builder) super.setGoogleClientRequestInitializer(googleClientRequestInitializer);
+ }
+
+ @Override
+ public Builder setUniverseDomain(String universeDomain) {
+ return (Builder) super.setUniverseDomain(universeDomain);
+ }
+ }
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/PolicyTroubleshooterRequest.java b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/PolicyTroubleshooterRequest.java
new file mode 100644
index 00000000000..3c7bb99b4a1
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/PolicyTroubleshooterRequest.java
@@ -0,0 +1,267 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3;
+
+/**
+ * PolicyTroubleshooter request.
+ *
+ * @since 1.3
+ */
+@SuppressWarnings("javadoc")
+public abstract class PolicyTroubleshooterRequest extends com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest {
+
+ /**
+ * @param client Google client
+ * @param method HTTP Method
+ * @param uriTemplate URI template for the path relative to the base URL. If it starts with a "/"
+ * the base path from the base URL will be stripped out. The URI template can also be a
+ * full URL. URI template expansion is done using
+ * {@link com.google.api.client.http.UriTemplate#expand(String, String, Object, boolean)}
+ * @param content A POJO that can be serialized into JSON or {@code null} for none
+ * @param responseClass response class to parse into
+ */
+ public PolicyTroubleshooterRequest(
+ PolicyTroubleshooter client, String method, String uriTemplate, Object content, Class responseClass) {
+ super(
+ client,
+ method,
+ uriTemplate,
+ content,
+ responseClass);
+ }
+
+ /** V1 error format. */
+ @com.google.api.client.util.Key("$.xgafv")
+ private java.lang.String $Xgafv;
+
+ /**
+ * V1 error format.
+ */
+ public java.lang.String get$Xgafv() {
+ return $Xgafv;
+ }
+
+ /** V1 error format. */
+ public PolicyTroubleshooterRequest set$Xgafv(java.lang.String $Xgafv) {
+ this.$Xgafv = $Xgafv;
+ return this;
+ }
+
+ /** OAuth access token. */
+ @com.google.api.client.util.Key("access_token")
+ private java.lang.String accessToken;
+
+ /**
+ * OAuth access token.
+ */
+ public java.lang.String getAccessToken() {
+ return accessToken;
+ }
+
+ /** OAuth access token. */
+ public PolicyTroubleshooterRequest setAccessToken(java.lang.String accessToken) {
+ this.accessToken = accessToken;
+ return this;
+ }
+
+ /** Data format for response. */
+ @com.google.api.client.util.Key
+ private java.lang.String alt;
+
+ /**
+ * Data format for response. [default: json]
+ */
+ public java.lang.String getAlt() {
+ return alt;
+ }
+
+ /** Data format for response. */
+ public PolicyTroubleshooterRequest setAlt(java.lang.String alt) {
+ this.alt = alt;
+ return this;
+ }
+
+ /** JSONP */
+ @com.google.api.client.util.Key
+ private java.lang.String callback;
+
+ /**
+ * JSONP
+ */
+ public java.lang.String getCallback() {
+ return callback;
+ }
+
+ /** JSONP */
+ public PolicyTroubleshooterRequest setCallback(java.lang.String callback) {
+ this.callback = callback;
+ return this;
+ }
+
+ /** Selector specifying which fields to include in a partial response. */
+ @com.google.api.client.util.Key
+ private java.lang.String fields;
+
+ /**
+ * Selector specifying which fields to include in a partial response.
+ */
+ public java.lang.String getFields() {
+ return fields;
+ }
+
+ /** Selector specifying which fields to include in a partial response. */
+ public PolicyTroubleshooterRequest setFields(java.lang.String fields) {
+ this.fields = fields;
+ return this;
+ }
+
+ /**
+ * API key. Your API key identifies your project and provides you with API access, quota, and
+ * reports. Required unless you provide an OAuth 2.0 token.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String key;
+
+ /**
+ * API key. Your API key identifies your project and provides you with API access, quota, and
+ * reports. Required unless you provide an OAuth 2.0 token.
+ */
+ public java.lang.String getKey() {
+ return key;
+ }
+
+ /**
+ * API key. Your API key identifies your project and provides you with API access, quota, and
+ * reports. Required unless you provide an OAuth 2.0 token.
+ */
+ public PolicyTroubleshooterRequest setKey(java.lang.String key) {
+ this.key = key;
+ return this;
+ }
+
+ /** OAuth 2.0 token for the current user. */
+ @com.google.api.client.util.Key("oauth_token")
+ private java.lang.String oauthToken;
+
+ /**
+ * OAuth 2.0 token for the current user.
+ */
+ public java.lang.String getOauthToken() {
+ return oauthToken;
+ }
+
+ /** OAuth 2.0 token for the current user. */
+ public PolicyTroubleshooterRequest setOauthToken(java.lang.String oauthToken) {
+ this.oauthToken = oauthToken;
+ return this;
+ }
+
+ /** Returns response with indentations and line breaks. */
+ @com.google.api.client.util.Key
+ private java.lang.Boolean prettyPrint;
+
+ /**
+ * Returns response with indentations and line breaks. [default: true]
+ */
+ public java.lang.Boolean getPrettyPrint() {
+ return prettyPrint;
+ }
+
+ /** Returns response with indentations and line breaks. */
+ public PolicyTroubleshooterRequest setPrettyPrint(java.lang.Boolean prettyPrint) {
+ this.prettyPrint = prettyPrint;
+ return this;
+ }
+
+ /**
+ * Available to use for quota purposes for server-side applications. Can be any arbitrary string
+ * assigned to a user, but should not exceed 40 characters.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String quotaUser;
+
+ /**
+ * Available to use for quota purposes for server-side applications. Can be any arbitrary string
+ * assigned to a user, but should not exceed 40 characters.
+ */
+ public java.lang.String getQuotaUser() {
+ return quotaUser;
+ }
+
+ /**
+ * Available to use for quota purposes for server-side applications. Can be any arbitrary string
+ * assigned to a user, but should not exceed 40 characters.
+ */
+ public PolicyTroubleshooterRequest setQuotaUser(java.lang.String quotaUser) {
+ this.quotaUser = quotaUser;
+ return this;
+ }
+
+ /** Legacy upload protocol for media (e.g. "media", "multipart"). */
+ @com.google.api.client.util.Key
+ private java.lang.String uploadType;
+
+ /**
+ * Legacy upload protocol for media (e.g. "media", "multipart").
+ */
+ public java.lang.String getUploadType() {
+ return uploadType;
+ }
+
+ /** Legacy upload protocol for media (e.g. "media", "multipart"). */
+ public PolicyTroubleshooterRequest setUploadType(java.lang.String uploadType) {
+ this.uploadType = uploadType;
+ return this;
+ }
+
+ /** Upload protocol for media (e.g. "raw", "multipart"). */
+ @com.google.api.client.util.Key("upload_protocol")
+ private java.lang.String uploadProtocol;
+
+ /**
+ * Upload protocol for media (e.g. "raw", "multipart").
+ */
+ public java.lang.String getUploadProtocol() {
+ return uploadProtocol;
+ }
+
+ /** Upload protocol for media (e.g. "raw", "multipart"). */
+ public PolicyTroubleshooterRequest setUploadProtocol(java.lang.String uploadProtocol) {
+ this.uploadProtocol = uploadProtocol;
+ return this;
+ }
+
+ @Override
+ public final PolicyTroubleshooter getAbstractGoogleClient() {
+ return (PolicyTroubleshooter) super.getAbstractGoogleClient();
+ }
+
+ @Override
+ public PolicyTroubleshooterRequest setDisableGZipContent(boolean disableGZipContent) {
+ return (PolicyTroubleshooterRequest) super.setDisableGZipContent(disableGZipContent);
+ }
+
+ @Override
+ public PolicyTroubleshooterRequest setRequestHeaders(com.google.api.client.http.HttpHeaders headers) {
+ return (PolicyTroubleshooterRequest) super.setRequestHeaders(headers);
+ }
+
+ @Override
+ public PolicyTroubleshooterRequest set(String parameterName, Object value) {
+ return (PolicyTroubleshooterRequest) super.set(parameterName, value);
+ }
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/PolicyTroubleshooterRequestInitializer.java b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/PolicyTroubleshooterRequestInitializer.java
new file mode 100644
index 00000000000..daeff9ec615
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/PolicyTroubleshooterRequestInitializer.java
@@ -0,0 +1,119 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3;
+
+/**
+ * PolicyTroubleshooter request initializer for setting properties like key and userIp.
+ *
+ *
+ * The simplest usage is to use it to set the key parameter:
+ *
+ *
+ *
+ public static final GoogleClientRequestInitializer KEY_INITIALIZER =
+ new PolicyTroubleshooterRequestInitializer(KEY);
+ *
+ *
+ *
+ * There is also a constructor to set both the key and userIp parameters:
+ *
+ *
+ *
+ public static final GoogleClientRequestInitializer INITIALIZER =
+ new PolicyTroubleshooterRequestInitializer(KEY, USER_IP);
+ *
+ *
+ *
+ * If you want to implement custom logic, extend it like this:
+ *
+ *
+ * @since 1.12
+ */
+public class PolicyTroubleshooterRequestInitializer extends com.google.api.client.googleapis.services.json.CommonGoogleJsonClientRequestInitializer {
+
+ public PolicyTroubleshooterRequestInitializer() {
+ super();
+ }
+
+ /**
+ * @param key API key or {@code null} to leave it unchanged
+ */
+ public PolicyTroubleshooterRequestInitializer(String key) {
+ super(key);
+ }
+
+ /**
+ * @param key API key or {@code null} to leave it unchanged
+ * @param userIp user IP or {@code null} to leave it unchanged
+ */
+ public PolicyTroubleshooterRequestInitializer(String key, String userIp) {
+ super(key, userIp);
+ }
+
+ @Override
+ public final void initializeJsonRequest(com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest request) throws java.io.IOException {
+ super.initializeJsonRequest(request);
+ initializePolicyTroubleshooterRequest((PolicyTroubleshooterRequest) request);
+ }
+
+ /**
+ * Initializes PolicyTroubleshooter request.
+ *
+ *
+ * Default implementation does nothing. Called from
+ * {@link #initializeJsonRequest(com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest)}.
+ *
+ *
+ * @throws java.io.IOException I/O exception
+ */
+ protected void initializePolicyTroubleshooterRequest(PolicyTroubleshooterRequest request) throws java.io.IOException {
+ }
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/PolicyTroubleshooterScopes.java b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/PolicyTroubleshooterScopes.java
new file mode 100644
index 00000000000..53f0f1fb66d
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/PolicyTroubleshooterScopes.java
@@ -0,0 +1,42 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3;
+
+/**
+ * Available OAuth 2.0 scopes for use with the Policy Troubleshooter API.
+ *
+ * @since 1.4
+ */
+public class PolicyTroubleshooterScopes {
+
+ /** See, edit, configure, and delete your Google Cloud data and see the email address for your Google Account.. */
+ public static final String CLOUD_PLATFORM = "https://www.googleapis.com/auth/cloud-platform";
+
+ /**
+ * Returns an unmodifiable set that contains all scopes declared by this class.
+ *
+ * @since 1.16
+ */
+ public static java.util.Set all() {
+ java.util.Set set = new java.util.HashSet();
+ set.add(CLOUD_PLATFORM);
+ return java.util.Collections.unmodifiableSet(set);
+ }
+
+ private PolicyTroubleshooterScopes() {
+ }
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3AccessTuple.java b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3AccessTuple.java
new file mode 100644
index 00000000000..eb55c35a07d
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3AccessTuple.java
@@ -0,0 +1,196 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3.model;
+
+/**
+ * Information about the principal, resource, and permission to check.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3AccessTuple extends com.google.api.client.json.GenericJson {
+
+ /**
+ * Optional. Additional context for the request, such as the request time or IP address. This
+ * context allows Policy Troubleshooter to troubleshoot conditional role bindings and deny rules.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleCloudPolicytroubleshooterIamV3ConditionContext conditionContext;
+
+ /**
+ * Required. The full resource name that identifies the resource. For example,
+ * `//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance`. For
+ * examples of full resource names for Google Cloud services, see
+ * https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String fullResourceName;
+
+ /**
+ * Required. The IAM permission to check for, either in the `v1` permission format or the `v2`
+ * permission format. For a complete list of IAM permissions in the `v1` format, see
+ * https://cloud.google.com/iam/help/permissions/reference. For a list of IAM permissions in the
+ * `v2` format, see https://cloud.google.com/iam/help/deny/supported-permissions. For a complete
+ * list of predefined IAM roles and the permissions in each role, see
+ * https://cloud.google.com/iam/help/roles/reference.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String permission;
+
+ /**
+ * Output only. The permission that Policy Troubleshooter checked for, in the `v2` format.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String permissionFqdn;
+
+ /**
+ * Required. The email address of the principal whose access you want to check. For example,
+ * `alice@example.com` or `my-service-account@my-project.iam.gserviceaccount.com`. The principal
+ * must be a Google Account or a service account. Other types of principals are not supported.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String principal;
+
+ /**
+ * Optional. Additional context for the request, such as the request time or IP address. This
+ * context allows Policy Troubleshooter to troubleshoot conditional role bindings and deny rules.
+ * @return value or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3ConditionContext getConditionContext() {
+ return conditionContext;
+ }
+
+ /**
+ * Optional. Additional context for the request, such as the request time or IP address. This
+ * context allows Policy Troubleshooter to troubleshoot conditional role bindings and deny rules.
+ * @param conditionContext conditionContext or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3AccessTuple setConditionContext(GoogleCloudPolicytroubleshooterIamV3ConditionContext conditionContext) {
+ this.conditionContext = conditionContext;
+ return this;
+ }
+
+ /**
+ * Required. The full resource name that identifies the resource. For example,
+ * `//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance`. For
+ * examples of full resource names for Google Cloud services, see
+ * https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getFullResourceName() {
+ return fullResourceName;
+ }
+
+ /**
+ * Required. The full resource name that identifies the resource. For example,
+ * `//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance`. For
+ * examples of full resource names for Google Cloud services, see
+ * https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
+ * @param fullResourceName fullResourceName or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3AccessTuple setFullResourceName(java.lang.String fullResourceName) {
+ this.fullResourceName = fullResourceName;
+ return this;
+ }
+
+ /**
+ * Required. The IAM permission to check for, either in the `v1` permission format or the `v2`
+ * permission format. For a complete list of IAM permissions in the `v1` format, see
+ * https://cloud.google.com/iam/help/permissions/reference. For a list of IAM permissions in the
+ * `v2` format, see https://cloud.google.com/iam/help/deny/supported-permissions. For a complete
+ * list of predefined IAM roles and the permissions in each role, see
+ * https://cloud.google.com/iam/help/roles/reference.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getPermission() {
+ return permission;
+ }
+
+ /**
+ * Required. The IAM permission to check for, either in the `v1` permission format or the `v2`
+ * permission format. For a complete list of IAM permissions in the `v1` format, see
+ * https://cloud.google.com/iam/help/permissions/reference. For a list of IAM permissions in the
+ * `v2` format, see https://cloud.google.com/iam/help/deny/supported-permissions. For a complete
+ * list of predefined IAM roles and the permissions in each role, see
+ * https://cloud.google.com/iam/help/roles/reference.
+ * @param permission permission or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3AccessTuple setPermission(java.lang.String permission) {
+ this.permission = permission;
+ return this;
+ }
+
+ /**
+ * Output only. The permission that Policy Troubleshooter checked for, in the `v2` format.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getPermissionFqdn() {
+ return permissionFqdn;
+ }
+
+ /**
+ * Output only. The permission that Policy Troubleshooter checked for, in the `v2` format.
+ * @param permissionFqdn permissionFqdn or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3AccessTuple setPermissionFqdn(java.lang.String permissionFqdn) {
+ this.permissionFqdn = permissionFqdn;
+ return this;
+ }
+
+ /**
+ * Required. The email address of the principal whose access you want to check. For example,
+ * `alice@example.com` or `my-service-account@my-project.iam.gserviceaccount.com`. The principal
+ * must be a Google Account or a service account. Other types of principals are not supported.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getPrincipal() {
+ return principal;
+ }
+
+ /**
+ * Required. The email address of the principal whose access you want to check. For example,
+ * `alice@example.com` or `my-service-account@my-project.iam.gserviceaccount.com`. The principal
+ * must be a Google Account or a service account. Other types of principals are not supported.
+ * @param principal principal or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3AccessTuple setPrincipal(java.lang.String principal) {
+ this.principal = principal;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3AccessTuple set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3AccessTuple) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3AccessTuple clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3AccessTuple) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3AllowBindingExplanation.java b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3AllowBindingExplanation.java
new file mode 100644
index 00000000000..5cd06fb3551
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3AllowBindingExplanation.java
@@ -0,0 +1,314 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3.model;
+
+/**
+ * Details about how a role binding in an allow policy affects a principal's ability to use a
+ * permission.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3AllowBindingExplanation extends com.google.api.client.json.GenericJson {
+
+ /**
+ * Required. Indicates whether _this role binding_ gives the specified permission to the specified
+ * principal on the specified resource. This field does _not_ indicate whether the principal
+ * actually has the permission on the resource. There might be another role binding that overrides
+ * this role binding. To determine whether the principal actually has the permission, use the
+ * `overall_access_state` field in the TroubleshootIamPolicyResponse.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String allowAccessState;
+
+ /**
+ * The combined result of all memberships. Indicates if the principal is included in any role
+ * binding, either directly or indirectly.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleCloudPolicytroubleshooterIamV3AllowBindingExplanationAnnotatedAllowMembership combinedMembership;
+
+ /**
+ * A condition expression that specifies when the role binding grants access. To learn about IAM
+ * Conditions, see https://cloud.google.com/iam/help/conditions/overview.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleTypeExpr condition;
+
+ /**
+ * Condition evaluation state for this role binding.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleCloudPolicytroubleshooterIamV3ConditionExplanation conditionExplanation;
+
+ /**
+ * Indicates whether each role binding includes the principal specified in the request, either
+ * directly or indirectly. Each key identifies a principal in the role binding, and each value
+ * indicates whether the principal in the role binding includes the principal in the request. For
+ * example, suppose that a role binding includes the following principals: *
+ * `user:alice@example.com` * `group:product-eng@example.com` You want to troubleshoot access for
+ * `user:bob@example.com`. This user is a member of the group `group:product-eng@example.com`. For
+ * the first principal in the role binding, the key is `user:alice@example.com`, and the
+ * `membership` field in the value is set to `NOT_INCLUDED`. For the second principal in the role
+ * binding, the key is `group:product-eng@example.com`, and the `membership` field in the value is
+ * set to `INCLUDED`.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.Map memberships;
+
+ /**
+ * The relevance of this role binding to the overall determination for the entire policy.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String relevance;
+
+ /**
+ * The role that this role binding grants. For example, `roles/compute.admin`. For a complete list
+ * of predefined IAM roles, as well as the permissions in each role, see
+ * https://cloud.google.com/iam/help/roles/reference.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String role;
+
+ /**
+ * Indicates whether the role granted by this role binding contains the specified permission.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String rolePermission;
+
+ /**
+ * The relevance of the permission's existence, or nonexistence, in the role to the overall
+ * determination for the entire policy.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String rolePermissionRelevance;
+
+ /**
+ * Required. Indicates whether _this role binding_ gives the specified permission to the specified
+ * principal on the specified resource. This field does _not_ indicate whether the principal
+ * actually has the permission on the resource. There might be another role binding that overrides
+ * this role binding. To determine whether the principal actually has the permission, use the
+ * `overall_access_state` field in the TroubleshootIamPolicyResponse.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getAllowAccessState() {
+ return allowAccessState;
+ }
+
+ /**
+ * Required. Indicates whether _this role binding_ gives the specified permission to the specified
+ * principal on the specified resource. This field does _not_ indicate whether the principal
+ * actually has the permission on the resource. There might be another role binding that overrides
+ * this role binding. To determine whether the principal actually has the permission, use the
+ * `overall_access_state` field in the TroubleshootIamPolicyResponse.
+ * @param allowAccessState allowAccessState or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3AllowBindingExplanation setAllowAccessState(java.lang.String allowAccessState) {
+ this.allowAccessState = allowAccessState;
+ return this;
+ }
+
+ /**
+ * The combined result of all memberships. Indicates if the principal is included in any role
+ * binding, either directly or indirectly.
+ * @return value or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3AllowBindingExplanationAnnotatedAllowMembership getCombinedMembership() {
+ return combinedMembership;
+ }
+
+ /**
+ * The combined result of all memberships. Indicates if the principal is included in any role
+ * binding, either directly or indirectly.
+ * @param combinedMembership combinedMembership or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3AllowBindingExplanation setCombinedMembership(GoogleCloudPolicytroubleshooterIamV3AllowBindingExplanationAnnotatedAllowMembership combinedMembership) {
+ this.combinedMembership = combinedMembership;
+ return this;
+ }
+
+ /**
+ * A condition expression that specifies when the role binding grants access. To learn about IAM
+ * Conditions, see https://cloud.google.com/iam/help/conditions/overview.
+ * @return value or {@code null} for none
+ */
+ public GoogleTypeExpr getCondition() {
+ return condition;
+ }
+
+ /**
+ * A condition expression that specifies when the role binding grants access. To learn about IAM
+ * Conditions, see https://cloud.google.com/iam/help/conditions/overview.
+ * @param condition condition or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3AllowBindingExplanation setCondition(GoogleTypeExpr condition) {
+ this.condition = condition;
+ return this;
+ }
+
+ /**
+ * Condition evaluation state for this role binding.
+ * @return value or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3ConditionExplanation getConditionExplanation() {
+ return conditionExplanation;
+ }
+
+ /**
+ * Condition evaluation state for this role binding.
+ * @param conditionExplanation conditionExplanation or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3AllowBindingExplanation setConditionExplanation(GoogleCloudPolicytroubleshooterIamV3ConditionExplanation conditionExplanation) {
+ this.conditionExplanation = conditionExplanation;
+ return this;
+ }
+
+ /**
+ * Indicates whether each role binding includes the principal specified in the request, either
+ * directly or indirectly. Each key identifies a principal in the role binding, and each value
+ * indicates whether the principal in the role binding includes the principal in the request. For
+ * example, suppose that a role binding includes the following principals: *
+ * `user:alice@example.com` * `group:product-eng@example.com` You want to troubleshoot access for
+ * `user:bob@example.com`. This user is a member of the group `group:product-eng@example.com`. For
+ * the first principal in the role binding, the key is `user:alice@example.com`, and the
+ * `membership` field in the value is set to `NOT_INCLUDED`. For the second principal in the role
+ * binding, the key is `group:product-eng@example.com`, and the `membership` field in the value is
+ * set to `INCLUDED`.
+ * @return value or {@code null} for none
+ */
+ public java.util.Map getMemberships() {
+ return memberships;
+ }
+
+ /**
+ * Indicates whether each role binding includes the principal specified in the request, either
+ * directly or indirectly. Each key identifies a principal in the role binding, and each value
+ * indicates whether the principal in the role binding includes the principal in the request. For
+ * example, suppose that a role binding includes the following principals: *
+ * `user:alice@example.com` * `group:product-eng@example.com` You want to troubleshoot access for
+ * `user:bob@example.com`. This user is a member of the group `group:product-eng@example.com`. For
+ * the first principal in the role binding, the key is `user:alice@example.com`, and the
+ * `membership` field in the value is set to `NOT_INCLUDED`. For the second principal in the role
+ * binding, the key is `group:product-eng@example.com`, and the `membership` field in the value is
+ * set to `INCLUDED`.
+ * @param memberships memberships or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3AllowBindingExplanation setMemberships(java.util.Map memberships) {
+ this.memberships = memberships;
+ return this;
+ }
+
+ /**
+ * The relevance of this role binding to the overall determination for the entire policy.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getRelevance() {
+ return relevance;
+ }
+
+ /**
+ * The relevance of this role binding to the overall determination for the entire policy.
+ * @param relevance relevance or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3AllowBindingExplanation setRelevance(java.lang.String relevance) {
+ this.relevance = relevance;
+ return this;
+ }
+
+ /**
+ * The role that this role binding grants. For example, `roles/compute.admin`. For a complete list
+ * of predefined IAM roles, as well as the permissions in each role, see
+ * https://cloud.google.com/iam/help/roles/reference.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getRole() {
+ return role;
+ }
+
+ /**
+ * The role that this role binding grants. For example, `roles/compute.admin`. For a complete list
+ * of predefined IAM roles, as well as the permissions in each role, see
+ * https://cloud.google.com/iam/help/roles/reference.
+ * @param role role or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3AllowBindingExplanation setRole(java.lang.String role) {
+ this.role = role;
+ return this;
+ }
+
+ /**
+ * Indicates whether the role granted by this role binding contains the specified permission.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getRolePermission() {
+ return rolePermission;
+ }
+
+ /**
+ * Indicates whether the role granted by this role binding contains the specified permission.
+ * @param rolePermission rolePermission or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3AllowBindingExplanation setRolePermission(java.lang.String rolePermission) {
+ this.rolePermission = rolePermission;
+ return this;
+ }
+
+ /**
+ * The relevance of the permission's existence, or nonexistence, in the role to the overall
+ * determination for the entire policy.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getRolePermissionRelevance() {
+ return rolePermissionRelevance;
+ }
+
+ /**
+ * The relevance of the permission's existence, or nonexistence, in the role to the overall
+ * determination for the entire policy.
+ * @param rolePermissionRelevance rolePermissionRelevance or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3AllowBindingExplanation setRolePermissionRelevance(java.lang.String rolePermissionRelevance) {
+ this.rolePermissionRelevance = rolePermissionRelevance;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3AllowBindingExplanation set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3AllowBindingExplanation) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3AllowBindingExplanation clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3AllowBindingExplanation) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3AllowBindingExplanationAnnotatedAllowMembership.java b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3AllowBindingExplanationAnnotatedAllowMembership.java
new file mode 100644
index 00000000000..5802e31ac53
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3AllowBindingExplanationAnnotatedAllowMembership.java
@@ -0,0 +1,91 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3.model;
+
+/**
+ * Details about whether the role binding includes the principal.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3AllowBindingExplanationAnnotatedAllowMembership extends com.google.api.client.json.GenericJson {
+
+ /**
+ * Indicates whether the role binding includes the principal.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String membership;
+
+ /**
+ * The relevance of the principal's status to the overall determination for the role binding.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String relevance;
+
+ /**
+ * Indicates whether the role binding includes the principal.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getMembership() {
+ return membership;
+ }
+
+ /**
+ * Indicates whether the role binding includes the principal.
+ * @param membership membership or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3AllowBindingExplanationAnnotatedAllowMembership setMembership(java.lang.String membership) {
+ this.membership = membership;
+ return this;
+ }
+
+ /**
+ * The relevance of the principal's status to the overall determination for the role binding.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getRelevance() {
+ return relevance;
+ }
+
+ /**
+ * The relevance of the principal's status to the overall determination for the role binding.
+ * @param relevance relevance or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3AllowBindingExplanationAnnotatedAllowMembership setRelevance(java.lang.String relevance) {
+ this.relevance = relevance;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3AllowBindingExplanationAnnotatedAllowMembership set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3AllowBindingExplanationAnnotatedAllowMembership) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3AllowBindingExplanationAnnotatedAllowMembership clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3AllowBindingExplanationAnnotatedAllowMembership) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3AllowPolicyExplanation.java b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3AllowPolicyExplanation.java
new file mode 100644
index 00000000000..a573add4e94
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3AllowPolicyExplanation.java
@@ -0,0 +1,133 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3.model;
+
+/**
+ * Details about how the relevant IAM allow policies affect the final access state.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3AllowPolicyExplanation extends com.google.api.client.json.GenericJson {
+
+ /**
+ * Indicates whether the principal has the specified permission for the specified resource, based
+ * on evaluating all applicable IAM allow policies.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String allowAccessState;
+
+ /**
+ * List of IAM allow policies that were evaluated to check the principal's permissions, with
+ * annotations to indicate how each policy contributed to the final result. The list of policies
+ * includes the policy for the resource itself, as well as allow policies that are inherited from
+ * higher levels of the resource hierarchy, including the organization, the folder, and the
+ * project. To learn more about the resource hierarchy, see
+ * https://cloud.google.com/iam/help/resource-hierarchy.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List explainedPolicies;
+
+ /**
+ * The relevance of the allow policy type to the overall access state.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String relevance;
+
+ /**
+ * Indicates whether the principal has the specified permission for the specified resource, based
+ * on evaluating all applicable IAM allow policies.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getAllowAccessState() {
+ return allowAccessState;
+ }
+
+ /**
+ * Indicates whether the principal has the specified permission for the specified resource, based
+ * on evaluating all applicable IAM allow policies.
+ * @param allowAccessState allowAccessState or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3AllowPolicyExplanation setAllowAccessState(java.lang.String allowAccessState) {
+ this.allowAccessState = allowAccessState;
+ return this;
+ }
+
+ /**
+ * List of IAM allow policies that were evaluated to check the principal's permissions, with
+ * annotations to indicate how each policy contributed to the final result. The list of policies
+ * includes the policy for the resource itself, as well as allow policies that are inherited from
+ * higher levels of the resource hierarchy, including the organization, the folder, and the
+ * project. To learn more about the resource hierarchy, see
+ * https://cloud.google.com/iam/help/resource-hierarchy.
+ * @return value or {@code null} for none
+ */
+ public java.util.List getExplainedPolicies() {
+ return explainedPolicies;
+ }
+
+ /**
+ * List of IAM allow policies that were evaluated to check the principal's permissions, with
+ * annotations to indicate how each policy contributed to the final result. The list of policies
+ * includes the policy for the resource itself, as well as allow policies that are inherited from
+ * higher levels of the resource hierarchy, including the organization, the folder, and the
+ * project. To learn more about the resource hierarchy, see
+ * https://cloud.google.com/iam/help/resource-hierarchy.
+ * @param explainedPolicies explainedPolicies or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3AllowPolicyExplanation setExplainedPolicies(java.util.List explainedPolicies) {
+ this.explainedPolicies = explainedPolicies;
+ return this;
+ }
+
+ /**
+ * The relevance of the allow policy type to the overall access state.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getRelevance() {
+ return relevance;
+ }
+
+ /**
+ * The relevance of the allow policy type to the overall access state.
+ * @param relevance relevance or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3AllowPolicyExplanation setRelevance(java.lang.String relevance) {
+ this.relevance = relevance;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3AllowPolicyExplanation set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3AllowPolicyExplanation) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3AllowPolicyExplanation clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3AllowPolicyExplanation) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3ConditionContext.java b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3ConditionContext.java
new file mode 100644
index 00000000000..2d73c4e6f48
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3ConditionContext.java
@@ -0,0 +1,148 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3.model;
+
+/**
+ * Additional context for troubleshooting conditional role bindings and deny rules.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3ConditionContext extends com.google.api.client.json.GenericJson {
+
+ /**
+ * The destination of a network activity, such as accepting a TCP connection. In a multi-hop
+ * network activity, the destination represents the receiver of the last hop.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleCloudPolicytroubleshooterIamV3ConditionContextPeer destination;
+
+ /**
+ * Output only. The effective tags on the resource. The effective tags are fetched during
+ * troubleshooting.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List effectiveTags;
+
+ /**
+ * Represents a network request, such as an HTTP request.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleCloudPolicytroubleshooterIamV3ConditionContextRequest request;
+
+ /**
+ * Represents a target resource that is involved with a network activity. If multiple resources
+ * are involved with an activity, this must be the primary one.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleCloudPolicytroubleshooterIamV3ConditionContextResource resource;
+
+ /**
+ * The destination of a network activity, such as accepting a TCP connection. In a multi-hop
+ * network activity, the destination represents the receiver of the last hop.
+ * @return value or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3ConditionContextPeer getDestination() {
+ return destination;
+ }
+
+ /**
+ * The destination of a network activity, such as accepting a TCP connection. In a multi-hop
+ * network activity, the destination represents the receiver of the last hop.
+ * @param destination destination or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3ConditionContext setDestination(GoogleCloudPolicytroubleshooterIamV3ConditionContextPeer destination) {
+ this.destination = destination;
+ return this;
+ }
+
+ /**
+ * Output only. The effective tags on the resource. The effective tags are fetched during
+ * troubleshooting.
+ * @return value or {@code null} for none
+ */
+ public java.util.List getEffectiveTags() {
+ return effectiveTags;
+ }
+
+ /**
+ * Output only. The effective tags on the resource. The effective tags are fetched during
+ * troubleshooting.
+ * @param effectiveTags effectiveTags or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3ConditionContext setEffectiveTags(java.util.List effectiveTags) {
+ this.effectiveTags = effectiveTags;
+ return this;
+ }
+
+ /**
+ * Represents a network request, such as an HTTP request.
+ * @return value or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3ConditionContextRequest getRequest() {
+ return request;
+ }
+
+ /**
+ * Represents a network request, such as an HTTP request.
+ * @param request request or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3ConditionContext setRequest(GoogleCloudPolicytroubleshooterIamV3ConditionContextRequest request) {
+ this.request = request;
+ return this;
+ }
+
+ /**
+ * Represents a target resource that is involved with a network activity. If multiple resources
+ * are involved with an activity, this must be the primary one.
+ * @return value or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3ConditionContextResource getResource() {
+ return resource;
+ }
+
+ /**
+ * Represents a target resource that is involved with a network activity. If multiple resources
+ * are involved with an activity, this must be the primary one.
+ * @param resource resource or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3ConditionContext setResource(GoogleCloudPolicytroubleshooterIamV3ConditionContextResource resource) {
+ this.resource = resource;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3ConditionContext set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3ConditionContext) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3ConditionContext clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3ConditionContext) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3ConditionContextEffectiveTag.java b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3ConditionContextEffectiveTag.java
new file mode 100644
index 00000000000..acb3c60015f
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3ConditionContextEffectiveTag.java
@@ -0,0 +1,214 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3.model;
+
+/**
+ * A tag that applies to a resource during policy evaluation. Tags can be either directly bound to a
+ * resource or inherited from its ancestor. `EffectiveTag` contains the `name` and `namespaced_name`
+ * of the tag value and tag key, with additional fields of `inherited` to indicate the inheritance
+ * status of the effective tag.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3ConditionContextEffectiveTag extends com.google.api.client.json.GenericJson {
+
+ /**
+ * Output only. Indicates the inheritance status of a tag value attached to the given resource. If
+ * the tag value is inherited from one of the resource's ancestors, inherited will be true. If
+ * false, then the tag value is directly attached to the resource, inherited will be false.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.Boolean inherited;
+
+ /**
+ * Output only. The namespaced name of the TagKey. Can be in the form
+ * `{organization_id}/{tag_key_short_name}` or `{project_id}/{tag_key_short_name}` or
+ * `{project_number}/{tag_key_short_name}`.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String namespacedTagKey;
+
+ /**
+ * Output only. The namespaced name of the TagValue. Can be in the form
+ * `{organization_id}/{tag_key_short_name}/{tag_value_short_name}` or
+ * `{project_id}/{tag_key_short_name}/{tag_value_short_name}` or
+ * `{project_number}/{tag_key_short_name}/{tag_value_short_name}`.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String namespacedTagValue;
+
+ /**
+ * Output only. The name of the TagKey, in the format `tagKeys/{id}`, such as `tagKeys/123`.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String tagKey;
+
+ /**
+ * The parent name of the tag key. Must be in the format `organizations/{organization_id}` or
+ * `projects/{project_number}`
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String tagKeyParentName;
+
+ /**
+ * Output only. Resource name for TagValue in the format `tagValues/456`.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String tagValue;
+
+ /**
+ * Output only. Indicates the inheritance status of a tag value attached to the given resource. If
+ * the tag value is inherited from one of the resource's ancestors, inherited will be true. If
+ * false, then the tag value is directly attached to the resource, inherited will be false.
+ * @return value or {@code null} for none
+ */
+ public java.lang.Boolean getInherited() {
+ return inherited;
+ }
+
+ /**
+ * Output only. Indicates the inheritance status of a tag value attached to the given resource. If
+ * the tag value is inherited from one of the resource's ancestors, inherited will be true. If
+ * false, then the tag value is directly attached to the resource, inherited will be false.
+ * @param inherited inherited or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3ConditionContextEffectiveTag setInherited(java.lang.Boolean inherited) {
+ this.inherited = inherited;
+ return this;
+ }
+
+ /**
+ * Output only. The namespaced name of the TagKey. Can be in the form
+ * `{organization_id}/{tag_key_short_name}` or `{project_id}/{tag_key_short_name}` or
+ * `{project_number}/{tag_key_short_name}`.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getNamespacedTagKey() {
+ return namespacedTagKey;
+ }
+
+ /**
+ * Output only. The namespaced name of the TagKey. Can be in the form
+ * `{organization_id}/{tag_key_short_name}` or `{project_id}/{tag_key_short_name}` or
+ * `{project_number}/{tag_key_short_name}`.
+ * @param namespacedTagKey namespacedTagKey or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3ConditionContextEffectiveTag setNamespacedTagKey(java.lang.String namespacedTagKey) {
+ this.namespacedTagKey = namespacedTagKey;
+ return this;
+ }
+
+ /**
+ * Output only. The namespaced name of the TagValue. Can be in the form
+ * `{organization_id}/{tag_key_short_name}/{tag_value_short_name}` or
+ * `{project_id}/{tag_key_short_name}/{tag_value_short_name}` or
+ * `{project_number}/{tag_key_short_name}/{tag_value_short_name}`.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getNamespacedTagValue() {
+ return namespacedTagValue;
+ }
+
+ /**
+ * Output only. The namespaced name of the TagValue. Can be in the form
+ * `{organization_id}/{tag_key_short_name}/{tag_value_short_name}` or
+ * `{project_id}/{tag_key_short_name}/{tag_value_short_name}` or
+ * `{project_number}/{tag_key_short_name}/{tag_value_short_name}`.
+ * @param namespacedTagValue namespacedTagValue or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3ConditionContextEffectiveTag setNamespacedTagValue(java.lang.String namespacedTagValue) {
+ this.namespacedTagValue = namespacedTagValue;
+ return this;
+ }
+
+ /**
+ * Output only. The name of the TagKey, in the format `tagKeys/{id}`, such as `tagKeys/123`.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getTagKey() {
+ return tagKey;
+ }
+
+ /**
+ * Output only. The name of the TagKey, in the format `tagKeys/{id}`, such as `tagKeys/123`.
+ * @param tagKey tagKey or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3ConditionContextEffectiveTag setTagKey(java.lang.String tagKey) {
+ this.tagKey = tagKey;
+ return this;
+ }
+
+ /**
+ * The parent name of the tag key. Must be in the format `organizations/{organization_id}` or
+ * `projects/{project_number}`
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getTagKeyParentName() {
+ return tagKeyParentName;
+ }
+
+ /**
+ * The parent name of the tag key. Must be in the format `organizations/{organization_id}` or
+ * `projects/{project_number}`
+ * @param tagKeyParentName tagKeyParentName or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3ConditionContextEffectiveTag setTagKeyParentName(java.lang.String tagKeyParentName) {
+ this.tagKeyParentName = tagKeyParentName;
+ return this;
+ }
+
+ /**
+ * Output only. Resource name for TagValue in the format `tagValues/456`.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getTagValue() {
+ return tagValue;
+ }
+
+ /**
+ * Output only. Resource name for TagValue in the format `tagValues/456`.
+ * @param tagValue tagValue or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3ConditionContextEffectiveTag setTagValue(java.lang.String tagValue) {
+ this.tagValue = tagValue;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3ConditionContextEffectiveTag set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3ConditionContextEffectiveTag) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3ConditionContextEffectiveTag clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3ConditionContextEffectiveTag) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3ConditionContextPeer.java b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3ConditionContextPeer.java
new file mode 100644
index 00000000000..53af1f6118a
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3ConditionContextPeer.java
@@ -0,0 +1,93 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3.model;
+
+/**
+ * This message defines attributes for a node that handles a network request. The node can be either
+ * a service or an application that sends, forwards, or receives the request. Service peers should
+ * fill in `principal` and `labels` as appropriate.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3ConditionContextPeer extends com.google.api.client.json.GenericJson {
+
+ /**
+ * The IPv4 or IPv6 address of the peer.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String ip;
+
+ /**
+ * The network port of the peer.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key @com.google.api.client.json.JsonString
+ private java.lang.Long port;
+
+ /**
+ * The IPv4 or IPv6 address of the peer.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getIp() {
+ return ip;
+ }
+
+ /**
+ * The IPv4 or IPv6 address of the peer.
+ * @param ip ip or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3ConditionContextPeer setIp(java.lang.String ip) {
+ this.ip = ip;
+ return this;
+ }
+
+ /**
+ * The network port of the peer.
+ * @return value or {@code null} for none
+ */
+ public java.lang.Long getPort() {
+ return port;
+ }
+
+ /**
+ * The network port of the peer.
+ * @param port port or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3ConditionContextPeer setPort(java.lang.Long port) {
+ this.port = port;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3ConditionContextPeer set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3ConditionContextPeer) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3ConditionContextPeer clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3ConditionContextPeer) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3ConditionContextRequest.java b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3ConditionContextRequest.java
new file mode 100644
index 00000000000..594b10ea6da
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3ConditionContextRequest.java
@@ -0,0 +1,68 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3.model;
+
+/**
+ * This message defines attributes for an HTTP request. If the actual request is not an HTTP
+ * request, the runtime system should try to map the actual request to an equivalent HTTP request.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3ConditionContextRequest extends com.google.api.client.json.GenericJson {
+
+ /**
+ * Optional. The timestamp when the destination service receives the first byte of the request.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private String receiveTime;
+
+ /**
+ * Optional. The timestamp when the destination service receives the first byte of the request.
+ * @return value or {@code null} for none
+ */
+ public String getReceiveTime() {
+ return receiveTime;
+ }
+
+ /**
+ * Optional. The timestamp when the destination service receives the first byte of the request.
+ * @param receiveTime receiveTime or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3ConditionContextRequest setReceiveTime(String receiveTime) {
+ this.receiveTime = receiveTime;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3ConditionContextRequest set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3ConditionContextRequest) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3ConditionContextRequest clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3ConditionContextRequest) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3ConditionContextResource.java b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3ConditionContextResource.java
new file mode 100644
index 00000000000..c5a9bfb8531
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3ConditionContextResource.java
@@ -0,0 +1,134 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3.model;
+
+/**
+ * Core attributes for a resource. A resource is an addressable (named) entity provided by the
+ * destination service. For example, a Compute Engine instance.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3ConditionContextResource extends com.google.api.client.json.GenericJson {
+
+ /**
+ * The stable identifier (name) of a resource on the `service`. A resource can be logically
+ * identified as `//{resource.service}/{resource.name}`. Unlike the resource URI, the resource
+ * name doesn't contain any protocol and version information. For a list of full resource name
+ * formats, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String name;
+
+ /**
+ * The name of the service that this resource belongs to, such as `compute.googleapis.com`. The
+ * service name might not match the DNS hostname that actually serves the request. For a full list
+ * of resource service values, see https://cloud.google.com/iam/help/conditions/resource-services
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String service;
+
+ /**
+ * The type of the resource, in the format `{service}/{kind}`. For a full list of resource type
+ * values, see https://cloud.google.com/iam/help/conditions/resource-types
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String type;
+
+ /**
+ * The stable identifier (name) of a resource on the `service`. A resource can be logically
+ * identified as `//{resource.service}/{resource.name}`. Unlike the resource URI, the resource
+ * name doesn't contain any protocol and version information. For a list of full resource name
+ * formats, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getName() {
+ return name;
+ }
+
+ /**
+ * The stable identifier (name) of a resource on the `service`. A resource can be logically
+ * identified as `//{resource.service}/{resource.name}`. Unlike the resource URI, the resource
+ * name doesn't contain any protocol and version information. For a list of full resource name
+ * formats, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names
+ * @param name name or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3ConditionContextResource setName(java.lang.String name) {
+ this.name = name;
+ return this;
+ }
+
+ /**
+ * The name of the service that this resource belongs to, such as `compute.googleapis.com`. The
+ * service name might not match the DNS hostname that actually serves the request. For a full list
+ * of resource service values, see https://cloud.google.com/iam/help/conditions/resource-services
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getService() {
+ return service;
+ }
+
+ /**
+ * The name of the service that this resource belongs to, such as `compute.googleapis.com`. The
+ * service name might not match the DNS hostname that actually serves the request. For a full list
+ * of resource service values, see https://cloud.google.com/iam/help/conditions/resource-services
+ * @param service service or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3ConditionContextResource setService(java.lang.String service) {
+ this.service = service;
+ return this;
+ }
+
+ /**
+ * The type of the resource, in the format `{service}/{kind}`. For a full list of resource type
+ * values, see https://cloud.google.com/iam/help/conditions/resource-types
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getType() {
+ return type;
+ }
+
+ /**
+ * The type of the resource, in the format `{service}/{kind}`. For a full list of resource type
+ * values, see https://cloud.google.com/iam/help/conditions/resource-types
+ * @param type type or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3ConditionContextResource setType(java.lang.String type) {
+ this.type = type;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3ConditionContextResource set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3ConditionContextResource) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3ConditionContextResource clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3ConditionContextResource) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3ConditionExplanation.java b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3ConditionExplanation.java
new file mode 100644
index 00000000000..99fd034ce18
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3ConditionExplanation.java
@@ -0,0 +1,118 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3.model;
+
+/**
+ * Explanation for how a condition affects a principal's access
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3ConditionExplanation extends com.google.api.client.json.GenericJson {
+
+ /**
+ * Any errors that prevented complete evaluation of the condition expression.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List errors;
+
+ /**
+ * The value of each statement of the condition expression. The value can be `true`, `false`, or
+ * `null`. The value is `null` if the statement can't be evaluated.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List evaluationStates;
+
+ /**
+ * Value of the condition.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.Object value;
+
+ /**
+ * Any errors that prevented complete evaluation of the condition expression.
+ * @return value or {@code null} for none
+ */
+ public java.util.List getErrors() {
+ return errors;
+ }
+
+ /**
+ * Any errors that prevented complete evaluation of the condition expression.
+ * @param errors errors or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3ConditionExplanation setErrors(java.util.List errors) {
+ this.errors = errors;
+ return this;
+ }
+
+ /**
+ * The value of each statement of the condition expression. The value can be `true`, `false`, or
+ * `null`. The value is `null` if the statement can't be evaluated.
+ * @return value or {@code null} for none
+ */
+ public java.util.List getEvaluationStates() {
+ return evaluationStates;
+ }
+
+ /**
+ * The value of each statement of the condition expression. The value can be `true`, `false`, or
+ * `null`. The value is `null` if the statement can't be evaluated.
+ * @param evaluationStates evaluationStates or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3ConditionExplanation setEvaluationStates(java.util.List evaluationStates) {
+ this.evaluationStates = evaluationStates;
+ return this;
+ }
+
+ /**
+ * Value of the condition.
+ * @return value or {@code null} for none
+ */
+ public java.lang.Object getValue() {
+ return value;
+ }
+
+ /**
+ * Value of the condition.
+ * @param value value or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3ConditionExplanation setValue(java.lang.Object value) {
+ this.value = value;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3ConditionExplanation set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3ConditionExplanation) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3ConditionExplanation clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3ConditionExplanation) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3ConditionExplanationEvaluationState.java b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3ConditionExplanationEvaluationState.java
new file mode 100644
index 00000000000..42018cae9d9
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3ConditionExplanationEvaluationState.java
@@ -0,0 +1,142 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3.model;
+
+/**
+ * Evaluated state of a condition expression.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3ConditionExplanationEvaluationState extends com.google.api.client.json.GenericJson {
+
+ /**
+ * End position of an expression in the condition, by character, end included, for example: the
+ * end position of the first part of `a==b || c==d` would be 4.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.Integer end;
+
+ /**
+ * Any errors that prevented complete evaluation of the condition expression.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List errors;
+
+ /**
+ * Start position of an expression in the condition, by character.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.Integer start;
+
+ /**
+ * Value of this expression.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.Object value;
+
+ /**
+ * End position of an expression in the condition, by character, end included, for example: the
+ * end position of the first part of `a==b || c==d` would be 4.
+ * @return value or {@code null} for none
+ */
+ public java.lang.Integer getEnd() {
+ return end;
+ }
+
+ /**
+ * End position of an expression in the condition, by character, end included, for example: the
+ * end position of the first part of `a==b || c==d` would be 4.
+ * @param end end or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3ConditionExplanationEvaluationState setEnd(java.lang.Integer end) {
+ this.end = end;
+ return this;
+ }
+
+ /**
+ * Any errors that prevented complete evaluation of the condition expression.
+ * @return value or {@code null} for none
+ */
+ public java.util.List getErrors() {
+ return errors;
+ }
+
+ /**
+ * Any errors that prevented complete evaluation of the condition expression.
+ * @param errors errors or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3ConditionExplanationEvaluationState setErrors(java.util.List errors) {
+ this.errors = errors;
+ return this;
+ }
+
+ /**
+ * Start position of an expression in the condition, by character.
+ * @return value or {@code null} for none
+ */
+ public java.lang.Integer getStart() {
+ return start;
+ }
+
+ /**
+ * Start position of an expression in the condition, by character.
+ * @param start start or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3ConditionExplanationEvaluationState setStart(java.lang.Integer start) {
+ this.start = start;
+ return this;
+ }
+
+ /**
+ * Value of this expression.
+ * @return value or {@code null} for none
+ */
+ public java.lang.Object getValue() {
+ return value;
+ }
+
+ /**
+ * Value of this expression.
+ * @param value value or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3ConditionExplanationEvaluationState setValue(java.lang.Object value) {
+ this.value = value;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3ConditionExplanationEvaluationState set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3ConditionExplanationEvaluationState) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3ConditionExplanationEvaluationState clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3ConditionExplanationEvaluationState) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3DenyPolicyExplanation.java b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3DenyPolicyExplanation.java
new file mode 100644
index 00000000000..f4ded02ee9f
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3DenyPolicyExplanation.java
@@ -0,0 +1,160 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3.model;
+
+/**
+ * Details about how the relevant IAM deny policies affect the final access state.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3DenyPolicyExplanation extends com.google.api.client.json.GenericJson {
+
+ /**
+ * Indicates whether the principal is denied the specified permission for the specified resource,
+ * based on evaluating all applicable IAM deny policies.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String denyAccessState;
+
+ /**
+ * List of resources with IAM deny policies that were evaluated to check the principal's denied
+ * permissions, with annotations to indicate how each policy contributed to the final result. The
+ * list of resources includes the policy for the resource itself, as well as policies that are
+ * inherited from higher levels of the resource hierarchy, including the organization, the folder,
+ * and the project. The order of the resources starts from the resource and climbs up the resource
+ * hierarchy. To learn more about the resource hierarchy, see
+ * https://cloud.google.com/iam/help/resource-hierarchy.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List explainedResources;
+
+ /**
+ * Indicates whether the permission to troubleshoot is supported in deny policies.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.Boolean permissionDeniable;
+
+ /**
+ * The relevance of the deny policy result to the overall access state.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String relevance;
+
+ /**
+ * Indicates whether the principal is denied the specified permission for the specified resource,
+ * based on evaluating all applicable IAM deny policies.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getDenyAccessState() {
+ return denyAccessState;
+ }
+
+ /**
+ * Indicates whether the principal is denied the specified permission for the specified resource,
+ * based on evaluating all applicable IAM deny policies.
+ * @param denyAccessState denyAccessState or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3DenyPolicyExplanation setDenyAccessState(java.lang.String denyAccessState) {
+ this.denyAccessState = denyAccessState;
+ return this;
+ }
+
+ /**
+ * List of resources with IAM deny policies that were evaluated to check the principal's denied
+ * permissions, with annotations to indicate how each policy contributed to the final result. The
+ * list of resources includes the policy for the resource itself, as well as policies that are
+ * inherited from higher levels of the resource hierarchy, including the organization, the folder,
+ * and the project. The order of the resources starts from the resource and climbs up the resource
+ * hierarchy. To learn more about the resource hierarchy, see
+ * https://cloud.google.com/iam/help/resource-hierarchy.
+ * @return value or {@code null} for none
+ */
+ public java.util.List getExplainedResources() {
+ return explainedResources;
+ }
+
+ /**
+ * List of resources with IAM deny policies that were evaluated to check the principal's denied
+ * permissions, with annotations to indicate how each policy contributed to the final result. The
+ * list of resources includes the policy for the resource itself, as well as policies that are
+ * inherited from higher levels of the resource hierarchy, including the organization, the folder,
+ * and the project. The order of the resources starts from the resource and climbs up the resource
+ * hierarchy. To learn more about the resource hierarchy, see
+ * https://cloud.google.com/iam/help/resource-hierarchy.
+ * @param explainedResources explainedResources or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3DenyPolicyExplanation setExplainedResources(java.util.List explainedResources) {
+ this.explainedResources = explainedResources;
+ return this;
+ }
+
+ /**
+ * Indicates whether the permission to troubleshoot is supported in deny policies.
+ * @return value or {@code null} for none
+ */
+ public java.lang.Boolean getPermissionDeniable() {
+ return permissionDeniable;
+ }
+
+ /**
+ * Indicates whether the permission to troubleshoot is supported in deny policies.
+ * @param permissionDeniable permissionDeniable or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3DenyPolicyExplanation setPermissionDeniable(java.lang.Boolean permissionDeniable) {
+ this.permissionDeniable = permissionDeniable;
+ return this;
+ }
+
+ /**
+ * The relevance of the deny policy result to the overall access state.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getRelevance() {
+ return relevance;
+ }
+
+ /**
+ * The relevance of the deny policy result to the overall access state.
+ * @param relevance relevance or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3DenyPolicyExplanation setRelevance(java.lang.String relevance) {
+ this.relevance = relevance;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3DenyPolicyExplanation set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3DenyPolicyExplanation) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3DenyPolicyExplanation clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3DenyPolicyExplanation) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanation.java b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanation.java
new file mode 100644
index 00000000000..cbd332aade9
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanation.java
@@ -0,0 +1,388 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3.model;
+
+/**
+ * Details about how a deny rule in a deny policy affects a principal's ability to use a permission.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanation extends com.google.api.client.json.GenericJson {
+
+ /**
+ * Indicates whether the permission in the request is listed as a denied permission in the deny
+ * rule.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedPermissionMatching combinedDeniedPermission;
+
+ /**
+ * Indicates whether the principal is listed as a denied principal in the deny rule, either
+ * directly or through membership in a principal set.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedDenyPrincipalMatching combinedDeniedPrincipal;
+
+ /**
+ * Indicates whether the permission in the request is listed as an exception permission in the
+ * deny rule.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedPermissionMatching combinedExceptionPermission;
+
+ /**
+ * Indicates whether the principal is listed as an exception principal in the deny rule, either
+ * directly or through membership in a principal set.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedDenyPrincipalMatching combinedExceptionPrincipal;
+
+ /**
+ * A condition expression that specifies when the deny rule denies the principal access. To learn
+ * about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleTypeExpr condition;
+
+ /**
+ * Condition evaluation state for this role binding.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleCloudPolicytroubleshooterIamV3ConditionExplanation conditionExplanation;
+
+ /**
+ * Lists all denied permissions in the deny rule and indicates whether each permission matches the
+ * permission in the request. Each key identifies a denied permission in the rule, and each value
+ * indicates whether the denied permission matches the permission in the request.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.Map deniedPermissions;
+
+ /**
+ * Lists all denied principals in the deny rule and indicates whether each principal matches the
+ * principal in the request, either directly or through membership in a principal set. Each key
+ * identifies a denied principal in the rule, and each value indicates whether the denied
+ * principal matches the principal in the request.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.Map deniedPrincipals;
+
+ /**
+ * Required. Indicates whether _this rule_ denies the specified permission to the specified
+ * principal for the specified resource. This field does _not_ indicate whether the principal is
+ * actually denied on the permission for the resource. There might be another rule that overrides
+ * this rule. To determine whether the principal actually has the permission, use the
+ * `overall_access_state` field in the TroubleshootIamPolicyResponse.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String denyAccessState;
+
+ /**
+ * Lists all exception permissions in the deny rule and indicates whether each permission matches
+ * the permission in the request. Each key identifies a exception permission in the rule, and each
+ * value indicates whether the exception permission matches the permission in the request.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.Map exceptionPermissions;
+
+ /**
+ * Lists all exception principals in the deny rule and indicates whether each principal matches
+ * the principal in the request, either directly or through membership in a principal set. Each
+ * key identifies a exception principal in the rule, and each value indicates whether the
+ * exception principal matches the principal in the request.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.Map exceptionPrincipals;
+
+ /**
+ * The relevance of this role binding to the overall determination for the entire policy.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String relevance;
+
+ /**
+ * Indicates whether the permission in the request is listed as a denied permission in the deny
+ * rule.
+ * @return value or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedPermissionMatching getCombinedDeniedPermission() {
+ return combinedDeniedPermission;
+ }
+
+ /**
+ * Indicates whether the permission in the request is listed as a denied permission in the deny
+ * rule.
+ * @param combinedDeniedPermission combinedDeniedPermission or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanation setCombinedDeniedPermission(GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedPermissionMatching combinedDeniedPermission) {
+ this.combinedDeniedPermission = combinedDeniedPermission;
+ return this;
+ }
+
+ /**
+ * Indicates whether the principal is listed as a denied principal in the deny rule, either
+ * directly or through membership in a principal set.
+ * @return value or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedDenyPrincipalMatching getCombinedDeniedPrincipal() {
+ return combinedDeniedPrincipal;
+ }
+
+ /**
+ * Indicates whether the principal is listed as a denied principal in the deny rule, either
+ * directly or through membership in a principal set.
+ * @param combinedDeniedPrincipal combinedDeniedPrincipal or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanation setCombinedDeniedPrincipal(GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedDenyPrincipalMatching combinedDeniedPrincipal) {
+ this.combinedDeniedPrincipal = combinedDeniedPrincipal;
+ return this;
+ }
+
+ /**
+ * Indicates whether the permission in the request is listed as an exception permission in the
+ * deny rule.
+ * @return value or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedPermissionMatching getCombinedExceptionPermission() {
+ return combinedExceptionPermission;
+ }
+
+ /**
+ * Indicates whether the permission in the request is listed as an exception permission in the
+ * deny rule.
+ * @param combinedExceptionPermission combinedExceptionPermission or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanation setCombinedExceptionPermission(GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedPermissionMatching combinedExceptionPermission) {
+ this.combinedExceptionPermission = combinedExceptionPermission;
+ return this;
+ }
+
+ /**
+ * Indicates whether the principal is listed as an exception principal in the deny rule, either
+ * directly or through membership in a principal set.
+ * @return value or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedDenyPrincipalMatching getCombinedExceptionPrincipal() {
+ return combinedExceptionPrincipal;
+ }
+
+ /**
+ * Indicates whether the principal is listed as an exception principal in the deny rule, either
+ * directly or through membership in a principal set.
+ * @param combinedExceptionPrincipal combinedExceptionPrincipal or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanation setCombinedExceptionPrincipal(GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedDenyPrincipalMatching combinedExceptionPrincipal) {
+ this.combinedExceptionPrincipal = combinedExceptionPrincipal;
+ return this;
+ }
+
+ /**
+ * A condition expression that specifies when the deny rule denies the principal access. To learn
+ * about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.
+ * @return value or {@code null} for none
+ */
+ public GoogleTypeExpr getCondition() {
+ return condition;
+ }
+
+ /**
+ * A condition expression that specifies when the deny rule denies the principal access. To learn
+ * about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.
+ * @param condition condition or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanation setCondition(GoogleTypeExpr condition) {
+ this.condition = condition;
+ return this;
+ }
+
+ /**
+ * Condition evaluation state for this role binding.
+ * @return value or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3ConditionExplanation getConditionExplanation() {
+ return conditionExplanation;
+ }
+
+ /**
+ * Condition evaluation state for this role binding.
+ * @param conditionExplanation conditionExplanation or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanation setConditionExplanation(GoogleCloudPolicytroubleshooterIamV3ConditionExplanation conditionExplanation) {
+ this.conditionExplanation = conditionExplanation;
+ return this;
+ }
+
+ /**
+ * Lists all denied permissions in the deny rule and indicates whether each permission matches the
+ * permission in the request. Each key identifies a denied permission in the rule, and each value
+ * indicates whether the denied permission matches the permission in the request.
+ * @return value or {@code null} for none
+ */
+ public java.util.Map getDeniedPermissions() {
+ return deniedPermissions;
+ }
+
+ /**
+ * Lists all denied permissions in the deny rule and indicates whether each permission matches the
+ * permission in the request. Each key identifies a denied permission in the rule, and each value
+ * indicates whether the denied permission matches the permission in the request.
+ * @param deniedPermissions deniedPermissions or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanation setDeniedPermissions(java.util.Map deniedPermissions) {
+ this.deniedPermissions = deniedPermissions;
+ return this;
+ }
+
+ /**
+ * Lists all denied principals in the deny rule and indicates whether each principal matches the
+ * principal in the request, either directly or through membership in a principal set. Each key
+ * identifies a denied principal in the rule, and each value indicates whether the denied
+ * principal matches the principal in the request.
+ * @return value or {@code null} for none
+ */
+ public java.util.Map getDeniedPrincipals() {
+ return deniedPrincipals;
+ }
+
+ /**
+ * Lists all denied principals in the deny rule and indicates whether each principal matches the
+ * principal in the request, either directly or through membership in a principal set. Each key
+ * identifies a denied principal in the rule, and each value indicates whether the denied
+ * principal matches the principal in the request.
+ * @param deniedPrincipals deniedPrincipals or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanation setDeniedPrincipals(java.util.Map deniedPrincipals) {
+ this.deniedPrincipals = deniedPrincipals;
+ return this;
+ }
+
+ /**
+ * Required. Indicates whether _this rule_ denies the specified permission to the specified
+ * principal for the specified resource. This field does _not_ indicate whether the principal is
+ * actually denied on the permission for the resource. There might be another rule that overrides
+ * this rule. To determine whether the principal actually has the permission, use the
+ * `overall_access_state` field in the TroubleshootIamPolicyResponse.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getDenyAccessState() {
+ return denyAccessState;
+ }
+
+ /**
+ * Required. Indicates whether _this rule_ denies the specified permission to the specified
+ * principal for the specified resource. This field does _not_ indicate whether the principal is
+ * actually denied on the permission for the resource. There might be another rule that overrides
+ * this rule. To determine whether the principal actually has the permission, use the
+ * `overall_access_state` field in the TroubleshootIamPolicyResponse.
+ * @param denyAccessState denyAccessState or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanation setDenyAccessState(java.lang.String denyAccessState) {
+ this.denyAccessState = denyAccessState;
+ return this;
+ }
+
+ /**
+ * Lists all exception permissions in the deny rule and indicates whether each permission matches
+ * the permission in the request. Each key identifies a exception permission in the rule, and each
+ * value indicates whether the exception permission matches the permission in the request.
+ * @return value or {@code null} for none
+ */
+ public java.util.Map getExceptionPermissions() {
+ return exceptionPermissions;
+ }
+
+ /**
+ * Lists all exception permissions in the deny rule and indicates whether each permission matches
+ * the permission in the request. Each key identifies a exception permission in the rule, and each
+ * value indicates whether the exception permission matches the permission in the request.
+ * @param exceptionPermissions exceptionPermissions or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanation setExceptionPermissions(java.util.Map exceptionPermissions) {
+ this.exceptionPermissions = exceptionPermissions;
+ return this;
+ }
+
+ /**
+ * Lists all exception principals in the deny rule and indicates whether each principal matches
+ * the principal in the request, either directly or through membership in a principal set. Each
+ * key identifies a exception principal in the rule, and each value indicates whether the
+ * exception principal matches the principal in the request.
+ * @return value or {@code null} for none
+ */
+ public java.util.Map getExceptionPrincipals() {
+ return exceptionPrincipals;
+ }
+
+ /**
+ * Lists all exception principals in the deny rule and indicates whether each principal matches
+ * the principal in the request, either directly or through membership in a principal set. Each
+ * key identifies a exception principal in the rule, and each value indicates whether the
+ * exception principal matches the principal in the request.
+ * @param exceptionPrincipals exceptionPrincipals or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanation setExceptionPrincipals(java.util.Map exceptionPrincipals) {
+ this.exceptionPrincipals = exceptionPrincipals;
+ return this;
+ }
+
+ /**
+ * The relevance of this role binding to the overall determination for the entire policy.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getRelevance() {
+ return relevance;
+ }
+
+ /**
+ * The relevance of this role binding to the overall determination for the entire policy.
+ * @param relevance relevance or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanation setRelevance(java.lang.String relevance) {
+ this.relevance = relevance;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanation set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanation) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanation clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanation) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedDenyPrincipalMatching.java b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedDenyPrincipalMatching.java
new file mode 100644
index 00000000000..0b7dcf2c717
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedDenyPrincipalMatching.java
@@ -0,0 +1,95 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3.model;
+
+/**
+ * Details about whether the principal in the request is listed as a denied principal in the deny
+ * rule, either directly or through membership in a principal set.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedDenyPrincipalMatching extends com.google.api.client.json.GenericJson {
+
+ /**
+ * Indicates whether the principal is listed as a denied principal in the deny rule, either
+ * directly or through membership in a principal set.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String membership;
+
+ /**
+ * The relevance of the principal's status to the overall determination for the role binding.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String relevance;
+
+ /**
+ * Indicates whether the principal is listed as a denied principal in the deny rule, either
+ * directly or through membership in a principal set.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getMembership() {
+ return membership;
+ }
+
+ /**
+ * Indicates whether the principal is listed as a denied principal in the deny rule, either
+ * directly or through membership in a principal set.
+ * @param membership membership or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedDenyPrincipalMatching setMembership(java.lang.String membership) {
+ this.membership = membership;
+ return this;
+ }
+
+ /**
+ * The relevance of the principal's status to the overall determination for the role binding.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getRelevance() {
+ return relevance;
+ }
+
+ /**
+ * The relevance of the principal's status to the overall determination for the role binding.
+ * @param relevance relevance or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedDenyPrincipalMatching setRelevance(java.lang.String relevance) {
+ this.relevance = relevance;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedDenyPrincipalMatching set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedDenyPrincipalMatching) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedDenyPrincipalMatching clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedDenyPrincipalMatching) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedPermissionMatching.java b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedPermissionMatching.java
new file mode 100644
index 00000000000..0399aa8db3a
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedPermissionMatching.java
@@ -0,0 +1,91 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3.model;
+
+/**
+ * Details about whether the permission in the request is denied by the deny rule.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedPermissionMatching extends com.google.api.client.json.GenericJson {
+
+ /**
+ * Indicates whether the permission in the request is denied by the deny rule.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String permissionMatchingState;
+
+ /**
+ * The relevance of the permission status to the overall determination for the rule.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String relevance;
+
+ /**
+ * Indicates whether the permission in the request is denied by the deny rule.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getPermissionMatchingState() {
+ return permissionMatchingState;
+ }
+
+ /**
+ * Indicates whether the permission in the request is denied by the deny rule.
+ * @param permissionMatchingState permissionMatchingState or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedPermissionMatching setPermissionMatchingState(java.lang.String permissionMatchingState) {
+ this.permissionMatchingState = permissionMatchingState;
+ return this;
+ }
+
+ /**
+ * The relevance of the permission status to the overall determination for the rule.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getRelevance() {
+ return relevance;
+ }
+
+ /**
+ * The relevance of the permission status to the overall determination for the rule.
+ * @param relevance relevance or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedPermissionMatching setRelevance(java.lang.String relevance) {
+ this.relevance = relevance;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedPermissionMatching set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedPermissionMatching) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedPermissionMatching clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanationAnnotatedPermissionMatching) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3ExplainedAllowPolicy.java b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3ExplainedAllowPolicy.java
new file mode 100644
index 00000000000..8a26168c7c0
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3ExplainedAllowPolicy.java
@@ -0,0 +1,208 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3.model;
+
+/**
+ * Details about how a specific IAM allow policy contributed to the final access state.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3ExplainedAllowPolicy extends com.google.api.client.json.GenericJson {
+
+ /**
+ * Required. Indicates whether _this policy_ provides the specified permission to the specified
+ * principal for the specified resource. This field does _not_ indicate whether the principal
+ * actually has the permission for the resource. There might be another policy that overrides this
+ * policy. To determine whether the principal actually has the permission, use the
+ * `overall_access_state` field in the TroubleshootIamPolicyResponse.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String allowAccessState;
+
+ /**
+ * Details about how each role binding in the policy affects the principal's ability, or
+ * inability, to use the permission for the resource. The order of the role bindings matches the
+ * role binding order in the policy. If the sender of the request does not have access to the
+ * policy, this field is omitted.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List bindingExplanations;
+
+ static {
+ // hack to force ProGuard to consider GoogleCloudPolicytroubleshooterIamV3AllowBindingExplanation used, since otherwise it would be stripped out
+ // see https://github.com/google/google-api-java-client/issues/543
+ com.google.api.client.util.Data.nullOf(GoogleCloudPolicytroubleshooterIamV3AllowBindingExplanation.class);
+ }
+
+ /**
+ * The full resource name that identifies the resource. For example,
+ * `//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance`. If
+ * the sender of the request does not have access to the policy, this field is omitted. For
+ * examples of full resource names for Google Cloud services, see
+ * https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String fullResourceName;
+
+ /**
+ * The IAM allow policy attached to the resource. If the sender of the request does not have
+ * access to the policy, this field is empty.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleIamV1Policy policy;
+
+ /**
+ * The relevance of this policy to the overall access state in the TroubleshootIamPolicyResponse.
+ * If the sender of the request does not have access to the policy, this field is omitted.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String relevance;
+
+ /**
+ * Required. Indicates whether _this policy_ provides the specified permission to the specified
+ * principal for the specified resource. This field does _not_ indicate whether the principal
+ * actually has the permission for the resource. There might be another policy that overrides this
+ * policy. To determine whether the principal actually has the permission, use the
+ * `overall_access_state` field in the TroubleshootIamPolicyResponse.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getAllowAccessState() {
+ return allowAccessState;
+ }
+
+ /**
+ * Required. Indicates whether _this policy_ provides the specified permission to the specified
+ * principal for the specified resource. This field does _not_ indicate whether the principal
+ * actually has the permission for the resource. There might be another policy that overrides this
+ * policy. To determine whether the principal actually has the permission, use the
+ * `overall_access_state` field in the TroubleshootIamPolicyResponse.
+ * @param allowAccessState allowAccessState or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3ExplainedAllowPolicy setAllowAccessState(java.lang.String allowAccessState) {
+ this.allowAccessState = allowAccessState;
+ return this;
+ }
+
+ /**
+ * Details about how each role binding in the policy affects the principal's ability, or
+ * inability, to use the permission for the resource. The order of the role bindings matches the
+ * role binding order in the policy. If the sender of the request does not have access to the
+ * policy, this field is omitted.
+ * @return value or {@code null} for none
+ */
+ public java.util.List getBindingExplanations() {
+ return bindingExplanations;
+ }
+
+ /**
+ * Details about how each role binding in the policy affects the principal's ability, or
+ * inability, to use the permission for the resource. The order of the role bindings matches the
+ * role binding order in the policy. If the sender of the request does not have access to the
+ * policy, this field is omitted.
+ * @param bindingExplanations bindingExplanations or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3ExplainedAllowPolicy setBindingExplanations(java.util.List bindingExplanations) {
+ this.bindingExplanations = bindingExplanations;
+ return this;
+ }
+
+ /**
+ * The full resource name that identifies the resource. For example,
+ * `//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance`. If
+ * the sender of the request does not have access to the policy, this field is omitted. For
+ * examples of full resource names for Google Cloud services, see
+ * https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getFullResourceName() {
+ return fullResourceName;
+ }
+
+ /**
+ * The full resource name that identifies the resource. For example,
+ * `//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance`. If
+ * the sender of the request does not have access to the policy, this field is omitted. For
+ * examples of full resource names for Google Cloud services, see
+ * https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
+ * @param fullResourceName fullResourceName or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3ExplainedAllowPolicy setFullResourceName(java.lang.String fullResourceName) {
+ this.fullResourceName = fullResourceName;
+ return this;
+ }
+
+ /**
+ * The IAM allow policy attached to the resource. If the sender of the request does not have
+ * access to the policy, this field is empty.
+ * @return value or {@code null} for none
+ */
+ public GoogleIamV1Policy getPolicy() {
+ return policy;
+ }
+
+ /**
+ * The IAM allow policy attached to the resource. If the sender of the request does not have
+ * access to the policy, this field is empty.
+ * @param policy policy or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3ExplainedAllowPolicy setPolicy(GoogleIamV1Policy policy) {
+ this.policy = policy;
+ return this;
+ }
+
+ /**
+ * The relevance of this policy to the overall access state in the TroubleshootIamPolicyResponse.
+ * If the sender of the request does not have access to the policy, this field is omitted.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getRelevance() {
+ return relevance;
+ }
+
+ /**
+ * The relevance of this policy to the overall access state in the TroubleshootIamPolicyResponse.
+ * If the sender of the request does not have access to the policy, this field is omitted.
+ * @param relevance relevance or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3ExplainedAllowPolicy setRelevance(java.lang.String relevance) {
+ this.relevance = relevance;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3ExplainedAllowPolicy set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3ExplainedAllowPolicy) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3ExplainedAllowPolicy clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3ExplainedAllowPolicy) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3ExplainedDenyPolicy.java b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3ExplainedDenyPolicy.java
new file mode 100644
index 00000000000..acc44ec7f8a
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3ExplainedDenyPolicy.java
@@ -0,0 +1,172 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3.model;
+
+/**
+ * Details about how a specific IAM deny policy Policy contributed to the access check.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3ExplainedDenyPolicy extends com.google.api.client.json.GenericJson {
+
+ /**
+ * Required. Indicates whether _this policy_ denies the specified permission to the specified
+ * principal for the specified resource. This field does _not_ indicate whether the principal
+ * actually has the permission for the resource. There might be another policy that overrides this
+ * policy. To determine whether the principal actually has the permission, use the
+ * `overall_access_state` field in the TroubleshootIamPolicyResponse.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String denyAccessState;
+
+ /**
+ * The IAM deny policy attached to the resource. If the sender of the request does not have access
+ * to the policy, this field is omitted.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleIamV2Policy policy;
+
+ /**
+ * The relevance of this policy to the overall access state in the TroubleshootIamPolicyResponse.
+ * If the sender of the request does not have access to the policy, this field is omitted.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String relevance;
+
+ /**
+ * Details about how each rule in the policy affects the principal's inability to use the
+ * permission for the resource. The order of the deny rule matches the order of the rules in the
+ * deny policy. If the sender of the request does not have access to the policy, this field is
+ * omitted.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List ruleExplanations;
+
+ static {
+ // hack to force ProGuard to consider GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanation used, since otherwise it would be stripped out
+ // see https://github.com/google/google-api-java-client/issues/543
+ com.google.api.client.util.Data.nullOf(GoogleCloudPolicytroubleshooterIamV3DenyRuleExplanation.class);
+ }
+
+ /**
+ * Required. Indicates whether _this policy_ denies the specified permission to the specified
+ * principal for the specified resource. This field does _not_ indicate whether the principal
+ * actually has the permission for the resource. There might be another policy that overrides this
+ * policy. To determine whether the principal actually has the permission, use the
+ * `overall_access_state` field in the TroubleshootIamPolicyResponse.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getDenyAccessState() {
+ return denyAccessState;
+ }
+
+ /**
+ * Required. Indicates whether _this policy_ denies the specified permission to the specified
+ * principal for the specified resource. This field does _not_ indicate whether the principal
+ * actually has the permission for the resource. There might be another policy that overrides this
+ * policy. To determine whether the principal actually has the permission, use the
+ * `overall_access_state` field in the TroubleshootIamPolicyResponse.
+ * @param denyAccessState denyAccessState or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3ExplainedDenyPolicy setDenyAccessState(java.lang.String denyAccessState) {
+ this.denyAccessState = denyAccessState;
+ return this;
+ }
+
+ /**
+ * The IAM deny policy attached to the resource. If the sender of the request does not have access
+ * to the policy, this field is omitted.
+ * @return value or {@code null} for none
+ */
+ public GoogleIamV2Policy getPolicy() {
+ return policy;
+ }
+
+ /**
+ * The IAM deny policy attached to the resource. If the sender of the request does not have access
+ * to the policy, this field is omitted.
+ * @param policy policy or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3ExplainedDenyPolicy setPolicy(GoogleIamV2Policy policy) {
+ this.policy = policy;
+ return this;
+ }
+
+ /**
+ * The relevance of this policy to the overall access state in the TroubleshootIamPolicyResponse.
+ * If the sender of the request does not have access to the policy, this field is omitted.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getRelevance() {
+ return relevance;
+ }
+
+ /**
+ * The relevance of this policy to the overall access state in the TroubleshootIamPolicyResponse.
+ * If the sender of the request does not have access to the policy, this field is omitted.
+ * @param relevance relevance or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3ExplainedDenyPolicy setRelevance(java.lang.String relevance) {
+ this.relevance = relevance;
+ return this;
+ }
+
+ /**
+ * Details about how each rule in the policy affects the principal's inability to use the
+ * permission for the resource. The order of the deny rule matches the order of the rules in the
+ * deny policy. If the sender of the request does not have access to the policy, this field is
+ * omitted.
+ * @return value or {@code null} for none
+ */
+ public java.util.List getRuleExplanations() {
+ return ruleExplanations;
+ }
+
+ /**
+ * Details about how each rule in the policy affects the principal's inability to use the
+ * permission for the resource. The order of the deny rule matches the order of the rules in the
+ * deny policy. If the sender of the request does not have access to the policy, this field is
+ * omitted.
+ * @param ruleExplanations ruleExplanations or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3ExplainedDenyPolicy setRuleExplanations(java.util.List ruleExplanations) {
+ this.ruleExplanations = ruleExplanations;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3ExplainedDenyPolicy set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3ExplainedDenyPolicy) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3ExplainedDenyPolicy clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3ExplainedDenyPolicy) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3ExplainedDenyResource.java b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3ExplainedDenyResource.java
new file mode 100644
index 00000000000..f65a912d423
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3ExplainedDenyResource.java
@@ -0,0 +1,175 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3.model;
+
+/**
+ * Details about how a specific resource contributed to the deny policy evaluation.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3ExplainedDenyResource extends com.google.api.client.json.GenericJson {
+
+ /**
+ * Required. Indicates whether any policies attached to _this resource_ deny the specific
+ * permission to the specified principal for the specified resource. This field does _not_
+ * indicate whether the principal actually has the permission for the resource. There might be
+ * another policy that overrides this policy. To determine whether the principal actually has the
+ * permission, use the `overall_access_state` field in the TroubleshootIamPolicyResponse.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String denyAccessState;
+
+ /**
+ * List of IAM deny policies that were evaluated to check the principal's denied permissions, with
+ * annotations to indicate how each policy contributed to the final result.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List explainedPolicies;
+
+ static {
+ // hack to force ProGuard to consider GoogleCloudPolicytroubleshooterIamV3ExplainedDenyPolicy used, since otherwise it would be stripped out
+ // see https://github.com/google/google-api-java-client/issues/543
+ com.google.api.client.util.Data.nullOf(GoogleCloudPolicytroubleshooterIamV3ExplainedDenyPolicy.class);
+ }
+
+ /**
+ * The full resource name that identifies the resource. For example,
+ * `//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance`. If
+ * the sender of the request does not have access to the policy, this field is omitted. For
+ * examples of full resource names for Google Cloud services, see
+ * https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String fullResourceName;
+
+ /**
+ * The relevance of this policy to the overall access state in the TroubleshootIamPolicyResponse.
+ * If the sender of the request does not have access to the policy, this field is omitted.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String relevance;
+
+ /**
+ * Required. Indicates whether any policies attached to _this resource_ deny the specific
+ * permission to the specified principal for the specified resource. This field does _not_
+ * indicate whether the principal actually has the permission for the resource. There might be
+ * another policy that overrides this policy. To determine whether the principal actually has the
+ * permission, use the `overall_access_state` field in the TroubleshootIamPolicyResponse.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getDenyAccessState() {
+ return denyAccessState;
+ }
+
+ /**
+ * Required. Indicates whether any policies attached to _this resource_ deny the specific
+ * permission to the specified principal for the specified resource. This field does _not_
+ * indicate whether the principal actually has the permission for the resource. There might be
+ * another policy that overrides this policy. To determine whether the principal actually has the
+ * permission, use the `overall_access_state` field in the TroubleshootIamPolicyResponse.
+ * @param denyAccessState denyAccessState or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3ExplainedDenyResource setDenyAccessState(java.lang.String denyAccessState) {
+ this.denyAccessState = denyAccessState;
+ return this;
+ }
+
+ /**
+ * List of IAM deny policies that were evaluated to check the principal's denied permissions, with
+ * annotations to indicate how each policy contributed to the final result.
+ * @return value or {@code null} for none
+ */
+ public java.util.List getExplainedPolicies() {
+ return explainedPolicies;
+ }
+
+ /**
+ * List of IAM deny policies that were evaluated to check the principal's denied permissions, with
+ * annotations to indicate how each policy contributed to the final result.
+ * @param explainedPolicies explainedPolicies or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3ExplainedDenyResource setExplainedPolicies(java.util.List explainedPolicies) {
+ this.explainedPolicies = explainedPolicies;
+ return this;
+ }
+
+ /**
+ * The full resource name that identifies the resource. For example,
+ * `//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance`. If
+ * the sender of the request does not have access to the policy, this field is omitted. For
+ * examples of full resource names for Google Cloud services, see
+ * https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getFullResourceName() {
+ return fullResourceName;
+ }
+
+ /**
+ * The full resource name that identifies the resource. For example,
+ * `//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance`. If
+ * the sender of the request does not have access to the policy, this field is omitted. For
+ * examples of full resource names for Google Cloud services, see
+ * https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
+ * @param fullResourceName fullResourceName or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3ExplainedDenyResource setFullResourceName(java.lang.String fullResourceName) {
+ this.fullResourceName = fullResourceName;
+ return this;
+ }
+
+ /**
+ * The relevance of this policy to the overall access state in the TroubleshootIamPolicyResponse.
+ * If the sender of the request does not have access to the policy, this field is omitted.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getRelevance() {
+ return relevance;
+ }
+
+ /**
+ * The relevance of this policy to the overall access state in the TroubleshootIamPolicyResponse.
+ * If the sender of the request does not have access to the policy, this field is omitted.
+ * @param relevance relevance or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3ExplainedDenyResource setRelevance(java.lang.String relevance) {
+ this.relevance = relevance;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3ExplainedDenyResource set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3ExplainedDenyResource) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3ExplainedDenyResource clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3ExplainedDenyResource) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3TroubleshootIamPolicyRequest.java b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3TroubleshootIamPolicyRequest.java
new file mode 100644
index 00000000000..e7c0e34532c
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3TroubleshootIamPolicyRequest.java
@@ -0,0 +1,67 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3.model;
+
+/**
+ * Request for TroubleshootIamPolicy.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3TroubleshootIamPolicyRequest extends com.google.api.client.json.GenericJson {
+
+ /**
+ * The information to use for checking whether a principal has a permission for a resource.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleCloudPolicytroubleshooterIamV3AccessTuple accessTuple;
+
+ /**
+ * The information to use for checking whether a principal has a permission for a resource.
+ * @return value or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3AccessTuple getAccessTuple() {
+ return accessTuple;
+ }
+
+ /**
+ * The information to use for checking whether a principal has a permission for a resource.
+ * @param accessTuple accessTuple or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3TroubleshootIamPolicyRequest setAccessTuple(GoogleCloudPolicytroubleshooterIamV3AccessTuple accessTuple) {
+ this.accessTuple = accessTuple;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3TroubleshootIamPolicyRequest set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3TroubleshootIamPolicyRequest) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3TroubleshootIamPolicyRequest clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3TroubleshootIamPolicyRequest) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3TroubleshootIamPolicyResponse.java b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3TroubleshootIamPolicyResponse.java
new file mode 100644
index 00000000000..8366e42b13b
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleCloudPolicytroubleshooterIamV3TroubleshootIamPolicyResponse.java
@@ -0,0 +1,145 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3.model;
+
+/**
+ * Response for TroubleshootIamPolicy.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3TroubleshootIamPolicyResponse extends com.google.api.client.json.GenericJson {
+
+ /**
+ * The access tuple from the request, including any provided context used to evaluate the
+ * condition.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleCloudPolicytroubleshooterIamV3AccessTuple accessTuple;
+
+ /**
+ * An explanation of how the applicable IAM allow policies affect the final access state.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleCloudPolicytroubleshooterIamV3AllowPolicyExplanation allowPolicyExplanation;
+
+ /**
+ * An explanation of how the applicable IAM deny policies affect the final access state.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleCloudPolicytroubleshooterIamV3DenyPolicyExplanation denyPolicyExplanation;
+
+ /**
+ * Indicates whether the principal has the specified permission for the specified resource, based
+ * on evaluating all types of the applicable IAM policies.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String overallAccessState;
+
+ /**
+ * The access tuple from the request, including any provided context used to evaluate the
+ * condition.
+ * @return value or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3AccessTuple getAccessTuple() {
+ return accessTuple;
+ }
+
+ /**
+ * The access tuple from the request, including any provided context used to evaluate the
+ * condition.
+ * @param accessTuple accessTuple or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3TroubleshootIamPolicyResponse setAccessTuple(GoogleCloudPolicytroubleshooterIamV3AccessTuple accessTuple) {
+ this.accessTuple = accessTuple;
+ return this;
+ }
+
+ /**
+ * An explanation of how the applicable IAM allow policies affect the final access state.
+ * @return value or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3AllowPolicyExplanation getAllowPolicyExplanation() {
+ return allowPolicyExplanation;
+ }
+
+ /**
+ * An explanation of how the applicable IAM allow policies affect the final access state.
+ * @param allowPolicyExplanation allowPolicyExplanation or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3TroubleshootIamPolicyResponse setAllowPolicyExplanation(GoogleCloudPolicytroubleshooterIamV3AllowPolicyExplanation allowPolicyExplanation) {
+ this.allowPolicyExplanation = allowPolicyExplanation;
+ return this;
+ }
+
+ /**
+ * An explanation of how the applicable IAM deny policies affect the final access state.
+ * @return value or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3DenyPolicyExplanation getDenyPolicyExplanation() {
+ return denyPolicyExplanation;
+ }
+
+ /**
+ * An explanation of how the applicable IAM deny policies affect the final access state.
+ * @param denyPolicyExplanation denyPolicyExplanation or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3TroubleshootIamPolicyResponse setDenyPolicyExplanation(GoogleCloudPolicytroubleshooterIamV3DenyPolicyExplanation denyPolicyExplanation) {
+ this.denyPolicyExplanation = denyPolicyExplanation;
+ return this;
+ }
+
+ /**
+ * Indicates whether the principal has the specified permission for the specified resource, based
+ * on evaluating all types of the applicable IAM policies.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getOverallAccessState() {
+ return overallAccessState;
+ }
+
+ /**
+ * Indicates whether the principal has the specified permission for the specified resource, based
+ * on evaluating all types of the applicable IAM policies.
+ * @param overallAccessState overallAccessState or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3TroubleshootIamPolicyResponse setOverallAccessState(java.lang.String overallAccessState) {
+ this.overallAccessState = overallAccessState;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3TroubleshootIamPolicyResponse set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3TroubleshootIamPolicyResponse) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3TroubleshootIamPolicyResponse clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3TroubleshootIamPolicyResponse) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleIamV1AuditConfig.java b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleIamV1AuditConfig.java
new file mode 100644
index 00000000000..950dd362164
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleIamV1AuditConfig.java
@@ -0,0 +1,108 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3.model;
+
+/**
+ * Specifies the audit configuration for a service. The configuration determines which permission
+ * types are logged, and what identities, if any, are exempted from logging. An AuditConfig must
+ * have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific
+ * service, the union of the two AuditConfigs is used for that service: the log_types specified in
+ * each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted.
+ * Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices",
+ * "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ]
+ * }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service":
+ * "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type":
+ * "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this
+ * policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com`
+ * from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleIamV1AuditConfig extends com.google.api.client.json.GenericJson {
+
+ /**
+ * The configuration for logging of each type of permission.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List auditLogConfigs;
+
+ /**
+ * Specifies a service that will be enabled for audit logging. For example,
+ * `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that
+ * covers all services.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String service;
+
+ /**
+ * The configuration for logging of each type of permission.
+ * @return value or {@code null} for none
+ */
+ public java.util.List getAuditLogConfigs() {
+ return auditLogConfigs;
+ }
+
+ /**
+ * The configuration for logging of each type of permission.
+ * @param auditLogConfigs auditLogConfigs or {@code null} for none
+ */
+ public GoogleIamV1AuditConfig setAuditLogConfigs(java.util.List auditLogConfigs) {
+ this.auditLogConfigs = auditLogConfigs;
+ return this;
+ }
+
+ /**
+ * Specifies a service that will be enabled for audit logging. For example,
+ * `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that
+ * covers all services.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getService() {
+ return service;
+ }
+
+ /**
+ * Specifies a service that will be enabled for audit logging. For example,
+ * `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that
+ * covers all services.
+ * @param service service or {@code null} for none
+ */
+ public GoogleIamV1AuditConfig setService(java.lang.String service) {
+ this.service = service;
+ return this;
+ }
+
+ @Override
+ public GoogleIamV1AuditConfig set(String fieldName, Object value) {
+ return (GoogleIamV1AuditConfig) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleIamV1AuditConfig clone() {
+ return (GoogleIamV1AuditConfig) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleIamV1AuditLogConfig.java b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleIamV1AuditLogConfig.java
new file mode 100644
index 00000000000..d07bf7a9f55
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleIamV1AuditLogConfig.java
@@ -0,0 +1,97 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3.model;
+
+/**
+ * Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ {
+ * "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type":
+ * "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
+ * jose@example.com from DATA_READ logging.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleIamV1AuditLogConfig extends com.google.api.client.json.GenericJson {
+
+ /**
+ * Specifies the identities that do not cause logging for this type of permission. Follows the
+ * same format of Binding.members.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List exemptedMembers;
+
+ /**
+ * The log type that this config enables.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String logType;
+
+ /**
+ * Specifies the identities that do not cause logging for this type of permission. Follows the
+ * same format of Binding.members.
+ * @return value or {@code null} for none
+ */
+ public java.util.List getExemptedMembers() {
+ return exemptedMembers;
+ }
+
+ /**
+ * Specifies the identities that do not cause logging for this type of permission. Follows the
+ * same format of Binding.members.
+ * @param exemptedMembers exemptedMembers or {@code null} for none
+ */
+ public GoogleIamV1AuditLogConfig setExemptedMembers(java.util.List exemptedMembers) {
+ this.exemptedMembers = exemptedMembers;
+ return this;
+ }
+
+ /**
+ * The log type that this config enables.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getLogType() {
+ return logType;
+ }
+
+ /**
+ * The log type that this config enables.
+ * @param logType logType or {@code null} for none
+ */
+ public GoogleIamV1AuditLogConfig setLogType(java.lang.String logType) {
+ this.logType = logType;
+ return this;
+ }
+
+ @Override
+ public GoogleIamV1AuditLogConfig set(String fieldName, Object value) {
+ return (GoogleIamV1AuditLogConfig) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleIamV1AuditLogConfig clone() {
+ return (GoogleIamV1AuditLogConfig) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleIamV1Binding.java b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleIamV1Binding.java
new file mode 100644
index 00000000000..8a00d1ee3d3
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleIamV1Binding.java
@@ -0,0 +1,271 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3.model;
+
+/**
+ * Associates `members`, or principals, with a `role`.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleIamV1Binding extends com.google.api.client.json.GenericJson {
+
+ /**
+ * The condition that is associated with this binding. If the condition evaluates to `true`, then
+ * this binding applies to the current request. If the condition evaluates to `false`, then this
+ * binding does not apply to the current request. However, a different role binding might grant
+ * the same role to one or more of the principals in this binding. To learn which resources
+ * support conditions in their IAM policies, see the [IAM
+ * documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleTypeExpr condition;
+
+ /**
+ * Specifies the principals requesting access for a Google Cloud resource. `members` can have the
+ * following values: * `allUsers`: A special identifier that represents anyone who is on the
+ * internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier
+ * that represents anyone who is authenticated with a Google account or a service account. Does
+ * not include identities that come from external identity providers (IdPs) through identity
+ * federation. * `user:{emailid}`: An email address that represents a specific Google account. For
+ * example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a
+ * Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. *
+ * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a
+ * [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-
+ * service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. *
+ * `group:{emailid}`: An email address that represents a Google group. For example,
+ * `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the
+ * users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis
+ * .com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single
+ * identity in a workforce identity pool. *
+ * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`:
+ * All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/work
+ * forcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities
+ * with a specific attribute value. *
+ * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}`: All identities
+ * in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locat
+ * ions/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single
+ * identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_nu
+ * mber}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity
+ * pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/wor
+ * kloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a
+ * workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/
+ * {project_number}/locations/global/workloadIdentityPools/{pool_id}`: All identities in a
+ * workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus
+ * unique identifier) representing a user that has been recently deleted. For example,
+ * `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to
+ * `user:{emailid}` and the recovered user retains the role in the binding. *
+ * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier)
+ * representing a service account that has been recently deleted. For example, `my-other-
+ * app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is
+ * undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account
+ * retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address
+ * (plus unique identifier) representing a Google group that has been recently deleted. For
+ * example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value
+ * reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `delete
+ * d:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_att
+ * ribute_value}`: Deleted single identity in a workforce identity pool. For example,
+ * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-
+ * subject-attribute-value`.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List members;
+
+ /**
+ * Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`,
+ * `roles/editor`, or `roles/owner`. For an overview of the IAM roles and permissions, see the
+ * [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For a list of the
+ * available pre-defined roles, see [here](https://cloud.google.com/iam/docs/understanding-roles).
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String role;
+
+ /**
+ * The condition that is associated with this binding. If the condition evaluates to `true`, then
+ * this binding applies to the current request. If the condition evaluates to `false`, then this
+ * binding does not apply to the current request. However, a different role binding might grant
+ * the same role to one or more of the principals in this binding. To learn which resources
+ * support conditions in their IAM policies, see the [IAM
+ * documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ * @return value or {@code null} for none
+ */
+ public GoogleTypeExpr getCondition() {
+ return condition;
+ }
+
+ /**
+ * The condition that is associated with this binding. If the condition evaluates to `true`, then
+ * this binding applies to the current request. If the condition evaluates to `false`, then this
+ * binding does not apply to the current request. However, a different role binding might grant
+ * the same role to one or more of the principals in this binding. To learn which resources
+ * support conditions in their IAM policies, see the [IAM
+ * documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ * @param condition condition or {@code null} for none
+ */
+ public GoogleIamV1Binding setCondition(GoogleTypeExpr condition) {
+ this.condition = condition;
+ return this;
+ }
+
+ /**
+ * Specifies the principals requesting access for a Google Cloud resource. `members` can have the
+ * following values: * `allUsers`: A special identifier that represents anyone who is on the
+ * internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier
+ * that represents anyone who is authenticated with a Google account or a service account. Does
+ * not include identities that come from external identity providers (IdPs) through identity
+ * federation. * `user:{emailid}`: An email address that represents a specific Google account. For
+ * example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a
+ * Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. *
+ * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a
+ * [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-
+ * service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. *
+ * `group:{emailid}`: An email address that represents a Google group. For example,
+ * `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the
+ * users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis
+ * .com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single
+ * identity in a workforce identity pool. *
+ * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`:
+ * All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/work
+ * forcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities
+ * with a specific attribute value. *
+ * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}`: All identities
+ * in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locat
+ * ions/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single
+ * identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_nu
+ * mber}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity
+ * pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/wor
+ * kloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a
+ * workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/
+ * {project_number}/locations/global/workloadIdentityPools/{pool_id}`: All identities in a
+ * workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus
+ * unique identifier) representing a user that has been recently deleted. For example,
+ * `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to
+ * `user:{emailid}` and the recovered user retains the role in the binding. *
+ * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier)
+ * representing a service account that has been recently deleted. For example, `my-other-
+ * app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is
+ * undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account
+ * retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address
+ * (plus unique identifier) representing a Google group that has been recently deleted. For
+ * example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value
+ * reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `delete
+ * d:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_att
+ * ribute_value}`: Deleted single identity in a workforce identity pool. For example,
+ * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-
+ * subject-attribute-value`.
+ * @return value or {@code null} for none
+ */
+ public java.util.List getMembers() {
+ return members;
+ }
+
+ /**
+ * Specifies the principals requesting access for a Google Cloud resource. `members` can have the
+ * following values: * `allUsers`: A special identifier that represents anyone who is on the
+ * internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier
+ * that represents anyone who is authenticated with a Google account or a service account. Does
+ * not include identities that come from external identity providers (IdPs) through identity
+ * federation. * `user:{emailid}`: An email address that represents a specific Google account. For
+ * example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a
+ * Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. *
+ * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a
+ * [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-
+ * service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. *
+ * `group:{emailid}`: An email address that represents a Google group. For example,
+ * `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the
+ * users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis
+ * .com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single
+ * identity in a workforce identity pool. *
+ * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`:
+ * All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/work
+ * forcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities
+ * with a specific attribute value. *
+ * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}`: All identities
+ * in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locat
+ * ions/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single
+ * identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_nu
+ * mber}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity
+ * pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/wor
+ * kloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a
+ * workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/
+ * {project_number}/locations/global/workloadIdentityPools/{pool_id}`: All identities in a
+ * workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus
+ * unique identifier) representing a user that has been recently deleted. For example,
+ * `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to
+ * `user:{emailid}` and the recovered user retains the role in the binding. *
+ * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier)
+ * representing a service account that has been recently deleted. For example, `my-other-
+ * app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is
+ * undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account
+ * retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address
+ * (plus unique identifier) representing a Google group that has been recently deleted. For
+ * example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value
+ * reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `delete
+ * d:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_att
+ * ribute_value}`: Deleted single identity in a workforce identity pool. For example,
+ * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-
+ * subject-attribute-value`.
+ * @param members members or {@code null} for none
+ */
+ public GoogleIamV1Binding setMembers(java.util.List members) {
+ this.members = members;
+ return this;
+ }
+
+ /**
+ * Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`,
+ * `roles/editor`, or `roles/owner`. For an overview of the IAM roles and permissions, see the
+ * [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For a list of the
+ * available pre-defined roles, see [here](https://cloud.google.com/iam/docs/understanding-roles).
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getRole() {
+ return role;
+ }
+
+ /**
+ * Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`,
+ * `roles/editor`, or `roles/owner`. For an overview of the IAM roles and permissions, see the
+ * [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For a list of the
+ * available pre-defined roles, see [here](https://cloud.google.com/iam/docs/understanding-roles).
+ * @param role role or {@code null} for none
+ */
+ public GoogleIamV1Binding setRole(java.lang.String role) {
+ this.role = role;
+ return this;
+ }
+
+ @Override
+ public GoogleIamV1Binding set(String fieldName, Object value) {
+ return (GoogleIamV1Binding) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleIamV1Binding clone() {
+ return (GoogleIamV1Binding) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleIamV1Policy.java b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleIamV1Policy.java
new file mode 100644
index 00000000000..0eb483c136c
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleIamV1Policy.java
@@ -0,0 +1,292 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3.model;
+
+/**
+ * An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud
+ * resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or
+ * principals, to a single `role`. Principals can be user accounts, service accounts, Google groups,
+ * and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM
+ * predefined role or a user-created custom role. For some types of Google Cloud resources, a
+ * `binding` can also specify a `condition`, which is a logical expression that allows access to a
+ * resource only if the expression evaluates to `true`. A condition can add constraints based on
+ * attributes of the request, the resource, or both. To learn which resources support conditions in
+ * their IAM policies, see the [IAM
+ * documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:**
+ * ``` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [
+ * "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-
+ * project-id@appspot.gserviceaccount.com" ] }, { "role":
+ * "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": {
+ * "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression":
+ * "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version":
+ * 3 } ``` **YAML example:** ``` bindings: - members: - user:mike@example.com -
+ * group:admins@example.com - domain:google.com - serviceAccount:my-project-
+ * id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: -
+ * user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable
+ * access description: Does not grant access after Sep 2020 expression: request.time <
+ * timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 ``` For a description of IAM
+ * and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleIamV1Policy extends com.google.api.client.json.GenericJson {
+
+ /**
+ * Specifies cloud audit logging configuration for this policy.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List auditConfigs;
+
+ static {
+ // hack to force ProGuard to consider GoogleIamV1AuditConfig used, since otherwise it would be stripped out
+ // see https://github.com/google/google-api-java-client/issues/543
+ com.google.api.client.util.Data.nullOf(GoogleIamV1AuditConfig.class);
+ }
+
+ /**
+ * Associates a list of `members`, or principals, with a `role`. Optionally, may specify a
+ * `condition` that determines how and when the `bindings` are applied. Each of the `bindings`
+ * must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500
+ * principals; up to 250 of these principals can be Google groups. Each occurrence of a principal
+ * counts towards these limits. For example, if the `bindings` grant 50 different roles to
+ * `user:alice@example.com`, and not to any other principal, then you can add another 1,450
+ * principals to the `bindings` in the `Policy`.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List bindings;
+
+ static {
+ // hack to force ProGuard to consider GoogleIamV1Binding used, since otherwise it would be stripped out
+ // see https://github.com/google/google-api-java-client/issues/543
+ com.google.api.client.util.Data.nullOf(GoogleIamV1Binding.class);
+ }
+
+ /**
+ * `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates
+ * of a policy from overwriting each other. It is strongly suggested that systems make use of the
+ * `etag` in the read-modify-write cycle to perform policy updates in order to avoid race
+ * conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected
+ * to put that etag in the request to `setIamPolicy` to ensure that their change will be applied
+ * to the same version of the policy. **Important:** If you use IAM Conditions, you must include
+ * the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you
+ * to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the
+ * version `3` policy are lost.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String etag;
+
+ /**
+ * Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify
+ * an invalid value are rejected. Any operation that affects conditional role bindings must
+ * specify version `3`. This requirement applies to the following operations: * Getting a policy
+ * that includes a conditional role binding * Adding a conditional role binding to a policy *
+ * Changing a conditional role binding in a policy * Removing any role binding, with or without a
+ * condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you
+ * must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then
+ * IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the
+ * conditions in the version `3` policy are lost. If a policy does not include any conditions,
+ * operations on that policy may specify any valid version or leave the field unset. To learn
+ * which resources support conditions in their IAM policies, see the [IAM
+ * documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.Integer version;
+
+ /**
+ * Specifies cloud audit logging configuration for this policy.
+ * @return value or {@code null} for none
+ */
+ public java.util.List getAuditConfigs() {
+ return auditConfigs;
+ }
+
+ /**
+ * Specifies cloud audit logging configuration for this policy.
+ * @param auditConfigs auditConfigs or {@code null} for none
+ */
+ public GoogleIamV1Policy setAuditConfigs(java.util.List auditConfigs) {
+ this.auditConfigs = auditConfigs;
+ return this;
+ }
+
+ /**
+ * Associates a list of `members`, or principals, with a `role`. Optionally, may specify a
+ * `condition` that determines how and when the `bindings` are applied. Each of the `bindings`
+ * must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500
+ * principals; up to 250 of these principals can be Google groups. Each occurrence of a principal
+ * counts towards these limits. For example, if the `bindings` grant 50 different roles to
+ * `user:alice@example.com`, and not to any other principal, then you can add another 1,450
+ * principals to the `bindings` in the `Policy`.
+ * @return value or {@code null} for none
+ */
+ public java.util.List getBindings() {
+ return bindings;
+ }
+
+ /**
+ * Associates a list of `members`, or principals, with a `role`. Optionally, may specify a
+ * `condition` that determines how and when the `bindings` are applied. Each of the `bindings`
+ * must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500
+ * principals; up to 250 of these principals can be Google groups. Each occurrence of a principal
+ * counts towards these limits. For example, if the `bindings` grant 50 different roles to
+ * `user:alice@example.com`, and not to any other principal, then you can add another 1,450
+ * principals to the `bindings` in the `Policy`.
+ * @param bindings bindings or {@code null} for none
+ */
+ public GoogleIamV1Policy setBindings(java.util.List bindings) {
+ this.bindings = bindings;
+ return this;
+ }
+
+ /**
+ * `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates
+ * of a policy from overwriting each other. It is strongly suggested that systems make use of the
+ * `etag` in the read-modify-write cycle to perform policy updates in order to avoid race
+ * conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected
+ * to put that etag in the request to `setIamPolicy` to ensure that their change will be applied
+ * to the same version of the policy. **Important:** If you use IAM Conditions, you must include
+ * the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you
+ * to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the
+ * version `3` policy are lost.
+ * @see #decodeEtag()
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getEtag() {
+ return etag;
+ }
+
+ /**
+ * `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates
+ * of a policy from overwriting each other. It is strongly suggested that systems make use of the
+ * `etag` in the read-modify-write cycle to perform policy updates in order to avoid race
+ * conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected
+ * to put that etag in the request to `setIamPolicy` to ensure that their change will be applied
+ * to the same version of the policy. **Important:** If you use IAM Conditions, you must include
+ * the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you
+ * to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the
+ * version `3` policy are lost.
+ * @see #getEtag()
+ * @return Base64 decoded value or {@code null} for none
+ *
+ * @since 1.14
+ */
+ public byte[] decodeEtag() {
+ return com.google.api.client.util.Base64.decodeBase64(etag);
+ }
+
+ /**
+ * `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates
+ * of a policy from overwriting each other. It is strongly suggested that systems make use of the
+ * `etag` in the read-modify-write cycle to perform policy updates in order to avoid race
+ * conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected
+ * to put that etag in the request to `setIamPolicy` to ensure that their change will be applied
+ * to the same version of the policy. **Important:** If you use IAM Conditions, you must include
+ * the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you
+ * to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the
+ * version `3` policy are lost.
+ * @see #encodeEtag()
+ * @param etag etag or {@code null} for none
+ */
+ public GoogleIamV1Policy setEtag(java.lang.String etag) {
+ this.etag = etag;
+ return this;
+ }
+
+ /**
+ * `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates
+ * of a policy from overwriting each other. It is strongly suggested that systems make use of the
+ * `etag` in the read-modify-write cycle to perform policy updates in order to avoid race
+ * conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected
+ * to put that etag in the request to `setIamPolicy` to ensure that their change will be applied
+ * to the same version of the policy. **Important:** If you use IAM Conditions, you must include
+ * the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you
+ * to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the
+ * version `3` policy are lost.
+ * @see #setEtag()
+ *
+ *
+ * The value is encoded Base64 or {@code null} for none.
+ *
+ *
+ * @since 1.14
+ */
+ public GoogleIamV1Policy encodeEtag(byte[] etag) {
+ this.etag = com.google.api.client.util.Base64.encodeBase64URLSafeString(etag);
+ return this;
+ }
+
+ /**
+ * Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify
+ * an invalid value are rejected. Any operation that affects conditional role bindings must
+ * specify version `3`. This requirement applies to the following operations: * Getting a policy
+ * that includes a conditional role binding * Adding a conditional role binding to a policy *
+ * Changing a conditional role binding in a policy * Removing any role binding, with or without a
+ * condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you
+ * must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then
+ * IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the
+ * conditions in the version `3` policy are lost. If a policy does not include any conditions,
+ * operations on that policy may specify any valid version or leave the field unset. To learn
+ * which resources support conditions in their IAM policies, see the [IAM
+ * documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ * @return value or {@code null} for none
+ */
+ public java.lang.Integer getVersion() {
+ return version;
+ }
+
+ /**
+ * Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify
+ * an invalid value are rejected. Any operation that affects conditional role bindings must
+ * specify version `3`. This requirement applies to the following operations: * Getting a policy
+ * that includes a conditional role binding * Adding a conditional role binding to a policy *
+ * Changing a conditional role binding in a policy * Removing any role binding, with or without a
+ * condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you
+ * must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then
+ * IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the
+ * conditions in the version `3` policy are lost. If a policy does not include any conditions,
+ * operations on that policy may specify any valid version or leave the field unset. To learn
+ * which resources support conditions in their IAM policies, see the [IAM
+ * documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ * @param version version or {@code null} for none
+ */
+ public GoogleIamV1Policy setVersion(java.lang.Integer version) {
+ this.version = version;
+ return this;
+ }
+
+ @Override
+ public GoogleIamV1Policy set(String fieldName, Object value) {
+ return (GoogleIamV1Policy) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleIamV1Policy clone() {
+ return (GoogleIamV1Policy) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleIamV2DenyRule.java b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleIamV2DenyRule.java
new file mode 100644
index 00000000000..6f608b47774
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleIamV2DenyRule.java
@@ -0,0 +1,352 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3.model;
+
+/**
+ * A deny rule in an IAM deny policy.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleIamV2DenyRule extends com.google.api.client.json.GenericJson {
+
+ /**
+ * The condition that determines whether this deny rule applies to a request. If the condition
+ * expression evaluates to `true`, then the deny rule is applied; otherwise, the deny rule is not
+ * applied. Each deny rule is evaluated independently. If this deny rule does not apply to a
+ * request, other deny rules might still apply. The condition can use CEL functions that evaluate
+ * [resource tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other functions
+ * and operators are not supported.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleTypeExpr denialCondition;
+
+ /**
+ * The permissions that are explicitly denied by this rule. Each permission uses the format
+ * `{service_fqdn}/{resource}.{verb}`, where `{service_fqdn}` is the fully qualified domain name
+ * for the service. For example, `iam.googleapis.com/roles.list`.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List deniedPermissions;
+
+ /**
+ * The identities that are prevented from using one or more permissions on Google Cloud resources.
+ * This field can contain the following values: * `principal://goog/subject/{email_id}`: A
+ * specific Google Account. Includes Gmail, Cloud Identity, and Google Workspace user accounts.
+ * For example, `principal://goog/subject/alice@example.com`. *
+ * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`: A Google
+ * Cloud service account. For example,
+ * `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-
+ * account@iam.gserviceaccount.com`. * `principalSet://goog/group/{group_id}`: A Google group. For
+ * example, `principalSet://goog/group/admins@example.com`. * `principalSet://goog/public:all`: A
+ * special identifier that represents any principal that is on the internet, even if they do not
+ * have a Google Account or are not logged in. *
+ * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the principals associated
+ * with the specified Google Workspace or Cloud Identity customer ID. For example,
+ * `principalSet://goog/cloudIdentityCustomerId/C01Abc35`. * `principal://iam.googleapis.com/locat
+ * ions/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a
+ * workforce identity pool. *
+ * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`:
+ * All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/work
+ * forcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities
+ * with a specific attribute value. *
+ * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}`: All identities
+ * in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locat
+ * ions/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single
+ * identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_nu
+ * mber}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity
+ * pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/wor
+ * kloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a
+ * workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/
+ * {project_number}/locations/global/workloadIdentityPools/{pool_id}`: All identities in a
+ * workload identity pool. * `principalSet://cloudresourcemanager.googleapis.com/[projects|folders
+ * |organizations]/{project_number|folder_number|org_number}/type/ServiceAccount`: All service
+ * accounts grouped under a resource (project, folder, or organization). * `principalSet://cloudre
+ * sourcemanager.googleapis.com/[projects|folders|organizations]/{project_number|folder_number|org
+ * _number}/type/ServiceAgent`: All service agents grouped under a resource (project, folder, or
+ * organization). * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific Google
+ * Account that was deleted recently. For example,
+ * `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If the Google Account is
+ * recovered, this identifier reverts to the standard identifier for a Google Account. *
+ * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group that was deleted
+ * recently. For example, `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`.
+ * If the Google group is restored, this identifier reverts to the standard identifier for a
+ * Google group. * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_acc
+ * ount_id}?uid={uid}`: A Google Cloud service account that was deleted recently. For example,
+ * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-
+ * account@iam.gserviceaccount.com?uid=1234567890`. If the service account is undeleted, this
+ * identifier reverts to the standard identifier for a service account. * `deleted:principal://iam
+ * .googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`:
+ * Deleted single identity in a workforce identity pool. For example,
+ * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-
+ * subject-attribute-value`.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List deniedPrincipals;
+
+ /**
+ * Specifies the permissions that this rule excludes from the set of denied permissions given by
+ * `denied_permissions`. If a permission appears in `denied_permissions` _and_ in
+ * `exception_permissions` then it will _not_ be denied. The excluded permissions can be specified
+ * using the same syntax as `denied_permissions`.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List exceptionPermissions;
+
+ /**
+ * The identities that are excluded from the deny rule, even if they are listed in the
+ * `denied_principals`. For example, you could add a Google group to the `denied_principals`, then
+ * exclude specific users who belong to that group. This field can contain the same values as the
+ * `denied_principals` field, excluding `principalSet://goog/public:all`, which represents all
+ * users on the internet.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List exceptionPrincipals;
+
+ /**
+ * The condition that determines whether this deny rule applies to a request. If the condition
+ * expression evaluates to `true`, then the deny rule is applied; otherwise, the deny rule is not
+ * applied. Each deny rule is evaluated independently. If this deny rule does not apply to a
+ * request, other deny rules might still apply. The condition can use CEL functions that evaluate
+ * [resource tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other functions
+ * and operators are not supported.
+ * @return value or {@code null} for none
+ */
+ public GoogleTypeExpr getDenialCondition() {
+ return denialCondition;
+ }
+
+ /**
+ * The condition that determines whether this deny rule applies to a request. If the condition
+ * expression evaluates to `true`, then the deny rule is applied; otherwise, the deny rule is not
+ * applied. Each deny rule is evaluated independently. If this deny rule does not apply to a
+ * request, other deny rules might still apply. The condition can use CEL functions that evaluate
+ * [resource tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other functions
+ * and operators are not supported.
+ * @param denialCondition denialCondition or {@code null} for none
+ */
+ public GoogleIamV2DenyRule setDenialCondition(GoogleTypeExpr denialCondition) {
+ this.denialCondition = denialCondition;
+ return this;
+ }
+
+ /**
+ * The permissions that are explicitly denied by this rule. Each permission uses the format
+ * `{service_fqdn}/{resource}.{verb}`, where `{service_fqdn}` is the fully qualified domain name
+ * for the service. For example, `iam.googleapis.com/roles.list`.
+ * @return value or {@code null} for none
+ */
+ public java.util.List getDeniedPermissions() {
+ return deniedPermissions;
+ }
+
+ /**
+ * The permissions that are explicitly denied by this rule. Each permission uses the format
+ * `{service_fqdn}/{resource}.{verb}`, where `{service_fqdn}` is the fully qualified domain name
+ * for the service. For example, `iam.googleapis.com/roles.list`.
+ * @param deniedPermissions deniedPermissions or {@code null} for none
+ */
+ public GoogleIamV2DenyRule setDeniedPermissions(java.util.List deniedPermissions) {
+ this.deniedPermissions = deniedPermissions;
+ return this;
+ }
+
+ /**
+ * The identities that are prevented from using one or more permissions on Google Cloud resources.
+ * This field can contain the following values: * `principal://goog/subject/{email_id}`: A
+ * specific Google Account. Includes Gmail, Cloud Identity, and Google Workspace user accounts.
+ * For example, `principal://goog/subject/alice@example.com`. *
+ * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`: A Google
+ * Cloud service account. For example,
+ * `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-
+ * account@iam.gserviceaccount.com`. * `principalSet://goog/group/{group_id}`: A Google group. For
+ * example, `principalSet://goog/group/admins@example.com`. * `principalSet://goog/public:all`: A
+ * special identifier that represents any principal that is on the internet, even if they do not
+ * have a Google Account or are not logged in. *
+ * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the principals associated
+ * with the specified Google Workspace or Cloud Identity customer ID. For example,
+ * `principalSet://goog/cloudIdentityCustomerId/C01Abc35`. * `principal://iam.googleapis.com/locat
+ * ions/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a
+ * workforce identity pool. *
+ * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`:
+ * All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/work
+ * forcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities
+ * with a specific attribute value. *
+ * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}`: All identities
+ * in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locat
+ * ions/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single
+ * identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_nu
+ * mber}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity
+ * pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/wor
+ * kloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a
+ * workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/
+ * {project_number}/locations/global/workloadIdentityPools/{pool_id}`: All identities in a
+ * workload identity pool. * `principalSet://cloudresourcemanager.googleapis.com/[projects|folders
+ * |organizations]/{project_number|folder_number|org_number}/type/ServiceAccount`: All service
+ * accounts grouped under a resource (project, folder, or organization). * `principalSet://cloudre
+ * sourcemanager.googleapis.com/[projects|folders|organizations]/{project_number|folder_number|org
+ * _number}/type/ServiceAgent`: All service agents grouped under a resource (project, folder, or
+ * organization). * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific Google
+ * Account that was deleted recently. For example,
+ * `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If the Google Account is
+ * recovered, this identifier reverts to the standard identifier for a Google Account. *
+ * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group that was deleted
+ * recently. For example, `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`.
+ * If the Google group is restored, this identifier reverts to the standard identifier for a
+ * Google group. * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_acc
+ * ount_id}?uid={uid}`: A Google Cloud service account that was deleted recently. For example,
+ * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-
+ * account@iam.gserviceaccount.com?uid=1234567890`. If the service account is undeleted, this
+ * identifier reverts to the standard identifier for a service account. * `deleted:principal://iam
+ * .googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`:
+ * Deleted single identity in a workforce identity pool. For example,
+ * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-
+ * subject-attribute-value`.
+ * @return value or {@code null} for none
+ */
+ public java.util.List getDeniedPrincipals() {
+ return deniedPrincipals;
+ }
+
+ /**
+ * The identities that are prevented from using one or more permissions on Google Cloud resources.
+ * This field can contain the following values: * `principal://goog/subject/{email_id}`: A
+ * specific Google Account. Includes Gmail, Cloud Identity, and Google Workspace user accounts.
+ * For example, `principal://goog/subject/alice@example.com`. *
+ * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`: A Google
+ * Cloud service account. For example,
+ * `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-
+ * account@iam.gserviceaccount.com`. * `principalSet://goog/group/{group_id}`: A Google group. For
+ * example, `principalSet://goog/group/admins@example.com`. * `principalSet://goog/public:all`: A
+ * special identifier that represents any principal that is on the internet, even if they do not
+ * have a Google Account or are not logged in. *
+ * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the principals associated
+ * with the specified Google Workspace or Cloud Identity customer ID. For example,
+ * `principalSet://goog/cloudIdentityCustomerId/C01Abc35`. * `principal://iam.googleapis.com/locat
+ * ions/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a
+ * workforce identity pool. *
+ * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`:
+ * All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/work
+ * forcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities
+ * with a specific attribute value. *
+ * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}`: All identities
+ * in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locat
+ * ions/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single
+ * identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_nu
+ * mber}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity
+ * pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/wor
+ * kloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a
+ * workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/
+ * {project_number}/locations/global/workloadIdentityPools/{pool_id}`: All identities in a
+ * workload identity pool. * `principalSet://cloudresourcemanager.googleapis.com/[projects|folders
+ * |organizations]/{project_number|folder_number|org_number}/type/ServiceAccount`: All service
+ * accounts grouped under a resource (project, folder, or organization). * `principalSet://cloudre
+ * sourcemanager.googleapis.com/[projects|folders|organizations]/{project_number|folder_number|org
+ * _number}/type/ServiceAgent`: All service agents grouped under a resource (project, folder, or
+ * organization). * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific Google
+ * Account that was deleted recently. For example,
+ * `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If the Google Account is
+ * recovered, this identifier reverts to the standard identifier for a Google Account. *
+ * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group that was deleted
+ * recently. For example, `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`.
+ * If the Google group is restored, this identifier reverts to the standard identifier for a
+ * Google group. * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_acc
+ * ount_id}?uid={uid}`: A Google Cloud service account that was deleted recently. For example,
+ * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-
+ * account@iam.gserviceaccount.com?uid=1234567890`. If the service account is undeleted, this
+ * identifier reverts to the standard identifier for a service account. * `deleted:principal://iam
+ * .googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`:
+ * Deleted single identity in a workforce identity pool. For example,
+ * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-
+ * subject-attribute-value`.
+ * @param deniedPrincipals deniedPrincipals or {@code null} for none
+ */
+ public GoogleIamV2DenyRule setDeniedPrincipals(java.util.List deniedPrincipals) {
+ this.deniedPrincipals = deniedPrincipals;
+ return this;
+ }
+
+ /**
+ * Specifies the permissions that this rule excludes from the set of denied permissions given by
+ * `denied_permissions`. If a permission appears in `denied_permissions` _and_ in
+ * `exception_permissions` then it will _not_ be denied. The excluded permissions can be specified
+ * using the same syntax as `denied_permissions`.
+ * @return value or {@code null} for none
+ */
+ public java.util.List getExceptionPermissions() {
+ return exceptionPermissions;
+ }
+
+ /**
+ * Specifies the permissions that this rule excludes from the set of denied permissions given by
+ * `denied_permissions`. If a permission appears in `denied_permissions` _and_ in
+ * `exception_permissions` then it will _not_ be denied. The excluded permissions can be specified
+ * using the same syntax as `denied_permissions`.
+ * @param exceptionPermissions exceptionPermissions or {@code null} for none
+ */
+ public GoogleIamV2DenyRule setExceptionPermissions(java.util.List exceptionPermissions) {
+ this.exceptionPermissions = exceptionPermissions;
+ return this;
+ }
+
+ /**
+ * The identities that are excluded from the deny rule, even if they are listed in the
+ * `denied_principals`. For example, you could add a Google group to the `denied_principals`, then
+ * exclude specific users who belong to that group. This field can contain the same values as the
+ * `denied_principals` field, excluding `principalSet://goog/public:all`, which represents all
+ * users on the internet.
+ * @return value or {@code null} for none
+ */
+ public java.util.List getExceptionPrincipals() {
+ return exceptionPrincipals;
+ }
+
+ /**
+ * The identities that are excluded from the deny rule, even if they are listed in the
+ * `denied_principals`. For example, you could add a Google group to the `denied_principals`, then
+ * exclude specific users who belong to that group. This field can contain the same values as the
+ * `denied_principals` field, excluding `principalSet://goog/public:all`, which represents all
+ * users on the internet.
+ * @param exceptionPrincipals exceptionPrincipals or {@code null} for none
+ */
+ public GoogleIamV2DenyRule setExceptionPrincipals(java.util.List exceptionPrincipals) {
+ this.exceptionPrincipals = exceptionPrincipals;
+ return this;
+ }
+
+ @Override
+ public GoogleIamV2DenyRule set(String fieldName, Object value) {
+ return (GoogleIamV2DenyRule) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleIamV2DenyRule clone() {
+ return (GoogleIamV2DenyRule) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleIamV2Policy.java b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleIamV2Policy.java
new file mode 100644
index 00000000000..1d99bb80420
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleIamV2Policy.java
@@ -0,0 +1,316 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3.model;
+
+/**
+ * Data for an IAM policy.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleIamV2Policy extends com.google.api.client.json.GenericJson {
+
+ /**
+ * A key-value map to store arbitrary metadata for the `Policy`. Keys can be up to 63 characters.
+ * Values can be up to 255 characters.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.Map annotations;
+
+ /**
+ * Output only. The time when the `Policy` was created.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private String createTime;
+
+ /**
+ * Output only. The time when the `Policy` was deleted. Empty if the policy is not deleted.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private String deleteTime;
+
+ /**
+ * A user-specified description of the `Policy`. This value can be up to 63 characters.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String displayName;
+
+ /**
+ * An opaque tag that identifies the current version of the `Policy`. IAM uses this value to help
+ * manage concurrent updates, so they do not cause one update to be overwritten by another. If
+ * this field is present in a CreatePolicyRequest, the value is ignored.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String etag;
+
+ /**
+ * Output only. The kind of the `Policy`. Always contains the value `DenyPolicy`.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String kind;
+
+ /**
+ * Immutable. The resource name of the `Policy`, which must be unique. Format:
+ * `policies/{attachment_point}/denypolicies/{policy_id}` The attachment point is identified by
+ * its URL-encoded full resource name, which means that the forward-slash character, `/`, must be
+ * written as `%2F`. For example, `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-
+ * project/denypolicies/my-deny-policy`. For organizations and folders, use the numeric ID in the
+ * full resource name. For projects, requests can use the alphanumeric or the numeric ID.
+ * Responses always contain the numeric ID.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String name;
+
+ /**
+ * A list of rules that specify the behavior of the `Policy`. All of the rules should be of the
+ * `kind` specified in the `Policy`.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List rules;
+
+ /**
+ * Immutable. The globally unique ID of the `Policy`. Assigned automatically when the `Policy` is
+ * created.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String uid;
+
+ /**
+ * Output only. The time when the `Policy` was last updated.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private String updateTime;
+
+ /**
+ * A key-value map to store arbitrary metadata for the `Policy`. Keys can be up to 63 characters.
+ * Values can be up to 255 characters.
+ * @return value or {@code null} for none
+ */
+ public java.util.Map getAnnotations() {
+ return annotations;
+ }
+
+ /**
+ * A key-value map to store arbitrary metadata for the `Policy`. Keys can be up to 63 characters.
+ * Values can be up to 255 characters.
+ * @param annotations annotations or {@code null} for none
+ */
+ public GoogleIamV2Policy setAnnotations(java.util.Map annotations) {
+ this.annotations = annotations;
+ return this;
+ }
+
+ /**
+ * Output only. The time when the `Policy` was created.
+ * @return value or {@code null} for none
+ */
+ public String getCreateTime() {
+ return createTime;
+ }
+
+ /**
+ * Output only. The time when the `Policy` was created.
+ * @param createTime createTime or {@code null} for none
+ */
+ public GoogleIamV2Policy setCreateTime(String createTime) {
+ this.createTime = createTime;
+ return this;
+ }
+
+ /**
+ * Output only. The time when the `Policy` was deleted. Empty if the policy is not deleted.
+ * @return value or {@code null} for none
+ */
+ public String getDeleteTime() {
+ return deleteTime;
+ }
+
+ /**
+ * Output only. The time when the `Policy` was deleted. Empty if the policy is not deleted.
+ * @param deleteTime deleteTime or {@code null} for none
+ */
+ public GoogleIamV2Policy setDeleteTime(String deleteTime) {
+ this.deleteTime = deleteTime;
+ return this;
+ }
+
+ /**
+ * A user-specified description of the `Policy`. This value can be up to 63 characters.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getDisplayName() {
+ return displayName;
+ }
+
+ /**
+ * A user-specified description of the `Policy`. This value can be up to 63 characters.
+ * @param displayName displayName or {@code null} for none
+ */
+ public GoogleIamV2Policy setDisplayName(java.lang.String displayName) {
+ this.displayName = displayName;
+ return this;
+ }
+
+ /**
+ * An opaque tag that identifies the current version of the `Policy`. IAM uses this value to help
+ * manage concurrent updates, so they do not cause one update to be overwritten by another. If
+ * this field is present in a CreatePolicyRequest, the value is ignored.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getEtag() {
+ return etag;
+ }
+
+ /**
+ * An opaque tag that identifies the current version of the `Policy`. IAM uses this value to help
+ * manage concurrent updates, so they do not cause one update to be overwritten by another. If
+ * this field is present in a CreatePolicyRequest, the value is ignored.
+ * @param etag etag or {@code null} for none
+ */
+ public GoogleIamV2Policy setEtag(java.lang.String etag) {
+ this.etag = etag;
+ return this;
+ }
+
+ /**
+ * Output only. The kind of the `Policy`. Always contains the value `DenyPolicy`.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getKind() {
+ return kind;
+ }
+
+ /**
+ * Output only. The kind of the `Policy`. Always contains the value `DenyPolicy`.
+ * @param kind kind or {@code null} for none
+ */
+ public GoogleIamV2Policy setKind(java.lang.String kind) {
+ this.kind = kind;
+ return this;
+ }
+
+ /**
+ * Immutable. The resource name of the `Policy`, which must be unique. Format:
+ * `policies/{attachment_point}/denypolicies/{policy_id}` The attachment point is identified by
+ * its URL-encoded full resource name, which means that the forward-slash character, `/`, must be
+ * written as `%2F`. For example, `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-
+ * project/denypolicies/my-deny-policy`. For organizations and folders, use the numeric ID in the
+ * full resource name. For projects, requests can use the alphanumeric or the numeric ID.
+ * Responses always contain the numeric ID.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getName() {
+ return name;
+ }
+
+ /**
+ * Immutable. The resource name of the `Policy`, which must be unique. Format:
+ * `policies/{attachment_point}/denypolicies/{policy_id}` The attachment point is identified by
+ * its URL-encoded full resource name, which means that the forward-slash character, `/`, must be
+ * written as `%2F`. For example, `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-
+ * project/denypolicies/my-deny-policy`. For organizations and folders, use the numeric ID in the
+ * full resource name. For projects, requests can use the alphanumeric or the numeric ID.
+ * Responses always contain the numeric ID.
+ * @param name name or {@code null} for none
+ */
+ public GoogleIamV2Policy setName(java.lang.String name) {
+ this.name = name;
+ return this;
+ }
+
+ /**
+ * A list of rules that specify the behavior of the `Policy`. All of the rules should be of the
+ * `kind` specified in the `Policy`.
+ * @return value or {@code null} for none
+ */
+ public java.util.List getRules() {
+ return rules;
+ }
+
+ /**
+ * A list of rules that specify the behavior of the `Policy`. All of the rules should be of the
+ * `kind` specified in the `Policy`.
+ * @param rules rules or {@code null} for none
+ */
+ public GoogleIamV2Policy setRules(java.util.List rules) {
+ this.rules = rules;
+ return this;
+ }
+
+ /**
+ * Immutable. The globally unique ID of the `Policy`. Assigned automatically when the `Policy` is
+ * created.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getUid() {
+ return uid;
+ }
+
+ /**
+ * Immutable. The globally unique ID of the `Policy`. Assigned automatically when the `Policy` is
+ * created.
+ * @param uid uid or {@code null} for none
+ */
+ public GoogleIamV2Policy setUid(java.lang.String uid) {
+ this.uid = uid;
+ return this;
+ }
+
+ /**
+ * Output only. The time when the `Policy` was last updated.
+ * @return value or {@code null} for none
+ */
+ public String getUpdateTime() {
+ return updateTime;
+ }
+
+ /**
+ * Output only. The time when the `Policy` was last updated.
+ * @param updateTime updateTime or {@code null} for none
+ */
+ public GoogleIamV2Policy setUpdateTime(String updateTime) {
+ this.updateTime = updateTime;
+ return this;
+ }
+
+ @Override
+ public GoogleIamV2Policy set(String fieldName, Object value) {
+ return (GoogleIamV2Policy) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleIamV2Policy clone() {
+ return (GoogleIamV2Policy) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleIamV2PolicyRule.java b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleIamV2PolicyRule.java
new file mode 100644
index 00000000000..99bbc28e1f3
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleIamV2PolicyRule.java
@@ -0,0 +1,91 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3.model;
+
+/**
+ * A single rule in a `Policy`.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleIamV2PolicyRule extends com.google.api.client.json.GenericJson {
+
+ /**
+ * A rule for a deny policy.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleIamV2DenyRule denyRule;
+
+ /**
+ * A user-specified description of the rule. This value can be up to 256 characters.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String description;
+
+ /**
+ * A rule for a deny policy.
+ * @return value or {@code null} for none
+ */
+ public GoogleIamV2DenyRule getDenyRule() {
+ return denyRule;
+ }
+
+ /**
+ * A rule for a deny policy.
+ * @param denyRule denyRule or {@code null} for none
+ */
+ public GoogleIamV2PolicyRule setDenyRule(GoogleIamV2DenyRule denyRule) {
+ this.denyRule = denyRule;
+ return this;
+ }
+
+ /**
+ * A user-specified description of the rule. This value can be up to 256 characters.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getDescription() {
+ return description;
+ }
+
+ /**
+ * A user-specified description of the rule. This value can be up to 256 characters.
+ * @param description description or {@code null} for none
+ */
+ public GoogleIamV2PolicyRule setDescription(java.lang.String description) {
+ this.description = description;
+ return this;
+ }
+
+ @Override
+ public GoogleIamV2PolicyRule set(String fieldName, Object value) {
+ return (GoogleIamV2PolicyRule) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleIamV2PolicyRule clone() {
+ return (GoogleIamV2PolicyRule) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleRpcStatus.java b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleRpcStatus.java
new file mode 100644
index 00000000000..3362cdbaf84
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleRpcStatus.java
@@ -0,0 +1,128 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3.model;
+
+/**
+ * The `Status` type defines a logical error model that is suitable for different programming
+ * environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc).
+ * Each `Status` message contains three pieces of data: error code, error message, and error
+ * details. You can find out more about this error model and how to work with it in the [API Design
+ * Guide](https://cloud.google.com/apis/design/errors).
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleRpcStatus extends com.google.api.client.json.GenericJson {
+
+ /**
+ * The status code, which should be an enum value of google.rpc.Code.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.Integer code;
+
+ /**
+ * A list of messages that carry the error details. There is a common set of message types for
+ * APIs to use.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List> details;
+
+ /**
+ * A developer-facing error message, which should be in English. Any user-facing error message
+ * should be localized and sent in the google.rpc.Status.details field, or localized by the
+ * client.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String message;
+
+ /**
+ * The status code, which should be an enum value of google.rpc.Code.
+ * @return value or {@code null} for none
+ */
+ public java.lang.Integer getCode() {
+ return code;
+ }
+
+ /**
+ * The status code, which should be an enum value of google.rpc.Code.
+ * @param code code or {@code null} for none
+ */
+ public GoogleRpcStatus setCode(java.lang.Integer code) {
+ this.code = code;
+ return this;
+ }
+
+ /**
+ * A list of messages that carry the error details. There is a common set of message types for
+ * APIs to use.
+ * @return value or {@code null} for none
+ */
+ public java.util.List> getDetails() {
+ return details;
+ }
+
+ /**
+ * A list of messages that carry the error details. There is a common set of message types for
+ * APIs to use.
+ * @param details details or {@code null} for none
+ */
+ public GoogleRpcStatus setDetails(java.util.List> details) {
+ this.details = details;
+ return this;
+ }
+
+ /**
+ * A developer-facing error message, which should be in English. Any user-facing error message
+ * should be localized and sent in the google.rpc.Status.details field, or localized by the
+ * client.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getMessage() {
+ return message;
+ }
+
+ /**
+ * A developer-facing error message, which should be in English. Any user-facing error message
+ * should be localized and sent in the google.rpc.Status.details field, or localized by the
+ * client.
+ * @param message message or {@code null} for none
+ */
+ public GoogleRpcStatus setMessage(java.lang.String message) {
+ this.message = message;
+ return this;
+ }
+
+ @Override
+ public GoogleRpcStatus set(String fieldName, Object value) {
+ return (GoogleRpcStatus) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleRpcStatus clone() {
+ return (GoogleRpcStatus) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleTypeExpr.java b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleTypeExpr.java
new file mode 100644
index 00000000000..d9317f47d29
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3/2.0.0/com/google/api/services/policytroubleshooter/v3/model/GoogleTypeExpr.java
@@ -0,0 +1,160 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3.model;
+
+/**
+ * Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like
+ * expression language. The syntax and semantics of CEL are documented at
+ * https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit"
+ * description: "Determines if a summary is less than 100 chars" expression:
+ * "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description:
+ * "Determines if requestor is the document owner" expression: "document.owner ==
+ * request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine
+ * whether the document should be publicly visible" expression: "document.type != 'private' &&
+ * document.type != 'internal'" Example (Data Manipulation): title: "Notification string"
+ * description: "Create a notification string with a timestamp." expression: "'New message received
+ * at ' + string(document.create_time)" The exact variables and functions that may be referenced
+ * within an expression are determined by the service that evaluates it. See the service
+ * documentation for additional information.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleTypeExpr extends com.google.api.client.json.GenericJson {
+
+ /**
+ * Optional. Description of the expression. This is a longer text which describes the expression,
+ * e.g. when hovered over it in a UI.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String description;
+
+ /**
+ * Textual representation of an expression in Common Expression Language syntax.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String expression;
+
+ /**
+ * Optional. String indicating the location of the expression for error reporting, e.g. a file
+ * name and a position in the file.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String location;
+
+ /**
+ * Optional. Title for the expression, i.e. a short string describing its purpose. This can be
+ * used e.g. in UIs which allow to enter the expression.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String title;
+
+ /**
+ * Optional. Description of the expression. This is a longer text which describes the expression,
+ * e.g. when hovered over it in a UI.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getDescription() {
+ return description;
+ }
+
+ /**
+ * Optional. Description of the expression. This is a longer text which describes the expression,
+ * e.g. when hovered over it in a UI.
+ * @param description description or {@code null} for none
+ */
+ public GoogleTypeExpr setDescription(java.lang.String description) {
+ this.description = description;
+ return this;
+ }
+
+ /**
+ * Textual representation of an expression in Common Expression Language syntax.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getExpression() {
+ return expression;
+ }
+
+ /**
+ * Textual representation of an expression in Common Expression Language syntax.
+ * @param expression expression or {@code null} for none
+ */
+ public GoogleTypeExpr setExpression(java.lang.String expression) {
+ this.expression = expression;
+ return this;
+ }
+
+ /**
+ * Optional. String indicating the location of the expression for error reporting, e.g. a file
+ * name and a position in the file.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getLocation() {
+ return location;
+ }
+
+ /**
+ * Optional. String indicating the location of the expression for error reporting, e.g. a file
+ * name and a position in the file.
+ * @param location location or {@code null} for none
+ */
+ public GoogleTypeExpr setLocation(java.lang.String location) {
+ this.location = location;
+ return this;
+ }
+
+ /**
+ * Optional. Title for the expression, i.e. a short string describing its purpose. This can be
+ * used e.g. in UIs which allow to enter the expression.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getTitle() {
+ return title;
+ }
+
+ /**
+ * Optional. Title for the expression, i.e. a short string describing its purpose. This can be
+ * used e.g. in UIs which allow to enter the expression.
+ * @param title title or {@code null} for none
+ */
+ public GoogleTypeExpr setTitle(java.lang.String title) {
+ this.title = title;
+ return this;
+ }
+
+ @Override
+ public GoogleTypeExpr set(String fieldName, Object value) {
+ return (GoogleTypeExpr) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleTypeExpr clone() {
+ return (GoogleTypeExpr) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3/2.0.0/pom.xml b/clients/google-api-services-policytroubleshooter/v3/2.0.0/pom.xml
new file mode 100644
index 00000000000..655bb3001bf
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3/2.0.0/pom.xml
@@ -0,0 +1,219 @@
+
+ 4.0.0
+
+ org.sonatype.oss
+ oss-parent
+ 7
+
+
+ com.google.apis
+ google-api-services-policytroubleshooter
+ v3-rev20260111-2.0.0
+ Policy Troubleshooter API v3-rev20260111-2.0.0
+ jar
+
+ 2011
+
+
+
+ GoogleAPIs
+ GoogleAPIs
+ googleapis@googlegroups.com
+ Google
+ https://www.google.com
+
+
+
+
+ Google
+ http://www.google.com/
+
+
+
+
+ The Apache Software License, Version 2.0
+ http://www.apache.org/licenses/LICENSE-2.0.txt
+ repo
+
+
+
+
+
+ ossrh
+ https://google.oss.sonatype.org/content/repositories/snapshots
+
+
+
+
+
+
+ maven-compiler-plugin
+ 3.9.0
+
+ 1.7
+ 1.7
+
+
+
+ org.apache.maven.plugins
+ maven-source-plugin
+ 2.4
+
+
+ org.apache.maven.plugins
+ maven-jar-plugin
+ 3.1.2
+
+
+
+ com.google.api.services.policytroubleshooter
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-javadoc-plugin
+ 3.1.0
+
+
+ attach-javadocs
+
+ jar
+
+
+
+
+ none
+ Policy Troubleshooter API ${project.version}
+ Policy Troubleshooter API ${project.version}
+
+ http://docs.oracle.com/javase/7/docs/api
+ https://googleapis.dev/java/google-http-client/${httpClientLibrary}/
+ https://googleapis.dev/java/google-oauth-client/${oauthClientLibrary}/
+ https://googleapis.dev/java/google-api-client/2.7.2/
+
+
+
+
+ org.codehaus.mojo
+ clirr-maven-plugin
+ 2.8
+
+ clirr-ignored-differences.xml
+ true
+
+
+
+
+ check
+
+
+
+
+
+ .
+
+
+ ./resources
+
+
+
+
+
+
+ com.google.api-client
+ google-api-client
+ 2.7.2
+
+
+
+
+ UTF-8
+
+
+
+
+
+ release-sonatype
+
+
+
+ !artifact-registry-url
+
+
+
+
+
+ org.sonatype.plugins
+ nexus-staging-maven-plugin
+ 1.6.13
+ true
+
+ sonatype-nexus-staging
+ https://google.oss.sonatype.org/
+ false
+
+
+
+
+
+
+
+ release-gcp-artifact-registry
+
+ artifactregistry://please-define-artifact-registry-url-property
+
+
+
+ gcp-artifact-registry-repository
+ ${artifact-registry-url}
+
+
+ gcp-artifact-registry-repository
+ ${artifact-registry-url}
+
+
+
+
+ release-sign-artifacts
+
+
+ performRelease
+ true
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-gpg-plugin
+ 3.2.7
+
+
+ sign-artifacts
+ verify
+
+ sign
+
+
+
+ --pinentry-mode
+ loopback
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/clients/google-api-services-policytroubleshooter/v3/README.md b/clients/google-api-services-policytroubleshooter/v3/README.md
new file mode 100644
index 00000000000..8410cee9bdf
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3/README.md
@@ -0,0 +1,44 @@
+# Policy Troubleshooter API Client Library for Java
+
+
+
+This page contains information about getting started with the Policy Troubleshooter API
+using the Google API Client Library for Java. In addition, you may be interested
+in the following documentation:
+
+* Browse the [Javadoc reference for the Policy Troubleshooter API][javadoc]
+* Read the [Developer's Guide for the Google API Client Library for Java][google-api-client].
+* Interact with this API in your browser using the [APIs Explorer for the Policy Troubleshooter API][api-explorer]
+
+## Installation
+
+### Maven
+
+Add the following lines to your `pom.xml` file:
+
+```xml
+
+
+
+ com.google.apis
+ google-api-services-policytroubleshooter
+ v3-rev20260111-2.0.0
+
+
+
+```
+
+### Gradle
+
+```gradle
+repositories {
+ mavenCentral()
+}
+dependencies {
+ implementation 'com.google.apis:google-api-services-policytroubleshooter:v3-rev20260111-2.0.0'
+}
+```
+
+[javadoc]: https://googleapis.dev/java/google-api-services-policytroubleshooter/latest/index.html
+[google-api-client]: https://github.com/googleapis/google-api-java-client/
+[api-explorer]: https://developers.google.com/apis-explorer/#p/policytroubleshooter/v1/
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/README.md b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/README.md
new file mode 100644
index 00000000000..615e9855ff9
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/README.md
@@ -0,0 +1,44 @@
+# Policy Troubleshooter API Client Library for Java
+
+
+
+This page contains information about getting started with the Policy Troubleshooter API
+using the Google API Client Library for Java. In addition, you may be interested
+in the following documentation:
+
+* Browse the [Javadoc reference for the Policy Troubleshooter API][javadoc]
+* Read the [Developer's Guide for the Google API Client Library for Java][google-api-client].
+* Interact with this API in your browser using the [APIs Explorer for the Policy Troubleshooter API][api-explorer]
+
+## Installation
+
+### Maven
+
+Add the following lines to your `pom.xml` file:
+
+```xml
+
+
+
+ com.google.apis
+ google-api-services-policytroubleshooter
+ v3beta-rev20260111-2.0.0
+
+
+
+```
+
+### Gradle
+
+```gradle
+repositories {
+ mavenCentral()
+}
+dependencies {
+ implementation 'com.google.apis:google-api-services-policytroubleshooter:v3beta-rev20260111-2.0.0'
+}
+```
+
+[javadoc]: https://googleapis.dev/java/google-api-services-policytroubleshooter/latest/index.html
+[google-api-client]: https://github.com/googleapis/google-api-java-client/
+[api-explorer]: https://developers.google.com/apis-explorer/#p/policytroubleshooter/v1/
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/PolicyTroubleshooter.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/PolicyTroubleshooter.java
new file mode 100644
index 00000000000..2657412faff
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/PolicyTroubleshooter.java
@@ -0,0 +1,384 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta;
+
+/**
+ * Service definition for PolicyTroubleshooter (v3beta).
+ *
+ *
+ *
+ *
+ *
+ *
+ * For more information about this service, see the
+ * API Documentation
+ *
+ *
+ *
+ * This service uses {@link PolicyTroubleshooterRequestInitializer} to initialize global parameters via its
+ * {@link Builder}.
+ *
+ *
+ * @since 1.3
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public class PolicyTroubleshooter extends com.google.api.client.googleapis.services.json.AbstractGoogleJsonClient {
+
+ // Note: Leave this static initializer at the top of the file.
+ static {
+ com.google.api.client.util.Preconditions.checkState(
+ (com.google.api.client.googleapis.GoogleUtils.MAJOR_VERSION == 1 &&
+ (com.google.api.client.googleapis.GoogleUtils.MINOR_VERSION >= 32 ||
+ (com.google.api.client.googleapis.GoogleUtils.MINOR_VERSION == 31 &&
+ com.google.api.client.googleapis.GoogleUtils.BUGFIX_VERSION >= 1))) ||
+ com.google.api.client.googleapis.GoogleUtils.MAJOR_VERSION >= 2,
+ "You are currently running with version %s of google-api-client. " +
+ "You need at least version 1.31.1 of google-api-client to run version " +
+ "2.0.0 of the Policy Troubleshooter API library.", com.google.api.client.googleapis.GoogleUtils.VERSION);
+ }
+
+ /**
+ * The default encoded root URL of the service. This is determined when the library is generated
+ * and normally should not be changed.
+ *
+ * @since 1.7
+ */
+ public static final String DEFAULT_ROOT_URL = "https://policytroubleshooter.googleapis.com/";
+
+ /**
+ * The default encoded mTLS root URL of the service. This is determined when the library is generated
+ * and normally should not be changed.
+ *
+ * @since 1.31
+ */
+ public static final String DEFAULT_MTLS_ROOT_URL = "https://policytroubleshooter.mtls.googleapis.com/";
+
+ /**
+ * The default encoded service path of the service. This is determined when the library is
+ * generated and normally should not be changed.
+ *
+ * @since 1.7
+ */
+ public static final String DEFAULT_SERVICE_PATH = "";
+
+ /**
+ * The default encoded batch path of the service. This is determined when the library is
+ * generated and normally should not be changed.
+ *
+ * @since 1.23
+ */
+ public static final String DEFAULT_BATCH_PATH = "batch";
+
+ /**
+ * The default encoded base URL of the service. This is determined when the library is generated
+ * and normally should not be changed.
+ */
+ public static final String DEFAULT_BASE_URL = DEFAULT_ROOT_URL + DEFAULT_SERVICE_PATH;
+
+ /**
+ * Constructor.
+ *
+ *
+ * Use {@link Builder} if you need to specify any of the optional parameters.
+ *
+ *
+ * @param transport HTTP transport, which should normally be:
+ *
+ *
Google App Engine:
+ * {@code com.google.api.client.extensions.appengine.http.UrlFetchTransport}
+ *
Android: {@code newCompatibleTransport} from
+ * {@code com.google.api.client.extensions.android.http.AndroidHttp}
+ *
+ * @return the resource collection
+ */
+ public Iam iam() {
+ return new Iam();
+ }
+
+ /**
+ * The "iam" collection of methods.
+ */
+ public class Iam {
+
+ /**
+ * Checks whether a principal has a specific permission for a specific resource, and explains why
+ * the principal does or doesn't have that permission.
+ *
+ * Create a request for the method "iam.troubleshoot".
+ *
+ * This request holds the parameters needed by the policytroubleshooter server. After setting any
+ * optional parameters, call the {@link Troubleshoot#execute()} method to invoke the remote
+ * operation.
+ *
+ * @param content the {@link com.google.api.services.policytroubleshooter.v3beta.model.GoogleCloudPolicytroubleshooterIamV3betaTroubleshootIamPolicyRequest}
+ * @return the request
+ */
+ public Troubleshoot troubleshoot(com.google.api.services.policytroubleshooter.v3beta.model.GoogleCloudPolicytroubleshooterIamV3betaTroubleshootIamPolicyRequest content) throws java.io.IOException {
+ Troubleshoot result = new Troubleshoot(content);
+ initialize(result);
+ return result;
+ }
+
+ public class Troubleshoot extends PolicyTroubleshooterRequest {
+
+ private static final String REST_PATH = "v3beta/iam:troubleshoot";
+
+ /**
+ * Checks whether a principal has a specific permission for a specific resource, and explains why
+ * the principal does or doesn't have that permission.
+ *
+ * Create a request for the method "iam.troubleshoot".
+ *
+ * This request holds the parameters needed by the the policytroubleshooter server. After setting
+ * any optional parameters, call the {@link Troubleshoot#execute()} method to invoke the remote
+ * operation.
{@link
+ * Troubleshoot#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)}
+ * must be called to initialize this instance immediately after invoking the constructor.
+ *
+ * @since 1.3.0
+ */
+ public static final class Builder extends com.google.api.client.googleapis.services.json.AbstractGoogleJsonClient.Builder {
+
+ private static String chooseEndpoint(com.google.api.client.http.HttpTransport transport) {
+ // If the GOOGLE_API_USE_MTLS_ENDPOINT environment variable value is "always", use mTLS endpoint.
+ // If the env variable is "auto", use mTLS endpoint if and only if the transport is mTLS.
+ // Use the regular endpoint for all other cases.
+ String useMtlsEndpoint = System.getenv("GOOGLE_API_USE_MTLS_ENDPOINT");
+ useMtlsEndpoint = useMtlsEndpoint == null ? "auto" : useMtlsEndpoint;
+ if ("always".equals(useMtlsEndpoint) || ("auto".equals(useMtlsEndpoint) && transport != null && transport.isMtls())) {
+ return DEFAULT_MTLS_ROOT_URL;
+ }
+ return DEFAULT_ROOT_URL;
+ }
+
+ /**
+ * Returns an instance of a new builder.
+ *
+ * @param transport HTTP transport, which should normally be:
+ *
+ *
Google App Engine:
+ * {@code com.google.api.client.extensions.appengine.http.UrlFetchTransport}
+ *
Android: {@code newCompatibleTransport} from
+ * {@code com.google.api.client.extensions.android.http.AndroidHttp}
Google GSON: {@code com.google.api.client.json.gson.GsonFactory}
+ *
Android Honeycomb or higher:
+ * {@code com.google.api.client.extensions.android.json.AndroidJsonFactory}
+ *
+ * @param httpRequestInitializer HTTP request initializer or {@code null} for none
+ * @since 1.7
+ */
+ public Builder(com.google.api.client.http.HttpTransport transport, com.google.api.client.json.JsonFactory jsonFactory,
+ com.google.api.client.http.HttpRequestInitializer httpRequestInitializer) {
+ super(
+ transport,
+ jsonFactory,
+ Builder.chooseEndpoint(transport),
+ DEFAULT_SERVICE_PATH,
+ httpRequestInitializer,
+ false);
+ setBatchPath(DEFAULT_BATCH_PATH);
+ }
+
+ /** Builds a new instance of {@link PolicyTroubleshooter}. */
+ @Override
+ public PolicyTroubleshooter build() {
+ return new PolicyTroubleshooter(this);
+ }
+
+ @Override
+ public Builder setRootUrl(String rootUrl) {
+ return (Builder) super.setRootUrl(rootUrl);
+ }
+
+ @Override
+ public Builder setServicePath(String servicePath) {
+ return (Builder) super.setServicePath(servicePath);
+ }
+
+ @Override
+ public Builder setBatchPath(String batchPath) {
+ return (Builder) super.setBatchPath(batchPath);
+ }
+
+ @Override
+ public Builder setHttpRequestInitializer(com.google.api.client.http.HttpRequestInitializer httpRequestInitializer) {
+ return (Builder) super.setHttpRequestInitializer(httpRequestInitializer);
+ }
+
+ @Override
+ public Builder setApplicationName(String applicationName) {
+ return (Builder) super.setApplicationName(applicationName);
+ }
+
+ @Override
+ public Builder setSuppressPatternChecks(boolean suppressPatternChecks) {
+ return (Builder) super.setSuppressPatternChecks(suppressPatternChecks);
+ }
+
+ @Override
+ public Builder setSuppressRequiredParameterChecks(boolean suppressRequiredParameterChecks) {
+ return (Builder) super.setSuppressRequiredParameterChecks(suppressRequiredParameterChecks);
+ }
+
+ @Override
+ public Builder setSuppressAllChecks(boolean suppressAllChecks) {
+ return (Builder) super.setSuppressAllChecks(suppressAllChecks);
+ }
+
+ /**
+ * Set the {@link PolicyTroubleshooterRequestInitializer}.
+ *
+ * @since 1.12
+ */
+ public Builder setPolicyTroubleshooterRequestInitializer(
+ PolicyTroubleshooterRequestInitializer policytroubleshooterRequestInitializer) {
+ return (Builder) super.setGoogleClientRequestInitializer(policytroubleshooterRequestInitializer);
+ }
+
+ @Override
+ public Builder setGoogleClientRequestInitializer(
+ com.google.api.client.googleapis.services.GoogleClientRequestInitializer googleClientRequestInitializer) {
+ return (Builder) super.setGoogleClientRequestInitializer(googleClientRequestInitializer);
+ }
+
+ @Override
+ public Builder setUniverseDomain(String universeDomain) {
+ return (Builder) super.setUniverseDomain(universeDomain);
+ }
+ }
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/PolicyTroubleshooterRequest.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/PolicyTroubleshooterRequest.java
new file mode 100644
index 00000000000..d017236e9d8
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/PolicyTroubleshooterRequest.java
@@ -0,0 +1,267 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta;
+
+/**
+ * PolicyTroubleshooter request.
+ *
+ * @since 1.3
+ */
+@SuppressWarnings("javadoc")
+public abstract class PolicyTroubleshooterRequest extends com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest {
+
+ /**
+ * @param client Google client
+ * @param method HTTP Method
+ * @param uriTemplate URI template for the path relative to the base URL. If it starts with a "/"
+ * the base path from the base URL will be stripped out. The URI template can also be a
+ * full URL. URI template expansion is done using
+ * {@link com.google.api.client.http.UriTemplate#expand(String, String, Object, boolean)}
+ * @param content A POJO that can be serialized into JSON or {@code null} for none
+ * @param responseClass response class to parse into
+ */
+ public PolicyTroubleshooterRequest(
+ PolicyTroubleshooter client, String method, String uriTemplate, Object content, Class responseClass) {
+ super(
+ client,
+ method,
+ uriTemplate,
+ content,
+ responseClass);
+ }
+
+ /** V1 error format. */
+ @com.google.api.client.util.Key("$.xgafv")
+ private java.lang.String $Xgafv;
+
+ /**
+ * V1 error format.
+ */
+ public java.lang.String get$Xgafv() {
+ return $Xgafv;
+ }
+
+ /** V1 error format. */
+ public PolicyTroubleshooterRequest set$Xgafv(java.lang.String $Xgafv) {
+ this.$Xgafv = $Xgafv;
+ return this;
+ }
+
+ /** OAuth access token. */
+ @com.google.api.client.util.Key("access_token")
+ private java.lang.String accessToken;
+
+ /**
+ * OAuth access token.
+ */
+ public java.lang.String getAccessToken() {
+ return accessToken;
+ }
+
+ /** OAuth access token. */
+ public PolicyTroubleshooterRequest setAccessToken(java.lang.String accessToken) {
+ this.accessToken = accessToken;
+ return this;
+ }
+
+ /** Data format for response. */
+ @com.google.api.client.util.Key
+ private java.lang.String alt;
+
+ /**
+ * Data format for response. [default: json]
+ */
+ public java.lang.String getAlt() {
+ return alt;
+ }
+
+ /** Data format for response. */
+ public PolicyTroubleshooterRequest setAlt(java.lang.String alt) {
+ this.alt = alt;
+ return this;
+ }
+
+ /** JSONP */
+ @com.google.api.client.util.Key
+ private java.lang.String callback;
+
+ /**
+ * JSONP
+ */
+ public java.lang.String getCallback() {
+ return callback;
+ }
+
+ /** JSONP */
+ public PolicyTroubleshooterRequest setCallback(java.lang.String callback) {
+ this.callback = callback;
+ return this;
+ }
+
+ /** Selector specifying which fields to include in a partial response. */
+ @com.google.api.client.util.Key
+ private java.lang.String fields;
+
+ /**
+ * Selector specifying which fields to include in a partial response.
+ */
+ public java.lang.String getFields() {
+ return fields;
+ }
+
+ /** Selector specifying which fields to include in a partial response. */
+ public PolicyTroubleshooterRequest setFields(java.lang.String fields) {
+ this.fields = fields;
+ return this;
+ }
+
+ /**
+ * API key. Your API key identifies your project and provides you with API access, quota, and
+ * reports. Required unless you provide an OAuth 2.0 token.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String key;
+
+ /**
+ * API key. Your API key identifies your project and provides you with API access, quota, and
+ * reports. Required unless you provide an OAuth 2.0 token.
+ */
+ public java.lang.String getKey() {
+ return key;
+ }
+
+ /**
+ * API key. Your API key identifies your project and provides you with API access, quota, and
+ * reports. Required unless you provide an OAuth 2.0 token.
+ */
+ public PolicyTroubleshooterRequest setKey(java.lang.String key) {
+ this.key = key;
+ return this;
+ }
+
+ /** OAuth 2.0 token for the current user. */
+ @com.google.api.client.util.Key("oauth_token")
+ private java.lang.String oauthToken;
+
+ /**
+ * OAuth 2.0 token for the current user.
+ */
+ public java.lang.String getOauthToken() {
+ return oauthToken;
+ }
+
+ /** OAuth 2.0 token for the current user. */
+ public PolicyTroubleshooterRequest setOauthToken(java.lang.String oauthToken) {
+ this.oauthToken = oauthToken;
+ return this;
+ }
+
+ /** Returns response with indentations and line breaks. */
+ @com.google.api.client.util.Key
+ private java.lang.Boolean prettyPrint;
+
+ /**
+ * Returns response with indentations and line breaks. [default: true]
+ */
+ public java.lang.Boolean getPrettyPrint() {
+ return prettyPrint;
+ }
+
+ /** Returns response with indentations and line breaks. */
+ public PolicyTroubleshooterRequest setPrettyPrint(java.lang.Boolean prettyPrint) {
+ this.prettyPrint = prettyPrint;
+ return this;
+ }
+
+ /**
+ * Available to use for quota purposes for server-side applications. Can be any arbitrary string
+ * assigned to a user, but should not exceed 40 characters.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String quotaUser;
+
+ /**
+ * Available to use for quota purposes for server-side applications. Can be any arbitrary string
+ * assigned to a user, but should not exceed 40 characters.
+ */
+ public java.lang.String getQuotaUser() {
+ return quotaUser;
+ }
+
+ /**
+ * Available to use for quota purposes for server-side applications. Can be any arbitrary string
+ * assigned to a user, but should not exceed 40 characters.
+ */
+ public PolicyTroubleshooterRequest setQuotaUser(java.lang.String quotaUser) {
+ this.quotaUser = quotaUser;
+ return this;
+ }
+
+ /** Legacy upload protocol for media (e.g. "media", "multipart"). */
+ @com.google.api.client.util.Key
+ private java.lang.String uploadType;
+
+ /**
+ * Legacy upload protocol for media (e.g. "media", "multipart").
+ */
+ public java.lang.String getUploadType() {
+ return uploadType;
+ }
+
+ /** Legacy upload protocol for media (e.g. "media", "multipart"). */
+ public PolicyTroubleshooterRequest setUploadType(java.lang.String uploadType) {
+ this.uploadType = uploadType;
+ return this;
+ }
+
+ /** Upload protocol for media (e.g. "raw", "multipart"). */
+ @com.google.api.client.util.Key("upload_protocol")
+ private java.lang.String uploadProtocol;
+
+ /**
+ * Upload protocol for media (e.g. "raw", "multipart").
+ */
+ public java.lang.String getUploadProtocol() {
+ return uploadProtocol;
+ }
+
+ /** Upload protocol for media (e.g. "raw", "multipart"). */
+ public PolicyTroubleshooterRequest setUploadProtocol(java.lang.String uploadProtocol) {
+ this.uploadProtocol = uploadProtocol;
+ return this;
+ }
+
+ @Override
+ public final PolicyTroubleshooter getAbstractGoogleClient() {
+ return (PolicyTroubleshooter) super.getAbstractGoogleClient();
+ }
+
+ @Override
+ public PolicyTroubleshooterRequest setDisableGZipContent(boolean disableGZipContent) {
+ return (PolicyTroubleshooterRequest) super.setDisableGZipContent(disableGZipContent);
+ }
+
+ @Override
+ public PolicyTroubleshooterRequest setRequestHeaders(com.google.api.client.http.HttpHeaders headers) {
+ return (PolicyTroubleshooterRequest) super.setRequestHeaders(headers);
+ }
+
+ @Override
+ public PolicyTroubleshooterRequest set(String parameterName, Object value) {
+ return (PolicyTroubleshooterRequest) super.set(parameterName, value);
+ }
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/PolicyTroubleshooterRequestInitializer.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/PolicyTroubleshooterRequestInitializer.java
new file mode 100644
index 00000000000..b374f2d33fe
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/PolicyTroubleshooterRequestInitializer.java
@@ -0,0 +1,119 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta;
+
+/**
+ * PolicyTroubleshooter request initializer for setting properties like key and userIp.
+ *
+ *
+ * The simplest usage is to use it to set the key parameter:
+ *
+ *
+ *
+ public static final GoogleClientRequestInitializer KEY_INITIALIZER =
+ new PolicyTroubleshooterRequestInitializer(KEY);
+ *
+ *
+ *
+ * There is also a constructor to set both the key and userIp parameters:
+ *
+ *
+ *
+ public static final GoogleClientRequestInitializer INITIALIZER =
+ new PolicyTroubleshooterRequestInitializer(KEY, USER_IP);
+ *
+ *
+ *
+ * If you want to implement custom logic, extend it like this:
+ *
+ *
+ * @since 1.12
+ */
+public class PolicyTroubleshooterRequestInitializer extends com.google.api.client.googleapis.services.json.CommonGoogleJsonClientRequestInitializer {
+
+ public PolicyTroubleshooterRequestInitializer() {
+ super();
+ }
+
+ /**
+ * @param key API key or {@code null} to leave it unchanged
+ */
+ public PolicyTroubleshooterRequestInitializer(String key) {
+ super(key);
+ }
+
+ /**
+ * @param key API key or {@code null} to leave it unchanged
+ * @param userIp user IP or {@code null} to leave it unchanged
+ */
+ public PolicyTroubleshooterRequestInitializer(String key, String userIp) {
+ super(key, userIp);
+ }
+
+ @Override
+ public final void initializeJsonRequest(com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest request) throws java.io.IOException {
+ super.initializeJsonRequest(request);
+ initializePolicyTroubleshooterRequest((PolicyTroubleshooterRequest) request);
+ }
+
+ /**
+ * Initializes PolicyTroubleshooter request.
+ *
+ *
+ * Default implementation does nothing. Called from
+ * {@link #initializeJsonRequest(com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest)}.
+ *
+ *
+ * @throws java.io.IOException I/O exception
+ */
+ protected void initializePolicyTroubleshooterRequest(PolicyTroubleshooterRequest request) throws java.io.IOException {
+ }
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/PolicyTroubleshooterScopes.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/PolicyTroubleshooterScopes.java
new file mode 100644
index 00000000000..b8e335e4592
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/PolicyTroubleshooterScopes.java
@@ -0,0 +1,42 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta;
+
+/**
+ * Available OAuth 2.0 scopes for use with the Policy Troubleshooter API.
+ *
+ * @since 1.4
+ */
+public class PolicyTroubleshooterScopes {
+
+ /** See, edit, configure, and delete your Google Cloud data and see the email address for your Google Account.. */
+ public static final String CLOUD_PLATFORM = "https://www.googleapis.com/auth/cloud-platform";
+
+ /**
+ * Returns an unmodifiable set that contains all scopes declared by this class.
+ *
+ * @since 1.16
+ */
+ public static java.util.Set all() {
+ java.util.Set set = new java.util.HashSet();
+ set.add(CLOUD_PLATFORM);
+ return java.util.Collections.unmodifiableSet(set);
+ }
+
+ private PolicyTroubleshooterScopes() {
+ }
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaAccessTuple.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaAccessTuple.java
new file mode 100644
index 00000000000..65f3d241736
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaAccessTuple.java
@@ -0,0 +1,196 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta.model;
+
+/**
+ * Information about the principal, resource, and permission to check.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3betaAccessTuple extends com.google.api.client.json.GenericJson {
+
+ /**
+ * Optional. Additional context for the request, such as the request time or IP address. This
+ * context allows Policy Troubleshooter to troubleshoot conditional role bindings and deny rules.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleCloudPolicytroubleshooterIamV3betaConditionContext conditionContext;
+
+ /**
+ * Required. The full resource name that identifies the resource. For example,
+ * `//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance`. For
+ * examples of full resource names for Google Cloud services, see
+ * https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String fullResourceName;
+
+ /**
+ * Required. The IAM permission to check for, either in the `v1` permission format or the `v2`
+ * permission format. For a complete list of IAM permissions in the `v1` format, see
+ * https://cloud.google.com/iam/help/permissions/reference. For a list of IAM permissions in the
+ * `v2` format, see https://cloud.google.com/iam/help/deny/supported-permissions. For a complete
+ * list of predefined IAM roles and the permissions in each role, see
+ * https://cloud.google.com/iam/help/roles/reference.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String permission;
+
+ /**
+ * Output only. The permission that Policy Troubleshooter checked for, in the `v2` format.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String permissionFqdn;
+
+ /**
+ * Required. The email address of the principal whose access you want to check. For example,
+ * `alice@example.com` or `my-service-account@my-project.iam.gserviceaccount.com`. The principal
+ * must be a Google Account or a service account. Other types of principals are not supported.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String principal;
+
+ /**
+ * Optional. Additional context for the request, such as the request time or IP address. This
+ * context allows Policy Troubleshooter to troubleshoot conditional role bindings and deny rules.
+ * @return value or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaConditionContext getConditionContext() {
+ return conditionContext;
+ }
+
+ /**
+ * Optional. Additional context for the request, such as the request time or IP address. This
+ * context allows Policy Troubleshooter to troubleshoot conditional role bindings and deny rules.
+ * @param conditionContext conditionContext or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaAccessTuple setConditionContext(GoogleCloudPolicytroubleshooterIamV3betaConditionContext conditionContext) {
+ this.conditionContext = conditionContext;
+ return this;
+ }
+
+ /**
+ * Required. The full resource name that identifies the resource. For example,
+ * `//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance`. For
+ * examples of full resource names for Google Cloud services, see
+ * https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getFullResourceName() {
+ return fullResourceName;
+ }
+
+ /**
+ * Required. The full resource name that identifies the resource. For example,
+ * `//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance`. For
+ * examples of full resource names for Google Cloud services, see
+ * https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
+ * @param fullResourceName fullResourceName or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaAccessTuple setFullResourceName(java.lang.String fullResourceName) {
+ this.fullResourceName = fullResourceName;
+ return this;
+ }
+
+ /**
+ * Required. The IAM permission to check for, either in the `v1` permission format or the `v2`
+ * permission format. For a complete list of IAM permissions in the `v1` format, see
+ * https://cloud.google.com/iam/help/permissions/reference. For a list of IAM permissions in the
+ * `v2` format, see https://cloud.google.com/iam/help/deny/supported-permissions. For a complete
+ * list of predefined IAM roles and the permissions in each role, see
+ * https://cloud.google.com/iam/help/roles/reference.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getPermission() {
+ return permission;
+ }
+
+ /**
+ * Required. The IAM permission to check for, either in the `v1` permission format or the `v2`
+ * permission format. For a complete list of IAM permissions in the `v1` format, see
+ * https://cloud.google.com/iam/help/permissions/reference. For a list of IAM permissions in the
+ * `v2` format, see https://cloud.google.com/iam/help/deny/supported-permissions. For a complete
+ * list of predefined IAM roles and the permissions in each role, see
+ * https://cloud.google.com/iam/help/roles/reference.
+ * @param permission permission or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaAccessTuple setPermission(java.lang.String permission) {
+ this.permission = permission;
+ return this;
+ }
+
+ /**
+ * Output only. The permission that Policy Troubleshooter checked for, in the `v2` format.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getPermissionFqdn() {
+ return permissionFqdn;
+ }
+
+ /**
+ * Output only. The permission that Policy Troubleshooter checked for, in the `v2` format.
+ * @param permissionFqdn permissionFqdn or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaAccessTuple setPermissionFqdn(java.lang.String permissionFqdn) {
+ this.permissionFqdn = permissionFqdn;
+ return this;
+ }
+
+ /**
+ * Required. The email address of the principal whose access you want to check. For example,
+ * `alice@example.com` or `my-service-account@my-project.iam.gserviceaccount.com`. The principal
+ * must be a Google Account or a service account. Other types of principals are not supported.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getPrincipal() {
+ return principal;
+ }
+
+ /**
+ * Required. The email address of the principal whose access you want to check. For example,
+ * `alice@example.com` or `my-service-account@my-project.iam.gserviceaccount.com`. The principal
+ * must be a Google Account or a service account. Other types of principals are not supported.
+ * @param principal principal or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaAccessTuple setPrincipal(java.lang.String principal) {
+ this.principal = principal;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaAccessTuple set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3betaAccessTuple) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaAccessTuple clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3betaAccessTuple) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaAllowBindingExplanation.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaAllowBindingExplanation.java
new file mode 100644
index 00000000000..d590c470742
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaAllowBindingExplanation.java
@@ -0,0 +1,314 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta.model;
+
+/**
+ * Details about how a role binding in an allow policy affects a principal's ability to use a
+ * permission.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3betaAllowBindingExplanation extends com.google.api.client.json.GenericJson {
+
+ /**
+ * Required. Indicates whether _this role binding_ gives the specified permission to the specified
+ * principal on the specified resource. This field does _not_ indicate whether the principal
+ * actually has the permission on the resource. There might be another role binding that overrides
+ * this role binding. To determine whether the principal actually has the permission, use the
+ * `overall_access_state` field in the TroubleshootIamPolicyResponse.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String allowAccessState;
+
+ /**
+ * The combined result of all memberships. Indicates if the principal is included in any role
+ * binding, either directly or indirectly.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleCloudPolicytroubleshooterIamV3betaAllowBindingExplanationAnnotatedAllowMembership combinedMembership;
+
+ /**
+ * A condition expression that specifies when the role binding grants access. To learn about IAM
+ * Conditions, see https://cloud.google.com/iam/help/conditions/overview.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleTypeExpr condition;
+
+ /**
+ * Condition evaluation state for this role binding.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleCloudPolicytroubleshooterIamV3betaConditionExplanation conditionExplanation;
+
+ /**
+ * Indicates whether each role binding includes the principal specified in the request, either
+ * directly or indirectly. Each key identifies a principal in the role binding, and each value
+ * indicates whether the principal in the role binding includes the principal in the request. For
+ * example, suppose that a role binding includes the following principals: *
+ * `user:alice@example.com` * `group:product-eng@example.com` You want to troubleshoot access for
+ * `user:bob@example.com`. This user is a member of the group `group:product-eng@example.com`. For
+ * the first principal in the role binding, the key is `user:alice@example.com`, and the
+ * `membership` field in the value is set to `NOT_INCLUDED`. For the second principal in the role
+ * binding, the key is `group:product-eng@example.com`, and the `membership` field in the value is
+ * set to `INCLUDED`.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.Map memberships;
+
+ /**
+ * The relevance of this role binding to the overall determination for the entire policy.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String relevance;
+
+ /**
+ * The role that this role binding grants. For example, `roles/compute.admin`. For a complete list
+ * of predefined IAM roles, as well as the permissions in each role, see
+ * https://cloud.google.com/iam/help/roles/reference.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String role;
+
+ /**
+ * Indicates whether the role granted by this role binding contains the specified permission.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String rolePermission;
+
+ /**
+ * The relevance of the permission's existence, or nonexistence, in the role to the overall
+ * determination for the entire policy.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String rolePermissionRelevance;
+
+ /**
+ * Required. Indicates whether _this role binding_ gives the specified permission to the specified
+ * principal on the specified resource. This field does _not_ indicate whether the principal
+ * actually has the permission on the resource. There might be another role binding that overrides
+ * this role binding. To determine whether the principal actually has the permission, use the
+ * `overall_access_state` field in the TroubleshootIamPolicyResponse.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getAllowAccessState() {
+ return allowAccessState;
+ }
+
+ /**
+ * Required. Indicates whether _this role binding_ gives the specified permission to the specified
+ * principal on the specified resource. This field does _not_ indicate whether the principal
+ * actually has the permission on the resource. There might be another role binding that overrides
+ * this role binding. To determine whether the principal actually has the permission, use the
+ * `overall_access_state` field in the TroubleshootIamPolicyResponse.
+ * @param allowAccessState allowAccessState or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaAllowBindingExplanation setAllowAccessState(java.lang.String allowAccessState) {
+ this.allowAccessState = allowAccessState;
+ return this;
+ }
+
+ /**
+ * The combined result of all memberships. Indicates if the principal is included in any role
+ * binding, either directly or indirectly.
+ * @return value or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaAllowBindingExplanationAnnotatedAllowMembership getCombinedMembership() {
+ return combinedMembership;
+ }
+
+ /**
+ * The combined result of all memberships. Indicates if the principal is included in any role
+ * binding, either directly or indirectly.
+ * @param combinedMembership combinedMembership or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaAllowBindingExplanation setCombinedMembership(GoogleCloudPolicytroubleshooterIamV3betaAllowBindingExplanationAnnotatedAllowMembership combinedMembership) {
+ this.combinedMembership = combinedMembership;
+ return this;
+ }
+
+ /**
+ * A condition expression that specifies when the role binding grants access. To learn about IAM
+ * Conditions, see https://cloud.google.com/iam/help/conditions/overview.
+ * @return value or {@code null} for none
+ */
+ public GoogleTypeExpr getCondition() {
+ return condition;
+ }
+
+ /**
+ * A condition expression that specifies when the role binding grants access. To learn about IAM
+ * Conditions, see https://cloud.google.com/iam/help/conditions/overview.
+ * @param condition condition or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaAllowBindingExplanation setCondition(GoogleTypeExpr condition) {
+ this.condition = condition;
+ return this;
+ }
+
+ /**
+ * Condition evaluation state for this role binding.
+ * @return value or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaConditionExplanation getConditionExplanation() {
+ return conditionExplanation;
+ }
+
+ /**
+ * Condition evaluation state for this role binding.
+ * @param conditionExplanation conditionExplanation or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaAllowBindingExplanation setConditionExplanation(GoogleCloudPolicytroubleshooterIamV3betaConditionExplanation conditionExplanation) {
+ this.conditionExplanation = conditionExplanation;
+ return this;
+ }
+
+ /**
+ * Indicates whether each role binding includes the principal specified in the request, either
+ * directly or indirectly. Each key identifies a principal in the role binding, and each value
+ * indicates whether the principal in the role binding includes the principal in the request. For
+ * example, suppose that a role binding includes the following principals: *
+ * `user:alice@example.com` * `group:product-eng@example.com` You want to troubleshoot access for
+ * `user:bob@example.com`. This user is a member of the group `group:product-eng@example.com`. For
+ * the first principal in the role binding, the key is `user:alice@example.com`, and the
+ * `membership` field in the value is set to `NOT_INCLUDED`. For the second principal in the role
+ * binding, the key is `group:product-eng@example.com`, and the `membership` field in the value is
+ * set to `INCLUDED`.
+ * @return value or {@code null} for none
+ */
+ public java.util.Map getMemberships() {
+ return memberships;
+ }
+
+ /**
+ * Indicates whether each role binding includes the principal specified in the request, either
+ * directly or indirectly. Each key identifies a principal in the role binding, and each value
+ * indicates whether the principal in the role binding includes the principal in the request. For
+ * example, suppose that a role binding includes the following principals: *
+ * `user:alice@example.com` * `group:product-eng@example.com` You want to troubleshoot access for
+ * `user:bob@example.com`. This user is a member of the group `group:product-eng@example.com`. For
+ * the first principal in the role binding, the key is `user:alice@example.com`, and the
+ * `membership` field in the value is set to `NOT_INCLUDED`. For the second principal in the role
+ * binding, the key is `group:product-eng@example.com`, and the `membership` field in the value is
+ * set to `INCLUDED`.
+ * @param memberships memberships or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaAllowBindingExplanation setMemberships(java.util.Map memberships) {
+ this.memberships = memberships;
+ return this;
+ }
+
+ /**
+ * The relevance of this role binding to the overall determination for the entire policy.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getRelevance() {
+ return relevance;
+ }
+
+ /**
+ * The relevance of this role binding to the overall determination for the entire policy.
+ * @param relevance relevance or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaAllowBindingExplanation setRelevance(java.lang.String relevance) {
+ this.relevance = relevance;
+ return this;
+ }
+
+ /**
+ * The role that this role binding grants. For example, `roles/compute.admin`. For a complete list
+ * of predefined IAM roles, as well as the permissions in each role, see
+ * https://cloud.google.com/iam/help/roles/reference.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getRole() {
+ return role;
+ }
+
+ /**
+ * The role that this role binding grants. For example, `roles/compute.admin`. For a complete list
+ * of predefined IAM roles, as well as the permissions in each role, see
+ * https://cloud.google.com/iam/help/roles/reference.
+ * @param role role or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaAllowBindingExplanation setRole(java.lang.String role) {
+ this.role = role;
+ return this;
+ }
+
+ /**
+ * Indicates whether the role granted by this role binding contains the specified permission.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getRolePermission() {
+ return rolePermission;
+ }
+
+ /**
+ * Indicates whether the role granted by this role binding contains the specified permission.
+ * @param rolePermission rolePermission or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaAllowBindingExplanation setRolePermission(java.lang.String rolePermission) {
+ this.rolePermission = rolePermission;
+ return this;
+ }
+
+ /**
+ * The relevance of the permission's existence, or nonexistence, in the role to the overall
+ * determination for the entire policy.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getRolePermissionRelevance() {
+ return rolePermissionRelevance;
+ }
+
+ /**
+ * The relevance of the permission's existence, or nonexistence, in the role to the overall
+ * determination for the entire policy.
+ * @param rolePermissionRelevance rolePermissionRelevance or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaAllowBindingExplanation setRolePermissionRelevance(java.lang.String rolePermissionRelevance) {
+ this.rolePermissionRelevance = rolePermissionRelevance;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaAllowBindingExplanation set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3betaAllowBindingExplanation) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaAllowBindingExplanation clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3betaAllowBindingExplanation) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaAllowBindingExplanationAnnotatedAllowMembership.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaAllowBindingExplanationAnnotatedAllowMembership.java
new file mode 100644
index 00000000000..b18cdca7a0f
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaAllowBindingExplanationAnnotatedAllowMembership.java
@@ -0,0 +1,91 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta.model;
+
+/**
+ * Details about whether the role binding includes the principal.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3betaAllowBindingExplanationAnnotatedAllowMembership extends com.google.api.client.json.GenericJson {
+
+ /**
+ * Indicates whether the role binding includes the principal.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String membership;
+
+ /**
+ * The relevance of the principal's status to the overall determination for the role binding.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String relevance;
+
+ /**
+ * Indicates whether the role binding includes the principal.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getMembership() {
+ return membership;
+ }
+
+ /**
+ * Indicates whether the role binding includes the principal.
+ * @param membership membership or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaAllowBindingExplanationAnnotatedAllowMembership setMembership(java.lang.String membership) {
+ this.membership = membership;
+ return this;
+ }
+
+ /**
+ * The relevance of the principal's status to the overall determination for the role binding.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getRelevance() {
+ return relevance;
+ }
+
+ /**
+ * The relevance of the principal's status to the overall determination for the role binding.
+ * @param relevance relevance or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaAllowBindingExplanationAnnotatedAllowMembership setRelevance(java.lang.String relevance) {
+ this.relevance = relevance;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaAllowBindingExplanationAnnotatedAllowMembership set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3betaAllowBindingExplanationAnnotatedAllowMembership) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaAllowBindingExplanationAnnotatedAllowMembership clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3betaAllowBindingExplanationAnnotatedAllowMembership) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaAllowPolicyExplanation.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaAllowPolicyExplanation.java
new file mode 100644
index 00000000000..36baf3cc538
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaAllowPolicyExplanation.java
@@ -0,0 +1,133 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta.model;
+
+/**
+ * Details about how the relevant IAM allow policies affect the final access state.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3betaAllowPolicyExplanation extends com.google.api.client.json.GenericJson {
+
+ /**
+ * Indicates whether the principal has the specified permission for the specified resource, based
+ * on evaluating all applicable IAM allow policies.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String allowAccessState;
+
+ /**
+ * List of IAM allow policies that were evaluated to check the principal's permissions, with
+ * annotations to indicate how each policy contributed to the final result. The list of policies
+ * includes the policy for the resource itself, as well as allow policies that are inherited from
+ * higher levels of the resource hierarchy, including the organization, the folder, and the
+ * project. To learn more about the resource hierarchy, see
+ * https://cloud.google.com/iam/help/resource-hierarchy.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List explainedPolicies;
+
+ /**
+ * The relevance of the allow policy type to the overall access state.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String relevance;
+
+ /**
+ * Indicates whether the principal has the specified permission for the specified resource, based
+ * on evaluating all applicable IAM allow policies.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getAllowAccessState() {
+ return allowAccessState;
+ }
+
+ /**
+ * Indicates whether the principal has the specified permission for the specified resource, based
+ * on evaluating all applicable IAM allow policies.
+ * @param allowAccessState allowAccessState or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaAllowPolicyExplanation setAllowAccessState(java.lang.String allowAccessState) {
+ this.allowAccessState = allowAccessState;
+ return this;
+ }
+
+ /**
+ * List of IAM allow policies that were evaluated to check the principal's permissions, with
+ * annotations to indicate how each policy contributed to the final result. The list of policies
+ * includes the policy for the resource itself, as well as allow policies that are inherited from
+ * higher levels of the resource hierarchy, including the organization, the folder, and the
+ * project. To learn more about the resource hierarchy, see
+ * https://cloud.google.com/iam/help/resource-hierarchy.
+ * @return value or {@code null} for none
+ */
+ public java.util.List getExplainedPolicies() {
+ return explainedPolicies;
+ }
+
+ /**
+ * List of IAM allow policies that were evaluated to check the principal's permissions, with
+ * annotations to indicate how each policy contributed to the final result. The list of policies
+ * includes the policy for the resource itself, as well as allow policies that are inherited from
+ * higher levels of the resource hierarchy, including the organization, the folder, and the
+ * project. To learn more about the resource hierarchy, see
+ * https://cloud.google.com/iam/help/resource-hierarchy.
+ * @param explainedPolicies explainedPolicies or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaAllowPolicyExplanation setExplainedPolicies(java.util.List explainedPolicies) {
+ this.explainedPolicies = explainedPolicies;
+ return this;
+ }
+
+ /**
+ * The relevance of the allow policy type to the overall access state.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getRelevance() {
+ return relevance;
+ }
+
+ /**
+ * The relevance of the allow policy type to the overall access state.
+ * @param relevance relevance or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaAllowPolicyExplanation setRelevance(java.lang.String relevance) {
+ this.relevance = relevance;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaAllowPolicyExplanation set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3betaAllowPolicyExplanation) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaAllowPolicyExplanation clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3betaAllowPolicyExplanation) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaConditionContext.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaConditionContext.java
new file mode 100644
index 00000000000..06f5dc1c741
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaConditionContext.java
@@ -0,0 +1,148 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta.model;
+
+/**
+ * Additional context for troubleshooting conditional role bindings and deny rules.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3betaConditionContext extends com.google.api.client.json.GenericJson {
+
+ /**
+ * The destination of a network activity, such as accepting a TCP connection. In a multi-hop
+ * network activity, the destination represents the receiver of the last hop.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleCloudPolicytroubleshooterIamV3betaConditionContextPeer destination;
+
+ /**
+ * Output only. The effective tags on the resource. The effective tags are fetched during
+ * troubleshooting.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List effectiveTags;
+
+ /**
+ * Represents a network request, such as an HTTP request.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleCloudPolicytroubleshooterIamV3betaConditionContextRequest request;
+
+ /**
+ * Represents a target resource that is involved with a network activity. If multiple resources
+ * are involved with an activity, this must be the primary one.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleCloudPolicytroubleshooterIamV3betaConditionContextResource resource;
+
+ /**
+ * The destination of a network activity, such as accepting a TCP connection. In a multi-hop
+ * network activity, the destination represents the receiver of the last hop.
+ * @return value or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaConditionContextPeer getDestination() {
+ return destination;
+ }
+
+ /**
+ * The destination of a network activity, such as accepting a TCP connection. In a multi-hop
+ * network activity, the destination represents the receiver of the last hop.
+ * @param destination destination or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaConditionContext setDestination(GoogleCloudPolicytroubleshooterIamV3betaConditionContextPeer destination) {
+ this.destination = destination;
+ return this;
+ }
+
+ /**
+ * Output only. The effective tags on the resource. The effective tags are fetched during
+ * troubleshooting.
+ * @return value or {@code null} for none
+ */
+ public java.util.List getEffectiveTags() {
+ return effectiveTags;
+ }
+
+ /**
+ * Output only. The effective tags on the resource. The effective tags are fetched during
+ * troubleshooting.
+ * @param effectiveTags effectiveTags or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaConditionContext setEffectiveTags(java.util.List effectiveTags) {
+ this.effectiveTags = effectiveTags;
+ return this;
+ }
+
+ /**
+ * Represents a network request, such as an HTTP request.
+ * @return value or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaConditionContextRequest getRequest() {
+ return request;
+ }
+
+ /**
+ * Represents a network request, such as an HTTP request.
+ * @param request request or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaConditionContext setRequest(GoogleCloudPolicytroubleshooterIamV3betaConditionContextRequest request) {
+ this.request = request;
+ return this;
+ }
+
+ /**
+ * Represents a target resource that is involved with a network activity. If multiple resources
+ * are involved with an activity, this must be the primary one.
+ * @return value or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaConditionContextResource getResource() {
+ return resource;
+ }
+
+ /**
+ * Represents a target resource that is involved with a network activity. If multiple resources
+ * are involved with an activity, this must be the primary one.
+ * @param resource resource or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaConditionContext setResource(GoogleCloudPolicytroubleshooterIamV3betaConditionContextResource resource) {
+ this.resource = resource;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaConditionContext set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3betaConditionContext) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaConditionContext clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3betaConditionContext) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaConditionContextEffectiveTag.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaConditionContextEffectiveTag.java
new file mode 100644
index 00000000000..2db945d2728
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaConditionContextEffectiveTag.java
@@ -0,0 +1,214 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta.model;
+
+/**
+ * A tag that applies to a resource during policy evaluation. Tags can be either directly bound to a
+ * resource or inherited from its ancestor. `EffectiveTag` contains the `name` and `namespaced_name`
+ * of the tag value and tag key, with additional fields of `inherited` to indicate the inheritance
+ * status of the effective tag.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3betaConditionContextEffectiveTag extends com.google.api.client.json.GenericJson {
+
+ /**
+ * Output only. Indicates the inheritance status of a tag value attached to the given resource. If
+ * the tag value is inherited from one of the resource's ancestors, inherited will be true. If
+ * false, then the tag value is directly attached to the resource, inherited will be false.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.Boolean inherited;
+
+ /**
+ * Output only. The namespaced name of the TagKey. Can be in the form
+ * `{organization_id}/{tag_key_short_name}` or `{project_id}/{tag_key_short_name}` or
+ * `{project_number}/{tag_key_short_name}`.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String namespacedTagKey;
+
+ /**
+ * Output only. The namespaced name of the TagValue. Can be in the form
+ * `{organization_id}/{tag_key_short_name}/{tag_value_short_name}` or
+ * `{project_id}/{tag_key_short_name}/{tag_value_short_name}` or
+ * `{project_number}/{tag_key_short_name}/{tag_value_short_name}`.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String namespacedTagValue;
+
+ /**
+ * Output only. The name of the TagKey, in the format `tagKeys/{id}`, such as `tagKeys/123`.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String tagKey;
+
+ /**
+ * The parent name of the tag key. Must be in the format `organizations/{organization_id}` or
+ * `projects/{project_number}`
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String tagKeyParentName;
+
+ /**
+ * Output only. Resource name for TagValue in the format `tagValues/456`.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String tagValue;
+
+ /**
+ * Output only. Indicates the inheritance status of a tag value attached to the given resource. If
+ * the tag value is inherited from one of the resource's ancestors, inherited will be true. If
+ * false, then the tag value is directly attached to the resource, inherited will be false.
+ * @return value or {@code null} for none
+ */
+ public java.lang.Boolean getInherited() {
+ return inherited;
+ }
+
+ /**
+ * Output only. Indicates the inheritance status of a tag value attached to the given resource. If
+ * the tag value is inherited from one of the resource's ancestors, inherited will be true. If
+ * false, then the tag value is directly attached to the resource, inherited will be false.
+ * @param inherited inherited or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaConditionContextEffectiveTag setInherited(java.lang.Boolean inherited) {
+ this.inherited = inherited;
+ return this;
+ }
+
+ /**
+ * Output only. The namespaced name of the TagKey. Can be in the form
+ * `{organization_id}/{tag_key_short_name}` or `{project_id}/{tag_key_short_name}` or
+ * `{project_number}/{tag_key_short_name}`.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getNamespacedTagKey() {
+ return namespacedTagKey;
+ }
+
+ /**
+ * Output only. The namespaced name of the TagKey. Can be in the form
+ * `{organization_id}/{tag_key_short_name}` or `{project_id}/{tag_key_short_name}` or
+ * `{project_number}/{tag_key_short_name}`.
+ * @param namespacedTagKey namespacedTagKey or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaConditionContextEffectiveTag setNamespacedTagKey(java.lang.String namespacedTagKey) {
+ this.namespacedTagKey = namespacedTagKey;
+ return this;
+ }
+
+ /**
+ * Output only. The namespaced name of the TagValue. Can be in the form
+ * `{organization_id}/{tag_key_short_name}/{tag_value_short_name}` or
+ * `{project_id}/{tag_key_short_name}/{tag_value_short_name}` or
+ * `{project_number}/{tag_key_short_name}/{tag_value_short_name}`.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getNamespacedTagValue() {
+ return namespacedTagValue;
+ }
+
+ /**
+ * Output only. The namespaced name of the TagValue. Can be in the form
+ * `{organization_id}/{tag_key_short_name}/{tag_value_short_name}` or
+ * `{project_id}/{tag_key_short_name}/{tag_value_short_name}` or
+ * `{project_number}/{tag_key_short_name}/{tag_value_short_name}`.
+ * @param namespacedTagValue namespacedTagValue or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaConditionContextEffectiveTag setNamespacedTagValue(java.lang.String namespacedTagValue) {
+ this.namespacedTagValue = namespacedTagValue;
+ return this;
+ }
+
+ /**
+ * Output only. The name of the TagKey, in the format `tagKeys/{id}`, such as `tagKeys/123`.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getTagKey() {
+ return tagKey;
+ }
+
+ /**
+ * Output only. The name of the TagKey, in the format `tagKeys/{id}`, such as `tagKeys/123`.
+ * @param tagKey tagKey or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaConditionContextEffectiveTag setTagKey(java.lang.String tagKey) {
+ this.tagKey = tagKey;
+ return this;
+ }
+
+ /**
+ * The parent name of the tag key. Must be in the format `organizations/{organization_id}` or
+ * `projects/{project_number}`
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getTagKeyParentName() {
+ return tagKeyParentName;
+ }
+
+ /**
+ * The parent name of the tag key. Must be in the format `organizations/{organization_id}` or
+ * `projects/{project_number}`
+ * @param tagKeyParentName tagKeyParentName or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaConditionContextEffectiveTag setTagKeyParentName(java.lang.String tagKeyParentName) {
+ this.tagKeyParentName = tagKeyParentName;
+ return this;
+ }
+
+ /**
+ * Output only. Resource name for TagValue in the format `tagValues/456`.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getTagValue() {
+ return tagValue;
+ }
+
+ /**
+ * Output only. Resource name for TagValue in the format `tagValues/456`.
+ * @param tagValue tagValue or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaConditionContextEffectiveTag setTagValue(java.lang.String tagValue) {
+ this.tagValue = tagValue;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaConditionContextEffectiveTag set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3betaConditionContextEffectiveTag) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaConditionContextEffectiveTag clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3betaConditionContextEffectiveTag) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaConditionContextPeer.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaConditionContextPeer.java
new file mode 100644
index 00000000000..a8b4d497860
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaConditionContextPeer.java
@@ -0,0 +1,93 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta.model;
+
+/**
+ * This message defines attributes for a node that handles a network request. The node can be either
+ * a service or an application that sends, forwards, or receives the request. Service peers should
+ * fill in `principal` and `labels` as appropriate.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3betaConditionContextPeer extends com.google.api.client.json.GenericJson {
+
+ /**
+ * The IPv4 or IPv6 address of the peer.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String ip;
+
+ /**
+ * The network port of the peer.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key @com.google.api.client.json.JsonString
+ private java.lang.Long port;
+
+ /**
+ * The IPv4 or IPv6 address of the peer.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getIp() {
+ return ip;
+ }
+
+ /**
+ * The IPv4 or IPv6 address of the peer.
+ * @param ip ip or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaConditionContextPeer setIp(java.lang.String ip) {
+ this.ip = ip;
+ return this;
+ }
+
+ /**
+ * The network port of the peer.
+ * @return value or {@code null} for none
+ */
+ public java.lang.Long getPort() {
+ return port;
+ }
+
+ /**
+ * The network port of the peer.
+ * @param port port or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaConditionContextPeer setPort(java.lang.Long port) {
+ this.port = port;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaConditionContextPeer set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3betaConditionContextPeer) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaConditionContextPeer clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3betaConditionContextPeer) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaConditionContextRequest.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaConditionContextRequest.java
new file mode 100644
index 00000000000..fa0b4145eda
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaConditionContextRequest.java
@@ -0,0 +1,68 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta.model;
+
+/**
+ * This message defines attributes for an HTTP request. If the actual request is not an HTTP
+ * request, the runtime system should try to map the actual request to an equivalent HTTP request.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3betaConditionContextRequest extends com.google.api.client.json.GenericJson {
+
+ /**
+ * Optional. The timestamp when the destination service receives the first byte of the request.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private String receiveTime;
+
+ /**
+ * Optional. The timestamp when the destination service receives the first byte of the request.
+ * @return value or {@code null} for none
+ */
+ public String getReceiveTime() {
+ return receiveTime;
+ }
+
+ /**
+ * Optional. The timestamp when the destination service receives the first byte of the request.
+ * @param receiveTime receiveTime or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaConditionContextRequest setReceiveTime(String receiveTime) {
+ this.receiveTime = receiveTime;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaConditionContextRequest set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3betaConditionContextRequest) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaConditionContextRequest clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3betaConditionContextRequest) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaConditionContextResource.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaConditionContextResource.java
new file mode 100644
index 00000000000..eecbf1d35b1
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaConditionContextResource.java
@@ -0,0 +1,134 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta.model;
+
+/**
+ * Core attributes for a resource. A resource is an addressable (named) entity provided by the
+ * destination service. For example, a Compute Engine instance.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3betaConditionContextResource extends com.google.api.client.json.GenericJson {
+
+ /**
+ * The stable identifier (name) of a resource on the `service`. A resource can be logically
+ * identified as `//{resource.service}/{resource.name}`. Unlike the resource URI, the resource
+ * name doesn't contain any protocol and version information. For a list of full resource name
+ * formats, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String name;
+
+ /**
+ * The name of the service that this resource belongs to, such as `compute.googleapis.com`. The
+ * service name might not match the DNS hostname that actually serves the request. For a full list
+ * of resource service values, see https://cloud.google.com/iam/help/conditions/resource-services
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String service;
+
+ /**
+ * The type of the resource, in the format `{service}/{kind}`. For a full list of resource type
+ * values, see https://cloud.google.com/iam/help/conditions/resource-types
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String type;
+
+ /**
+ * The stable identifier (name) of a resource on the `service`. A resource can be logically
+ * identified as `//{resource.service}/{resource.name}`. Unlike the resource URI, the resource
+ * name doesn't contain any protocol and version information. For a list of full resource name
+ * formats, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getName() {
+ return name;
+ }
+
+ /**
+ * The stable identifier (name) of a resource on the `service`. A resource can be logically
+ * identified as `//{resource.service}/{resource.name}`. Unlike the resource URI, the resource
+ * name doesn't contain any protocol and version information. For a list of full resource name
+ * formats, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names
+ * @param name name or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaConditionContextResource setName(java.lang.String name) {
+ this.name = name;
+ return this;
+ }
+
+ /**
+ * The name of the service that this resource belongs to, such as `compute.googleapis.com`. The
+ * service name might not match the DNS hostname that actually serves the request. For a full list
+ * of resource service values, see https://cloud.google.com/iam/help/conditions/resource-services
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getService() {
+ return service;
+ }
+
+ /**
+ * The name of the service that this resource belongs to, such as `compute.googleapis.com`. The
+ * service name might not match the DNS hostname that actually serves the request. For a full list
+ * of resource service values, see https://cloud.google.com/iam/help/conditions/resource-services
+ * @param service service or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaConditionContextResource setService(java.lang.String service) {
+ this.service = service;
+ return this;
+ }
+
+ /**
+ * The type of the resource, in the format `{service}/{kind}`. For a full list of resource type
+ * values, see https://cloud.google.com/iam/help/conditions/resource-types
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getType() {
+ return type;
+ }
+
+ /**
+ * The type of the resource, in the format `{service}/{kind}`. For a full list of resource type
+ * values, see https://cloud.google.com/iam/help/conditions/resource-types
+ * @param type type or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaConditionContextResource setType(java.lang.String type) {
+ this.type = type;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaConditionContextResource set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3betaConditionContextResource) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaConditionContextResource clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3betaConditionContextResource) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaConditionExplanation.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaConditionExplanation.java
new file mode 100644
index 00000000000..55a8388ba9d
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaConditionExplanation.java
@@ -0,0 +1,118 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta.model;
+
+/**
+ * Explanation for how a condition affects a principal's access
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3betaConditionExplanation extends com.google.api.client.json.GenericJson {
+
+ /**
+ * Any errors that prevented complete evaluation of the condition expression.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List errors;
+
+ /**
+ * The value of each statement of the condition expression. The value can be `true`, `false`, or
+ * `null`. The value is `null` if the statement can't be evaluated.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List evaluationStates;
+
+ /**
+ * Value of the condition.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.Object value;
+
+ /**
+ * Any errors that prevented complete evaluation of the condition expression.
+ * @return value or {@code null} for none
+ */
+ public java.util.List getErrors() {
+ return errors;
+ }
+
+ /**
+ * Any errors that prevented complete evaluation of the condition expression.
+ * @param errors errors or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaConditionExplanation setErrors(java.util.List errors) {
+ this.errors = errors;
+ return this;
+ }
+
+ /**
+ * The value of each statement of the condition expression. The value can be `true`, `false`, or
+ * `null`. The value is `null` if the statement can't be evaluated.
+ * @return value or {@code null} for none
+ */
+ public java.util.List getEvaluationStates() {
+ return evaluationStates;
+ }
+
+ /**
+ * The value of each statement of the condition expression. The value can be `true`, `false`, or
+ * `null`. The value is `null` if the statement can't be evaluated.
+ * @param evaluationStates evaluationStates or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaConditionExplanation setEvaluationStates(java.util.List evaluationStates) {
+ this.evaluationStates = evaluationStates;
+ return this;
+ }
+
+ /**
+ * Value of the condition.
+ * @return value or {@code null} for none
+ */
+ public java.lang.Object getValue() {
+ return value;
+ }
+
+ /**
+ * Value of the condition.
+ * @param value value or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaConditionExplanation setValue(java.lang.Object value) {
+ this.value = value;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaConditionExplanation set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3betaConditionExplanation) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaConditionExplanation clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3betaConditionExplanation) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaConditionExplanationEvaluationState.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaConditionExplanationEvaluationState.java
new file mode 100644
index 00000000000..12198b976e7
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaConditionExplanationEvaluationState.java
@@ -0,0 +1,142 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta.model;
+
+/**
+ * Evaluated state of a condition expression.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3betaConditionExplanationEvaluationState extends com.google.api.client.json.GenericJson {
+
+ /**
+ * End position of an expression in the condition, by character, end included, for example: the
+ * end position of the first part of `a==b || c==d` would be 4.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.Integer end;
+
+ /**
+ * Any errors that prevented complete evaluation of the condition expression.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List errors;
+
+ /**
+ * Start position of an expression in the condition, by character.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.Integer start;
+
+ /**
+ * Value of this expression.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.Object value;
+
+ /**
+ * End position of an expression in the condition, by character, end included, for example: the
+ * end position of the first part of `a==b || c==d` would be 4.
+ * @return value or {@code null} for none
+ */
+ public java.lang.Integer getEnd() {
+ return end;
+ }
+
+ /**
+ * End position of an expression in the condition, by character, end included, for example: the
+ * end position of the first part of `a==b || c==d` would be 4.
+ * @param end end or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaConditionExplanationEvaluationState setEnd(java.lang.Integer end) {
+ this.end = end;
+ return this;
+ }
+
+ /**
+ * Any errors that prevented complete evaluation of the condition expression.
+ * @return value or {@code null} for none
+ */
+ public java.util.List getErrors() {
+ return errors;
+ }
+
+ /**
+ * Any errors that prevented complete evaluation of the condition expression.
+ * @param errors errors or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaConditionExplanationEvaluationState setErrors(java.util.List errors) {
+ this.errors = errors;
+ return this;
+ }
+
+ /**
+ * Start position of an expression in the condition, by character.
+ * @return value or {@code null} for none
+ */
+ public java.lang.Integer getStart() {
+ return start;
+ }
+
+ /**
+ * Start position of an expression in the condition, by character.
+ * @param start start or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaConditionExplanationEvaluationState setStart(java.lang.Integer start) {
+ this.start = start;
+ return this;
+ }
+
+ /**
+ * Value of this expression.
+ * @return value or {@code null} for none
+ */
+ public java.lang.Object getValue() {
+ return value;
+ }
+
+ /**
+ * Value of this expression.
+ * @param value value or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaConditionExplanationEvaluationState setValue(java.lang.Object value) {
+ this.value = value;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaConditionExplanationEvaluationState set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3betaConditionExplanationEvaluationState) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaConditionExplanationEvaluationState clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3betaConditionExplanationEvaluationState) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaDenyPolicyExplanation.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaDenyPolicyExplanation.java
new file mode 100644
index 00000000000..26f6f0d63d6
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaDenyPolicyExplanation.java
@@ -0,0 +1,160 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta.model;
+
+/**
+ * Details about how the relevant IAM deny policies affect the final access state.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3betaDenyPolicyExplanation extends com.google.api.client.json.GenericJson {
+
+ /**
+ * Indicates whether the principal is denied the specified permission for the specified resource,
+ * based on evaluating all applicable IAM deny policies.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String denyAccessState;
+
+ /**
+ * List of resources with IAM deny policies that were evaluated to check the principal's denied
+ * permissions, with annotations to indicate how each policy contributed to the final result. The
+ * list of resources includes the policy for the resource itself, as well as policies that are
+ * inherited from higher levels of the resource hierarchy, including the organization, the folder,
+ * and the project. The order of the resources starts from the resource and climbs up the resource
+ * hierarchy. To learn more about the resource hierarchy, see
+ * https://cloud.google.com/iam/help/resource-hierarchy.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List explainedResources;
+
+ /**
+ * Indicates whether the permission to troubleshoot is supported in deny policies.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.Boolean permissionDeniable;
+
+ /**
+ * The relevance of the deny policy result to the overall access state.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String relevance;
+
+ /**
+ * Indicates whether the principal is denied the specified permission for the specified resource,
+ * based on evaluating all applicable IAM deny policies.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getDenyAccessState() {
+ return denyAccessState;
+ }
+
+ /**
+ * Indicates whether the principal is denied the specified permission for the specified resource,
+ * based on evaluating all applicable IAM deny policies.
+ * @param denyAccessState denyAccessState or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaDenyPolicyExplanation setDenyAccessState(java.lang.String denyAccessState) {
+ this.denyAccessState = denyAccessState;
+ return this;
+ }
+
+ /**
+ * List of resources with IAM deny policies that were evaluated to check the principal's denied
+ * permissions, with annotations to indicate how each policy contributed to the final result. The
+ * list of resources includes the policy for the resource itself, as well as policies that are
+ * inherited from higher levels of the resource hierarchy, including the organization, the folder,
+ * and the project. The order of the resources starts from the resource and climbs up the resource
+ * hierarchy. To learn more about the resource hierarchy, see
+ * https://cloud.google.com/iam/help/resource-hierarchy.
+ * @return value or {@code null} for none
+ */
+ public java.util.List getExplainedResources() {
+ return explainedResources;
+ }
+
+ /**
+ * List of resources with IAM deny policies that were evaluated to check the principal's denied
+ * permissions, with annotations to indicate how each policy contributed to the final result. The
+ * list of resources includes the policy for the resource itself, as well as policies that are
+ * inherited from higher levels of the resource hierarchy, including the organization, the folder,
+ * and the project. The order of the resources starts from the resource and climbs up the resource
+ * hierarchy. To learn more about the resource hierarchy, see
+ * https://cloud.google.com/iam/help/resource-hierarchy.
+ * @param explainedResources explainedResources or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaDenyPolicyExplanation setExplainedResources(java.util.List explainedResources) {
+ this.explainedResources = explainedResources;
+ return this;
+ }
+
+ /**
+ * Indicates whether the permission to troubleshoot is supported in deny policies.
+ * @return value or {@code null} for none
+ */
+ public java.lang.Boolean getPermissionDeniable() {
+ return permissionDeniable;
+ }
+
+ /**
+ * Indicates whether the permission to troubleshoot is supported in deny policies.
+ * @param permissionDeniable permissionDeniable or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaDenyPolicyExplanation setPermissionDeniable(java.lang.Boolean permissionDeniable) {
+ this.permissionDeniable = permissionDeniable;
+ return this;
+ }
+
+ /**
+ * The relevance of the deny policy result to the overall access state.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getRelevance() {
+ return relevance;
+ }
+
+ /**
+ * The relevance of the deny policy result to the overall access state.
+ * @param relevance relevance or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaDenyPolicyExplanation setRelevance(java.lang.String relevance) {
+ this.relevance = relevance;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaDenyPolicyExplanation set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3betaDenyPolicyExplanation) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaDenyPolicyExplanation clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3betaDenyPolicyExplanation) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanation.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanation.java
new file mode 100644
index 00000000000..eb71b9af818
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanation.java
@@ -0,0 +1,388 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta.model;
+
+/**
+ * Details about how a deny rule in a deny policy affects a principal's ability to use a permission.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanation extends com.google.api.client.json.GenericJson {
+
+ /**
+ * Indicates whether the permission in the request is listed as a denied permission in the deny
+ * rule.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanationAnnotatedPermissionMatching combinedDeniedPermission;
+
+ /**
+ * Indicates whether the principal is listed as a denied principal in the deny rule, either
+ * directly or through membership in a principal set.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanationAnnotatedDenyPrincipalMatching combinedDeniedPrincipal;
+
+ /**
+ * Indicates whether the permission in the request is listed as an exception permission in the
+ * deny rule.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanationAnnotatedPermissionMatching combinedExceptionPermission;
+
+ /**
+ * Indicates whether the principal is listed as an exception principal in the deny rule, either
+ * directly or through membership in a principal set.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanationAnnotatedDenyPrincipalMatching combinedExceptionPrincipal;
+
+ /**
+ * A condition expression that specifies when the deny rule denies the principal access. To learn
+ * about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleTypeExpr condition;
+
+ /**
+ * Condition evaluation state for this role binding.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleCloudPolicytroubleshooterIamV3betaConditionExplanation conditionExplanation;
+
+ /**
+ * Lists all denied permissions in the deny rule and indicates whether each permission matches the
+ * permission in the request. Each key identifies a denied permission in the rule, and each value
+ * indicates whether the denied permission matches the permission in the request.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.Map deniedPermissions;
+
+ /**
+ * Lists all denied principals in the deny rule and indicates whether each principal matches the
+ * principal in the request, either directly or through membership in a principal set. Each key
+ * identifies a denied principal in the rule, and each value indicates whether the denied
+ * principal matches the principal in the request.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.Map deniedPrincipals;
+
+ /**
+ * Required. Indicates whether _this rule_ denies the specified permission to the specified
+ * principal for the specified resource. This field does _not_ indicate whether the principal is
+ * actually denied on the permission for the resource. There might be another rule that overrides
+ * this rule. To determine whether the principal actually has the permission, use the
+ * `overall_access_state` field in the TroubleshootIamPolicyResponse.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String denyAccessState;
+
+ /**
+ * Lists all exception permissions in the deny rule and indicates whether each permission matches
+ * the permission in the request. Each key identifies a exception permission in the rule, and each
+ * value indicates whether the exception permission matches the permission in the request.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.Map exceptionPermissions;
+
+ /**
+ * Lists all exception principals in the deny rule and indicates whether each principal matches
+ * the principal in the request, either directly or through membership in a principal set. Each
+ * key identifies a exception principal in the rule, and each value indicates whether the
+ * exception principal matches the principal in the request.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.Map exceptionPrincipals;
+
+ /**
+ * The relevance of this role binding to the overall determination for the entire policy.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String relevance;
+
+ /**
+ * Indicates whether the permission in the request is listed as a denied permission in the deny
+ * rule.
+ * @return value or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanationAnnotatedPermissionMatching getCombinedDeniedPermission() {
+ return combinedDeniedPermission;
+ }
+
+ /**
+ * Indicates whether the permission in the request is listed as a denied permission in the deny
+ * rule.
+ * @param combinedDeniedPermission combinedDeniedPermission or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanation setCombinedDeniedPermission(GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanationAnnotatedPermissionMatching combinedDeniedPermission) {
+ this.combinedDeniedPermission = combinedDeniedPermission;
+ return this;
+ }
+
+ /**
+ * Indicates whether the principal is listed as a denied principal in the deny rule, either
+ * directly or through membership in a principal set.
+ * @return value or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanationAnnotatedDenyPrincipalMatching getCombinedDeniedPrincipal() {
+ return combinedDeniedPrincipal;
+ }
+
+ /**
+ * Indicates whether the principal is listed as a denied principal in the deny rule, either
+ * directly or through membership in a principal set.
+ * @param combinedDeniedPrincipal combinedDeniedPrincipal or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanation setCombinedDeniedPrincipal(GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanationAnnotatedDenyPrincipalMatching combinedDeniedPrincipal) {
+ this.combinedDeniedPrincipal = combinedDeniedPrincipal;
+ return this;
+ }
+
+ /**
+ * Indicates whether the permission in the request is listed as an exception permission in the
+ * deny rule.
+ * @return value or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanationAnnotatedPermissionMatching getCombinedExceptionPermission() {
+ return combinedExceptionPermission;
+ }
+
+ /**
+ * Indicates whether the permission in the request is listed as an exception permission in the
+ * deny rule.
+ * @param combinedExceptionPermission combinedExceptionPermission or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanation setCombinedExceptionPermission(GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanationAnnotatedPermissionMatching combinedExceptionPermission) {
+ this.combinedExceptionPermission = combinedExceptionPermission;
+ return this;
+ }
+
+ /**
+ * Indicates whether the principal is listed as an exception principal in the deny rule, either
+ * directly or through membership in a principal set.
+ * @return value or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanationAnnotatedDenyPrincipalMatching getCombinedExceptionPrincipal() {
+ return combinedExceptionPrincipal;
+ }
+
+ /**
+ * Indicates whether the principal is listed as an exception principal in the deny rule, either
+ * directly or through membership in a principal set.
+ * @param combinedExceptionPrincipal combinedExceptionPrincipal or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanation setCombinedExceptionPrincipal(GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanationAnnotatedDenyPrincipalMatching combinedExceptionPrincipal) {
+ this.combinedExceptionPrincipal = combinedExceptionPrincipal;
+ return this;
+ }
+
+ /**
+ * A condition expression that specifies when the deny rule denies the principal access. To learn
+ * about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.
+ * @return value or {@code null} for none
+ */
+ public GoogleTypeExpr getCondition() {
+ return condition;
+ }
+
+ /**
+ * A condition expression that specifies when the deny rule denies the principal access. To learn
+ * about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.
+ * @param condition condition or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanation setCondition(GoogleTypeExpr condition) {
+ this.condition = condition;
+ return this;
+ }
+
+ /**
+ * Condition evaluation state for this role binding.
+ * @return value or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaConditionExplanation getConditionExplanation() {
+ return conditionExplanation;
+ }
+
+ /**
+ * Condition evaluation state for this role binding.
+ * @param conditionExplanation conditionExplanation or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanation setConditionExplanation(GoogleCloudPolicytroubleshooterIamV3betaConditionExplanation conditionExplanation) {
+ this.conditionExplanation = conditionExplanation;
+ return this;
+ }
+
+ /**
+ * Lists all denied permissions in the deny rule and indicates whether each permission matches the
+ * permission in the request. Each key identifies a denied permission in the rule, and each value
+ * indicates whether the denied permission matches the permission in the request.
+ * @return value or {@code null} for none
+ */
+ public java.util.Map getDeniedPermissions() {
+ return deniedPermissions;
+ }
+
+ /**
+ * Lists all denied permissions in the deny rule and indicates whether each permission matches the
+ * permission in the request. Each key identifies a denied permission in the rule, and each value
+ * indicates whether the denied permission matches the permission in the request.
+ * @param deniedPermissions deniedPermissions or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanation setDeniedPermissions(java.util.Map deniedPermissions) {
+ this.deniedPermissions = deniedPermissions;
+ return this;
+ }
+
+ /**
+ * Lists all denied principals in the deny rule and indicates whether each principal matches the
+ * principal in the request, either directly or through membership in a principal set. Each key
+ * identifies a denied principal in the rule, and each value indicates whether the denied
+ * principal matches the principal in the request.
+ * @return value or {@code null} for none
+ */
+ public java.util.Map getDeniedPrincipals() {
+ return deniedPrincipals;
+ }
+
+ /**
+ * Lists all denied principals in the deny rule and indicates whether each principal matches the
+ * principal in the request, either directly or through membership in a principal set. Each key
+ * identifies a denied principal in the rule, and each value indicates whether the denied
+ * principal matches the principal in the request.
+ * @param deniedPrincipals deniedPrincipals or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanation setDeniedPrincipals(java.util.Map deniedPrincipals) {
+ this.deniedPrincipals = deniedPrincipals;
+ return this;
+ }
+
+ /**
+ * Required. Indicates whether _this rule_ denies the specified permission to the specified
+ * principal for the specified resource. This field does _not_ indicate whether the principal is
+ * actually denied on the permission for the resource. There might be another rule that overrides
+ * this rule. To determine whether the principal actually has the permission, use the
+ * `overall_access_state` field in the TroubleshootIamPolicyResponse.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getDenyAccessState() {
+ return denyAccessState;
+ }
+
+ /**
+ * Required. Indicates whether _this rule_ denies the specified permission to the specified
+ * principal for the specified resource. This field does _not_ indicate whether the principal is
+ * actually denied on the permission for the resource. There might be another rule that overrides
+ * this rule. To determine whether the principal actually has the permission, use the
+ * `overall_access_state` field in the TroubleshootIamPolicyResponse.
+ * @param denyAccessState denyAccessState or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanation setDenyAccessState(java.lang.String denyAccessState) {
+ this.denyAccessState = denyAccessState;
+ return this;
+ }
+
+ /**
+ * Lists all exception permissions in the deny rule and indicates whether each permission matches
+ * the permission in the request. Each key identifies a exception permission in the rule, and each
+ * value indicates whether the exception permission matches the permission in the request.
+ * @return value or {@code null} for none
+ */
+ public java.util.Map getExceptionPermissions() {
+ return exceptionPermissions;
+ }
+
+ /**
+ * Lists all exception permissions in the deny rule and indicates whether each permission matches
+ * the permission in the request. Each key identifies a exception permission in the rule, and each
+ * value indicates whether the exception permission matches the permission in the request.
+ * @param exceptionPermissions exceptionPermissions or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanation setExceptionPermissions(java.util.Map exceptionPermissions) {
+ this.exceptionPermissions = exceptionPermissions;
+ return this;
+ }
+
+ /**
+ * Lists all exception principals in the deny rule and indicates whether each principal matches
+ * the principal in the request, either directly or through membership in a principal set. Each
+ * key identifies a exception principal in the rule, and each value indicates whether the
+ * exception principal matches the principal in the request.
+ * @return value or {@code null} for none
+ */
+ public java.util.Map getExceptionPrincipals() {
+ return exceptionPrincipals;
+ }
+
+ /**
+ * Lists all exception principals in the deny rule and indicates whether each principal matches
+ * the principal in the request, either directly or through membership in a principal set. Each
+ * key identifies a exception principal in the rule, and each value indicates whether the
+ * exception principal matches the principal in the request.
+ * @param exceptionPrincipals exceptionPrincipals or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanation setExceptionPrincipals(java.util.Map exceptionPrincipals) {
+ this.exceptionPrincipals = exceptionPrincipals;
+ return this;
+ }
+
+ /**
+ * The relevance of this role binding to the overall determination for the entire policy.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getRelevance() {
+ return relevance;
+ }
+
+ /**
+ * The relevance of this role binding to the overall determination for the entire policy.
+ * @param relevance relevance or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanation setRelevance(java.lang.String relevance) {
+ this.relevance = relevance;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanation set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanation) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanation clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanation) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanationAnnotatedDenyPrincipalMatching.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanationAnnotatedDenyPrincipalMatching.java
new file mode 100644
index 00000000000..5b39e83b202
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanationAnnotatedDenyPrincipalMatching.java
@@ -0,0 +1,95 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta.model;
+
+/**
+ * Details about whether the principal in the request is listed as a denied principal in the deny
+ * rule, either directly or through membership in a principal set.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanationAnnotatedDenyPrincipalMatching extends com.google.api.client.json.GenericJson {
+
+ /**
+ * Indicates whether the principal is listed as a denied principal in the deny rule, either
+ * directly or through membership in a principal set.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String membership;
+
+ /**
+ * The relevance of the principal's status to the overall determination for the role binding.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String relevance;
+
+ /**
+ * Indicates whether the principal is listed as a denied principal in the deny rule, either
+ * directly or through membership in a principal set.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getMembership() {
+ return membership;
+ }
+
+ /**
+ * Indicates whether the principal is listed as a denied principal in the deny rule, either
+ * directly or through membership in a principal set.
+ * @param membership membership or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanationAnnotatedDenyPrincipalMatching setMembership(java.lang.String membership) {
+ this.membership = membership;
+ return this;
+ }
+
+ /**
+ * The relevance of the principal's status to the overall determination for the role binding.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getRelevance() {
+ return relevance;
+ }
+
+ /**
+ * The relevance of the principal's status to the overall determination for the role binding.
+ * @param relevance relevance or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanationAnnotatedDenyPrincipalMatching setRelevance(java.lang.String relevance) {
+ this.relevance = relevance;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanationAnnotatedDenyPrincipalMatching set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanationAnnotatedDenyPrincipalMatching) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanationAnnotatedDenyPrincipalMatching clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanationAnnotatedDenyPrincipalMatching) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanationAnnotatedPermissionMatching.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanationAnnotatedPermissionMatching.java
new file mode 100644
index 00000000000..b2c8c0fd137
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanationAnnotatedPermissionMatching.java
@@ -0,0 +1,91 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta.model;
+
+/**
+ * Details about whether the permission in the request is denied by the deny rule.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanationAnnotatedPermissionMatching extends com.google.api.client.json.GenericJson {
+
+ /**
+ * Indicates whether the permission in the request is denied by the deny rule.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String permissionMatchingState;
+
+ /**
+ * The relevance of the permission status to the overall determination for the rule.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String relevance;
+
+ /**
+ * Indicates whether the permission in the request is denied by the deny rule.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getPermissionMatchingState() {
+ return permissionMatchingState;
+ }
+
+ /**
+ * Indicates whether the permission in the request is denied by the deny rule.
+ * @param permissionMatchingState permissionMatchingState or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanationAnnotatedPermissionMatching setPermissionMatchingState(java.lang.String permissionMatchingState) {
+ this.permissionMatchingState = permissionMatchingState;
+ return this;
+ }
+
+ /**
+ * The relevance of the permission status to the overall determination for the rule.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getRelevance() {
+ return relevance;
+ }
+
+ /**
+ * The relevance of the permission status to the overall determination for the rule.
+ * @param relevance relevance or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanationAnnotatedPermissionMatching setRelevance(java.lang.String relevance) {
+ this.relevance = relevance;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanationAnnotatedPermissionMatching set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanationAnnotatedPermissionMatching) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanationAnnotatedPermissionMatching clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanationAnnotatedPermissionMatching) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaExplainedAllowPolicy.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaExplainedAllowPolicy.java
new file mode 100644
index 00000000000..957fce4b68b
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaExplainedAllowPolicy.java
@@ -0,0 +1,208 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta.model;
+
+/**
+ * Details about how a specific IAM allow policy contributed to the final access state.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3betaExplainedAllowPolicy extends com.google.api.client.json.GenericJson {
+
+ /**
+ * Required. Indicates whether _this policy_ provides the specified permission to the specified
+ * principal for the specified resource. This field does _not_ indicate whether the principal
+ * actually has the permission for the resource. There might be another policy that overrides this
+ * policy. To determine whether the principal actually has the permission, use the
+ * `overall_access_state` field in the TroubleshootIamPolicyResponse.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String allowAccessState;
+
+ /**
+ * Details about how each role binding in the policy affects the principal's ability, or
+ * inability, to use the permission for the resource. The order of the role bindings matches the
+ * role binding order in the policy. If the sender of the request does not have access to the
+ * policy, this field is omitted.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List bindingExplanations;
+
+ static {
+ // hack to force ProGuard to consider GoogleCloudPolicytroubleshooterIamV3betaAllowBindingExplanation used, since otherwise it would be stripped out
+ // see https://github.com/google/google-api-java-client/issues/543
+ com.google.api.client.util.Data.nullOf(GoogleCloudPolicytroubleshooterIamV3betaAllowBindingExplanation.class);
+ }
+
+ /**
+ * The full resource name that identifies the resource. For example,
+ * `//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance`. If
+ * the sender of the request does not have access to the policy, this field is omitted. For
+ * examples of full resource names for Google Cloud services, see
+ * https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String fullResourceName;
+
+ /**
+ * The IAM allow policy attached to the resource. If the sender of the request does not have
+ * access to the policy, this field is empty.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleIamV1Policy policy;
+
+ /**
+ * The relevance of this policy to the overall access state in the TroubleshootIamPolicyResponse.
+ * If the sender of the request does not have access to the policy, this field is omitted.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String relevance;
+
+ /**
+ * Required. Indicates whether _this policy_ provides the specified permission to the specified
+ * principal for the specified resource. This field does _not_ indicate whether the principal
+ * actually has the permission for the resource. There might be another policy that overrides this
+ * policy. To determine whether the principal actually has the permission, use the
+ * `overall_access_state` field in the TroubleshootIamPolicyResponse.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getAllowAccessState() {
+ return allowAccessState;
+ }
+
+ /**
+ * Required. Indicates whether _this policy_ provides the specified permission to the specified
+ * principal for the specified resource. This field does _not_ indicate whether the principal
+ * actually has the permission for the resource. There might be another policy that overrides this
+ * policy. To determine whether the principal actually has the permission, use the
+ * `overall_access_state` field in the TroubleshootIamPolicyResponse.
+ * @param allowAccessState allowAccessState or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedAllowPolicy setAllowAccessState(java.lang.String allowAccessState) {
+ this.allowAccessState = allowAccessState;
+ return this;
+ }
+
+ /**
+ * Details about how each role binding in the policy affects the principal's ability, or
+ * inability, to use the permission for the resource. The order of the role bindings matches the
+ * role binding order in the policy. If the sender of the request does not have access to the
+ * policy, this field is omitted.
+ * @return value or {@code null} for none
+ */
+ public java.util.List getBindingExplanations() {
+ return bindingExplanations;
+ }
+
+ /**
+ * Details about how each role binding in the policy affects the principal's ability, or
+ * inability, to use the permission for the resource. The order of the role bindings matches the
+ * role binding order in the policy. If the sender of the request does not have access to the
+ * policy, this field is omitted.
+ * @param bindingExplanations bindingExplanations or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedAllowPolicy setBindingExplanations(java.util.List bindingExplanations) {
+ this.bindingExplanations = bindingExplanations;
+ return this;
+ }
+
+ /**
+ * The full resource name that identifies the resource. For example,
+ * `//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance`. If
+ * the sender of the request does not have access to the policy, this field is omitted. For
+ * examples of full resource names for Google Cloud services, see
+ * https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getFullResourceName() {
+ return fullResourceName;
+ }
+
+ /**
+ * The full resource name that identifies the resource. For example,
+ * `//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance`. If
+ * the sender of the request does not have access to the policy, this field is omitted. For
+ * examples of full resource names for Google Cloud services, see
+ * https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
+ * @param fullResourceName fullResourceName or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedAllowPolicy setFullResourceName(java.lang.String fullResourceName) {
+ this.fullResourceName = fullResourceName;
+ return this;
+ }
+
+ /**
+ * The IAM allow policy attached to the resource. If the sender of the request does not have
+ * access to the policy, this field is empty.
+ * @return value or {@code null} for none
+ */
+ public GoogleIamV1Policy getPolicy() {
+ return policy;
+ }
+
+ /**
+ * The IAM allow policy attached to the resource. If the sender of the request does not have
+ * access to the policy, this field is empty.
+ * @param policy policy or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedAllowPolicy setPolicy(GoogleIamV1Policy policy) {
+ this.policy = policy;
+ return this;
+ }
+
+ /**
+ * The relevance of this policy to the overall access state in the TroubleshootIamPolicyResponse.
+ * If the sender of the request does not have access to the policy, this field is omitted.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getRelevance() {
+ return relevance;
+ }
+
+ /**
+ * The relevance of this policy to the overall access state in the TroubleshootIamPolicyResponse.
+ * If the sender of the request does not have access to the policy, this field is omitted.
+ * @param relevance relevance or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedAllowPolicy setRelevance(java.lang.String relevance) {
+ this.relevance = relevance;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedAllowPolicy set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3betaExplainedAllowPolicy) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedAllowPolicy clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3betaExplainedAllowPolicy) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaExplainedDenyPolicy.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaExplainedDenyPolicy.java
new file mode 100644
index 00000000000..b99dff5e5a8
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaExplainedDenyPolicy.java
@@ -0,0 +1,172 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta.model;
+
+/**
+ * Details about how a specific IAM deny policy Policy contributed to the access check.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3betaExplainedDenyPolicy extends com.google.api.client.json.GenericJson {
+
+ /**
+ * Required. Indicates whether _this policy_ denies the specified permission to the specified
+ * principal for the specified resource. This field does _not_ indicate whether the principal
+ * actually has the permission for the resource. There might be another policy that overrides this
+ * policy. To determine whether the principal actually has the permission, use the
+ * `overall_access_state` field in the TroubleshootIamPolicyResponse.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String denyAccessState;
+
+ /**
+ * The IAM deny policy attached to the resource. If the sender of the request does not have access
+ * to the policy, this field is omitted.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleIamV2Policy policy;
+
+ /**
+ * The relevance of this policy to the overall access state in the TroubleshootIamPolicyResponse.
+ * If the sender of the request does not have access to the policy, this field is omitted.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String relevance;
+
+ /**
+ * Details about how each rule in the policy affects the principal's inability to use the
+ * permission for the resource. The order of the deny rule matches the order of the rules in the
+ * deny policy. If the sender of the request does not have access to the policy, this field is
+ * omitted.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List ruleExplanations;
+
+ static {
+ // hack to force ProGuard to consider GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanation used, since otherwise it would be stripped out
+ // see https://github.com/google/google-api-java-client/issues/543
+ com.google.api.client.util.Data.nullOf(GoogleCloudPolicytroubleshooterIamV3betaDenyRuleExplanation.class);
+ }
+
+ /**
+ * Required. Indicates whether _this policy_ denies the specified permission to the specified
+ * principal for the specified resource. This field does _not_ indicate whether the principal
+ * actually has the permission for the resource. There might be another policy that overrides this
+ * policy. To determine whether the principal actually has the permission, use the
+ * `overall_access_state` field in the TroubleshootIamPolicyResponse.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getDenyAccessState() {
+ return denyAccessState;
+ }
+
+ /**
+ * Required. Indicates whether _this policy_ denies the specified permission to the specified
+ * principal for the specified resource. This field does _not_ indicate whether the principal
+ * actually has the permission for the resource. There might be another policy that overrides this
+ * policy. To determine whether the principal actually has the permission, use the
+ * `overall_access_state` field in the TroubleshootIamPolicyResponse.
+ * @param denyAccessState denyAccessState or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedDenyPolicy setDenyAccessState(java.lang.String denyAccessState) {
+ this.denyAccessState = denyAccessState;
+ return this;
+ }
+
+ /**
+ * The IAM deny policy attached to the resource. If the sender of the request does not have access
+ * to the policy, this field is omitted.
+ * @return value or {@code null} for none
+ */
+ public GoogleIamV2Policy getPolicy() {
+ return policy;
+ }
+
+ /**
+ * The IAM deny policy attached to the resource. If the sender of the request does not have access
+ * to the policy, this field is omitted.
+ * @param policy policy or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedDenyPolicy setPolicy(GoogleIamV2Policy policy) {
+ this.policy = policy;
+ return this;
+ }
+
+ /**
+ * The relevance of this policy to the overall access state in the TroubleshootIamPolicyResponse.
+ * If the sender of the request does not have access to the policy, this field is omitted.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getRelevance() {
+ return relevance;
+ }
+
+ /**
+ * The relevance of this policy to the overall access state in the TroubleshootIamPolicyResponse.
+ * If the sender of the request does not have access to the policy, this field is omitted.
+ * @param relevance relevance or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedDenyPolicy setRelevance(java.lang.String relevance) {
+ this.relevance = relevance;
+ return this;
+ }
+
+ /**
+ * Details about how each rule in the policy affects the principal's inability to use the
+ * permission for the resource. The order of the deny rule matches the order of the rules in the
+ * deny policy. If the sender of the request does not have access to the policy, this field is
+ * omitted.
+ * @return value or {@code null} for none
+ */
+ public java.util.List getRuleExplanations() {
+ return ruleExplanations;
+ }
+
+ /**
+ * Details about how each rule in the policy affects the principal's inability to use the
+ * permission for the resource. The order of the deny rule matches the order of the rules in the
+ * deny policy. If the sender of the request does not have access to the policy, this field is
+ * omitted.
+ * @param ruleExplanations ruleExplanations or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedDenyPolicy setRuleExplanations(java.util.List ruleExplanations) {
+ this.ruleExplanations = ruleExplanations;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedDenyPolicy set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3betaExplainedDenyPolicy) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedDenyPolicy clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3betaExplainedDenyPolicy) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaExplainedDenyResource.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaExplainedDenyResource.java
new file mode 100644
index 00000000000..82e8d878c46
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaExplainedDenyResource.java
@@ -0,0 +1,175 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta.model;
+
+/**
+ * Details about how a specific resource contributed to the deny policy evaluation.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3betaExplainedDenyResource extends com.google.api.client.json.GenericJson {
+
+ /**
+ * Required. Indicates whether any policies attached to _this resource_ deny the specific
+ * permission to the specified principal for the specified resource. This field does _not_
+ * indicate whether the principal actually has the permission for the resource. There might be
+ * another policy that overrides this policy. To determine whether the principal actually has the
+ * permission, use the `overall_access_state` field in the TroubleshootIamPolicyResponse.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String denyAccessState;
+
+ /**
+ * List of IAM deny policies that were evaluated to check the principal's denied permissions, with
+ * annotations to indicate how each policy contributed to the final result.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List explainedPolicies;
+
+ static {
+ // hack to force ProGuard to consider GoogleCloudPolicytroubleshooterIamV3betaExplainedDenyPolicy used, since otherwise it would be stripped out
+ // see https://github.com/google/google-api-java-client/issues/543
+ com.google.api.client.util.Data.nullOf(GoogleCloudPolicytroubleshooterIamV3betaExplainedDenyPolicy.class);
+ }
+
+ /**
+ * The full resource name that identifies the resource. For example,
+ * `//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance`. If
+ * the sender of the request does not have access to the policy, this field is omitted. For
+ * examples of full resource names for Google Cloud services, see
+ * https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String fullResourceName;
+
+ /**
+ * The relevance of this policy to the overall access state in the TroubleshootIamPolicyResponse.
+ * If the sender of the request does not have access to the policy, this field is omitted.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String relevance;
+
+ /**
+ * Required. Indicates whether any policies attached to _this resource_ deny the specific
+ * permission to the specified principal for the specified resource. This field does _not_
+ * indicate whether the principal actually has the permission for the resource. There might be
+ * another policy that overrides this policy. To determine whether the principal actually has the
+ * permission, use the `overall_access_state` field in the TroubleshootIamPolicyResponse.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getDenyAccessState() {
+ return denyAccessState;
+ }
+
+ /**
+ * Required. Indicates whether any policies attached to _this resource_ deny the specific
+ * permission to the specified principal for the specified resource. This field does _not_
+ * indicate whether the principal actually has the permission for the resource. There might be
+ * another policy that overrides this policy. To determine whether the principal actually has the
+ * permission, use the `overall_access_state` field in the TroubleshootIamPolicyResponse.
+ * @param denyAccessState denyAccessState or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedDenyResource setDenyAccessState(java.lang.String denyAccessState) {
+ this.denyAccessState = denyAccessState;
+ return this;
+ }
+
+ /**
+ * List of IAM deny policies that were evaluated to check the principal's denied permissions, with
+ * annotations to indicate how each policy contributed to the final result.
+ * @return value or {@code null} for none
+ */
+ public java.util.List getExplainedPolicies() {
+ return explainedPolicies;
+ }
+
+ /**
+ * List of IAM deny policies that were evaluated to check the principal's denied permissions, with
+ * annotations to indicate how each policy contributed to the final result.
+ * @param explainedPolicies explainedPolicies or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedDenyResource setExplainedPolicies(java.util.List explainedPolicies) {
+ this.explainedPolicies = explainedPolicies;
+ return this;
+ }
+
+ /**
+ * The full resource name that identifies the resource. For example,
+ * `//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance`. If
+ * the sender of the request does not have access to the policy, this field is omitted. For
+ * examples of full resource names for Google Cloud services, see
+ * https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getFullResourceName() {
+ return fullResourceName;
+ }
+
+ /**
+ * The full resource name that identifies the resource. For example,
+ * `//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance`. If
+ * the sender of the request does not have access to the policy, this field is omitted. For
+ * examples of full resource names for Google Cloud services, see
+ * https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
+ * @param fullResourceName fullResourceName or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedDenyResource setFullResourceName(java.lang.String fullResourceName) {
+ this.fullResourceName = fullResourceName;
+ return this;
+ }
+
+ /**
+ * The relevance of this policy to the overall access state in the TroubleshootIamPolicyResponse.
+ * If the sender of the request does not have access to the policy, this field is omitted.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getRelevance() {
+ return relevance;
+ }
+
+ /**
+ * The relevance of this policy to the overall access state in the TroubleshootIamPolicyResponse.
+ * If the sender of the request does not have access to the policy, this field is omitted.
+ * @param relevance relevance or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedDenyResource setRelevance(java.lang.String relevance) {
+ this.relevance = relevance;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedDenyResource set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3betaExplainedDenyResource) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedDenyResource clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3betaExplainedDenyResource) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaExplainedPABBindingAndPolicy.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaExplainedPABBindingAndPolicy.java
new file mode 100644
index 00000000000..67d16fb1fb3
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaExplainedPABBindingAndPolicy.java
@@ -0,0 +1,156 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta.model;
+
+/**
+ * Details about how a principal access boundary binding and policy contributes to the principal
+ * access boundary explanation, with annotations to indicate how the binding and policy contribute
+ * to the overall access state.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3betaExplainedPABBindingAndPolicy extends com.google.api.client.json.GenericJson {
+
+ /**
+ * Output only. Indicates whether the principal is allowed to access the specified resource based
+ * on evaluating the binding and policy.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String bindingAndPolicyAccessState;
+
+ /**
+ * Optional. Details about how this policy contributes to the principal access boundary
+ * explanation, with annotations to indicate how the policy contributes to the overall access
+ * state. If the caller doesn't have permission to view the policy in the binding, this field is
+ * omitted.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleCloudPolicytroubleshooterIamV3betaExplainedPABPolicy explainedPolicy;
+
+ /**
+ * Details about how this binding contributes to the principal access boundary explanation, with
+ * annotations to indicate how the binding contributes to the overall access state.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleCloudPolicytroubleshooterIamV3betaExplainedPolicyBinding explainedPolicyBinding;
+
+ /**
+ * The relevance of this principal access boundary binding and policy to the overall access state.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String relevance;
+
+ /**
+ * Output only. Indicates whether the principal is allowed to access the specified resource based
+ * on evaluating the binding and policy.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getBindingAndPolicyAccessState() {
+ return bindingAndPolicyAccessState;
+ }
+
+ /**
+ * Output only. Indicates whether the principal is allowed to access the specified resource based
+ * on evaluating the binding and policy.
+ * @param bindingAndPolicyAccessState bindingAndPolicyAccessState or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedPABBindingAndPolicy setBindingAndPolicyAccessState(java.lang.String bindingAndPolicyAccessState) {
+ this.bindingAndPolicyAccessState = bindingAndPolicyAccessState;
+ return this;
+ }
+
+ /**
+ * Optional. Details about how this policy contributes to the principal access boundary
+ * explanation, with annotations to indicate how the policy contributes to the overall access
+ * state. If the caller doesn't have permission to view the policy in the binding, this field is
+ * omitted.
+ * @return value or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedPABPolicy getExplainedPolicy() {
+ return explainedPolicy;
+ }
+
+ /**
+ * Optional. Details about how this policy contributes to the principal access boundary
+ * explanation, with annotations to indicate how the policy contributes to the overall access
+ * state. If the caller doesn't have permission to view the policy in the binding, this field is
+ * omitted.
+ * @param explainedPolicy explainedPolicy or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedPABBindingAndPolicy setExplainedPolicy(GoogleCloudPolicytroubleshooterIamV3betaExplainedPABPolicy explainedPolicy) {
+ this.explainedPolicy = explainedPolicy;
+ return this;
+ }
+
+ /**
+ * Details about how this binding contributes to the principal access boundary explanation, with
+ * annotations to indicate how the binding contributes to the overall access state.
+ * @return value or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedPolicyBinding getExplainedPolicyBinding() {
+ return explainedPolicyBinding;
+ }
+
+ /**
+ * Details about how this binding contributes to the principal access boundary explanation, with
+ * annotations to indicate how the binding contributes to the overall access state.
+ * @param explainedPolicyBinding explainedPolicyBinding or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedPABBindingAndPolicy setExplainedPolicyBinding(GoogleCloudPolicytroubleshooterIamV3betaExplainedPolicyBinding explainedPolicyBinding) {
+ this.explainedPolicyBinding = explainedPolicyBinding;
+ return this;
+ }
+
+ /**
+ * The relevance of this principal access boundary binding and policy to the overall access state.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getRelevance() {
+ return relevance;
+ }
+
+ /**
+ * The relevance of this principal access boundary binding and policy to the overall access state.
+ * @param relevance relevance or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedPABBindingAndPolicy setRelevance(java.lang.String relevance) {
+ this.relevance = relevance;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedPABBindingAndPolicy set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3betaExplainedPABBindingAndPolicy) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedPABBindingAndPolicy clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3betaExplainedPABBindingAndPolicy) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaExplainedPABPolicy.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaExplainedPABPolicy.java
new file mode 100644
index 00000000000..7b09e1eb0f0
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaExplainedPABPolicy.java
@@ -0,0 +1,170 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta.model;
+
+/**
+ * Details about how a principal access boundary policy contributes to the explanation, with
+ * annotations to indicate how the policy contributes to the overall access state.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3betaExplainedPABPolicy extends com.google.api.client.json.GenericJson {
+
+ /**
+ * List of principal access boundary rules that were explained to check the principal's access to
+ * specified resource, with annotations to indicate how each rule contributes to the overall
+ * access state.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List explainedRules;
+
+ /**
+ * The policy that is explained.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleIamV3PrincipalAccessBoundaryPolicy policy;
+
+ /**
+ * Output only. Indicates whether the policy allows access to the specified resource.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String policyAccessState;
+
+ /**
+ * Output only. Explanation of the principal access boundary policy's version.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleCloudPolicytroubleshooterIamV3betaExplainedPABPolicyVersion policyVersion;
+
+ /**
+ * The relevance of this policy to the overall access state.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String relevance;
+
+ /**
+ * List of principal access boundary rules that were explained to check the principal's access to
+ * specified resource, with annotations to indicate how each rule contributes to the overall
+ * access state.
+ * @return value or {@code null} for none
+ */
+ public java.util.List getExplainedRules() {
+ return explainedRules;
+ }
+
+ /**
+ * List of principal access boundary rules that were explained to check the principal's access to
+ * specified resource, with annotations to indicate how each rule contributes to the overall
+ * access state.
+ * @param explainedRules explainedRules or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedPABPolicy setExplainedRules(java.util.List explainedRules) {
+ this.explainedRules = explainedRules;
+ return this;
+ }
+
+ /**
+ * The policy that is explained.
+ * @return value or {@code null} for none
+ */
+ public GoogleIamV3PrincipalAccessBoundaryPolicy getPolicy() {
+ return policy;
+ }
+
+ /**
+ * The policy that is explained.
+ * @param policy policy or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedPABPolicy setPolicy(GoogleIamV3PrincipalAccessBoundaryPolicy policy) {
+ this.policy = policy;
+ return this;
+ }
+
+ /**
+ * Output only. Indicates whether the policy allows access to the specified resource.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getPolicyAccessState() {
+ return policyAccessState;
+ }
+
+ /**
+ * Output only. Indicates whether the policy allows access to the specified resource.
+ * @param policyAccessState policyAccessState or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedPABPolicy setPolicyAccessState(java.lang.String policyAccessState) {
+ this.policyAccessState = policyAccessState;
+ return this;
+ }
+
+ /**
+ * Output only. Explanation of the principal access boundary policy's version.
+ * @return value or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedPABPolicyVersion getPolicyVersion() {
+ return policyVersion;
+ }
+
+ /**
+ * Output only. Explanation of the principal access boundary policy's version.
+ * @param policyVersion policyVersion or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedPABPolicy setPolicyVersion(GoogleCloudPolicytroubleshooterIamV3betaExplainedPABPolicyVersion policyVersion) {
+ this.policyVersion = policyVersion;
+ return this;
+ }
+
+ /**
+ * The relevance of this policy to the overall access state.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getRelevance() {
+ return relevance;
+ }
+
+ /**
+ * The relevance of this policy to the overall access state.
+ * @param relevance relevance or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedPABPolicy setRelevance(java.lang.String relevance) {
+ this.relevance = relevance;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedPABPolicy set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3betaExplainedPABPolicy) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedPABPolicy clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3betaExplainedPABPolicy) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaExplainedPABPolicyVersion.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaExplainedPABPolicyVersion.java
new file mode 100644
index 00000000000..171f41bba09
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaExplainedPABPolicyVersion.java
@@ -0,0 +1,98 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta.model;
+
+/**
+ * Details about how a principal access boundary policy's version contributes to the policy's
+ * enforcement state.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3betaExplainedPABPolicyVersion extends com.google.api.client.json.GenericJson {
+
+ /**
+ * Output only. Indicates whether the policy is enforced based on its version.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String enforcementState;
+
+ /**
+ * Output only. The actual version of the policy. - If the policy uses static version, this field
+ * is the chosen static version. - If the policy uses dynamic version, this field is the effective
+ * latest version.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.Integer version;
+
+ /**
+ * Output only. Indicates whether the policy is enforced based on its version.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getEnforcementState() {
+ return enforcementState;
+ }
+
+ /**
+ * Output only. Indicates whether the policy is enforced based on its version.
+ * @param enforcementState enforcementState or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedPABPolicyVersion setEnforcementState(java.lang.String enforcementState) {
+ this.enforcementState = enforcementState;
+ return this;
+ }
+
+ /**
+ * Output only. The actual version of the policy. - If the policy uses static version, this field
+ * is the chosen static version. - If the policy uses dynamic version, this field is the effective
+ * latest version.
+ * @return value or {@code null} for none
+ */
+ public java.lang.Integer getVersion() {
+ return version;
+ }
+
+ /**
+ * Output only. The actual version of the policy. - If the policy uses static version, this field
+ * is the chosen static version. - If the policy uses dynamic version, this field is the effective
+ * latest version.
+ * @param version version or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedPABPolicyVersion setVersion(java.lang.Integer version) {
+ this.version = version;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedPABPolicyVersion set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3betaExplainedPABPolicyVersion) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedPABPolicyVersion clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3betaExplainedPABPolicyVersion) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaExplainedPABRule.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaExplainedPABRule.java
new file mode 100644
index 00000000000..f217ee9bef9
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaExplainedPABRule.java
@@ -0,0 +1,170 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta.model;
+
+/**
+ * Details about how a principal access boundary rule contributes to the explanation, with
+ * annotations to indicate how the rule contributes to the overall access state.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3betaExplainedPABRule extends com.google.api.client.json.GenericJson {
+
+ /**
+ * Output only. Indicates whether any resource of the rule is the specified resource or includes
+ * the specified resource.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String combinedResourceInclusionState;
+
+ /**
+ * Required. The effect of the rule which describes the access relationship.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String effect;
+
+ /**
+ * List of resources that were explained to check the principal's access to specified resource,
+ * with annotations to indicate how each resource contributes to the overall access state.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List explainedResources;
+
+ /**
+ * The relevance of this rule to the overall access state.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String relevance;
+
+ /**
+ * Output only. Indicates whether the rule allows access to the specified resource.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String ruleAccessState;
+
+ /**
+ * Output only. Indicates whether any resource of the rule is the specified resource or includes
+ * the specified resource.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getCombinedResourceInclusionState() {
+ return combinedResourceInclusionState;
+ }
+
+ /**
+ * Output only. Indicates whether any resource of the rule is the specified resource or includes
+ * the specified resource.
+ * @param combinedResourceInclusionState combinedResourceInclusionState or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedPABRule setCombinedResourceInclusionState(java.lang.String combinedResourceInclusionState) {
+ this.combinedResourceInclusionState = combinedResourceInclusionState;
+ return this;
+ }
+
+ /**
+ * Required. The effect of the rule which describes the access relationship.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getEffect() {
+ return effect;
+ }
+
+ /**
+ * Required. The effect of the rule which describes the access relationship.
+ * @param effect effect or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedPABRule setEffect(java.lang.String effect) {
+ this.effect = effect;
+ return this;
+ }
+
+ /**
+ * List of resources that were explained to check the principal's access to specified resource,
+ * with annotations to indicate how each resource contributes to the overall access state.
+ * @return value or {@code null} for none
+ */
+ public java.util.List getExplainedResources() {
+ return explainedResources;
+ }
+
+ /**
+ * List of resources that were explained to check the principal's access to specified resource,
+ * with annotations to indicate how each resource contributes to the overall access state.
+ * @param explainedResources explainedResources or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedPABRule setExplainedResources(java.util.List explainedResources) {
+ this.explainedResources = explainedResources;
+ return this;
+ }
+
+ /**
+ * The relevance of this rule to the overall access state.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getRelevance() {
+ return relevance;
+ }
+
+ /**
+ * The relevance of this rule to the overall access state.
+ * @param relevance relevance or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedPABRule setRelevance(java.lang.String relevance) {
+ this.relevance = relevance;
+ return this;
+ }
+
+ /**
+ * Output only. Indicates whether the rule allows access to the specified resource.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getRuleAccessState() {
+ return ruleAccessState;
+ }
+
+ /**
+ * Output only. Indicates whether the rule allows access to the specified resource.
+ * @param ruleAccessState ruleAccessState or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedPABRule setRuleAccessState(java.lang.String ruleAccessState) {
+ this.ruleAccessState = ruleAccessState;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedPABRule set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3betaExplainedPABRule) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedPABRule clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3betaExplainedPABRule) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaExplainedPABRuleExplainedResource.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaExplainedPABRuleExplainedResource.java
new file mode 100644
index 00000000000..1b38d4abd00
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaExplainedPABRuleExplainedResource.java
@@ -0,0 +1,125 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta.model;
+
+/**
+ * Details about how a resource contributes to the explanation, with annotations to indicate how the
+ * resource contributes to the overall access state.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3betaExplainedPABRuleExplainedResource extends com.google.api.client.json.GenericJson {
+
+ /**
+ * The relevance of this resource to the overall access state.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String relevance;
+
+ /**
+ * The [full resource name](https://cloud.google.com/iam/docs/full-resource-names) that identifies
+ * the resource that is explained. This can only be a project, a folder, or an organization which
+ * is what a PAB rule accepts.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String resource;
+
+ /**
+ * Output only. Indicates whether the resource is the specified resource or includes the specified
+ * resource.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String resourceInclusionState;
+
+ /**
+ * The relevance of this resource to the overall access state.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getRelevance() {
+ return relevance;
+ }
+
+ /**
+ * The relevance of this resource to the overall access state.
+ * @param relevance relevance or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedPABRuleExplainedResource setRelevance(java.lang.String relevance) {
+ this.relevance = relevance;
+ return this;
+ }
+
+ /**
+ * The [full resource name](https://cloud.google.com/iam/docs/full-resource-names) that identifies
+ * the resource that is explained. This can only be a project, a folder, or an organization which
+ * is what a PAB rule accepts.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getResource() {
+ return resource;
+ }
+
+ /**
+ * The [full resource name](https://cloud.google.com/iam/docs/full-resource-names) that identifies
+ * the resource that is explained. This can only be a project, a folder, or an organization which
+ * is what a PAB rule accepts.
+ * @param resource resource or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedPABRuleExplainedResource setResource(java.lang.String resource) {
+ this.resource = resource;
+ return this;
+ }
+
+ /**
+ * Output only. Indicates whether the resource is the specified resource or includes the specified
+ * resource.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getResourceInclusionState() {
+ return resourceInclusionState;
+ }
+
+ /**
+ * Output only. Indicates whether the resource is the specified resource or includes the specified
+ * resource.
+ * @param resourceInclusionState resourceInclusionState or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedPABRuleExplainedResource setResourceInclusionState(java.lang.String resourceInclusionState) {
+ this.resourceInclusionState = resourceInclusionState;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedPABRuleExplainedResource set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3betaExplainedPABRuleExplainedResource) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedPABRuleExplainedResource clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3betaExplainedPABRuleExplainedResource) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaExplainedPolicyBinding.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaExplainedPolicyBinding.java
new file mode 100644
index 00000000000..b968b349d2a
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaExplainedPolicyBinding.java
@@ -0,0 +1,143 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta.model;
+
+/**
+ * Details about how a policy binding contributes to the policy explanation, with annotations to
+ * indicate how the policy binding contributes to the overall access state.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3betaExplainedPolicyBinding extends com.google.api.client.json.GenericJson {
+
+ /**
+ * Optional. Explanation of the condition in the policy binding. If the policy binding doesn't
+ * have a condition, this field is omitted.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleCloudPolicytroubleshooterIamV3betaConditionExplanation conditionExplanation;
+
+ /**
+ * The policy binding that is explained.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleIamV3PolicyBinding policyBinding;
+
+ /**
+ * Output only. Indicates whether the policy binding takes effect.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String policyBindingState;
+
+ /**
+ * The relevance of this policy binding to the overall access state.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String relevance;
+
+ /**
+ * Optional. Explanation of the condition in the policy binding. If the policy binding doesn't
+ * have a condition, this field is omitted.
+ * @return value or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaConditionExplanation getConditionExplanation() {
+ return conditionExplanation;
+ }
+
+ /**
+ * Optional. Explanation of the condition in the policy binding. If the policy binding doesn't
+ * have a condition, this field is omitted.
+ * @param conditionExplanation conditionExplanation or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedPolicyBinding setConditionExplanation(GoogleCloudPolicytroubleshooterIamV3betaConditionExplanation conditionExplanation) {
+ this.conditionExplanation = conditionExplanation;
+ return this;
+ }
+
+ /**
+ * The policy binding that is explained.
+ * @return value or {@code null} for none
+ */
+ public GoogleIamV3PolicyBinding getPolicyBinding() {
+ return policyBinding;
+ }
+
+ /**
+ * The policy binding that is explained.
+ * @param policyBinding policyBinding or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedPolicyBinding setPolicyBinding(GoogleIamV3PolicyBinding policyBinding) {
+ this.policyBinding = policyBinding;
+ return this;
+ }
+
+ /**
+ * Output only. Indicates whether the policy binding takes effect.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getPolicyBindingState() {
+ return policyBindingState;
+ }
+
+ /**
+ * Output only. Indicates whether the policy binding takes effect.
+ * @param policyBindingState policyBindingState or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedPolicyBinding setPolicyBindingState(java.lang.String policyBindingState) {
+ this.policyBindingState = policyBindingState;
+ return this;
+ }
+
+ /**
+ * The relevance of this policy binding to the overall access state.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getRelevance() {
+ return relevance;
+ }
+
+ /**
+ * The relevance of this policy binding to the overall access state.
+ * @param relevance relevance or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedPolicyBinding setRelevance(java.lang.String relevance) {
+ this.relevance = relevance;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedPolicyBinding set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3betaExplainedPolicyBinding) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaExplainedPolicyBinding clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3betaExplainedPolicyBinding) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaPABPolicyExplanation.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaPABPolicyExplanation.java
new file mode 100644
index 00000000000..5da36b410b3
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaPABPolicyExplanation.java
@@ -0,0 +1,131 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta.model;
+
+/**
+ * Details about how the relevant principal access boundary policies affect the overall access
+ * state.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3betaPABPolicyExplanation extends com.google.api.client.json.GenericJson {
+
+ /**
+ * List of principal access boundary policies and bindings that are applicable to the principal's
+ * access state, with annotations to indicate how each binding and policy contributes to the
+ * overall access state.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List explainedBindingsAndPolicies;
+
+ static {
+ // hack to force ProGuard to consider GoogleCloudPolicytroubleshooterIamV3betaExplainedPABBindingAndPolicy used, since otherwise it would be stripped out
+ // see https://github.com/google/google-api-java-client/issues/543
+ com.google.api.client.util.Data.nullOf(GoogleCloudPolicytroubleshooterIamV3betaExplainedPABBindingAndPolicy.class);
+ }
+
+ /**
+ * Output only. Indicates whether the principal is allowed to access specified resource, based on
+ * evaluating all applicable principal access boundary bindings and policies.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String principalAccessBoundaryAccessState;
+
+ /**
+ * The relevance of the principal access boundary access state to the overall access state.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String relevance;
+
+ /**
+ * List of principal access boundary policies and bindings that are applicable to the principal's
+ * access state, with annotations to indicate how each binding and policy contributes to the
+ * overall access state.
+ * @return value or {@code null} for none
+ */
+ public java.util.List getExplainedBindingsAndPolicies() {
+ return explainedBindingsAndPolicies;
+ }
+
+ /**
+ * List of principal access boundary policies and bindings that are applicable to the principal's
+ * access state, with annotations to indicate how each binding and policy contributes to the
+ * overall access state.
+ * @param explainedBindingsAndPolicies explainedBindingsAndPolicies or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaPABPolicyExplanation setExplainedBindingsAndPolicies(java.util.List explainedBindingsAndPolicies) {
+ this.explainedBindingsAndPolicies = explainedBindingsAndPolicies;
+ return this;
+ }
+
+ /**
+ * Output only. Indicates whether the principal is allowed to access specified resource, based on
+ * evaluating all applicable principal access boundary bindings and policies.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getPrincipalAccessBoundaryAccessState() {
+ return principalAccessBoundaryAccessState;
+ }
+
+ /**
+ * Output only. Indicates whether the principal is allowed to access specified resource, based on
+ * evaluating all applicable principal access boundary bindings and policies.
+ * @param principalAccessBoundaryAccessState principalAccessBoundaryAccessState or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaPABPolicyExplanation setPrincipalAccessBoundaryAccessState(java.lang.String principalAccessBoundaryAccessState) {
+ this.principalAccessBoundaryAccessState = principalAccessBoundaryAccessState;
+ return this;
+ }
+
+ /**
+ * The relevance of the principal access boundary access state to the overall access state.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getRelevance() {
+ return relevance;
+ }
+
+ /**
+ * The relevance of the principal access boundary access state to the overall access state.
+ * @param relevance relevance or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaPABPolicyExplanation setRelevance(java.lang.String relevance) {
+ this.relevance = relevance;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaPABPolicyExplanation set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3betaPABPolicyExplanation) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaPABPolicyExplanation clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3betaPABPolicyExplanation) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaTroubleshootIamPolicyRequest.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaTroubleshootIamPolicyRequest.java
new file mode 100644
index 00000000000..2a456dfcc14
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaTroubleshootIamPolicyRequest.java
@@ -0,0 +1,67 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta.model;
+
+/**
+ * Request for TroubleshootIamPolicy.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3betaTroubleshootIamPolicyRequest extends com.google.api.client.json.GenericJson {
+
+ /**
+ * The information to use for checking whether a principal has a permission for a resource.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleCloudPolicytroubleshooterIamV3betaAccessTuple accessTuple;
+
+ /**
+ * The information to use for checking whether a principal has a permission for a resource.
+ * @return value or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaAccessTuple getAccessTuple() {
+ return accessTuple;
+ }
+
+ /**
+ * The information to use for checking whether a principal has a permission for a resource.
+ * @param accessTuple accessTuple or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaTroubleshootIamPolicyRequest setAccessTuple(GoogleCloudPolicytroubleshooterIamV3betaAccessTuple accessTuple) {
+ this.accessTuple = accessTuple;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaTroubleshootIamPolicyRequest set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3betaTroubleshootIamPolicyRequest) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaTroubleshootIamPolicyRequest clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3betaTroubleshootIamPolicyRequest) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaTroubleshootIamPolicyResponse.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaTroubleshootIamPolicyResponse.java
new file mode 100644
index 00000000000..f2eb399bebe
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleCloudPolicytroubleshooterIamV3betaTroubleshootIamPolicyResponse.java
@@ -0,0 +1,172 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta.model;
+
+/**
+ * Response for TroubleshootIamPolicy.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleCloudPolicytroubleshooterIamV3betaTroubleshootIamPolicyResponse extends com.google.api.client.json.GenericJson {
+
+ /**
+ * The access tuple from the request, including any provided context used to evaluate the
+ * condition.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleCloudPolicytroubleshooterIamV3betaAccessTuple accessTuple;
+
+ /**
+ * An explanation of how the applicable IAM allow policies affect the final access state.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleCloudPolicytroubleshooterIamV3betaAllowPolicyExplanation allowPolicyExplanation;
+
+ /**
+ * An explanation of how the applicable IAM deny policies affect the final access state.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleCloudPolicytroubleshooterIamV3betaDenyPolicyExplanation denyPolicyExplanation;
+
+ /**
+ * Indicates whether the principal has the specified permission for the specified resource, based
+ * on evaluating all types of the applicable IAM policies.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String overallAccessState;
+
+ /**
+ * An explanation of how the applicable principal access boundary policies affect the final access
+ * state.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleCloudPolicytroubleshooterIamV3betaPABPolicyExplanation pabPolicyExplanation;
+
+ /**
+ * The access tuple from the request, including any provided context used to evaluate the
+ * condition.
+ * @return value or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaAccessTuple getAccessTuple() {
+ return accessTuple;
+ }
+
+ /**
+ * The access tuple from the request, including any provided context used to evaluate the
+ * condition.
+ * @param accessTuple accessTuple or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaTroubleshootIamPolicyResponse setAccessTuple(GoogleCloudPolicytroubleshooterIamV3betaAccessTuple accessTuple) {
+ this.accessTuple = accessTuple;
+ return this;
+ }
+
+ /**
+ * An explanation of how the applicable IAM allow policies affect the final access state.
+ * @return value or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaAllowPolicyExplanation getAllowPolicyExplanation() {
+ return allowPolicyExplanation;
+ }
+
+ /**
+ * An explanation of how the applicable IAM allow policies affect the final access state.
+ * @param allowPolicyExplanation allowPolicyExplanation or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaTroubleshootIamPolicyResponse setAllowPolicyExplanation(GoogleCloudPolicytroubleshooterIamV3betaAllowPolicyExplanation allowPolicyExplanation) {
+ this.allowPolicyExplanation = allowPolicyExplanation;
+ return this;
+ }
+
+ /**
+ * An explanation of how the applicable IAM deny policies affect the final access state.
+ * @return value or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaDenyPolicyExplanation getDenyPolicyExplanation() {
+ return denyPolicyExplanation;
+ }
+
+ /**
+ * An explanation of how the applicable IAM deny policies affect the final access state.
+ * @param denyPolicyExplanation denyPolicyExplanation or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaTroubleshootIamPolicyResponse setDenyPolicyExplanation(GoogleCloudPolicytroubleshooterIamV3betaDenyPolicyExplanation denyPolicyExplanation) {
+ this.denyPolicyExplanation = denyPolicyExplanation;
+ return this;
+ }
+
+ /**
+ * Indicates whether the principal has the specified permission for the specified resource, based
+ * on evaluating all types of the applicable IAM policies.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getOverallAccessState() {
+ return overallAccessState;
+ }
+
+ /**
+ * Indicates whether the principal has the specified permission for the specified resource, based
+ * on evaluating all types of the applicable IAM policies.
+ * @param overallAccessState overallAccessState or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaTroubleshootIamPolicyResponse setOverallAccessState(java.lang.String overallAccessState) {
+ this.overallAccessState = overallAccessState;
+ return this;
+ }
+
+ /**
+ * An explanation of how the applicable principal access boundary policies affect the final access
+ * state.
+ * @return value or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaPABPolicyExplanation getPabPolicyExplanation() {
+ return pabPolicyExplanation;
+ }
+
+ /**
+ * An explanation of how the applicable principal access boundary policies affect the final access
+ * state.
+ * @param pabPolicyExplanation pabPolicyExplanation or {@code null} for none
+ */
+ public GoogleCloudPolicytroubleshooterIamV3betaTroubleshootIamPolicyResponse setPabPolicyExplanation(GoogleCloudPolicytroubleshooterIamV3betaPABPolicyExplanation pabPolicyExplanation) {
+ this.pabPolicyExplanation = pabPolicyExplanation;
+ return this;
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaTroubleshootIamPolicyResponse set(String fieldName, Object value) {
+ return (GoogleCloudPolicytroubleshooterIamV3betaTroubleshootIamPolicyResponse) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleCloudPolicytroubleshooterIamV3betaTroubleshootIamPolicyResponse clone() {
+ return (GoogleCloudPolicytroubleshooterIamV3betaTroubleshootIamPolicyResponse) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleIamV1AuditConfig.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleIamV1AuditConfig.java
new file mode 100644
index 00000000000..7787ecd0b97
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleIamV1AuditConfig.java
@@ -0,0 +1,108 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta.model;
+
+/**
+ * Specifies the audit configuration for a service. The configuration determines which permission
+ * types are logged, and what identities, if any, are exempted from logging. An AuditConfig must
+ * have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific
+ * service, the union of the two AuditConfigs is used for that service: the log_types specified in
+ * each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted.
+ * Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices",
+ * "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ]
+ * }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service":
+ * "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type":
+ * "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this
+ * policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com`
+ * from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleIamV1AuditConfig extends com.google.api.client.json.GenericJson {
+
+ /**
+ * The configuration for logging of each type of permission.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List auditLogConfigs;
+
+ /**
+ * Specifies a service that will be enabled for audit logging. For example,
+ * `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that
+ * covers all services.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String service;
+
+ /**
+ * The configuration for logging of each type of permission.
+ * @return value or {@code null} for none
+ */
+ public java.util.List getAuditLogConfigs() {
+ return auditLogConfigs;
+ }
+
+ /**
+ * The configuration for logging of each type of permission.
+ * @param auditLogConfigs auditLogConfigs or {@code null} for none
+ */
+ public GoogleIamV1AuditConfig setAuditLogConfigs(java.util.List auditLogConfigs) {
+ this.auditLogConfigs = auditLogConfigs;
+ return this;
+ }
+
+ /**
+ * Specifies a service that will be enabled for audit logging. For example,
+ * `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that
+ * covers all services.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getService() {
+ return service;
+ }
+
+ /**
+ * Specifies a service that will be enabled for audit logging. For example,
+ * `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that
+ * covers all services.
+ * @param service service or {@code null} for none
+ */
+ public GoogleIamV1AuditConfig setService(java.lang.String service) {
+ this.service = service;
+ return this;
+ }
+
+ @Override
+ public GoogleIamV1AuditConfig set(String fieldName, Object value) {
+ return (GoogleIamV1AuditConfig) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleIamV1AuditConfig clone() {
+ return (GoogleIamV1AuditConfig) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleIamV1AuditLogConfig.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleIamV1AuditLogConfig.java
new file mode 100644
index 00000000000..084e24465fb
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleIamV1AuditLogConfig.java
@@ -0,0 +1,97 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta.model;
+
+/**
+ * Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ {
+ * "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type":
+ * "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
+ * jose@example.com from DATA_READ logging.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleIamV1AuditLogConfig extends com.google.api.client.json.GenericJson {
+
+ /**
+ * Specifies the identities that do not cause logging for this type of permission. Follows the
+ * same format of Binding.members.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List exemptedMembers;
+
+ /**
+ * The log type that this config enables.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String logType;
+
+ /**
+ * Specifies the identities that do not cause logging for this type of permission. Follows the
+ * same format of Binding.members.
+ * @return value or {@code null} for none
+ */
+ public java.util.List getExemptedMembers() {
+ return exemptedMembers;
+ }
+
+ /**
+ * Specifies the identities that do not cause logging for this type of permission. Follows the
+ * same format of Binding.members.
+ * @param exemptedMembers exemptedMembers or {@code null} for none
+ */
+ public GoogleIamV1AuditLogConfig setExemptedMembers(java.util.List exemptedMembers) {
+ this.exemptedMembers = exemptedMembers;
+ return this;
+ }
+
+ /**
+ * The log type that this config enables.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getLogType() {
+ return logType;
+ }
+
+ /**
+ * The log type that this config enables.
+ * @param logType logType or {@code null} for none
+ */
+ public GoogleIamV1AuditLogConfig setLogType(java.lang.String logType) {
+ this.logType = logType;
+ return this;
+ }
+
+ @Override
+ public GoogleIamV1AuditLogConfig set(String fieldName, Object value) {
+ return (GoogleIamV1AuditLogConfig) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleIamV1AuditLogConfig clone() {
+ return (GoogleIamV1AuditLogConfig) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleIamV1Binding.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleIamV1Binding.java
new file mode 100644
index 00000000000..bba0a73ff4d
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleIamV1Binding.java
@@ -0,0 +1,271 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta.model;
+
+/**
+ * Associates `members`, or principals, with a `role`.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleIamV1Binding extends com.google.api.client.json.GenericJson {
+
+ /**
+ * The condition that is associated with this binding. If the condition evaluates to `true`, then
+ * this binding applies to the current request. If the condition evaluates to `false`, then this
+ * binding does not apply to the current request. However, a different role binding might grant
+ * the same role to one or more of the principals in this binding. To learn which resources
+ * support conditions in their IAM policies, see the [IAM
+ * documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleTypeExpr condition;
+
+ /**
+ * Specifies the principals requesting access for a Google Cloud resource. `members` can have the
+ * following values: * `allUsers`: A special identifier that represents anyone who is on the
+ * internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier
+ * that represents anyone who is authenticated with a Google account or a service account. Does
+ * not include identities that come from external identity providers (IdPs) through identity
+ * federation. * `user:{emailid}`: An email address that represents a specific Google account. For
+ * example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a
+ * Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. *
+ * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a
+ * [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-
+ * service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. *
+ * `group:{emailid}`: An email address that represents a Google group. For example,
+ * `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the
+ * users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis
+ * .com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single
+ * identity in a workforce identity pool. *
+ * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`:
+ * All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/work
+ * forcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities
+ * with a specific attribute value. *
+ * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}`: All identities
+ * in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locat
+ * ions/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single
+ * identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_nu
+ * mber}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity
+ * pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/wor
+ * kloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a
+ * workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/
+ * {project_number}/locations/global/workloadIdentityPools/{pool_id}`: All identities in a
+ * workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus
+ * unique identifier) representing a user that has been recently deleted. For example,
+ * `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to
+ * `user:{emailid}` and the recovered user retains the role in the binding. *
+ * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier)
+ * representing a service account that has been recently deleted. For example, `my-other-
+ * app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is
+ * undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account
+ * retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address
+ * (plus unique identifier) representing a Google group that has been recently deleted. For
+ * example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value
+ * reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `delete
+ * d:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_att
+ * ribute_value}`: Deleted single identity in a workforce identity pool. For example,
+ * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-
+ * subject-attribute-value`.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List members;
+
+ /**
+ * Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`,
+ * `roles/editor`, or `roles/owner`. For an overview of the IAM roles and permissions, see the
+ * [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For a list of the
+ * available pre-defined roles, see [here](https://cloud.google.com/iam/docs/understanding-roles).
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String role;
+
+ /**
+ * The condition that is associated with this binding. If the condition evaluates to `true`, then
+ * this binding applies to the current request. If the condition evaluates to `false`, then this
+ * binding does not apply to the current request. However, a different role binding might grant
+ * the same role to one or more of the principals in this binding. To learn which resources
+ * support conditions in their IAM policies, see the [IAM
+ * documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ * @return value or {@code null} for none
+ */
+ public GoogleTypeExpr getCondition() {
+ return condition;
+ }
+
+ /**
+ * The condition that is associated with this binding. If the condition evaluates to `true`, then
+ * this binding applies to the current request. If the condition evaluates to `false`, then this
+ * binding does not apply to the current request. However, a different role binding might grant
+ * the same role to one or more of the principals in this binding. To learn which resources
+ * support conditions in their IAM policies, see the [IAM
+ * documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ * @param condition condition or {@code null} for none
+ */
+ public GoogleIamV1Binding setCondition(GoogleTypeExpr condition) {
+ this.condition = condition;
+ return this;
+ }
+
+ /**
+ * Specifies the principals requesting access for a Google Cloud resource. `members` can have the
+ * following values: * `allUsers`: A special identifier that represents anyone who is on the
+ * internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier
+ * that represents anyone who is authenticated with a Google account or a service account. Does
+ * not include identities that come from external identity providers (IdPs) through identity
+ * federation. * `user:{emailid}`: An email address that represents a specific Google account. For
+ * example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a
+ * Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. *
+ * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a
+ * [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-
+ * service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. *
+ * `group:{emailid}`: An email address that represents a Google group. For example,
+ * `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the
+ * users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis
+ * .com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single
+ * identity in a workforce identity pool. *
+ * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`:
+ * All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/work
+ * forcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities
+ * with a specific attribute value. *
+ * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}`: All identities
+ * in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locat
+ * ions/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single
+ * identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_nu
+ * mber}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity
+ * pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/wor
+ * kloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a
+ * workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/
+ * {project_number}/locations/global/workloadIdentityPools/{pool_id}`: All identities in a
+ * workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus
+ * unique identifier) representing a user that has been recently deleted. For example,
+ * `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to
+ * `user:{emailid}` and the recovered user retains the role in the binding. *
+ * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier)
+ * representing a service account that has been recently deleted. For example, `my-other-
+ * app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is
+ * undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account
+ * retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address
+ * (plus unique identifier) representing a Google group that has been recently deleted. For
+ * example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value
+ * reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `delete
+ * d:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_att
+ * ribute_value}`: Deleted single identity in a workforce identity pool. For example,
+ * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-
+ * subject-attribute-value`.
+ * @return value or {@code null} for none
+ */
+ public java.util.List getMembers() {
+ return members;
+ }
+
+ /**
+ * Specifies the principals requesting access for a Google Cloud resource. `members` can have the
+ * following values: * `allUsers`: A special identifier that represents anyone who is on the
+ * internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier
+ * that represents anyone who is authenticated with a Google account or a service account. Does
+ * not include identities that come from external identity providers (IdPs) through identity
+ * federation. * `user:{emailid}`: An email address that represents a specific Google account. For
+ * example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a
+ * Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. *
+ * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a
+ * [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-
+ * service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. *
+ * `group:{emailid}`: An email address that represents a Google group. For example,
+ * `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the
+ * users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis
+ * .com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single
+ * identity in a workforce identity pool. *
+ * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`:
+ * All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/work
+ * forcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities
+ * with a specific attribute value. *
+ * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}`: All identities
+ * in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locat
+ * ions/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single
+ * identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_nu
+ * mber}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity
+ * pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/wor
+ * kloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a
+ * workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/
+ * {project_number}/locations/global/workloadIdentityPools/{pool_id}`: All identities in a
+ * workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus
+ * unique identifier) representing a user that has been recently deleted. For example,
+ * `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to
+ * `user:{emailid}` and the recovered user retains the role in the binding. *
+ * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier)
+ * representing a service account that has been recently deleted. For example, `my-other-
+ * app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is
+ * undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account
+ * retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address
+ * (plus unique identifier) representing a Google group that has been recently deleted. For
+ * example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value
+ * reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `delete
+ * d:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_att
+ * ribute_value}`: Deleted single identity in a workforce identity pool. For example,
+ * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-
+ * subject-attribute-value`.
+ * @param members members or {@code null} for none
+ */
+ public GoogleIamV1Binding setMembers(java.util.List members) {
+ this.members = members;
+ return this;
+ }
+
+ /**
+ * Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`,
+ * `roles/editor`, or `roles/owner`. For an overview of the IAM roles and permissions, see the
+ * [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For a list of the
+ * available pre-defined roles, see [here](https://cloud.google.com/iam/docs/understanding-roles).
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getRole() {
+ return role;
+ }
+
+ /**
+ * Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`,
+ * `roles/editor`, or `roles/owner`. For an overview of the IAM roles and permissions, see the
+ * [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For a list of the
+ * available pre-defined roles, see [here](https://cloud.google.com/iam/docs/understanding-roles).
+ * @param role role or {@code null} for none
+ */
+ public GoogleIamV1Binding setRole(java.lang.String role) {
+ this.role = role;
+ return this;
+ }
+
+ @Override
+ public GoogleIamV1Binding set(String fieldName, Object value) {
+ return (GoogleIamV1Binding) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleIamV1Binding clone() {
+ return (GoogleIamV1Binding) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleIamV1Policy.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleIamV1Policy.java
new file mode 100644
index 00000000000..0d4358e55aa
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleIamV1Policy.java
@@ -0,0 +1,292 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta.model;
+
+/**
+ * An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud
+ * resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or
+ * principals, to a single `role`. Principals can be user accounts, service accounts, Google groups,
+ * and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM
+ * predefined role or a user-created custom role. For some types of Google Cloud resources, a
+ * `binding` can also specify a `condition`, which is a logical expression that allows access to a
+ * resource only if the expression evaluates to `true`. A condition can add constraints based on
+ * attributes of the request, the resource, or both. To learn which resources support conditions in
+ * their IAM policies, see the [IAM
+ * documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:**
+ * ``` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [
+ * "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-
+ * project-id@appspot.gserviceaccount.com" ] }, { "role":
+ * "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": {
+ * "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression":
+ * "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version":
+ * 3 } ``` **YAML example:** ``` bindings: - members: - user:mike@example.com -
+ * group:admins@example.com - domain:google.com - serviceAccount:my-project-
+ * id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: -
+ * user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable
+ * access description: Does not grant access after Sep 2020 expression: request.time <
+ * timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 ``` For a description of IAM
+ * and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleIamV1Policy extends com.google.api.client.json.GenericJson {
+
+ /**
+ * Specifies cloud audit logging configuration for this policy.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List auditConfigs;
+
+ static {
+ // hack to force ProGuard to consider GoogleIamV1AuditConfig used, since otherwise it would be stripped out
+ // see https://github.com/google/google-api-java-client/issues/543
+ com.google.api.client.util.Data.nullOf(GoogleIamV1AuditConfig.class);
+ }
+
+ /**
+ * Associates a list of `members`, or principals, with a `role`. Optionally, may specify a
+ * `condition` that determines how and when the `bindings` are applied. Each of the `bindings`
+ * must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500
+ * principals; up to 250 of these principals can be Google groups. Each occurrence of a principal
+ * counts towards these limits. For example, if the `bindings` grant 50 different roles to
+ * `user:alice@example.com`, and not to any other principal, then you can add another 1,450
+ * principals to the `bindings` in the `Policy`.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List bindings;
+
+ static {
+ // hack to force ProGuard to consider GoogleIamV1Binding used, since otherwise it would be stripped out
+ // see https://github.com/google/google-api-java-client/issues/543
+ com.google.api.client.util.Data.nullOf(GoogleIamV1Binding.class);
+ }
+
+ /**
+ * `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates
+ * of a policy from overwriting each other. It is strongly suggested that systems make use of the
+ * `etag` in the read-modify-write cycle to perform policy updates in order to avoid race
+ * conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected
+ * to put that etag in the request to `setIamPolicy` to ensure that their change will be applied
+ * to the same version of the policy. **Important:** If you use IAM Conditions, you must include
+ * the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you
+ * to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the
+ * version `3` policy are lost.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String etag;
+
+ /**
+ * Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify
+ * an invalid value are rejected. Any operation that affects conditional role bindings must
+ * specify version `3`. This requirement applies to the following operations: * Getting a policy
+ * that includes a conditional role binding * Adding a conditional role binding to a policy *
+ * Changing a conditional role binding in a policy * Removing any role binding, with or without a
+ * condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you
+ * must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then
+ * IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the
+ * conditions in the version `3` policy are lost. If a policy does not include any conditions,
+ * operations on that policy may specify any valid version or leave the field unset. To learn
+ * which resources support conditions in their IAM policies, see the [IAM
+ * documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.Integer version;
+
+ /**
+ * Specifies cloud audit logging configuration for this policy.
+ * @return value or {@code null} for none
+ */
+ public java.util.List getAuditConfigs() {
+ return auditConfigs;
+ }
+
+ /**
+ * Specifies cloud audit logging configuration for this policy.
+ * @param auditConfigs auditConfigs or {@code null} for none
+ */
+ public GoogleIamV1Policy setAuditConfigs(java.util.List auditConfigs) {
+ this.auditConfigs = auditConfigs;
+ return this;
+ }
+
+ /**
+ * Associates a list of `members`, or principals, with a `role`. Optionally, may specify a
+ * `condition` that determines how and when the `bindings` are applied. Each of the `bindings`
+ * must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500
+ * principals; up to 250 of these principals can be Google groups. Each occurrence of a principal
+ * counts towards these limits. For example, if the `bindings` grant 50 different roles to
+ * `user:alice@example.com`, and not to any other principal, then you can add another 1,450
+ * principals to the `bindings` in the `Policy`.
+ * @return value or {@code null} for none
+ */
+ public java.util.List getBindings() {
+ return bindings;
+ }
+
+ /**
+ * Associates a list of `members`, or principals, with a `role`. Optionally, may specify a
+ * `condition` that determines how and when the `bindings` are applied. Each of the `bindings`
+ * must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500
+ * principals; up to 250 of these principals can be Google groups. Each occurrence of a principal
+ * counts towards these limits. For example, if the `bindings` grant 50 different roles to
+ * `user:alice@example.com`, and not to any other principal, then you can add another 1,450
+ * principals to the `bindings` in the `Policy`.
+ * @param bindings bindings or {@code null} for none
+ */
+ public GoogleIamV1Policy setBindings(java.util.List bindings) {
+ this.bindings = bindings;
+ return this;
+ }
+
+ /**
+ * `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates
+ * of a policy from overwriting each other. It is strongly suggested that systems make use of the
+ * `etag` in the read-modify-write cycle to perform policy updates in order to avoid race
+ * conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected
+ * to put that etag in the request to `setIamPolicy` to ensure that their change will be applied
+ * to the same version of the policy. **Important:** If you use IAM Conditions, you must include
+ * the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you
+ * to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the
+ * version `3` policy are lost.
+ * @see #decodeEtag()
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getEtag() {
+ return etag;
+ }
+
+ /**
+ * `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates
+ * of a policy from overwriting each other. It is strongly suggested that systems make use of the
+ * `etag` in the read-modify-write cycle to perform policy updates in order to avoid race
+ * conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected
+ * to put that etag in the request to `setIamPolicy` to ensure that their change will be applied
+ * to the same version of the policy. **Important:** If you use IAM Conditions, you must include
+ * the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you
+ * to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the
+ * version `3` policy are lost.
+ * @see #getEtag()
+ * @return Base64 decoded value or {@code null} for none
+ *
+ * @since 1.14
+ */
+ public byte[] decodeEtag() {
+ return com.google.api.client.util.Base64.decodeBase64(etag);
+ }
+
+ /**
+ * `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates
+ * of a policy from overwriting each other. It is strongly suggested that systems make use of the
+ * `etag` in the read-modify-write cycle to perform policy updates in order to avoid race
+ * conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected
+ * to put that etag in the request to `setIamPolicy` to ensure that their change will be applied
+ * to the same version of the policy. **Important:** If you use IAM Conditions, you must include
+ * the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you
+ * to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the
+ * version `3` policy are lost.
+ * @see #encodeEtag()
+ * @param etag etag or {@code null} for none
+ */
+ public GoogleIamV1Policy setEtag(java.lang.String etag) {
+ this.etag = etag;
+ return this;
+ }
+
+ /**
+ * `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates
+ * of a policy from overwriting each other. It is strongly suggested that systems make use of the
+ * `etag` in the read-modify-write cycle to perform policy updates in order to avoid race
+ * conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected
+ * to put that etag in the request to `setIamPolicy` to ensure that their change will be applied
+ * to the same version of the policy. **Important:** If you use IAM Conditions, you must include
+ * the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you
+ * to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the
+ * version `3` policy are lost.
+ * @see #setEtag()
+ *
+ *
+ * The value is encoded Base64 or {@code null} for none.
+ *
+ *
+ * @since 1.14
+ */
+ public GoogleIamV1Policy encodeEtag(byte[] etag) {
+ this.etag = com.google.api.client.util.Base64.encodeBase64URLSafeString(etag);
+ return this;
+ }
+
+ /**
+ * Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify
+ * an invalid value are rejected. Any operation that affects conditional role bindings must
+ * specify version `3`. This requirement applies to the following operations: * Getting a policy
+ * that includes a conditional role binding * Adding a conditional role binding to a policy *
+ * Changing a conditional role binding in a policy * Removing any role binding, with or without a
+ * condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you
+ * must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then
+ * IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the
+ * conditions in the version `3` policy are lost. If a policy does not include any conditions,
+ * operations on that policy may specify any valid version or leave the field unset. To learn
+ * which resources support conditions in their IAM policies, see the [IAM
+ * documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ * @return value or {@code null} for none
+ */
+ public java.lang.Integer getVersion() {
+ return version;
+ }
+
+ /**
+ * Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify
+ * an invalid value are rejected. Any operation that affects conditional role bindings must
+ * specify version `3`. This requirement applies to the following operations: * Getting a policy
+ * that includes a conditional role binding * Adding a conditional role binding to a policy *
+ * Changing a conditional role binding in a policy * Removing any role binding, with or without a
+ * condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you
+ * must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then
+ * IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the
+ * conditions in the version `3` policy are lost. If a policy does not include any conditions,
+ * operations on that policy may specify any valid version or leave the field unset. To learn
+ * which resources support conditions in their IAM policies, see the [IAM
+ * documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+ * @param version version or {@code null} for none
+ */
+ public GoogleIamV1Policy setVersion(java.lang.Integer version) {
+ this.version = version;
+ return this;
+ }
+
+ @Override
+ public GoogleIamV1Policy set(String fieldName, Object value) {
+ return (GoogleIamV1Policy) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleIamV1Policy clone() {
+ return (GoogleIamV1Policy) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleIamV2DenyRule.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleIamV2DenyRule.java
new file mode 100644
index 00000000000..5c786f7f6ca
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleIamV2DenyRule.java
@@ -0,0 +1,352 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta.model;
+
+/**
+ * A deny rule in an IAM deny policy.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleIamV2DenyRule extends com.google.api.client.json.GenericJson {
+
+ /**
+ * The condition that determines whether this deny rule applies to a request. If the condition
+ * expression evaluates to `true`, then the deny rule is applied; otherwise, the deny rule is not
+ * applied. Each deny rule is evaluated independently. If this deny rule does not apply to a
+ * request, other deny rules might still apply. The condition can use CEL functions that evaluate
+ * [resource tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other functions
+ * and operators are not supported.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleTypeExpr denialCondition;
+
+ /**
+ * The permissions that are explicitly denied by this rule. Each permission uses the format
+ * `{service_fqdn}/{resource}.{verb}`, where `{service_fqdn}` is the fully qualified domain name
+ * for the service. For example, `iam.googleapis.com/roles.list`.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List deniedPermissions;
+
+ /**
+ * The identities that are prevented from using one or more permissions on Google Cloud resources.
+ * This field can contain the following values: * `principal://goog/subject/{email_id}`: A
+ * specific Google Account. Includes Gmail, Cloud Identity, and Google Workspace user accounts.
+ * For example, `principal://goog/subject/alice@example.com`. *
+ * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`: A Google
+ * Cloud service account. For example,
+ * `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-
+ * account@iam.gserviceaccount.com`. * `principalSet://goog/group/{group_id}`: A Google group. For
+ * example, `principalSet://goog/group/admins@example.com`. * `principalSet://goog/public:all`: A
+ * special identifier that represents any principal that is on the internet, even if they do not
+ * have a Google Account or are not logged in. *
+ * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the principals associated
+ * with the specified Google Workspace or Cloud Identity customer ID. For example,
+ * `principalSet://goog/cloudIdentityCustomerId/C01Abc35`. * `principal://iam.googleapis.com/locat
+ * ions/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a
+ * workforce identity pool. *
+ * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`:
+ * All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/work
+ * forcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities
+ * with a specific attribute value. *
+ * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}`: All identities
+ * in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locat
+ * ions/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single
+ * identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_nu
+ * mber}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity
+ * pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/wor
+ * kloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a
+ * workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/
+ * {project_number}/locations/global/workloadIdentityPools/{pool_id}`: All identities in a
+ * workload identity pool. * `principalSet://cloudresourcemanager.googleapis.com/[projects|folders
+ * |organizations]/{project_number|folder_number|org_number}/type/ServiceAccount`: All service
+ * accounts grouped under a resource (project, folder, or organization). * `principalSet://cloudre
+ * sourcemanager.googleapis.com/[projects|folders|organizations]/{project_number|folder_number|org
+ * _number}/type/ServiceAgent`: All service agents grouped under a resource (project, folder, or
+ * organization). * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific Google
+ * Account that was deleted recently. For example,
+ * `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If the Google Account is
+ * recovered, this identifier reverts to the standard identifier for a Google Account. *
+ * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group that was deleted
+ * recently. For example, `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`.
+ * If the Google group is restored, this identifier reverts to the standard identifier for a
+ * Google group. * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_acc
+ * ount_id}?uid={uid}`: A Google Cloud service account that was deleted recently. For example,
+ * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-
+ * account@iam.gserviceaccount.com?uid=1234567890`. If the service account is undeleted, this
+ * identifier reverts to the standard identifier for a service account. * `deleted:principal://iam
+ * .googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`:
+ * Deleted single identity in a workforce identity pool. For example,
+ * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-
+ * subject-attribute-value`.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List deniedPrincipals;
+
+ /**
+ * Specifies the permissions that this rule excludes from the set of denied permissions given by
+ * `denied_permissions`. If a permission appears in `denied_permissions` _and_ in
+ * `exception_permissions` then it will _not_ be denied. The excluded permissions can be specified
+ * using the same syntax as `denied_permissions`.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List exceptionPermissions;
+
+ /**
+ * The identities that are excluded from the deny rule, even if they are listed in the
+ * `denied_principals`. For example, you could add a Google group to the `denied_principals`, then
+ * exclude specific users who belong to that group. This field can contain the same values as the
+ * `denied_principals` field, excluding `principalSet://goog/public:all`, which represents all
+ * users on the internet.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List exceptionPrincipals;
+
+ /**
+ * The condition that determines whether this deny rule applies to a request. If the condition
+ * expression evaluates to `true`, then the deny rule is applied; otherwise, the deny rule is not
+ * applied. Each deny rule is evaluated independently. If this deny rule does not apply to a
+ * request, other deny rules might still apply. The condition can use CEL functions that evaluate
+ * [resource tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other functions
+ * and operators are not supported.
+ * @return value or {@code null} for none
+ */
+ public GoogleTypeExpr getDenialCondition() {
+ return denialCondition;
+ }
+
+ /**
+ * The condition that determines whether this deny rule applies to a request. If the condition
+ * expression evaluates to `true`, then the deny rule is applied; otherwise, the deny rule is not
+ * applied. Each deny rule is evaluated independently. If this deny rule does not apply to a
+ * request, other deny rules might still apply. The condition can use CEL functions that evaluate
+ * [resource tags](https://cloud.google.com/iam/help/conditions/resource-tags). Other functions
+ * and operators are not supported.
+ * @param denialCondition denialCondition or {@code null} for none
+ */
+ public GoogleIamV2DenyRule setDenialCondition(GoogleTypeExpr denialCondition) {
+ this.denialCondition = denialCondition;
+ return this;
+ }
+
+ /**
+ * The permissions that are explicitly denied by this rule. Each permission uses the format
+ * `{service_fqdn}/{resource}.{verb}`, where `{service_fqdn}` is the fully qualified domain name
+ * for the service. For example, `iam.googleapis.com/roles.list`.
+ * @return value or {@code null} for none
+ */
+ public java.util.List getDeniedPermissions() {
+ return deniedPermissions;
+ }
+
+ /**
+ * The permissions that are explicitly denied by this rule. Each permission uses the format
+ * `{service_fqdn}/{resource}.{verb}`, where `{service_fqdn}` is the fully qualified domain name
+ * for the service. For example, `iam.googleapis.com/roles.list`.
+ * @param deniedPermissions deniedPermissions or {@code null} for none
+ */
+ public GoogleIamV2DenyRule setDeniedPermissions(java.util.List deniedPermissions) {
+ this.deniedPermissions = deniedPermissions;
+ return this;
+ }
+
+ /**
+ * The identities that are prevented from using one or more permissions on Google Cloud resources.
+ * This field can contain the following values: * `principal://goog/subject/{email_id}`: A
+ * specific Google Account. Includes Gmail, Cloud Identity, and Google Workspace user accounts.
+ * For example, `principal://goog/subject/alice@example.com`. *
+ * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`: A Google
+ * Cloud service account. For example,
+ * `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-
+ * account@iam.gserviceaccount.com`. * `principalSet://goog/group/{group_id}`: A Google group. For
+ * example, `principalSet://goog/group/admins@example.com`. * `principalSet://goog/public:all`: A
+ * special identifier that represents any principal that is on the internet, even if they do not
+ * have a Google Account or are not logged in. *
+ * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the principals associated
+ * with the specified Google Workspace or Cloud Identity customer ID. For example,
+ * `principalSet://goog/cloudIdentityCustomerId/C01Abc35`. * `principal://iam.googleapis.com/locat
+ * ions/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a
+ * workforce identity pool. *
+ * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`:
+ * All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/work
+ * forcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities
+ * with a specific attribute value. *
+ * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}`: All identities
+ * in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locat
+ * ions/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single
+ * identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_nu
+ * mber}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity
+ * pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/wor
+ * kloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a
+ * workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/
+ * {project_number}/locations/global/workloadIdentityPools/{pool_id}`: All identities in a
+ * workload identity pool. * `principalSet://cloudresourcemanager.googleapis.com/[projects|folders
+ * |organizations]/{project_number|folder_number|org_number}/type/ServiceAccount`: All service
+ * accounts grouped under a resource (project, folder, or organization). * `principalSet://cloudre
+ * sourcemanager.googleapis.com/[projects|folders|organizations]/{project_number|folder_number|org
+ * _number}/type/ServiceAgent`: All service agents grouped under a resource (project, folder, or
+ * organization). * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific Google
+ * Account that was deleted recently. For example,
+ * `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If the Google Account is
+ * recovered, this identifier reverts to the standard identifier for a Google Account. *
+ * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group that was deleted
+ * recently. For example, `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`.
+ * If the Google group is restored, this identifier reverts to the standard identifier for a
+ * Google group. * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_acc
+ * ount_id}?uid={uid}`: A Google Cloud service account that was deleted recently. For example,
+ * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-
+ * account@iam.gserviceaccount.com?uid=1234567890`. If the service account is undeleted, this
+ * identifier reverts to the standard identifier for a service account. * `deleted:principal://iam
+ * .googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`:
+ * Deleted single identity in a workforce identity pool. For example,
+ * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-
+ * subject-attribute-value`.
+ * @return value or {@code null} for none
+ */
+ public java.util.List getDeniedPrincipals() {
+ return deniedPrincipals;
+ }
+
+ /**
+ * The identities that are prevented from using one or more permissions on Google Cloud resources.
+ * This field can contain the following values: * `principal://goog/subject/{email_id}`: A
+ * specific Google Account. Includes Gmail, Cloud Identity, and Google Workspace user accounts.
+ * For example, `principal://goog/subject/alice@example.com`. *
+ * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`: A Google
+ * Cloud service account. For example,
+ * `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-
+ * account@iam.gserviceaccount.com`. * `principalSet://goog/group/{group_id}`: A Google group. For
+ * example, `principalSet://goog/group/admins@example.com`. * `principalSet://goog/public:all`: A
+ * special identifier that represents any principal that is on the internet, even if they do not
+ * have a Google Account or are not logged in. *
+ * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the principals associated
+ * with the specified Google Workspace or Cloud Identity customer ID. For example,
+ * `principalSet://goog/cloudIdentityCustomerId/C01Abc35`. * `principal://iam.googleapis.com/locat
+ * ions/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a
+ * workforce identity pool. *
+ * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`:
+ * All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/work
+ * forcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities
+ * with a specific attribute value. *
+ * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}`: All identities
+ * in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locat
+ * ions/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single
+ * identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_nu
+ * mber}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity
+ * pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/wor
+ * kloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a
+ * workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/
+ * {project_number}/locations/global/workloadIdentityPools/{pool_id}`: All identities in a
+ * workload identity pool. * `principalSet://cloudresourcemanager.googleapis.com/[projects|folders
+ * |organizations]/{project_number|folder_number|org_number}/type/ServiceAccount`: All service
+ * accounts grouped under a resource (project, folder, or organization). * `principalSet://cloudre
+ * sourcemanager.googleapis.com/[projects|folders|organizations]/{project_number|folder_number|org
+ * _number}/type/ServiceAgent`: All service agents grouped under a resource (project, folder, or
+ * organization). * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific Google
+ * Account that was deleted recently. For example,
+ * `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If the Google Account is
+ * recovered, this identifier reverts to the standard identifier for a Google Account. *
+ * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group that was deleted
+ * recently. For example, `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`.
+ * If the Google group is restored, this identifier reverts to the standard identifier for a
+ * Google group. * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_acc
+ * ount_id}?uid={uid}`: A Google Cloud service account that was deleted recently. For example,
+ * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-
+ * account@iam.gserviceaccount.com?uid=1234567890`. If the service account is undeleted, this
+ * identifier reverts to the standard identifier for a service account. * `deleted:principal://iam
+ * .googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`:
+ * Deleted single identity in a workforce identity pool. For example,
+ * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-
+ * subject-attribute-value`.
+ * @param deniedPrincipals deniedPrincipals or {@code null} for none
+ */
+ public GoogleIamV2DenyRule setDeniedPrincipals(java.util.List deniedPrincipals) {
+ this.deniedPrincipals = deniedPrincipals;
+ return this;
+ }
+
+ /**
+ * Specifies the permissions that this rule excludes from the set of denied permissions given by
+ * `denied_permissions`. If a permission appears in `denied_permissions` _and_ in
+ * `exception_permissions` then it will _not_ be denied. The excluded permissions can be specified
+ * using the same syntax as `denied_permissions`.
+ * @return value or {@code null} for none
+ */
+ public java.util.List getExceptionPermissions() {
+ return exceptionPermissions;
+ }
+
+ /**
+ * Specifies the permissions that this rule excludes from the set of denied permissions given by
+ * `denied_permissions`. If a permission appears in `denied_permissions` _and_ in
+ * `exception_permissions` then it will _not_ be denied. The excluded permissions can be specified
+ * using the same syntax as `denied_permissions`.
+ * @param exceptionPermissions exceptionPermissions or {@code null} for none
+ */
+ public GoogleIamV2DenyRule setExceptionPermissions(java.util.List exceptionPermissions) {
+ this.exceptionPermissions = exceptionPermissions;
+ return this;
+ }
+
+ /**
+ * The identities that are excluded from the deny rule, even if they are listed in the
+ * `denied_principals`. For example, you could add a Google group to the `denied_principals`, then
+ * exclude specific users who belong to that group. This field can contain the same values as the
+ * `denied_principals` field, excluding `principalSet://goog/public:all`, which represents all
+ * users on the internet.
+ * @return value or {@code null} for none
+ */
+ public java.util.List getExceptionPrincipals() {
+ return exceptionPrincipals;
+ }
+
+ /**
+ * The identities that are excluded from the deny rule, even if they are listed in the
+ * `denied_principals`. For example, you could add a Google group to the `denied_principals`, then
+ * exclude specific users who belong to that group. This field can contain the same values as the
+ * `denied_principals` field, excluding `principalSet://goog/public:all`, which represents all
+ * users on the internet.
+ * @param exceptionPrincipals exceptionPrincipals or {@code null} for none
+ */
+ public GoogleIamV2DenyRule setExceptionPrincipals(java.util.List exceptionPrincipals) {
+ this.exceptionPrincipals = exceptionPrincipals;
+ return this;
+ }
+
+ @Override
+ public GoogleIamV2DenyRule set(String fieldName, Object value) {
+ return (GoogleIamV2DenyRule) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleIamV2DenyRule clone() {
+ return (GoogleIamV2DenyRule) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleIamV2Policy.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleIamV2Policy.java
new file mode 100644
index 00000000000..47fa5da1c7d
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleIamV2Policy.java
@@ -0,0 +1,316 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta.model;
+
+/**
+ * Data for an IAM policy.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleIamV2Policy extends com.google.api.client.json.GenericJson {
+
+ /**
+ * A key-value map to store arbitrary metadata for the `Policy`. Keys can be up to 63 characters.
+ * Values can be up to 255 characters.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.Map annotations;
+
+ /**
+ * Output only. The time when the `Policy` was created.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private String createTime;
+
+ /**
+ * Output only. The time when the `Policy` was deleted. Empty if the policy is not deleted.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private String deleteTime;
+
+ /**
+ * A user-specified description of the `Policy`. This value can be up to 63 characters.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String displayName;
+
+ /**
+ * An opaque tag that identifies the current version of the `Policy`. IAM uses this value to help
+ * manage concurrent updates, so they do not cause one update to be overwritten by another. If
+ * this field is present in a CreatePolicyRequest, the value is ignored.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String etag;
+
+ /**
+ * Output only. The kind of the `Policy`. Always contains the value `DenyPolicy`.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String kind;
+
+ /**
+ * Immutable. The resource name of the `Policy`, which must be unique. Format:
+ * `policies/{attachment_point}/denypolicies/{policy_id}` The attachment point is identified by
+ * its URL-encoded full resource name, which means that the forward-slash character, `/`, must be
+ * written as `%2F`. For example, `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-
+ * project/denypolicies/my-deny-policy`. For organizations and folders, use the numeric ID in the
+ * full resource name. For projects, requests can use the alphanumeric or the numeric ID.
+ * Responses always contain the numeric ID.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String name;
+
+ /**
+ * A list of rules that specify the behavior of the `Policy`. All of the rules should be of the
+ * `kind` specified in the `Policy`.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List rules;
+
+ /**
+ * Immutable. The globally unique ID of the `Policy`. Assigned automatically when the `Policy` is
+ * created.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String uid;
+
+ /**
+ * Output only. The time when the `Policy` was last updated.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private String updateTime;
+
+ /**
+ * A key-value map to store arbitrary metadata for the `Policy`. Keys can be up to 63 characters.
+ * Values can be up to 255 characters.
+ * @return value or {@code null} for none
+ */
+ public java.util.Map getAnnotations() {
+ return annotations;
+ }
+
+ /**
+ * A key-value map to store arbitrary metadata for the `Policy`. Keys can be up to 63 characters.
+ * Values can be up to 255 characters.
+ * @param annotations annotations or {@code null} for none
+ */
+ public GoogleIamV2Policy setAnnotations(java.util.Map annotations) {
+ this.annotations = annotations;
+ return this;
+ }
+
+ /**
+ * Output only. The time when the `Policy` was created.
+ * @return value or {@code null} for none
+ */
+ public String getCreateTime() {
+ return createTime;
+ }
+
+ /**
+ * Output only. The time when the `Policy` was created.
+ * @param createTime createTime or {@code null} for none
+ */
+ public GoogleIamV2Policy setCreateTime(String createTime) {
+ this.createTime = createTime;
+ return this;
+ }
+
+ /**
+ * Output only. The time when the `Policy` was deleted. Empty if the policy is not deleted.
+ * @return value or {@code null} for none
+ */
+ public String getDeleteTime() {
+ return deleteTime;
+ }
+
+ /**
+ * Output only. The time when the `Policy` was deleted. Empty if the policy is not deleted.
+ * @param deleteTime deleteTime or {@code null} for none
+ */
+ public GoogleIamV2Policy setDeleteTime(String deleteTime) {
+ this.deleteTime = deleteTime;
+ return this;
+ }
+
+ /**
+ * A user-specified description of the `Policy`. This value can be up to 63 characters.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getDisplayName() {
+ return displayName;
+ }
+
+ /**
+ * A user-specified description of the `Policy`. This value can be up to 63 characters.
+ * @param displayName displayName or {@code null} for none
+ */
+ public GoogleIamV2Policy setDisplayName(java.lang.String displayName) {
+ this.displayName = displayName;
+ return this;
+ }
+
+ /**
+ * An opaque tag that identifies the current version of the `Policy`. IAM uses this value to help
+ * manage concurrent updates, so they do not cause one update to be overwritten by another. If
+ * this field is present in a CreatePolicyRequest, the value is ignored.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getEtag() {
+ return etag;
+ }
+
+ /**
+ * An opaque tag that identifies the current version of the `Policy`. IAM uses this value to help
+ * manage concurrent updates, so they do not cause one update to be overwritten by another. If
+ * this field is present in a CreatePolicyRequest, the value is ignored.
+ * @param etag etag or {@code null} for none
+ */
+ public GoogleIamV2Policy setEtag(java.lang.String etag) {
+ this.etag = etag;
+ return this;
+ }
+
+ /**
+ * Output only. The kind of the `Policy`. Always contains the value `DenyPolicy`.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getKind() {
+ return kind;
+ }
+
+ /**
+ * Output only. The kind of the `Policy`. Always contains the value `DenyPolicy`.
+ * @param kind kind or {@code null} for none
+ */
+ public GoogleIamV2Policy setKind(java.lang.String kind) {
+ this.kind = kind;
+ return this;
+ }
+
+ /**
+ * Immutable. The resource name of the `Policy`, which must be unique. Format:
+ * `policies/{attachment_point}/denypolicies/{policy_id}` The attachment point is identified by
+ * its URL-encoded full resource name, which means that the forward-slash character, `/`, must be
+ * written as `%2F`. For example, `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-
+ * project/denypolicies/my-deny-policy`. For organizations and folders, use the numeric ID in the
+ * full resource name. For projects, requests can use the alphanumeric or the numeric ID.
+ * Responses always contain the numeric ID.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getName() {
+ return name;
+ }
+
+ /**
+ * Immutable. The resource name of the `Policy`, which must be unique. Format:
+ * `policies/{attachment_point}/denypolicies/{policy_id}` The attachment point is identified by
+ * its URL-encoded full resource name, which means that the forward-slash character, `/`, must be
+ * written as `%2F`. For example, `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-
+ * project/denypolicies/my-deny-policy`. For organizations and folders, use the numeric ID in the
+ * full resource name. For projects, requests can use the alphanumeric or the numeric ID.
+ * Responses always contain the numeric ID.
+ * @param name name or {@code null} for none
+ */
+ public GoogleIamV2Policy setName(java.lang.String name) {
+ this.name = name;
+ return this;
+ }
+
+ /**
+ * A list of rules that specify the behavior of the `Policy`. All of the rules should be of the
+ * `kind` specified in the `Policy`.
+ * @return value or {@code null} for none
+ */
+ public java.util.List getRules() {
+ return rules;
+ }
+
+ /**
+ * A list of rules that specify the behavior of the `Policy`. All of the rules should be of the
+ * `kind` specified in the `Policy`.
+ * @param rules rules or {@code null} for none
+ */
+ public GoogleIamV2Policy setRules(java.util.List rules) {
+ this.rules = rules;
+ return this;
+ }
+
+ /**
+ * Immutable. The globally unique ID of the `Policy`. Assigned automatically when the `Policy` is
+ * created.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getUid() {
+ return uid;
+ }
+
+ /**
+ * Immutable. The globally unique ID of the `Policy`. Assigned automatically when the `Policy` is
+ * created.
+ * @param uid uid or {@code null} for none
+ */
+ public GoogleIamV2Policy setUid(java.lang.String uid) {
+ this.uid = uid;
+ return this;
+ }
+
+ /**
+ * Output only. The time when the `Policy` was last updated.
+ * @return value or {@code null} for none
+ */
+ public String getUpdateTime() {
+ return updateTime;
+ }
+
+ /**
+ * Output only. The time when the `Policy` was last updated.
+ * @param updateTime updateTime or {@code null} for none
+ */
+ public GoogleIamV2Policy setUpdateTime(String updateTime) {
+ this.updateTime = updateTime;
+ return this;
+ }
+
+ @Override
+ public GoogleIamV2Policy set(String fieldName, Object value) {
+ return (GoogleIamV2Policy) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleIamV2Policy clone() {
+ return (GoogleIamV2Policy) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleIamV2PolicyRule.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleIamV2PolicyRule.java
new file mode 100644
index 00000000000..1f601a47dc2
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleIamV2PolicyRule.java
@@ -0,0 +1,91 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta.model;
+
+/**
+ * A single rule in a `Policy`.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleIamV2PolicyRule extends com.google.api.client.json.GenericJson {
+
+ /**
+ * A rule for a deny policy.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleIamV2DenyRule denyRule;
+
+ /**
+ * A user-specified description of the rule. This value can be up to 256 characters.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String description;
+
+ /**
+ * A rule for a deny policy.
+ * @return value or {@code null} for none
+ */
+ public GoogleIamV2DenyRule getDenyRule() {
+ return denyRule;
+ }
+
+ /**
+ * A rule for a deny policy.
+ * @param denyRule denyRule or {@code null} for none
+ */
+ public GoogleIamV2PolicyRule setDenyRule(GoogleIamV2DenyRule denyRule) {
+ this.denyRule = denyRule;
+ return this;
+ }
+
+ /**
+ * A user-specified description of the rule. This value can be up to 256 characters.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getDescription() {
+ return description;
+ }
+
+ /**
+ * A user-specified description of the rule. This value can be up to 256 characters.
+ * @param description description or {@code null} for none
+ */
+ public GoogleIamV2PolicyRule setDescription(java.lang.String description) {
+ this.description = description;
+ return this;
+ }
+
+ @Override
+ public GoogleIamV2PolicyRule set(String fieldName, Object value) {
+ return (GoogleIamV2PolicyRule) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleIamV2PolicyRule clone() {
+ return (GoogleIamV2PolicyRule) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleIamV3PolicyBinding.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleIamV3PolicyBinding.java
new file mode 100644
index 00000000000..f490a7d36b0
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleIamV3PolicyBinding.java
@@ -0,0 +1,409 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta.model;
+
+/**
+ * IAM policy binding resource.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleIamV3PolicyBinding extends com.google.api.client.json.GenericJson {
+
+ /**
+ * Optional. User-defined annotations. See https://google.aip.dev/148#annotations for more details
+ * such as format and size limitations
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.Map annotations;
+
+ /**
+ * Optional. The condition to apply to the policy binding. When set, the `expression` field in the
+ * `Expr` must include from 1 to 10 subexpressions, joined by the "||"(Logical OR), "&&"(Logical
+ * AND) or "!"(Logical NOT) operators and cannot contain more than 250 characters. The condition
+ * is currently only supported when bound to policies of kind principal access boundary. When the
+ * bound policy is a principal access boundary policy, the only supported attributes in any
+ * subexpression are `principal.type` and `principal.subject`. An example expression is:
+ * "principal.type == 'iam.googleapis.com/ServiceAccount'" or "principal.subject ==
+ * 'bob@example.com'". Allowed operations for `principal.subject`: - `principal.subject == ` -
+ * `principal.subject != ` - `principal.subject in []` - `principal.subject.startsWith()` -
+ * `principal.subject.endsWith()` Allowed operations for `principal.type`: - `principal.type == `
+ * - `principal.type != ` - `principal.type in []` Supported principal types are Workspace,
+ * Workforce Pool, Workload Pool and Service Account. Allowed string must be one of: -
+ * iam.googleapis.com/WorkspaceIdentity - iam.googleapis.com/WorkforcePoolIdentity -
+ * iam.googleapis.com/WorkloadPoolIdentity - iam.googleapis.com/ServiceAccount
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleTypeExpr condition;
+
+ /**
+ * Output only. The time when the policy binding was created.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private String createTime;
+
+ /**
+ * Optional. The description of the policy binding. Must be less than or equal to 63 characters.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String displayName;
+
+ /**
+ * Optional. The etag for the policy binding. If this is provided on update, it must match the
+ * server's etag.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String etag;
+
+ /**
+ * Identifier. The name of the policy binding, in the format
+ * `{binding_parent/locations/{location}/policyBindings/{policy_binding_id}`. The binding parent
+ * is the closest Resource Manager resource (project, folder, or organization) to the binding
+ * target. Format: *
+ * `projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id}` *
+ * `projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id}` *
+ * `folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id}` *
+ * `organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}`
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String name;
+
+ /**
+ * Required. Immutable. The resource name of the policy to be bound. The binding parent and policy
+ * must belong to the same organization.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String policy;
+
+ /**
+ * Immutable. The kind of the policy to attach in this binding. This field must be one of the
+ * following: - Left empty (will be automatically set to the policy kind) - The input policy kind
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String policyKind;
+
+ /**
+ * Output only. The globally unique ID of the policy to be bound.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String policyUid;
+
+ /**
+ * Required. Immutable. The full resource name of the resource to which the policy will be bound.
+ * Immutable once set.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleIamV3PolicyBindingTarget target;
+
+ /**
+ * Output only. The globally unique ID of the policy binding. Assigned when the policy binding is
+ * created.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String uid;
+
+ /**
+ * Output only. The time when the policy binding was most recently updated.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private String updateTime;
+
+ /**
+ * Optional. User-defined annotations. See https://google.aip.dev/148#annotations for more details
+ * such as format and size limitations
+ * @return value or {@code null} for none
+ */
+ public java.util.Map getAnnotations() {
+ return annotations;
+ }
+
+ /**
+ * Optional. User-defined annotations. See https://google.aip.dev/148#annotations for more details
+ * such as format and size limitations
+ * @param annotations annotations or {@code null} for none
+ */
+ public GoogleIamV3PolicyBinding setAnnotations(java.util.Map annotations) {
+ this.annotations = annotations;
+ return this;
+ }
+
+ /**
+ * Optional. The condition to apply to the policy binding. When set, the `expression` field in the
+ * `Expr` must include from 1 to 10 subexpressions, joined by the "||"(Logical OR), "&&"(Logical
+ * AND) or "!"(Logical NOT) operators and cannot contain more than 250 characters. The condition
+ * is currently only supported when bound to policies of kind principal access boundary. When the
+ * bound policy is a principal access boundary policy, the only supported attributes in any
+ * subexpression are `principal.type` and `principal.subject`. An example expression is:
+ * "principal.type == 'iam.googleapis.com/ServiceAccount'" or "principal.subject ==
+ * 'bob@example.com'". Allowed operations for `principal.subject`: - `principal.subject == ` -
+ * `principal.subject != ` - `principal.subject in []` - `principal.subject.startsWith()` -
+ * `principal.subject.endsWith()` Allowed operations for `principal.type`: - `principal.type == `
+ * - `principal.type != ` - `principal.type in []` Supported principal types are Workspace,
+ * Workforce Pool, Workload Pool and Service Account. Allowed string must be one of: -
+ * iam.googleapis.com/WorkspaceIdentity - iam.googleapis.com/WorkforcePoolIdentity -
+ * iam.googleapis.com/WorkloadPoolIdentity - iam.googleapis.com/ServiceAccount
+ * @return value or {@code null} for none
+ */
+ public GoogleTypeExpr getCondition() {
+ return condition;
+ }
+
+ /**
+ * Optional. The condition to apply to the policy binding. When set, the `expression` field in the
+ * `Expr` must include from 1 to 10 subexpressions, joined by the "||"(Logical OR), "&&"(Logical
+ * AND) or "!"(Logical NOT) operators and cannot contain more than 250 characters. The condition
+ * is currently only supported when bound to policies of kind principal access boundary. When the
+ * bound policy is a principal access boundary policy, the only supported attributes in any
+ * subexpression are `principal.type` and `principal.subject`. An example expression is:
+ * "principal.type == 'iam.googleapis.com/ServiceAccount'" or "principal.subject ==
+ * 'bob@example.com'". Allowed operations for `principal.subject`: - `principal.subject == ` -
+ * `principal.subject != ` - `principal.subject in []` - `principal.subject.startsWith()` -
+ * `principal.subject.endsWith()` Allowed operations for `principal.type`: - `principal.type == `
+ * - `principal.type != ` - `principal.type in []` Supported principal types are Workspace,
+ * Workforce Pool, Workload Pool and Service Account. Allowed string must be one of: -
+ * iam.googleapis.com/WorkspaceIdentity - iam.googleapis.com/WorkforcePoolIdentity -
+ * iam.googleapis.com/WorkloadPoolIdentity - iam.googleapis.com/ServiceAccount
+ * @param condition condition or {@code null} for none
+ */
+ public GoogleIamV3PolicyBinding setCondition(GoogleTypeExpr condition) {
+ this.condition = condition;
+ return this;
+ }
+
+ /**
+ * Output only. The time when the policy binding was created.
+ * @return value or {@code null} for none
+ */
+ public String getCreateTime() {
+ return createTime;
+ }
+
+ /**
+ * Output only. The time when the policy binding was created.
+ * @param createTime createTime or {@code null} for none
+ */
+ public GoogleIamV3PolicyBinding setCreateTime(String createTime) {
+ this.createTime = createTime;
+ return this;
+ }
+
+ /**
+ * Optional. The description of the policy binding. Must be less than or equal to 63 characters.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getDisplayName() {
+ return displayName;
+ }
+
+ /**
+ * Optional. The description of the policy binding. Must be less than or equal to 63 characters.
+ * @param displayName displayName or {@code null} for none
+ */
+ public GoogleIamV3PolicyBinding setDisplayName(java.lang.String displayName) {
+ this.displayName = displayName;
+ return this;
+ }
+
+ /**
+ * Optional. The etag for the policy binding. If this is provided on update, it must match the
+ * server's etag.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getEtag() {
+ return etag;
+ }
+
+ /**
+ * Optional. The etag for the policy binding. If this is provided on update, it must match the
+ * server's etag.
+ * @param etag etag or {@code null} for none
+ */
+ public GoogleIamV3PolicyBinding setEtag(java.lang.String etag) {
+ this.etag = etag;
+ return this;
+ }
+
+ /**
+ * Identifier. The name of the policy binding, in the format
+ * `{binding_parent/locations/{location}/policyBindings/{policy_binding_id}`. The binding parent
+ * is the closest Resource Manager resource (project, folder, or organization) to the binding
+ * target. Format: *
+ * `projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id}` *
+ * `projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id}` *
+ * `folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id}` *
+ * `organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}`
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getName() {
+ return name;
+ }
+
+ /**
+ * Identifier. The name of the policy binding, in the format
+ * `{binding_parent/locations/{location}/policyBindings/{policy_binding_id}`. The binding parent
+ * is the closest Resource Manager resource (project, folder, or organization) to the binding
+ * target. Format: *
+ * `projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id}` *
+ * `projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id}` *
+ * `folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id}` *
+ * `organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}`
+ * @param name name or {@code null} for none
+ */
+ public GoogleIamV3PolicyBinding setName(java.lang.String name) {
+ this.name = name;
+ return this;
+ }
+
+ /**
+ * Required. Immutable. The resource name of the policy to be bound. The binding parent and policy
+ * must belong to the same organization.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getPolicy() {
+ return policy;
+ }
+
+ /**
+ * Required. Immutable. The resource name of the policy to be bound. The binding parent and policy
+ * must belong to the same organization.
+ * @param policy policy or {@code null} for none
+ */
+ public GoogleIamV3PolicyBinding setPolicy(java.lang.String policy) {
+ this.policy = policy;
+ return this;
+ }
+
+ /**
+ * Immutable. The kind of the policy to attach in this binding. This field must be one of the
+ * following: - Left empty (will be automatically set to the policy kind) - The input policy kind
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getPolicyKind() {
+ return policyKind;
+ }
+
+ /**
+ * Immutable. The kind of the policy to attach in this binding. This field must be one of the
+ * following: - Left empty (will be automatically set to the policy kind) - The input policy kind
+ * @param policyKind policyKind or {@code null} for none
+ */
+ public GoogleIamV3PolicyBinding setPolicyKind(java.lang.String policyKind) {
+ this.policyKind = policyKind;
+ return this;
+ }
+
+ /**
+ * Output only. The globally unique ID of the policy to be bound.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getPolicyUid() {
+ return policyUid;
+ }
+
+ /**
+ * Output only. The globally unique ID of the policy to be bound.
+ * @param policyUid policyUid or {@code null} for none
+ */
+ public GoogleIamV3PolicyBinding setPolicyUid(java.lang.String policyUid) {
+ this.policyUid = policyUid;
+ return this;
+ }
+
+ /**
+ * Required. Immutable. The full resource name of the resource to which the policy will be bound.
+ * Immutable once set.
+ * @return value or {@code null} for none
+ */
+ public GoogleIamV3PolicyBindingTarget getTarget() {
+ return target;
+ }
+
+ /**
+ * Required. Immutable. The full resource name of the resource to which the policy will be bound.
+ * Immutable once set.
+ * @param target target or {@code null} for none
+ */
+ public GoogleIamV3PolicyBinding setTarget(GoogleIamV3PolicyBindingTarget target) {
+ this.target = target;
+ return this;
+ }
+
+ /**
+ * Output only. The globally unique ID of the policy binding. Assigned when the policy binding is
+ * created.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getUid() {
+ return uid;
+ }
+
+ /**
+ * Output only. The globally unique ID of the policy binding. Assigned when the policy binding is
+ * created.
+ * @param uid uid or {@code null} for none
+ */
+ public GoogleIamV3PolicyBinding setUid(java.lang.String uid) {
+ this.uid = uid;
+ return this;
+ }
+
+ /**
+ * Output only. The time when the policy binding was most recently updated.
+ * @return value or {@code null} for none
+ */
+ public String getUpdateTime() {
+ return updateTime;
+ }
+
+ /**
+ * Output only. The time when the policy binding was most recently updated.
+ * @param updateTime updateTime or {@code null} for none
+ */
+ public GoogleIamV3PolicyBinding setUpdateTime(String updateTime) {
+ this.updateTime = updateTime;
+ return this;
+ }
+
+ @Override
+ public GoogleIamV3PolicyBinding set(String fieldName, Object value) {
+ return (GoogleIamV3PolicyBinding) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleIamV3PolicyBinding clone() {
+ return (GoogleIamV3PolicyBinding) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleIamV3PolicyBindingTarget.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleIamV3PolicyBindingTarget.java
new file mode 100644
index 00000000000..7ac75f6be10
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleIamV3PolicyBindingTarget.java
@@ -0,0 +1,136 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta.model;
+
+/**
+ * The full resource name of the resource to which the policy will be bound. Immutable once set.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleIamV3PolicyBindingTarget extends com.google.api.client.json.GenericJson {
+
+ /**
+ * Immutable. The full resource name that's used for principal access boundary policy bindings.
+ * The principal set must be directly parented by the policy binding's parent or same as the
+ * parent if the target is a project, folder, or organization. Examples: * For bindings parented
+ * by an organization: * Organization:
+ * `//cloudresourcemanager.googleapis.com/organizations/ORGANIZATION_ID` * Workforce Identity:
+ * `//iam.googleapis.com/locations/global/workforcePools/WORKFORCE_POOL_ID` * Workspace Identity:
+ * `//iam.googleapis.com/locations/global/workspace/WORKSPACE_ID` * For bindings parented by a
+ * folder: * Folder: `//cloudresourcemanager.googleapis.com/folders/FOLDER_ID` * For bindings
+ * parented by a project: * Project: *
+ * `//cloudresourcemanager.googleapis.com/projects/PROJECT_NUMBER` *
+ * `//cloudresourcemanager.googleapis.com/projects/PROJECT_ID` * Workload Identity Pool: `//iam.go
+ * ogleapis.com/projects/PROJECT_NUMBER/locations/LOCATION/workloadIdentityPools/WORKLOAD_POOL_ID`
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String principalSet;
+
+ /**
+ * Immutable. The full resource name that's used for access policy bindings. Examples: *
+ * Organization: `//cloudresourcemanager.googleapis.com/organizations/ORGANIZATION_ID` * Folder:
+ * `//cloudresourcemanager.googleapis.com/folders/FOLDER_ID` * Project: *
+ * `//cloudresourcemanager.googleapis.com/projects/PROJECT_NUMBER` *
+ * `//cloudresourcemanager.googleapis.com/projects/PROJECT_ID`
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String resource;
+
+ /**
+ * Immutable. The full resource name that's used for principal access boundary policy bindings.
+ * The principal set must be directly parented by the policy binding's parent or same as the
+ * parent if the target is a project, folder, or organization. Examples: * For bindings parented
+ * by an organization: * Organization:
+ * `//cloudresourcemanager.googleapis.com/organizations/ORGANIZATION_ID` * Workforce Identity:
+ * `//iam.googleapis.com/locations/global/workforcePools/WORKFORCE_POOL_ID` * Workspace Identity:
+ * `//iam.googleapis.com/locations/global/workspace/WORKSPACE_ID` * For bindings parented by a
+ * folder: * Folder: `//cloudresourcemanager.googleapis.com/folders/FOLDER_ID` * For bindings
+ * parented by a project: * Project: *
+ * `//cloudresourcemanager.googleapis.com/projects/PROJECT_NUMBER` *
+ * `//cloudresourcemanager.googleapis.com/projects/PROJECT_ID` * Workload Identity Pool: `//iam.go
+ * ogleapis.com/projects/PROJECT_NUMBER/locations/LOCATION/workloadIdentityPools/WORKLOAD_POOL_ID`
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getPrincipalSet() {
+ return principalSet;
+ }
+
+ /**
+ * Immutable. The full resource name that's used for principal access boundary policy bindings.
+ * The principal set must be directly parented by the policy binding's parent or same as the
+ * parent if the target is a project, folder, or organization. Examples: * For bindings parented
+ * by an organization: * Organization:
+ * `//cloudresourcemanager.googleapis.com/organizations/ORGANIZATION_ID` * Workforce Identity:
+ * `//iam.googleapis.com/locations/global/workforcePools/WORKFORCE_POOL_ID` * Workspace Identity:
+ * `//iam.googleapis.com/locations/global/workspace/WORKSPACE_ID` * For bindings parented by a
+ * folder: * Folder: `//cloudresourcemanager.googleapis.com/folders/FOLDER_ID` * For bindings
+ * parented by a project: * Project: *
+ * `//cloudresourcemanager.googleapis.com/projects/PROJECT_NUMBER` *
+ * `//cloudresourcemanager.googleapis.com/projects/PROJECT_ID` * Workload Identity Pool: `//iam.go
+ * ogleapis.com/projects/PROJECT_NUMBER/locations/LOCATION/workloadIdentityPools/WORKLOAD_POOL_ID`
+ * @param principalSet principalSet or {@code null} for none
+ */
+ public GoogleIamV3PolicyBindingTarget setPrincipalSet(java.lang.String principalSet) {
+ this.principalSet = principalSet;
+ return this;
+ }
+
+ /**
+ * Immutable. The full resource name that's used for access policy bindings. Examples: *
+ * Organization: `//cloudresourcemanager.googleapis.com/organizations/ORGANIZATION_ID` * Folder:
+ * `//cloudresourcemanager.googleapis.com/folders/FOLDER_ID` * Project: *
+ * `//cloudresourcemanager.googleapis.com/projects/PROJECT_NUMBER` *
+ * `//cloudresourcemanager.googleapis.com/projects/PROJECT_ID`
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getResource() {
+ return resource;
+ }
+
+ /**
+ * Immutable. The full resource name that's used for access policy bindings. Examples: *
+ * Organization: `//cloudresourcemanager.googleapis.com/organizations/ORGANIZATION_ID` * Folder:
+ * `//cloudresourcemanager.googleapis.com/folders/FOLDER_ID` * Project: *
+ * `//cloudresourcemanager.googleapis.com/projects/PROJECT_NUMBER` *
+ * `//cloudresourcemanager.googleapis.com/projects/PROJECT_ID`
+ * @param resource resource or {@code null} for none
+ */
+ public GoogleIamV3PolicyBindingTarget setResource(java.lang.String resource) {
+ this.resource = resource;
+ return this;
+ }
+
+ @Override
+ public GoogleIamV3PolicyBindingTarget set(String fieldName, Object value) {
+ return (GoogleIamV3PolicyBindingTarget) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleIamV3PolicyBindingTarget clone() {
+ return (GoogleIamV3PolicyBindingTarget) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleIamV3PrincipalAccessBoundaryPolicy.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleIamV3PrincipalAccessBoundaryPolicy.java
new file mode 100644
index 00000000000..154841c9853
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleIamV3PrincipalAccessBoundaryPolicy.java
@@ -0,0 +1,250 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta.model;
+
+/**
+ * An IAM principal access boundary policy resource.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleIamV3PrincipalAccessBoundaryPolicy extends com.google.api.client.json.GenericJson {
+
+ /**
+ * Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details
+ * such as format and size limitations
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.Map annotations;
+
+ /**
+ * Output only. The time when the principal access boundary policy was created.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private String createTime;
+
+ /**
+ * Optional. The details for the principal access boundary policy.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private GoogleIamV3PrincipalAccessBoundaryPolicyDetails details;
+
+ /**
+ * Optional. The description of the principal access boundary policy. Must be less than or equal
+ * to 63 characters.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String displayName;
+
+ /**
+ * Optional. The etag for the principal access boundary. If this is provided on update, it must
+ * match the server's etag.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String etag;
+
+ /**
+ * Identifier. The resource name of the principal access boundary policy. The following format is
+ * supported: `organizations/{organization_id}/locations/{location}/principalAccessBoundaryPolicie
+ * s/{policy_id}`
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String name;
+
+ /**
+ * Output only. The globally unique ID of the principal access boundary policy.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String uid;
+
+ /**
+ * Output only. The time when the principal access boundary policy was most recently updated.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private String updateTime;
+
+ /**
+ * Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details
+ * such as format and size limitations
+ * @return value or {@code null} for none
+ */
+ public java.util.Map getAnnotations() {
+ return annotations;
+ }
+
+ /**
+ * Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details
+ * such as format and size limitations
+ * @param annotations annotations or {@code null} for none
+ */
+ public GoogleIamV3PrincipalAccessBoundaryPolicy setAnnotations(java.util.Map annotations) {
+ this.annotations = annotations;
+ return this;
+ }
+
+ /**
+ * Output only. The time when the principal access boundary policy was created.
+ * @return value or {@code null} for none
+ */
+ public String getCreateTime() {
+ return createTime;
+ }
+
+ /**
+ * Output only. The time when the principal access boundary policy was created.
+ * @param createTime createTime or {@code null} for none
+ */
+ public GoogleIamV3PrincipalAccessBoundaryPolicy setCreateTime(String createTime) {
+ this.createTime = createTime;
+ return this;
+ }
+
+ /**
+ * Optional. The details for the principal access boundary policy.
+ * @return value or {@code null} for none
+ */
+ public GoogleIamV3PrincipalAccessBoundaryPolicyDetails getDetails() {
+ return details;
+ }
+
+ /**
+ * Optional. The details for the principal access boundary policy.
+ * @param details details or {@code null} for none
+ */
+ public GoogleIamV3PrincipalAccessBoundaryPolicy setDetails(GoogleIamV3PrincipalAccessBoundaryPolicyDetails details) {
+ this.details = details;
+ return this;
+ }
+
+ /**
+ * Optional. The description of the principal access boundary policy. Must be less than or equal
+ * to 63 characters.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getDisplayName() {
+ return displayName;
+ }
+
+ /**
+ * Optional. The description of the principal access boundary policy. Must be less than or equal
+ * to 63 characters.
+ * @param displayName displayName or {@code null} for none
+ */
+ public GoogleIamV3PrincipalAccessBoundaryPolicy setDisplayName(java.lang.String displayName) {
+ this.displayName = displayName;
+ return this;
+ }
+
+ /**
+ * Optional. The etag for the principal access boundary. If this is provided on update, it must
+ * match the server's etag.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getEtag() {
+ return etag;
+ }
+
+ /**
+ * Optional. The etag for the principal access boundary. If this is provided on update, it must
+ * match the server's etag.
+ * @param etag etag or {@code null} for none
+ */
+ public GoogleIamV3PrincipalAccessBoundaryPolicy setEtag(java.lang.String etag) {
+ this.etag = etag;
+ return this;
+ }
+
+ /**
+ * Identifier. The resource name of the principal access boundary policy. The following format is
+ * supported: `organizations/{organization_id}/locations/{location}/principalAccessBoundaryPolicie
+ * s/{policy_id}`
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getName() {
+ return name;
+ }
+
+ /**
+ * Identifier. The resource name of the principal access boundary policy. The following format is
+ * supported: `organizations/{organization_id}/locations/{location}/principalAccessBoundaryPolicie
+ * s/{policy_id}`
+ * @param name name or {@code null} for none
+ */
+ public GoogleIamV3PrincipalAccessBoundaryPolicy setName(java.lang.String name) {
+ this.name = name;
+ return this;
+ }
+
+ /**
+ * Output only. The globally unique ID of the principal access boundary policy.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getUid() {
+ return uid;
+ }
+
+ /**
+ * Output only. The globally unique ID of the principal access boundary policy.
+ * @param uid uid or {@code null} for none
+ */
+ public GoogleIamV3PrincipalAccessBoundaryPolicy setUid(java.lang.String uid) {
+ this.uid = uid;
+ return this;
+ }
+
+ /**
+ * Output only. The time when the principal access boundary policy was most recently updated.
+ * @return value or {@code null} for none
+ */
+ public String getUpdateTime() {
+ return updateTime;
+ }
+
+ /**
+ * Output only. The time when the principal access boundary policy was most recently updated.
+ * @param updateTime updateTime or {@code null} for none
+ */
+ public GoogleIamV3PrincipalAccessBoundaryPolicy setUpdateTime(String updateTime) {
+ this.updateTime = updateTime;
+ return this;
+ }
+
+ @Override
+ public GoogleIamV3PrincipalAccessBoundaryPolicy set(String fieldName, Object value) {
+ return (GoogleIamV3PrincipalAccessBoundaryPolicy) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleIamV3PrincipalAccessBoundaryPolicy clone() {
+ return (GoogleIamV3PrincipalAccessBoundaryPolicy) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleIamV3PrincipalAccessBoundaryPolicyDetails.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleIamV3PrincipalAccessBoundaryPolicyDetails.java
new file mode 100644
index 00000000000..a180ed6c056
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleIamV3PrincipalAccessBoundaryPolicyDetails.java
@@ -0,0 +1,100 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta.model;
+
+/**
+ * Principal access boundary policy details
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleIamV3PrincipalAccessBoundaryPolicyDetails extends com.google.api.client.json.GenericJson {
+
+ /**
+ * Optional. The version number (for example, `1` or `latest`) that indicates which permissions
+ * are able to be blocked by the policy. If empty, the PAB policy version will be set to the most
+ * recent version number at the time of the policy's creation.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String enforcementVersion;
+
+ /**
+ * Required. A list of principal access boundary policy rules. The number of rules in a policy is
+ * limited to 500.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List rules;
+
+ /**
+ * Optional. The version number (for example, `1` or `latest`) that indicates which permissions
+ * are able to be blocked by the policy. If empty, the PAB policy version will be set to the most
+ * recent version number at the time of the policy's creation.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getEnforcementVersion() {
+ return enforcementVersion;
+ }
+
+ /**
+ * Optional. The version number (for example, `1` or `latest`) that indicates which permissions
+ * are able to be blocked by the policy. If empty, the PAB policy version will be set to the most
+ * recent version number at the time of the policy's creation.
+ * @param enforcementVersion enforcementVersion or {@code null} for none
+ */
+ public GoogleIamV3PrincipalAccessBoundaryPolicyDetails setEnforcementVersion(java.lang.String enforcementVersion) {
+ this.enforcementVersion = enforcementVersion;
+ return this;
+ }
+
+ /**
+ * Required. A list of principal access boundary policy rules. The number of rules in a policy is
+ * limited to 500.
+ * @return value or {@code null} for none
+ */
+ public java.util.List getRules() {
+ return rules;
+ }
+
+ /**
+ * Required. A list of principal access boundary policy rules. The number of rules in a policy is
+ * limited to 500.
+ * @param rules rules or {@code null} for none
+ */
+ public GoogleIamV3PrincipalAccessBoundaryPolicyDetails setRules(java.util.List rules) {
+ this.rules = rules;
+ return this;
+ }
+
+ @Override
+ public GoogleIamV3PrincipalAccessBoundaryPolicyDetails set(String fieldName, Object value) {
+ return (GoogleIamV3PrincipalAccessBoundaryPolicyDetails) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleIamV3PrincipalAccessBoundaryPolicyDetails clone() {
+ return (GoogleIamV3PrincipalAccessBoundaryPolicyDetails) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleIamV3PrincipalAccessBoundaryPolicyRule.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleIamV3PrincipalAccessBoundaryPolicyRule.java
new file mode 100644
index 00000000000..2e1831e0b4f
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleIamV3PrincipalAccessBoundaryPolicyRule.java
@@ -0,0 +1,136 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta.model;
+
+/**
+ * Principal access boundary policy rule that defines the resource boundary.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleIamV3PrincipalAccessBoundaryPolicyRule extends com.google.api.client.json.GenericJson {
+
+ /**
+ * Optional. The description of the principal access boundary policy rule. Must be less than or
+ * equal to 256 characters.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String description;
+
+ /**
+ * Required. The access relationship of principals to the resources in this rule.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String effect;
+
+ /**
+ * Required. A list of Resource Manager resources. If a resource is listed in the rule, then the
+ * rule applies for that resource and its descendants. The number of resources in a policy is
+ * limited to 500 across all rules in the policy. The following resource types are supported: *
+ * Organizations, such as `//cloudresourcemanager.googleapis.com/organizations/123`. * Folders,
+ * such as `//cloudresourcemanager.googleapis.com/folders/123`. * Projects, such as
+ * `//cloudresourcemanager.googleapis.com/projects/123` or
+ * `//cloudresourcemanager.googleapis.com/projects/my-project-id`.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List resources;
+
+ /**
+ * Optional. The description of the principal access boundary policy rule. Must be less than or
+ * equal to 256 characters.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getDescription() {
+ return description;
+ }
+
+ /**
+ * Optional. The description of the principal access boundary policy rule. Must be less than or
+ * equal to 256 characters.
+ * @param description description or {@code null} for none
+ */
+ public GoogleIamV3PrincipalAccessBoundaryPolicyRule setDescription(java.lang.String description) {
+ this.description = description;
+ return this;
+ }
+
+ /**
+ * Required. The access relationship of principals to the resources in this rule.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getEffect() {
+ return effect;
+ }
+
+ /**
+ * Required. The access relationship of principals to the resources in this rule.
+ * @param effect effect or {@code null} for none
+ */
+ public GoogleIamV3PrincipalAccessBoundaryPolicyRule setEffect(java.lang.String effect) {
+ this.effect = effect;
+ return this;
+ }
+
+ /**
+ * Required. A list of Resource Manager resources. If a resource is listed in the rule, then the
+ * rule applies for that resource and its descendants. The number of resources in a policy is
+ * limited to 500 across all rules in the policy. The following resource types are supported: *
+ * Organizations, such as `//cloudresourcemanager.googleapis.com/organizations/123`. * Folders,
+ * such as `//cloudresourcemanager.googleapis.com/folders/123`. * Projects, such as
+ * `//cloudresourcemanager.googleapis.com/projects/123` or
+ * `//cloudresourcemanager.googleapis.com/projects/my-project-id`.
+ * @return value or {@code null} for none
+ */
+ public java.util.List getResources() {
+ return resources;
+ }
+
+ /**
+ * Required. A list of Resource Manager resources. If a resource is listed in the rule, then the
+ * rule applies for that resource and its descendants. The number of resources in a policy is
+ * limited to 500 across all rules in the policy. The following resource types are supported: *
+ * Organizations, such as `//cloudresourcemanager.googleapis.com/organizations/123`. * Folders,
+ * such as `//cloudresourcemanager.googleapis.com/folders/123`. * Projects, such as
+ * `//cloudresourcemanager.googleapis.com/projects/123` or
+ * `//cloudresourcemanager.googleapis.com/projects/my-project-id`.
+ * @param resources resources or {@code null} for none
+ */
+ public GoogleIamV3PrincipalAccessBoundaryPolicyRule setResources(java.util.List resources) {
+ this.resources = resources;
+ return this;
+ }
+
+ @Override
+ public GoogleIamV3PrincipalAccessBoundaryPolicyRule set(String fieldName, Object value) {
+ return (GoogleIamV3PrincipalAccessBoundaryPolicyRule) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleIamV3PrincipalAccessBoundaryPolicyRule clone() {
+ return (GoogleIamV3PrincipalAccessBoundaryPolicyRule) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleRpcStatus.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleRpcStatus.java
new file mode 100644
index 00000000000..4dc197e97fe
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleRpcStatus.java
@@ -0,0 +1,128 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta.model;
+
+/**
+ * The `Status` type defines a logical error model that is suitable for different programming
+ * environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc).
+ * Each `Status` message contains three pieces of data: error code, error message, and error
+ * details. You can find out more about this error model and how to work with it in the [API Design
+ * Guide](https://cloud.google.com/apis/design/errors).
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleRpcStatus extends com.google.api.client.json.GenericJson {
+
+ /**
+ * The status code, which should be an enum value of google.rpc.Code.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.Integer code;
+
+ /**
+ * A list of messages that carry the error details. There is a common set of message types for
+ * APIs to use.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.util.List> details;
+
+ /**
+ * A developer-facing error message, which should be in English. Any user-facing error message
+ * should be localized and sent in the google.rpc.Status.details field, or localized by the
+ * client.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String message;
+
+ /**
+ * The status code, which should be an enum value of google.rpc.Code.
+ * @return value or {@code null} for none
+ */
+ public java.lang.Integer getCode() {
+ return code;
+ }
+
+ /**
+ * The status code, which should be an enum value of google.rpc.Code.
+ * @param code code or {@code null} for none
+ */
+ public GoogleRpcStatus setCode(java.lang.Integer code) {
+ this.code = code;
+ return this;
+ }
+
+ /**
+ * A list of messages that carry the error details. There is a common set of message types for
+ * APIs to use.
+ * @return value or {@code null} for none
+ */
+ public java.util.List> getDetails() {
+ return details;
+ }
+
+ /**
+ * A list of messages that carry the error details. There is a common set of message types for
+ * APIs to use.
+ * @param details details or {@code null} for none
+ */
+ public GoogleRpcStatus setDetails(java.util.List> details) {
+ this.details = details;
+ return this;
+ }
+
+ /**
+ * A developer-facing error message, which should be in English. Any user-facing error message
+ * should be localized and sent in the google.rpc.Status.details field, or localized by the
+ * client.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getMessage() {
+ return message;
+ }
+
+ /**
+ * A developer-facing error message, which should be in English. Any user-facing error message
+ * should be localized and sent in the google.rpc.Status.details field, or localized by the
+ * client.
+ * @param message message or {@code null} for none
+ */
+ public GoogleRpcStatus setMessage(java.lang.String message) {
+ this.message = message;
+ return this;
+ }
+
+ @Override
+ public GoogleRpcStatus set(String fieldName, Object value) {
+ return (GoogleRpcStatus) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleRpcStatus clone() {
+ return (GoogleRpcStatus) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleTypeExpr.java b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleTypeExpr.java
new file mode 100644
index 00000000000..d769e19e8da
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/com/google/api/services/policytroubleshooter/v3beta/model/GoogleTypeExpr.java
@@ -0,0 +1,160 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.policytroubleshooter.v3beta.model;
+
+/**
+ * Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like
+ * expression language. The syntax and semantics of CEL are documented at
+ * https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit"
+ * description: "Determines if a summary is less than 100 chars" expression:
+ * "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description:
+ * "Determines if requestor is the document owner" expression: "document.owner ==
+ * request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine
+ * whether the document should be publicly visible" expression: "document.type != 'private' &&
+ * document.type != 'internal'" Example (Data Manipulation): title: "Notification string"
+ * description: "Create a notification string with a timestamp." expression: "'New message received
+ * at ' + string(document.create_time)" The exact variables and functions that may be referenced
+ * within an expression are determined by the service that evaluates it. See the service
+ * documentation for additional information.
+ *
+ *
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class GoogleTypeExpr extends com.google.api.client.json.GenericJson {
+
+ /**
+ * Optional. Description of the expression. This is a longer text which describes the expression,
+ * e.g. when hovered over it in a UI.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String description;
+
+ /**
+ * Textual representation of an expression in Common Expression Language syntax.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String expression;
+
+ /**
+ * Optional. String indicating the location of the expression for error reporting, e.g. a file
+ * name and a position in the file.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String location;
+
+ /**
+ * Optional. Title for the expression, i.e. a short string describing its purpose. This can be
+ * used e.g. in UIs which allow to enter the expression.
+ * The value may be {@code null}.
+ */
+ @com.google.api.client.util.Key
+ private java.lang.String title;
+
+ /**
+ * Optional. Description of the expression. This is a longer text which describes the expression,
+ * e.g. when hovered over it in a UI.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getDescription() {
+ return description;
+ }
+
+ /**
+ * Optional. Description of the expression. This is a longer text which describes the expression,
+ * e.g. when hovered over it in a UI.
+ * @param description description or {@code null} for none
+ */
+ public GoogleTypeExpr setDescription(java.lang.String description) {
+ this.description = description;
+ return this;
+ }
+
+ /**
+ * Textual representation of an expression in Common Expression Language syntax.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getExpression() {
+ return expression;
+ }
+
+ /**
+ * Textual representation of an expression in Common Expression Language syntax.
+ * @param expression expression or {@code null} for none
+ */
+ public GoogleTypeExpr setExpression(java.lang.String expression) {
+ this.expression = expression;
+ return this;
+ }
+
+ /**
+ * Optional. String indicating the location of the expression for error reporting, e.g. a file
+ * name and a position in the file.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getLocation() {
+ return location;
+ }
+
+ /**
+ * Optional. String indicating the location of the expression for error reporting, e.g. a file
+ * name and a position in the file.
+ * @param location location or {@code null} for none
+ */
+ public GoogleTypeExpr setLocation(java.lang.String location) {
+ this.location = location;
+ return this;
+ }
+
+ /**
+ * Optional. Title for the expression, i.e. a short string describing its purpose. This can be
+ * used e.g. in UIs which allow to enter the expression.
+ * @return value or {@code null} for none
+ */
+ public java.lang.String getTitle() {
+ return title;
+ }
+
+ /**
+ * Optional. Title for the expression, i.e. a short string describing its purpose. This can be
+ * used e.g. in UIs which allow to enter the expression.
+ * @param title title or {@code null} for none
+ */
+ public GoogleTypeExpr setTitle(java.lang.String title) {
+ this.title = title;
+ return this;
+ }
+
+ @Override
+ public GoogleTypeExpr set(String fieldName, Object value) {
+ return (GoogleTypeExpr) super.set(fieldName, value);
+ }
+
+ @Override
+ public GoogleTypeExpr clone() {
+ return (GoogleTypeExpr) super.clone();
+ }
+
+}
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/pom.xml b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/pom.xml
new file mode 100644
index 00000000000..0d21ab2bf11
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/2.0.0/pom.xml
@@ -0,0 +1,219 @@
+
+ 4.0.0
+
+ org.sonatype.oss
+ oss-parent
+ 7
+
+
+ com.google.apis
+ google-api-services-policytroubleshooter
+ v3beta-rev20260111-2.0.0
+ Policy Troubleshooter API v3beta-rev20260111-2.0.0
+ jar
+
+ 2011
+
+
+
+ GoogleAPIs
+ GoogleAPIs
+ googleapis@googlegroups.com
+ Google
+ https://www.google.com
+
+
+
+
+ Google
+ http://www.google.com/
+
+
+
+
+ The Apache Software License, Version 2.0
+ http://www.apache.org/licenses/LICENSE-2.0.txt
+ repo
+
+
+
+
+
+ ossrh
+ https://google.oss.sonatype.org/content/repositories/snapshots
+
+
+
+
+
+
+ maven-compiler-plugin
+ 3.9.0
+
+ 1.7
+ 1.7
+
+
+
+ org.apache.maven.plugins
+ maven-source-plugin
+ 2.4
+
+
+ org.apache.maven.plugins
+ maven-jar-plugin
+ 3.1.2
+
+
+
+ com.google.api.services.policytroubleshooter
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-javadoc-plugin
+ 3.1.0
+
+
+ attach-javadocs
+
+ jar
+
+
+
+
+ none
+ Policy Troubleshooter API ${project.version}
+ Policy Troubleshooter API ${project.version}
+
+ http://docs.oracle.com/javase/7/docs/api
+ https://googleapis.dev/java/google-http-client/${httpClientLibrary}/
+ https://googleapis.dev/java/google-oauth-client/${oauthClientLibrary}/
+ https://googleapis.dev/java/google-api-client/2.7.2/
+
+
+
+
+ org.codehaus.mojo
+ clirr-maven-plugin
+ 2.8
+
+ clirr-ignored-differences.xml
+ true
+
+
+
+
+ check
+
+
+
+
+
+ .
+
+
+ ./resources
+
+
+
+
+
+
+ com.google.api-client
+ google-api-client
+ 2.7.2
+
+
+
+
+ UTF-8
+
+
+
+
+
+ release-sonatype
+
+
+
+ !artifact-registry-url
+
+
+
+
+
+ org.sonatype.plugins
+ nexus-staging-maven-plugin
+ 1.6.13
+ true
+
+ sonatype-nexus-staging
+ https://google.oss.sonatype.org/
+ false
+
+
+
+
+
+
+
+ release-gcp-artifact-registry
+
+ artifactregistry://please-define-artifact-registry-url-property
+
+
+
+ gcp-artifact-registry-repository
+ ${artifact-registry-url}
+
+
+ gcp-artifact-registry-repository
+ ${artifact-registry-url}
+
+
+
+
+ release-sign-artifacts
+
+
+ performRelease
+ true
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-gpg-plugin
+ 3.2.7
+
+
+ sign-artifacts
+ verify
+
+ sign
+
+
+
+ --pinentry-mode
+ loopback
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/clients/google-api-services-policytroubleshooter/v3beta/README.md b/clients/google-api-services-policytroubleshooter/v3beta/README.md
new file mode 100644
index 00000000000..615e9855ff9
--- /dev/null
+++ b/clients/google-api-services-policytroubleshooter/v3beta/README.md
@@ -0,0 +1,44 @@
+# Policy Troubleshooter API Client Library for Java
+
+
+
+This page contains information about getting started with the Policy Troubleshooter API
+using the Google API Client Library for Java. In addition, you may be interested
+in the following documentation:
+
+* Browse the [Javadoc reference for the Policy Troubleshooter API][javadoc]
+* Read the [Developer's Guide for the Google API Client Library for Java][google-api-client].
+* Interact with this API in your browser using the [APIs Explorer for the Policy Troubleshooter API][api-explorer]
+
+## Installation
+
+### Maven
+
+Add the following lines to your `pom.xml` file:
+
+```xml
+
+
+
+ com.google.apis
+ google-api-services-policytroubleshooter
+ v3beta-rev20260111-2.0.0
+
+
+
+```
+
+### Gradle
+
+```gradle
+repositories {
+ mavenCentral()
+}
+dependencies {
+ implementation 'com.google.apis:google-api-services-policytroubleshooter:v3beta-rev20260111-2.0.0'
+}
+```
+
+[javadoc]: https://googleapis.dev/java/google-api-services-policytroubleshooter/latest/index.html
+[google-api-client]: https://github.com/googleapis/google-api-java-client/
+[api-explorer]: https://developers.google.com/apis-explorer/#p/policytroubleshooter/v1/