Autogenerated update (2020-06-12)

Update: - appsmarket_v2 - bigquery_v2 - books_v1 - displayvideo_v1 - fcm_v1 - genomics_v2alpha1 - iam_v1 - iamcredentials_v1 - monitoring_v1 - monitoring_v3 - secretmanager_v1 - secretmanager_v1beta1 - servicemanagement_v1
2020-06-12 00:38:41 +00:00 · 2020-06-12 00:38:41 +00:00 · 17b093316b
parent f79a751a98
commit 17b093316b
30 changed files with 530 additions and 280 deletions
--- a/generated/google/apis/appsmarket_v2.rb
+++ b/generated/google/apis/appsmarket_v2.rb
@ -26,7 +26,7 @@ module Google
    # @see https://developers.google.com/apps-marketplace
    module AppsmarketV2
      VERSION = 'V2'
-      REVISION = '20200608'
+      REVISION = '20200609'
      # View your installed application's licensing information
      AUTH_APPSMARKETPLACE_LICENSE = 'https://www.googleapis.com/auth/appsmarketplace.license'
--- a/generated/google/apis/bigquery_v2.rb
+++ b/generated/google/apis/bigquery_v2.rb
@ -25,7 +25,7 @@ module Google
    # @see https://cloud.google.com/bigquery/
    module BigqueryV2
      VERSION = 'V2'
-      REVISION = '20200523'
+      REVISION = '20200603'
      # View and manage your data in Google BigQuery
      AUTH_BIGQUERY = 'https://www.googleapis.com/auth/bigquery'
--- a/generated/google/apis/bigquery_v2/classes.rb
+++ b/generated/google/apis/bigquery_v2/classes.rb
@ -4743,13 +4743,21 @@ module Google
        # Note that this is different from the job_id. It has the following properties:
        # 1. It is case-sensitive, limited to up to 36 ASCII characters. A UUID is
        # recommended. 2. Read only queries can ignore this token since they are
-        # nullipotent by definition. 3. When a duplicate mutating query request is
+        # nullipotent by definition. 3. For the purposes of idempotency ensured by the
-        # detected (i.e. having the same request_id as an earlier query), it returns: a.
+        # request_id, a request is considered duplicate of another only if they have the
-        # the results of the mutation if it completes successfully within the timeout. b.
+        # same request_id and are actually duplicates. When determining whether a
-        # the running operation if it is still in progress at the end of the timeout. 4.
+        # request is a duplicate of the previous request, all parameters in the request
-        # Its lifetime is limited to 15 minutes. In other words, if two requests are
+        # that may affect the behavior are considered. For example, query,
-        # sent with the same request_id, but more than 15 minutes apart, idempotency is
+        # connection_properties, query_parameters, use_legacy_sql are parameters that
-        # not guaranteed.
+        # affect the result and are considered when determining whether a request is a
        # duplicate, but properties like timeout_ms don't affect the result and are thus
        # not considered. Dry run query requests are never considered duplicate of
        # another request. 4. When a duplicate mutating query request is detected, it
        # returns: a. the results of the mutation if it completes successfully within
        # the timeout. b. the running operation if it is still in progress at the end of
        # the timeout. 5. Its lifetime is limited to 15 minutes. In other words, if two
        # requests are sent with the same request_id, but more than 15 minutes apart,
        # idempotency is not guaranteed.
        # Corresponds to the JSON property `requestId`
        # @return [String]
        attr_accessor :request_id
--- a/generated/google/apis/books_v1.rb
+++ b/generated/google/apis/books_v1.rb
@ -25,7 +25,7 @@ module Google
    # @see https://code.google.com/apis/books/docs/v1/getting_started.html
    module BooksV1
      VERSION = 'V1'
-      REVISION = '20200603'
+      REVISION = '20200606'
      # Manage your books
      AUTH_BOOKS = 'https://www.googleapis.com/auth/books'
--- a/generated/google/apis/displayvideo_v1.rb
+++ b/generated/google/apis/displayvideo_v1.rb
@ -26,7 +26,7 @@ module Google
    # @see https://developers.google.com/display-video/
    module DisplayvideoV1
      VERSION = 'V1'
-      REVISION = '20200602'
+      REVISION = '20200611'
      # Create, see, edit, and permanently delete your Display & Video 360 entities and reports
      AUTH_DISPLAY_VIDEO = 'https://www.googleapis.com/auth/display-video'
--- a/generated/google/apis/displayvideo_v1/classes.rb
+++ b/generated/google/apis/displayvideo_v1/classes.rb
@ -2714,7 +2714,7 @@ module Google
        # @return [String]
        attr_accessor :js_tracker_url
-        # Output only. The IDs of the line items this creative associated with.
+        # Output only. The IDs of the line items this creative is associated with.
        # To associate a creative to a line item, use
        # LineItem.creative_ids instead.
        # Corresponds to the JSON property `lineItemIds`
--- a/generated/google/apis/displayvideo_v1/service.rb
+++ b/generated/google/apis/displayvideo_v1/service.rb
@ -615,6 +615,8 @@ module Google
          execute_or_queue_command(command, &block)
        end
        # Updates an existing inventory source.
        # Returns the updated inventory source if successful.
        # Gets a channel for a partner or advertiser.
        # @param [Fixnum] advertiser_id
        #   The ID of the advertiser that owns the fetched channel.
@ -3949,6 +3951,8 @@ module Google
          execute_or_queue_command(command, &block)
        end
        # Updates an existing inventory source.
        # Returns the updated inventory source if successful.
        # Gets a channel for a partner or advertiser.
        # @param [Fixnum] partner_id
        #   The ID of the partner that owns the fetched channel.
--- a/generated/google/apis/fcm_v1.rb
+++ b/generated/google/apis/fcm_v1.rb
@ -26,7 +26,7 @@ module Google
    # @see https://firebase.google.com/docs/cloud-messaging
    module FcmV1
      VERSION = 'V1'
-      REVISION = '20200203'
+      REVISION = '20200608'
      # View and manage your data across Google Cloud Platform services
      AUTH_CLOUD_PLATFORM = 'https://www.googleapis.com/auth/cloud-platform'
--- a/generated/google/apis/genomics_v2alpha1.rb
+++ b/generated/google/apis/genomics_v2alpha1.rb
@ -25,7 +25,7 @@ module Google
    # @see https://cloud.google.com/genomics
    module GenomicsV2alpha1
      VERSION = 'V2alpha1'
-      REVISION = '20200330'
+      REVISION = '20200610'
      # View and manage your data across Google Cloud Platform services
      AUTH_CLOUD_PLATFORM = 'https://www.googleapis.com/auth/cloud-platform'
--- a/generated/google/apis/genomics_v2alpha1/classes.rb
+++ b/generated/google/apis/genomics_v2alpha1/classes.rb
@ -602,6 +602,67 @@ module Google
        end
      end
      # Message that represents an arbitrary HTTP body. It should only be used for
      # payload formats that can't be represented as JSON, such as raw binary or
      # an HTML page.
      # This message can be used both in streaming and non-streaming API methods in
      # the request as well as the response.
      # It can be used as a top-level request field, which is convenient if one
      # wants to extract parameters from either the URL or HTTP template into the
      # request fields and also want access to the raw HTTP body.
      # Example:
      # message GetResourceRequest `
      # // A unique request id.
      # string request_id = 1;
      # // The raw HTTP body is bound to this field.
      # google.api.HttpBody http_body = 2;
      # `
      # service ResourceService `
      # rpc GetResource(GetResourceRequest) returns (google.api.HttpBody);
      # rpc UpdateResource(google.api.HttpBody) returns
      # (google.protobuf.Empty);
      # `
      # Example with streaming methods:
      # service CaldavService `
      # rpc GetCalendar(stream google.api.HttpBody)
      # returns (stream google.api.HttpBody);
      # rpc UpdateCalendar(stream google.api.HttpBody)
      # returns (stream google.api.HttpBody);
      # `
      # Use of this type only changes how the request and response bodies are
      # handled, all other features will continue to work unchanged.
      class HttpBody
        include Google::Apis::Core::Hashable
        # The HTTP Content-Type header value specifying the content type of the body.
        # Corresponds to the JSON property `contentType`
        # @return [String]
        attr_accessor :content_type
        # The HTTP request/response body as raw binary.
        # Corresponds to the JSON property `data`
        # NOTE: Values are automatically base64 encoded/decoded in the client library.
        # @return [String]
        attr_accessor :data
        # Application specific response metadata. Must be set in the first response
        # for streaming APIs.
        # Corresponds to the JSON property `extensions`
        # @return [Array<Hash<String,Object>>]
        attr_accessor :extensions
        def initialize(**args)
           update!(**args)
        end
        # Update properties of this object
        def update!(**args)
          @content_type = args[:content_type] if args.key?(:content_type)
          @data = args[:data] if args.key?(:data)
          @extensions = args[:extensions] if args.key?(:extensions)
        end
      end
      # The response message for Operations.ListOperations.
      class ListOperationsResponse
        include Google::Apis::Core::Hashable
@ -1253,6 +1314,19 @@ module Google
        end
      end
      # The response to the UploadSOSReport method.
      class UploadSosReportResponse
        include Google::Apis::Core::Hashable
        def initialize(**args)
           update!(**args)
        end
        # Update properties of this object
        def update!(**args)
        end
      end
      # Carries information about a Compute Engine VM resource.
      class VirtualMachine
        include Google::Apis::Core::Hashable
@ -1299,6 +1373,15 @@ module Google
        # @return [Array<Google::Apis::GenomicsV2alpha1::Disk>]
        attr_accessor :disks
        # The Compute Engine Disk Images to use as a Docker cache. The disks will be
        # mounted into the Docker folder in a way that the images present in the
        # cache will not need to be pulled. The digests of the cached images must
        # match those of the tags used or the latest version will still be pulled.
        # Only a single image is supported.
        # Corresponds to the JSON property `dockerCacheImages`
        # @return [Array<String>]
        attr_accessor :docker_cache_images
        # Whether Stackdriver monitoring should be enabled on the VM.
        # Corresponds to the JSON property `enableStackdriverMonitoring`
        # @return [Boolean]
@ -1364,6 +1447,7 @@ module Google
          @boot_image = args[:boot_image] if args.key?(:boot_image)
          @cpu_platform = args[:cpu_platform] if args.key?(:cpu_platform)
          @disks = args[:disks] if args.key?(:disks)
          @docker_cache_images = args[:docker_cache_images] if args.key?(:docker_cache_images)
          @enable_stackdriver_monitoring = args[:enable_stackdriver_monitoring] if args.key?(:enable_stackdriver_monitoring)
          @labels = args[:labels] if args.key?(:labels)
          @machine_type = args[:machine_type] if args.key?(:machine_type)
--- a/generated/google/apis/genomics_v2alpha1/representations.rb
+++ b/generated/google/apis/genomics_v2alpha1/representations.rb
@ -112,6 +112,12 @@ module Google
        include Google::Apis::Core::JsonObjectSupport
      end
      class HttpBody
        class Representation < Google::Apis::Core::JsonRepresentation; end
        include Google::Apis::Core::JsonObjectSupport
      end
      class ListOperationsResponse
        class Representation < Google::Apis::Core::JsonRepresentation; end
@ -226,6 +232,12 @@ module Google
        include Google::Apis::Core::JsonObjectSupport
      end
      class UploadSosReportResponse
        class Representation < Google::Apis::Core::JsonRepresentation; end
        include Google::Apis::Core::JsonObjectSupport
      end
      class VirtualMachine
        class Representation < Google::Apis::Core::JsonRepresentation; end
@ -391,6 +403,15 @@ module Google
        end
      end
      class HttpBody
        # @private
        class Representation < Google::Apis::Core::JsonRepresentation
          property :content_type, as: 'contentType'
          property :data, :base64 => true, as: 'data'
          collection :extensions, as: 'extensions'
        end
      end
      class ListOperationsResponse
        # @private
        class Representation < Google::Apis::Core::JsonRepresentation
@ -570,6 +591,12 @@ module Google
        end
      end
      class UploadSosReportResponse
        # @private
        class Representation < Google::Apis::Core::JsonRepresentation
        end
      end
      class VirtualMachine
        # @private
        class Representation < Google::Apis::Core::JsonRepresentation
@ -580,6 +607,7 @@ module Google
          property :cpu_platform, as: 'cpuPlatform'
          collection :disks, as: 'disks', class: Google::Apis::GenomicsV2alpha1::Disk, decorator: Google::Apis::GenomicsV2alpha1::Disk::Representation
          collection :docker_cache_images, as: 'dockerCacheImages'
          property :enable_stackdriver_monitoring, as: 'enableStackdriverMonitoring'
          hash :labels, as: 'labels'
          property :machine_type, as: 'machineType'
--- a/generated/google/apis/genomics_v2alpha1/service.rb
+++ b/generated/google/apis/genomics_v2alpha1/service.rb
@ -237,7 +237,8 @@ module Google
        # The worker uses this method to retrieve the assigned operation and
        # provide periodic status updates.
        # @param [String] id
-        #   The worker id, assigned when it was created.
+        #   The VM identity token for authenticating the VM instance.
        #   https://cloud.google.com/compute/docs/instances/verifying-instance-identity
        # @param [Google::Apis::GenomicsV2alpha1::CheckInRequest] check_in_request_object
        # @param [String] fields
        #   Selector specifying which fields to include in a partial response.
@ -271,7 +272,8 @@ module Google
        # The worker uses this method to retrieve the assigned operation and
        # provide periodic status updates.
        # @param [String] id
-        #   The worker id, assigned when it was created.
+        #   The VM identity token for authenticating the VM instance.
        #   https://cloud.google.com/compute/docs/instances/verifying-instance-identity
        # @param [Google::Apis::GenomicsV2alpha1::CheckInRequest] check_in_request_object
        # @param [String] fields
        #   Selector specifying which fields to include in a partial response.
@ -302,6 +304,40 @@ module Google
          execute_or_queue_command(command, &block)
        end
        # The worker uses this method to upload SOS reports for unexpected errors.
        # @param [String] id
        #   The VM identity token for authenticating the VM instance.
        #   https://cloud.google.com/compute/docs/instances/verifying-instance-identity
        # @param [Google::Apis::GenomicsV2alpha1::HttpBody] http_body_object
        # @param [String] fields
        #   Selector specifying which fields to include in a partial response.
        # @param [String] quota_user
        #   Available to use for quota purposes for server-side applications. Can be any
        #   arbitrary string assigned to a user, but should not exceed 40 characters.
        # @param [Google::Apis::RequestOptions] options
        #   Request-specific options
        #
        # @yield [result, err] Result & error if block supplied
        # @yieldparam result [Google::Apis::GenomicsV2alpha1::UploadSosReportResponse] parsed result object
        # @yieldparam err [StandardError] error object if request failed
        #
        # @return [Google::Apis::GenomicsV2alpha1::UploadSosReportResponse]
        #
        # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
        # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
        # @raise [Google::Apis::AuthorizationError] Authorization is required
        def upload_worker_project_worker_sos_report(id, http_body_object = nil, fields: nil, quota_user: nil, options: nil, &block)
          command = make_simple_command(:post, 'v2alpha1/workers/{+id}:uploadSosReport', options)
          command.request_representation = Google::Apis::GenomicsV2alpha1::HttpBody::Representation
          command.request_object = http_body_object
          command.response_representation = Google::Apis::GenomicsV2alpha1::UploadSosReportResponse::Representation
          command.response_class = Google::Apis::GenomicsV2alpha1::UploadSosReportResponse
          command.params['id'] = id unless id.nil?
          command.query['fields'] = fields unless fields.nil?
          command.query['quotaUser'] = quota_user unless quota_user.nil?
          execute_or_queue_command(command, &block)
        end
        protected
        def apply_command_defaults(command)
--- a/generated/google/apis/iam_v1.rb
+++ b/generated/google/apis/iam_v1.rb
@ -27,7 +27,7 @@ module Google
    # @see https://cloud.google.com/iam/
    module IamV1
      VERSION = 'V1'
-      REVISION = '20200515'
+      REVISION = '20200605'
      # View and manage your data across Google Cloud Platform services
      AUTH_CLOUD_PLATFORM = 'https://www.googleapis.com/auth/cloud-platform'
--- a/generated/google/apis/iam_v1/classes.rb
+++ b/generated/google/apis/iam_v1/classes.rb
@ -56,7 +56,7 @@ module Google
      # `
      # "audit_configs": [
      # `
-      # "service": "allServices"
+      # "service": "allServices",
      # "audit_log_configs": [
      # `
      # "log_type": "DATA_READ",
@ -65,18 +65,18 @@ module Google
      # ]
      # `,
      # `
-      # "log_type": "DATA_WRITE",
+      # "log_type": "DATA_WRITE"
      # `,
      # `
-      # "log_type": "ADMIN_READ",
+      # "log_type": "ADMIN_READ"
      # `
      # ]
      # `,
      # `
-      # "service": "sampleservice.googleapis.com"
+      # "service": "sampleservice.googleapis.com",
      # "audit_log_configs": [
      # `
-      # "log_type": "DATA_READ",
+      # "log_type": "DATA_READ"
      # `,
      # `
      # "log_type": "DATA_WRITE",
@ -149,7 +149,7 @@ module Google
      # ]
      # `,
      # `
-      # "log_type": "DATA_WRITE",
+      # "log_type": "DATA_WRITE"
      # `
      # ]
      # `
@ -414,19 +414,15 @@ module Google
        # @return [String]
        attr_accessor :account_id
-        # A service account in the Identity and Access Management API.
+        # An IAM service account.
-        # To create a service account, specify the `project_id` and the `account_id`
+        # A service account is an account for an application or a virtual machine (VM)
-        # for the account.  The `account_id` is unique within the project, and is used
+        # instance, not a person. You can use a service account to call Google APIs. To
-        # to generate the service account email address and a stable
+        # learn more, read the [overview of service
-        # `unique_id`.
+        # accounts](https://cloud.google.com/iam/help/service-accounts/overview).
-        # If the account already exists, the account's resource name is returned
+        # When you create a service account, you specify the project ID that owns the
-        # in the format of projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT`. The caller
+        # service account, as well as a name that must be unique within the project.
-        # can use the name in other methods to access the account.
+        # IAM uses these values to create an email address that identifies the service
-        # All other methods can identify the service account using the format
+        # account.
        # `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
        # Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
        # the account. The `ACCOUNT` value can be the `email` address or the
        # `unique_id` of the service account.
        # Corresponds to the JSON property `serviceAccount`
        # @return [Google::Apis::IamV1::ServiceAccount]
        attr_accessor :service_account
@ -751,23 +747,24 @@ module Google
        end
      end
-      # The patch service account request.
+      # The request for
      # PatchServiceAccount.
      # You can patch only the `display_name` and `description` fields. You must use
      # the `update_mask` field to specify which of these fields you want to patch.
      # Only the fields specified in the request are guaranteed to be returned in
      # the response. Other fields may be empty in the response.
      class PatchServiceAccountRequest
        include Google::Apis::Core::Hashable
-        # A service account in the Identity and Access Management API.
+        # An IAM service account.
-        # To create a service account, specify the `project_id` and the `account_id`
+        # A service account is an account for an application or a virtual machine (VM)
-        # for the account.  The `account_id` is unique within the project, and is used
+        # instance, not a person. You can use a service account to call Google APIs. To
-        # to generate the service account email address and a stable
+        # learn more, read the [overview of service
-        # `unique_id`.
+        # accounts](https://cloud.google.com/iam/help/service-accounts/overview).
-        # If the account already exists, the account's resource name is returned
+        # When you create a service account, you specify the project ID that owns the
-        # in the format of projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT`. The caller
+        # service account, as well as a name that must be unique within the project.
-        # can use the name in other methods to access the account.
+        # IAM uses these values to create an email address that identifies the service
-        # All other methods can identify the service account using the format
+        # account.
        # `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
        # Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
        # the account. The `ACCOUNT` value can be the `email` address or the
        # `unique_id` of the service account.
        # Corresponds to the JSON property `serviceAccount`
        # @return [Google::Apis::IamV1::ServiceAccount]
        attr_accessor :service_account
@ -1262,77 +1259,82 @@ module Google
        end
      end
-      # A service account in the Identity and Access Management API.
+      # An IAM service account.
-      # To create a service account, specify the `project_id` and the `account_id`
+      # A service account is an account for an application or a virtual machine (VM)
-      # for the account.  The `account_id` is unique within the project, and is used
+      # instance, not a person. You can use a service account to call Google APIs. To
-      # to generate the service account email address and a stable
+      # learn more, read the [overview of service
-      # `unique_id`.
+      # accounts](https://cloud.google.com/iam/help/service-accounts/overview).
-      # If the account already exists, the account's resource name is returned
+      # When you create a service account, you specify the project ID that owns the
-      # in the format of projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT`. The caller
+      # service account, as well as a name that must be unique within the project.
-      # can use the name in other methods to access the account.
+      # IAM uses these values to create an email address that identifies the service
-      # All other methods can identify the service account using the format
+      # account.
      # `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
      # Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
      # the account. The `ACCOUNT` value can be the `email` address or the
      # `unique_id` of the service account.
      class ServiceAccount
        include Google::Apis::Core::Hashable
-        # Optional. A user-specified opaque description of the service account.
+        # Optional. A user-specified, human-readable description of the service account.
-        # Must be less than or equal to 256 UTF-8 bytes.
+        # The
        # maximum length is 256 UTF-8 bytes.
        # Corresponds to the JSON property `description`
        # @return [String]
        attr_accessor :description
-        # @OutputOnly A bool indicate if the service account is disabled.
+        # Output only. Whether the service account is disabled.
        # The field is currently in alpha phase.
        # Corresponds to the JSON property `disabled`
        # @return [Boolean]
        attr_accessor :disabled
        alias_method :disabled?, :disabled
-        # Optional. A user-specified name for the service account.
+        # Optional. A user-specified, human-readable name for the service account. The
-        # Must be less than or equal to 100 UTF-8 bytes.
+        # maximum
        # length is 100 UTF-8 bytes.
        # Corresponds to the JSON property `displayName`
        # @return [String]
        attr_accessor :display_name
-        # @OutputOnly The email address of the service account.
+        # Output only. The email address of the service account.
        # Corresponds to the JSON property `email`
        # @return [String]
        attr_accessor :email
-        # Optional. Note: `etag` is an inoperable legacy field that is only returned
+        # Deprecated. Do not use.
        # for backwards compatibility.
        # Corresponds to the JSON property `etag`
        # NOTE: Values are automatically base64 encoded/decoded in the client library.
        # @return [String]
        attr_accessor :etag
-        # The resource name of the service account in the following format:
+        # The resource name of the service account.
-        # `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
+        # Use one of the following formats:
-        # Requests using `-` as a wildcard for the `PROJECT_ID` will infer the
+        # * `projects/`PROJECT_ID`/serviceAccounts/`EMAIL_ADDRESS``
-        # project from the `account` and the `ACCOUNT` value can be the `email`
+        # * `projects/`PROJECT_ID`/serviceAccounts/`UNIQUE_ID``
-        # address or the `unique_id` of the service account.
+        # As an alternative, you can use the `-` wildcard character instead of the
-        # In responses the resource name will always be in the format
+        # project ID:
-        # `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
+        # * `projects/-/serviceAccounts/`EMAIL_ADDRESS``
        # * `projects/-/serviceAccounts/`UNIQUE_ID``
        # When possible, avoid using the `-` wildcard character, because it can cause
        # response messages to contain misleading error codes. For example, if you
        # try to get the service account
        # `projects/-/serviceAccounts/fake@example.com`, which does not exist, the
        # response contains an HTTP `403 Forbidden` error instead of a `404 Not
        # Found` error.
        # Corresponds to the JSON property `name`
        # @return [String]
        attr_accessor :name
-        # @OutputOnly The OAuth2 client id for the service account.
+        # Output only. The OAuth 2.0 client ID for the service account.
        # This is used in conjunction with the OAuth2 clientconfig API to make
        # three legged OAuth2 (3LO) flows to access the data of Google users.
        # Corresponds to the JSON property `oauth2ClientId`
        # @return [String]
        attr_accessor :oauth2_client_id
-        # @OutputOnly The id of the project that owns the service account.
+        # Output only. The ID of the project that owns the service account.
        # Corresponds to the JSON property `projectId`
        # @return [String]
        attr_accessor :project_id
-        # @OutputOnly The unique and stable id of the service account.
+        # Output only. The unique, stable numeric ID for the service account.
        # Each service account retains its unique ID even if you delete the service
        # account. For example, if you delete a service account, then create a new
        # service account with the same name, the new service account has a different
        # unique ID than the deleted service account.
        # Corresponds to the JSON property `uniqueId`
        # @return [String]
        attr_accessor :unique_id
@ -1589,7 +1591,15 @@ module Google
      class SignJwtRequest
        include Google::Apis::Core::Hashable
-        # Required. The JWT payload to sign, a JSON JWT Claim set.
+        # Required. The JWT payload to sign. Must be a serialized JSON object that
        # contains a
        # JWT Claims Set. For example: ``"sub": "user@example.com", "iat": 313435``
        # If the JWT Claims Set contains an expiration time (`exp`) claim, it must be
        # an integer timestamp that is not in the past and no more than 1 hour in the
        # future.
        # If the JWT Claims Set does not contain an expiration time (`exp`) claim,
        # this claim is added automatically, with a timestamp that is 1 hour in the
        # future.
        # Corresponds to the JSON property `payload`
        # @return [String]
        attr_accessor :payload
@ -1708,19 +1718,15 @@ module Google
      class UndeleteServiceAccountResponse
        include Google::Apis::Core::Hashable
-        # A service account in the Identity and Access Management API.
+        # An IAM service account.
-        # To create a service account, specify the `project_id` and the `account_id`
+        # A service account is an account for an application or a virtual machine (VM)
-        # for the account.  The `account_id` is unique within the project, and is used
+        # instance, not a person. You can use a service account to call Google APIs. To
-        # to generate the service account email address and a stable
+        # learn more, read the [overview of service
-        # `unique_id`.
+        # accounts](https://cloud.google.com/iam/help/service-accounts/overview).
-        # If the account already exists, the account's resource name is returned
+        # When you create a service account, you specify the project ID that owns the
-        # in the format of projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT`. The caller
+        # service account, as well as a name that must be unique within the project.
-        # can use the name in other methods to access the account.
+        # IAM uses these values to create an email address that identifies the service
-        # All other methods can identify the service account using the format
+        # account.
        # `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
        # Using `-` as a wildcard for the `PROJECT_ID` will infer the project from
        # the account. The `ACCOUNT` value can be the `email` address or the
        # `unique_id` of the service account.
        # Corresponds to the JSON property `restoredAccount`
        # @return [Google::Apis::IamV1::ServiceAccount]
        attr_accessor :restored_account
--- a/generated/google/apis/iam_v1/service.rb
+++ b/generated/google/apis/iam_v1/service.rb
@ -49,16 +49,11 @@ module Google
          @batch_path = 'batch'
        end
-        # Lints a Cloud IAM policy object or its sub fields. Currently supports
+        # Lints, or validates, an IAM policy. Currently checks the
-        # google.iam.v1.Binding.condition.
+        # google.iam.v1.Binding.condition field, which contains a condition
-        # Each lint operation consists of multiple lint validation units.
+        # expression for a role binding.
-        # Each unit inspects the input object in regard to a particular linting
+        # Successful calls to this method always return an HTTP `200 OK` status code,
-        # aspect and issues a google.iam.admin.v1.LintResult disclosing the
+        # even if the linter detects an issue in the IAM policy.
        # result.
        # The set of applicable validation units is determined by the Cloud IAM
        # server and is not configurable.
        # Regardless of any lint issues or their severities, successful calls to
        # `lintPolicy` return an HTTP 200 OK status code.
        # @param [Google::Apis::IamV1::LintPolicyRequest] lint_policy_request_object
        # @param [String] fields
        #   Selector specifying which fields to include in a partial response.
@ -88,8 +83,10 @@ module Google
          execute_or_queue_command(command, &block)
        end
-        # Returns a list of services that support service level audit logging
+        # Returns a list of services that allow you to opt into audit logs that are
-        # configuration for the given resource.
+        # not generated by default.
        # To learn more about audit logs, see the [Logging
        # documentation](https://cloud.google.com/logging/docs/audit).
        # @param [Google::Apis::IamV1::QueryAuditableServicesRequest] query_auditable_services_request_object
        # @param [String] fields
        #   Selector specifying which fields to include in a partial response.
@ -119,7 +116,7 @@ module Google
          execute_or_queue_command(command, &block)
        end
-        # Creates a new Role.
+        # Creates a new custom Role.
        # @param [String] parent
        #   The `parent` parameter's value depends on the target resource for the
        #   request, namely
@ -169,13 +166,19 @@ module Google
          execute_or_queue_command(command, &block)
        end
-        # Soft deletes a role. The role is suspended and cannot be used to create new
+        # Deletes a custom Role.
-        # IAM Policy Bindings.
+        # When you delete a custom role, the following changes occur immediately:
-        # The Role will not be included in `ListRoles()` unless `show_deleted` is set
+        # * You cannot bind a member to the custom role in an IAM
-        # in the `ListRolesRequest`. The Role contains the deleted boolean set.
+        # Policy.
-        # Existing Bindings remains, but are inactive. The Role can be undeleted
+        # * Existing bindings to the custom role are not changed, but they have no
-        # within 7 days. After 7 days the Role is deleted and all Bindings associated
+        # effect.
-        # with the role are removed.
+        # * By default, the response from ListRoles does not include the custom
        # role.
        # You have 7 days to undelete the custom role. After 7 days, the following
        # changes occur:
        # * The custom role is permanently deleted and cannot be recovered.
        # * If an IAM policy contains a binding to the custom role, the binding is
        # permanently removed.
        # @param [String] name
        #   The `name` parameter's value depends on the target resource for the
        #   request, namely
@ -226,7 +229,7 @@ module Google
          execute_or_queue_command(command, &block)
        end
-        # Gets a Role definition.
+        # Gets the definition of a Role.
        # @param [String] name
        #   The `name` parameter's value depends on the target resource for the
        #   request, namely
@ -280,7 +283,8 @@ module Google
          execute_or_queue_command(command, &block)
        end
-        # Lists the Roles defined on a resource.
+        # Lists every predefined Role that IAM supports, or every custom role
        # that is defined for an organization or project.
        # @param [String] parent
        #   The `parent` parameter's value depends on the target resource for the
        #   request, namely
@ -348,7 +352,7 @@ module Google
          execute_or_queue_command(command, &block)
        end
-        # Updates a Role definition.
+        # Updates the definition of a custom Role.
        # @param [String] name
        #   The `name` parameter's value depends on the target resource for the
        #   request, namely
@ -402,7 +406,7 @@ module Google
          execute_or_queue_command(command, &block)
        end
-        # Undelete a Role, bringing it back in its previous state.
+        # Undeletes a custom Role.
        # @param [String] name
        #   The `name` parameter's value depends on the target resource for the
        #   request, namely
@ -454,8 +458,9 @@ module Google
          execute_or_queue_command(command, &block)
        end
-        # Lists the permissions testable on a resource.
+        # Lists every permission that you can test on a resource. A permission is
-        # A permission is testable if it can be tested for an identity on a resource.
+        # testable if you can check whether a member has that permission on the
        # resource.
        # @param [Google::Apis::IamV1::QueryTestablePermissionsRequest] query_testable_permissions_request_object
        # @param [String] fields
        #   Selector specifying which fields to include in a partial response.
@ -485,7 +490,7 @@ module Google
          execute_or_queue_command(command, &block)
        end
-        # Creates a new Role.
+        # Creates a new custom Role.
        # @param [String] parent
        #   The `parent` parameter's value depends on the target resource for the
        #   request, namely
@ -535,13 +540,19 @@ module Google
          execute_or_queue_command(command, &block)
        end
-        # Soft deletes a role. The role is suspended and cannot be used to create new
+        # Deletes a custom Role.
-        # IAM Policy Bindings.
+        # When you delete a custom role, the following changes occur immediately:
-        # The Role will not be included in `ListRoles()` unless `show_deleted` is set
+        # * You cannot bind a member to the custom role in an IAM
-        # in the `ListRolesRequest`. The Role contains the deleted boolean set.
+        # Policy.
-        # Existing Bindings remains, but are inactive. The Role can be undeleted
+        # * Existing bindings to the custom role are not changed, but they have no
-        # within 7 days. After 7 days the Role is deleted and all Bindings associated
+        # effect.
-        # with the role are removed.
+        # * By default, the response from ListRoles does not include the custom
        # role.
        # You have 7 days to undelete the custom role. After 7 days, the following
        # changes occur:
        # * The custom role is permanently deleted and cannot be recovered.
        # * If an IAM policy contains a binding to the custom role, the binding is
        # permanently removed.
        # @param [String] name
        #   The `name` parameter's value depends on the target resource for the
        #   request, namely
@ -592,7 +603,7 @@ module Google
          execute_or_queue_command(command, &block)
        end
-        # Gets a Role definition.
+        # Gets the definition of a Role.
        # @param [String] name
        #   The `name` parameter's value depends on the target resource for the
        #   request, namely
@ -646,7 +657,8 @@ module Google
          execute_or_queue_command(command, &block)
        end
-        # Lists the Roles defined on a resource.
+        # Lists every predefined Role that IAM supports, or every custom role
        # that is defined for an organization or project.
        # @param [String] parent
        #   The `parent` parameter's value depends on the target resource for the
        #   request, namely
@ -714,7 +726,7 @@ module Google
          execute_or_queue_command(command, &block)
        end
-        # Updates a Role definition.
+        # Updates the definition of a custom Role.
        # @param [String] name
        #   The `name` parameter's value depends on the target resource for the
        #   request, namely
@ -768,7 +780,7 @@ module Google
          execute_or_queue_command(command, &block)
        end
-        # Undelete a Role, bringing it back in its previous state.
+        # Undeletes a custom Role.
        # @param [String] name
        #   The `name` parameter's value depends on the target resource for the
        #   request, namely
@ -820,8 +832,7 @@ module Google
          execute_or_queue_command(command, &block)
        end
-        # Creates a ServiceAccount
+        # Creates a ServiceAccount.
        # and returns it.
        # @param [String] name
        #   Required. The resource name of the project associated with the service
        #   accounts, such as `projects/my-project-123`.
@ -856,6 +867,17 @@ module Google
        end
        # Deletes a ServiceAccount.
        # **Warning:** After you delete a service account, you might not be able to
        # undelete it. If you know that you need to re-enable the service account in
        # the future, use DisableServiceAccount instead.
        # If you delete a service account, IAM permanently removes the service
        # account 30 days later. Google Cloud cannot recover the service account
        # after it is permanently removed, even if you file a support request.
        # To help avoid unplanned outages, we recommend that you disable the service
        # account before you delete it. Use DisableServiceAccount to disable the
        # service account, then wait at least 24 hours and watch for unintended
        # consequences. If there are no unintended consequences, you can delete the
        # service account.
        # @param [String] name
        #   Required. The resource name of the service account in the following format:
        #   `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
@ -889,24 +911,19 @@ module Google
          execute_or_queue_command(command, &block)
        end
-        # DisableServiceAccount is currently in the alpha launch stage.
+        # Disables a ServiceAccount immediately.
-        # Disables a ServiceAccount,
+        # If an application uses the service account to authenticate, that
-        # which immediately prevents the service account from authenticating and
+        # application can no longer call Google APIs or access Google Cloud
-        # gaining access to APIs.
+        # resources. Existing access tokens for the service account are rejected, and
-        # Disabled service accounts can be safely restored by using
+        # requests for new access tokens will fail.
-        # EnableServiceAccount at any point. Deleted service accounts cannot be
+        # To re-enable the service account, use EnableServiceAccount. After you
-        # restored using this method.
+        # re-enable the service account, its existing access tokens will be accepted,
-        # Disabling a service account that is bound to VMs, Apps, Functions, or
+        # and you can request new access tokens.
-        # other jobs will cause those jobs to lose access to resources if they are
+        # To help avoid unplanned outages, we recommend that you disable the service
-        # using the disabled service account.
+        # account before you delete it. Use this method to disable the service
-        # Previously issued Access tokens for a service account will be rejected
+        # account, then wait at least 24 hours and watch for unintended consequences.
-        # while the service account is disabled but will start working again if the
+        # If there are no unintended consequences, you can delete the service account
-        # account is re-enabled. Issuance of new tokens will fail while the account
+        # with DeleteServiceAccount.
        # is disabled.
        # To improve reliability of your services and avoid unexpected outages, it
        # is recommended to first disable a service account rather than delete it.
        # After disabling the service account, wait at least 24 hours to verify there
        # are no unintended consequences, and then delete the service account.
        # @param [String] name
        #   The resource name of the service account in the following format:
        #   `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
@ -943,14 +960,12 @@ module Google
          execute_or_queue_command(command, &block)
        end
-        # EnableServiceAccount is currently in the alpha launch stage.
+        # Enables a ServiceAccount that was disabled by
-        # Restores a disabled ServiceAccount
+        # DisableServiceAccount.
-        # that has been manually disabled by using DisableServiceAccount. Service
+        # If the service account is already enabled, then this method has no effect.
-        # accounts that have been disabled by other means or for other reasons,
+        # If the service account was disabled by other means—for example, if Google
-        # such as abuse, cannot be restored using this method.
+        # disabled the service account because it was compromised—you cannot use this
-        # EnableServiceAccount will have no effect on a service account that is
+        # method to enable the service account.
        # not disabled.  Enabling an already enabled service account will have no
        # effect.
        # @param [String] name
        #   The resource name of the service account in the following format:
        #   `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
@ -1021,19 +1036,15 @@ module Google
          execute_or_queue_command(command, &block)
        end
-        # Returns the Cloud IAM access control policy for a
+        # Gets the IAM policy that is attached to a ServiceAccount. This IAM
-        # ServiceAccount.
+        # policy specifies which members have access to the service account.
-        # Note: Service accounts are both
+        # This method does not tell you whether the service account has been granted
-        # [resources and
+        # any roles on other resources. To check whether a service account has role
-        # identities](/iam/docs/service-accounts#service_account_permissions). This
+        # grants on a resource, use the `getIamPolicy` method for that resource. For
-        # method treats the service account as a resource. It returns the Cloud IAM
+        # example, to view the role grants for a project, call the Resource Manager
-        # policy that reflects what members have access to the service account.
+        # API's
-        # This method does not return what resources the service account has access
+        # [`projects.getIamPolicy`](https://cloud.google.com/resource-manager/reference/
-        # to. To see if a service account has access to a resource, call the
+        # rest/v1/projects/getIamPolicy)
        # `getIamPolicy` method on the target resource. For example, to view grants
        # for a project, call the
        # [projects.getIamPolicy](/resource-manager/reference/rest/v1/projects/
        # getIamPolicy)
        # method.
        # @param [String] resource
        #   REQUIRED: The resource for which the policy is being requested.
@ -1076,7 +1087,7 @@ module Google
          execute_or_queue_command(command, &block)
        end
-        # Lists ServiceAccounts for a project.
+        # Lists every ServiceAccount that belongs to a specific project.
        # @param [String] name
        #   Required. The resource name of the project associated with the service
        #   accounts, such as `projects/my-project-123`.
@ -1118,19 +1129,21 @@ module Google
        end
        # Patches a ServiceAccount.
        # Currently, only the following fields are updatable:
        # `display_name` and `description`.
        # Only fields specified in the request are guaranteed to be returned in
        # the response. Other fields in the response may be empty.
        # Note: The field mask is required.
        # @param [String] name
-        #   The resource name of the service account in the following format:
+        #   The resource name of the service account.
-        #   `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
+        #   Use one of the following formats:
-        #   Requests using `-` as a wildcard for the `PROJECT_ID` will infer the
+        #   * `projects/`PROJECT_ID`/serviceAccounts/`EMAIL_ADDRESS``
-        #   project from the `account` and the `ACCOUNT` value can be the `email`
+        #   * `projects/`PROJECT_ID`/serviceAccounts/`UNIQUE_ID``
-        #   address or the `unique_id` of the service account.
+        #   As an alternative, you can use the `-` wildcard character instead of the
-        #   In responses the resource name will always be in the format
+        #   project ID:
-        #   `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
+        #   * `projects/-/serviceAccounts/`EMAIL_ADDRESS``
        #   * `projects/-/serviceAccounts/`UNIQUE_ID``
        #   When possible, avoid using the `-` wildcard character, because it can cause
        #   response messages to contain misleading error codes. For example, if you
        #   try to get the service account
        #   `projects/-/serviceAccounts/fake@example.com`, which does not exist, the
        #   response contains an HTTP `403 Forbidden` error instead of a `404 Not
        #   Found` error.
        # @param [Google::Apis::IamV1::PatchServiceAccountRequest] patch_service_account_request_object
        # @param [String] fields
        #   Selector specifying which fields to include in a partial response.
@ -1161,21 +1174,20 @@ module Google
          execute_or_queue_command(command, &block)
        end
-        # Sets the Cloud IAM access control policy for a
+        # Sets the IAM policy that is attached to a ServiceAccount.
-        # ServiceAccount.
+        # Use this method to grant or revoke access to the service account. For
-        # Note: Service accounts are both
+        # example, you could grant a member the ability to impersonate the service
-        # [resources and
+        # account.
-        # identities](/iam/docs/service-accounts#service_account_permissions). This
+        # This method does not enable the service account to access other resources.
-        # method treats the service account as a resource. Use it to grant members
+        # To grant roles to a service account on a resource, follow these steps:
-        # access to the service account, such as when they need to impersonate it.
+        # 1. Call the resource's `getIamPolicy` method to get its current IAM policy.
-        # This method does not grant the service account access to other resources,
+        # 2. Edit the policy so that it binds the service account to an IAM role for
-        # such as projects. To grant a service account access to resources, include
+        # the resource.
-        # the service account in the Cloud IAM policy for the desired resource, then
+        # 3. Call the resource's `setIamPolicy` method to update its IAM policy.
-        # call the appropriate `setIamPolicy` method on the target resource. For
+        # For detailed instructions, see
-        # example, to grant a service account access to a project, call the
+        # [Granting roles to a service account for specific
-        # [projects.setIamPolicy](/resource-manager/reference/rest/v1/projects/
+        # resources](https://cloud.google.com/iam/help/service-accounts/granting-access-
-        # setIamPolicy)
+        # to-service-accounts).
        # method.
        # @param [String] resource
        #   REQUIRED: The resource for which the policy is being specified.
        #   See the operation documentation for the appropriate value for this field.
@ -1209,11 +1221,11 @@ module Google
          execute_or_queue_command(command, &block)
        end
-        # **Note**: This method is in the process of being deprecated. Call the
+        # **Note:** We are in the process of deprecating this method. Use the
-        # [`signBlob()`](/iam/credentials/reference/rest/v1/projects.serviceAccounts/
+        # [`signBlob`](https://cloud.google.com/iam/help/rest-credentials/v1/projects.
-        # signBlob)
+        # serviceAccounts/signBlob)
-        # method of the Cloud IAM Service Account Credentials API instead.
+        # method in the IAM Service Account Credentials API instead.
-        # Signs a blob using a service account's system-managed private key.
+        # Signs a blob using the system-managed private key for a ServiceAccount.
        # @param [String] name
        #   Required. The resource name of the service account in the following format:
        #   `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
@ -1250,14 +1262,12 @@ module Google
          execute_or_queue_command(command, &block)
        end
-        # **Note**: This method is in the process of being deprecated. Call the
+        # **Note:** We are in the process of deprecating this method. Use the
-        # [`signJwt()`](/iam/credentials/reference/rest/v1/projects.serviceAccounts/
+        # [`signJwt`](https://cloud.google.com/iam/help/rest-credentials/v1/projects.
-        # signJwt)
+        # serviceAccounts/signJwt)
-        # method of the Cloud IAM Service Account Credentials API instead.
+        # method in the IAM Service Account Credentials API instead.
-        # Signs a JWT using a service account's system-managed private key.
+        # Signs a JSON Web Token (JWT) using the system-managed private key for a
-        # If no expiry time (`exp`) is provided in the `SignJwtRequest`, IAM sets an
+        # ServiceAccount.
        # an expiry time of one hour by default. If you request an expiry time of
        # more than one hour, the request will fail.
        # @param [String] name
        #   Required. The resource name of the service account in the following format:
        #   `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
@ -1294,8 +1304,8 @@ module Google
          execute_or_queue_command(command, &block)
        end
-        # Tests the specified permissions against the IAM access control policy
+        # Tests whether the caller has the specified permissions on a
-        # for a ServiceAccount.
+        # ServiceAccount.
        # @param [String] resource
        #   REQUIRED: The resource for which the policy detail is being requested.
        #   See the operation documentation for the appropriate value for this field.
@ -1330,8 +1340,11 @@ module Google
        end
        # Restores a deleted ServiceAccount.
-        # This is to be used as an action of last resort.  A service account may
+        # **Important:** It is not always possible to restore a deleted service
-        # not always be restorable.
+        # account. Use this method only as a last resort.
        # After you delete a service account, IAM permanently removes the service
        # account 30 days later. There is no way to restore a deleted service account
        # that has been permanently removed.
        # @param [String] name
        #   The resource name of the service account in the following format:
        #   `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT_UNIQUE_ID``.
@ -1367,19 +1380,25 @@ module Google
          execute_or_queue_command(command, &block)
        end
-        # Note: This method is in the process of being deprecated. Use
+        # **Note:** We are in the process of deprecating this method. Use
        # PatchServiceAccount instead.
        # Updates a ServiceAccount.
-        # Currently, only the following fields are updatable:
+        # You can update only the `display_name` and `description` fields.
        # `display_name` and `description`.
        # @param [String] name
-        #   The resource name of the service account in the following format:
+        #   The resource name of the service account.
-        #   `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
+        #   Use one of the following formats:
-        #   Requests using `-` as a wildcard for the `PROJECT_ID` will infer the
+        #   * `projects/`PROJECT_ID`/serviceAccounts/`EMAIL_ADDRESS``
-        #   project from the `account` and the `ACCOUNT` value can be the `email`
+        #   * `projects/`PROJECT_ID`/serviceAccounts/`UNIQUE_ID``
-        #   address or the `unique_id` of the service account.
+        #   As an alternative, you can use the `-` wildcard character instead of the
-        #   In responses the resource name will always be in the format
+        #   project ID:
-        #   `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
+        #   * `projects/-/serviceAccounts/`EMAIL_ADDRESS``
        #   * `projects/-/serviceAccounts/`UNIQUE_ID``
        #   When possible, avoid using the `-` wildcard character, because it can cause
        #   response messages to contain misleading error codes. For example, if you
        #   try to get the service account
        #   `projects/-/serviceAccounts/fake@example.com`, which does not exist, the
        #   response contains an HTTP `403 Forbidden` error instead of a `404 Not
        #   Found` error.
        # @param [Google::Apis::IamV1::ServiceAccount] service_account_object
        # @param [String] fields
        #   Selector specifying which fields to include in a partial response.
@ -1410,8 +1429,7 @@ module Google
          execute_or_queue_command(command, &block)
        end
-        # Creates a ServiceAccountKey
+        # Creates a ServiceAccountKey.
        # and returns it.
        # @param [String] name
        #   Required. The resource name of the service account in the following format:
        #   `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
@ -1482,8 +1500,7 @@ module Google
          execute_or_queue_command(command, &block)
        end
-        # Gets the ServiceAccountKey
+        # Gets a ServiceAccountKey.
        # by key id.
        # @param [String] name
        #   Required. The resource name of the service account key in the following format:
        #   `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT`/keys/`key``.
@ -1521,7 +1538,7 @@ module Google
          execute_or_queue_command(command, &block)
        end
-        # Lists ServiceAccountKeys.
+        # Lists every ServiceAccountKey for a service account.
        # @param [String] name
        #   Required. The resource name of the service account in the following format:
        #   `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
@ -1560,10 +1577,7 @@ module Google
          execute_or_queue_command(command, &block)
        end
-        # Upload public key for a given service account.
+        # Creates a ServiceAccountKey, using a public key that you provide.
        # This rpc will create a
        # ServiceAccountKey that has the
        # provided public key and returns it.
        # @param [String] name
        #   The resource name of the service account in the following format:
        #   `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``.
@ -1600,7 +1614,7 @@ module Google
          execute_or_queue_command(command, &block)
        end
-        # Gets a Role definition.
+        # Gets the definition of a Role.
        # @param [String] name
        #   The `name` parameter's value depends on the target resource for the
        #   request, namely
@ -1654,7 +1668,8 @@ module Google
          execute_or_queue_command(command, &block)
        end
-        # Lists the Roles defined on a resource.
+        # Lists every predefined Role that IAM supports, or every custom role
        # that is defined for an organization or project.
        # @param [Fixnum] page_size
        #   Optional limit on the number of roles to include in the response.
        # @param [String] page_token
@ -1722,9 +1737,9 @@ module Google
          execute_or_queue_command(command, &block)
        end
-        # Queries roles that can be granted on a particular resource.
+        # Lists roles that can be granted on a Google Cloud resource. A role is
-        # A role is grantable if it can be used as the role in a binding for a policy
+        # grantable if the IAM policy for the resource can contain bindings to the
-        # for that resource.
+        # role.
        # @param [Google::Apis::IamV1::QueryGrantableRolesRequest] query_grantable_roles_request_object
        # @param [String] fields
        #   Selector specifying which fields to include in a partial response.
--- a/generated/google/apis/iamcredentials_v1.rb
+++ b/generated/google/apis/iamcredentials_v1.rb
@ -25,7 +25,7 @@ module Google
    # @see https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials
    module IamcredentialsV1
      VERSION = 'V1'
-      REVISION = '20200515'
+      REVISION = '20200605'
      # View and manage your data across Google Cloud Platform services
      AUTH_CLOUD_PLATFORM = 'https://www.googleapis.com/auth/cloud-platform'
--- a/generated/google/apis/iamcredentials_v1/classes.rb
+++ b/generated/google/apis/iamcredentials_v1/classes.rb
@ -247,9 +247,10 @@ module Google
        # Required. The JWT payload to sign. Must be a serialized JSON object that
        # contains a
-        # JWT Claim Set. For example: ``"sub": "user@example.com", "iat": 313435``
+        # JWT Claims Set. For example: ``"sub": "user@example.com", "iat": 313435``
-        # If the claim set contains an `exp` claim, it must be an integer timestamp
+        # If the JWT Claims Set contains an expiration time (`exp`) claim, it must be
-        # that is not in the past and at most 12 hours in the future.
+        # an integer timestamp that is not in the past and no more than 12 hours in
        # the future.
        # Corresponds to the JSON property `payload`
        # @return [String]
        attr_accessor :payload
--- a/generated/google/apis/monitoring_v1.rb
+++ b/generated/google/apis/monitoring_v1.rb
@ -29,7 +29,7 @@ module Google
    # @see https://cloud.google.com/monitoring/api/
    module MonitoringV1
      VERSION = 'V1'
-      REVISION = '20200405'
+      REVISION = '20200608'
      # View and manage your data across Google Cloud Platform services
      AUTH_CLOUD_PLATFORM = 'https://www.googleapis.com/auth/cloud-platform'
--- a/generated/google/apis/monitoring_v1/classes.rb
+++ b/generated/google/apis/monitoring_v1/classes.rb
@ -815,6 +815,36 @@ module Google
        end
      end
      # A filter that ranks streams based on their statistical relation to other
      # streams in a request. Note: This field is deprecated and completely ignored by
      # the API.
      class StatisticalTimeSeriesFilter
        include Google::Apis::Core::Hashable
        # How many time series to output.
        # Corresponds to the JSON property `numTimeSeries`
        # @return [Fixnum]
        attr_accessor :num_time_series
        # rankingMethod is applied to a set of time series, and then the produced value
        # for each individual time series is used to compare a given time series to
        # others. These are methods that cannot be applied stream-by-stream, but rather
        # require the full context of a request to evaluate time series.
        # Corresponds to the JSON property `rankingMethod`
        # @return [String]
        attr_accessor :ranking_method
        def initialize(**args)
           update!(**args)
        end
        # Update properties of this object
        def update!(**args)
          @num_time_series = args[:num_time_series] if args.key?(:num_time_series)
          @ranking_method = args[:ranking_method] if args.key?(:ranking_method)
        end
      end
      # A widget that displays textual content.
      class Text
        include Google::Apis::Core::Hashable
@ -950,6 +980,13 @@ module Google
        # @return [Google::Apis::MonitoringV1::Aggregation]
        attr_accessor :secondary_aggregation
        # A filter that ranks streams based on their statistical relation to other
        # streams in a request. Note: This field is deprecated and completely ignored by
        # the API.
        # Corresponds to the JSON property `statisticalTimeSeriesFilter`
        # @return [Google::Apis::MonitoringV1::StatisticalTimeSeriesFilter]
        attr_accessor :statistical_time_series_filter
        def initialize(**args)
           update!(**args)
        end
@ -960,6 +997,7 @@ module Google
          @filter = args[:filter] if args.key?(:filter)
          @pick_time_series_filter = args[:pick_time_series_filter] if args.key?(:pick_time_series_filter)
          @secondary_aggregation = args[:secondary_aggregation] if args.key?(:secondary_aggregation)
          @statistical_time_series_filter = args[:statistical_time_series_filter] if args.key?(:statistical_time_series_filter)
        end
      end
@ -1016,6 +1054,13 @@ module Google
        # @return [Google::Apis::MonitoringV1::Aggregation]
        attr_accessor :secondary_aggregation
        # A filter that ranks streams based on their statistical relation to other
        # streams in a request. Note: This field is deprecated and completely ignored by
        # the API.
        # Corresponds to the JSON property `statisticalTimeSeriesFilter`
        # @return [Google::Apis::MonitoringV1::StatisticalTimeSeriesFilter]
        attr_accessor :statistical_time_series_filter
        def initialize(**args)
           update!(**args)
        end
@ -1026,6 +1071,7 @@ module Google
          @numerator = args[:numerator] if args.key?(:numerator)
          @pick_time_series_filter = args[:pick_time_series_filter] if args.key?(:pick_time_series_filter)
          @secondary_aggregation = args[:secondary_aggregation] if args.key?(:secondary_aggregation)
          @statistical_time_series_filter = args[:statistical_time_series_filter] if args.key?(:statistical_time_series_filter)
        end
      end
--- a/generated/google/apis/monitoring_v1/representations.rb
+++ b/generated/google/apis/monitoring_v1/representations.rb
@ -154,6 +154,12 @@ module Google
        include Google::Apis::Core::JsonObjectSupport
      end
      class StatisticalTimeSeriesFilter
        class Representation < Google::Apis::Core::JsonRepresentation; end
        include Google::Apis::Core::JsonObjectSupport
      end
      class Text
        class Representation < Google::Apis::Core::JsonRepresentation; end
@ -405,6 +411,14 @@ module Google
        end
      end
      class StatisticalTimeSeriesFilter
        # @private
        class Representation < Google::Apis::Core::JsonRepresentation
          property :num_time_series, as: 'numTimeSeries'
          property :ranking_method, as: 'rankingMethod'
        end
      end
      class Text
        # @private
        class Representation < Google::Apis::Core::JsonRepresentation
@ -433,6 +447,8 @@ module Google
          property :secondary_aggregation, as: 'secondaryAggregation', class: Google::Apis::MonitoringV1::Aggregation, decorator: Google::Apis::MonitoringV1::Aggregation::Representation
          property :statistical_time_series_filter, as: 'statisticalTimeSeriesFilter', class: Google::Apis::MonitoringV1::StatisticalTimeSeriesFilter, decorator: Google::Apis::MonitoringV1::StatisticalTimeSeriesFilter::Representation
        end
      end
@ -447,6 +463,8 @@ module Google
          property :secondary_aggregation, as: 'secondaryAggregation', class: Google::Apis::MonitoringV1::Aggregation, decorator: Google::Apis::MonitoringV1::Aggregation::Representation
          property :statistical_time_series_filter, as: 'statisticalTimeSeriesFilter', class: Google::Apis::MonitoringV1::StatisticalTimeSeriesFilter, decorator: Google::Apis::MonitoringV1::StatisticalTimeSeriesFilter::Representation
        end
      end
--- a/generated/google/apis/monitoring_v3.rb
+++ b/generated/google/apis/monitoring_v3.rb
@ -29,7 +29,7 @@ module Google
    # @see https://cloud.google.com/monitoring/api/
    module MonitoringV3
      VERSION = 'V3'
-      REVISION = '20200526'
+      REVISION = '20200608'
      # View and manage your data across Google Cloud Platform services
      AUTH_CLOUD_PLATFORM = 'https://www.googleapis.com/auth/cloud-platform'
--- a/generated/google/apis/monitoring_v3/classes.rb
+++ b/generated/google/apis/monitoring_v3/classes.rb
@ -1990,6 +1990,15 @@ module Google
        # @return [Array<Google::Apis::MonitoringV3::TimeSeries>]
        attr_accessor :time_series
        # The unit in which all time_series point values are reported. unit follows the
        # UCUM format for units as seen in https://unitsofmeasure.org/ucum.html. If
        # different time_series have different units (for example, because they come
        # from different metric types, or a unit is absent), then unit will be "`
        # not_a_unit`".
        # Corresponds to the JSON property `unit`
        # @return [String]
        attr_accessor :unit
        def initialize(**args)
           update!(**args)
        end
@ -1999,6 +2008,7 @@ module Google
          @execution_errors = args[:execution_errors] if args.key?(:execution_errors)
          @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
          @time_series = args[:time_series] if args.key?(:time_series)
          @unit = args[:unit] if args.key?(:unit)
        end
      end
--- a/generated/google/apis/monitoring_v3/representations.rb
+++ b/generated/google/apis/monitoring_v3/representations.rb
@ -1089,6 +1089,7 @@ module Google
          property :next_page_token, as: 'nextPageToken'
          collection :time_series, as: 'timeSeries', class: Google::Apis::MonitoringV3::TimeSeries, decorator: Google::Apis::MonitoringV3::TimeSeries::Representation
          property :unit, as: 'unit'
        end
      end
--- a/generated/google/apis/secretmanager_v1.rb
+++ b/generated/google/apis/secretmanager_v1.rb
@ -26,7 +26,7 @@ module Google
    # @see https://cloud.google.com/secret-manager/
    module SecretmanagerV1
      VERSION = 'V1'
-      REVISION = '20200508'
+      REVISION = '20200605'
      # View and manage your data across Google Cloud Platform services
      AUTH_CLOUD_PLATFORM = 'https://www.googleapis.com/auth/cloud-platform'
--- a/generated/google/apis/secretmanager_v1/classes.rb
+++ b/generated/google/apis/secretmanager_v1/classes.rb
@ -81,7 +81,7 @@ module Google
      # `
      # "audit_configs": [
      # `
-      # "service": "allServices"
+      # "service": "allServices",
      # "audit_log_configs": [
      # `
      # "log_type": "DATA_READ",
@ -90,18 +90,18 @@ module Google
      # ]
      # `,
      # `
-      # "log_type": "DATA_WRITE",
+      # "log_type": "DATA_WRITE"
      # `,
      # `
-      # "log_type": "ADMIN_READ",
+      # "log_type": "ADMIN_READ"
      # `
      # ]
      # `,
      # `
-      # "service": "sampleservice.googleapis.com"
+      # "service": "sampleservice.googleapis.com",
      # "audit_log_configs": [
      # `
-      # "log_type": "DATA_READ",
+      # "log_type": "DATA_READ"
      # `,
      # `
      # "log_type": "DATA_WRITE",
@ -153,7 +153,7 @@ module Google
      # ]
      # `,
      # `
-      # "log_type": "DATA_WRITE",
+      # "log_type": "DATA_WRITE"
      # `
      # ]
      # `
--- a/generated/google/apis/secretmanager_v1beta1.rb
+++ b/generated/google/apis/secretmanager_v1beta1.rb
@ -26,7 +26,7 @@ module Google
    # @see https://cloud.google.com/secret-manager/
    module SecretmanagerV1beta1
      VERSION = 'V1beta1'
-      REVISION = '20200508'
+      REVISION = '20200605'
      # View and manage your data across Google Cloud Platform services
      AUTH_CLOUD_PLATFORM = 'https://www.googleapis.com/auth/cloud-platform'
--- a/generated/google/apis/secretmanager_v1beta1/classes.rb
+++ b/generated/google/apis/secretmanager_v1beta1/classes.rb
@ -81,7 +81,7 @@ module Google
      # `
      # "audit_configs": [
      # `
-      # "service": "allServices"
+      # "service": "allServices",
      # "audit_log_configs": [
      # `
      # "log_type": "DATA_READ",
@ -90,18 +90,18 @@ module Google
      # ]
      # `,
      # `
-      # "log_type": "DATA_WRITE",
+      # "log_type": "DATA_WRITE"
      # `,
      # `
-      # "log_type": "ADMIN_READ",
+      # "log_type": "ADMIN_READ"
      # `
      # ]
      # `,
      # `
-      # "service": "sampleservice.googleapis.com"
+      # "service": "sampleservice.googleapis.com",
      # "audit_log_configs": [
      # `
-      # "log_type": "DATA_READ",
+      # "log_type": "DATA_READ"
      # `,
      # `
      # "log_type": "DATA_WRITE",
@ -153,7 +153,7 @@ module Google
      # ]
      # `,
      # `
-      # "log_type": "DATA_WRITE",
+      # "log_type": "DATA_WRITE"
      # `
      # ]
      # `
--- a/generated/google/apis/servicemanagement_v1.rb
+++ b/generated/google/apis/servicemanagement_v1.rb
@ -27,7 +27,7 @@ module Google
    # @see https://cloud.google.com/service-management/
    module ServicemanagementV1
      VERSION = 'V1'
-      REVISION = '20200515'
+      REVISION = '20200605'
      # View and manage your data across Google Cloud Platform services
      AUTH_CLOUD_PLATFORM = 'https://www.googleapis.com/auth/cloud-platform'
--- a/generated/google/apis/servicemanagement_v1/classes.rb
+++ b/generated/google/apis/servicemanagement_v1/classes.rb
@ -135,7 +135,7 @@ module Google
      # `
      # "audit_configs": [
      # `
-      # "service": "allServices"
+      # "service": "allServices",
      # "audit_log_configs": [
      # `
      # "log_type": "DATA_READ",
@ -144,18 +144,18 @@ module Google
      # ]
      # `,
      # `
-      # "log_type": "DATA_WRITE",
+      # "log_type": "DATA_WRITE"
      # `,
      # `
-      # "log_type": "ADMIN_READ",
+      # "log_type": "ADMIN_READ"
      # `
      # ]
      # `,
      # `
-      # "service": "sampleservice.googleapis.com"
+      # "service": "sampleservice.googleapis.com",
      # "audit_log_configs": [
      # `
-      # "log_type": "DATA_READ",
+      # "log_type": "DATA_READ"
      # `,
      # `
      # "log_type": "DATA_WRITE",
@ -207,7 +207,7 @@ module Google
      # ]
      # `,
      # `
-      # "log_type": "DATA_WRITE",
+      # "log_type": "DATA_WRITE"
      # `
      # ]
      # `
@ -1438,11 +1438,6 @@ module Google
        attr_accessor :allow_cors
        alias_method :allow_cors?, :allow_cors
        # The list of features enabled on this endpoint.
        # Corresponds to the JSON property `features`
        # @return [Array<String>]
        attr_accessor :features
        # The canonical name of this endpoint.
        # Corresponds to the JSON property `name`
        # @return [String]
@ -1465,7 +1460,6 @@ module Google
        def update!(**args)
          @aliases = args[:aliases] if args.key?(:aliases)
          @allow_cors = args[:allow_cors] if args.key?(:allow_cors)
          @features = args[:features] if args.key?(:features)
          @name = args[:name] if args.key?(:name)
          @target = args[:target] if args.key?(:target)
        end
--- a/generated/google/apis/servicemanagement_v1/representations.rb
+++ b/generated/google/apis/servicemanagement_v1/representations.rb
@ -860,7 +860,6 @@ module Google
        class Representation < Google::Apis::Core::JsonRepresentation
          collection :aliases, as: 'aliases'
          property :allow_cors, as: 'allowCors'
          collection :features, as: 'features'
          property :name, as: 'name'
          property :target, as: 'target'
        end