diff --git a/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/AccessContextManager.java b/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/AccessContextManager.java
new file mode 100644
index 00000000000..913acf08d38
--- /dev/null
+++ b/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/AccessContextManager.java
@@ -0,0 +1,3351 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1;
+
+/**
+ * Service definition for AccessContextManager (v1).
+ *
+ * <p>
+ * An API for setting attribute based access control to requests to GCP services.
+ * </p>
+ *
+ * <p>
+ * For more information about this service, see the
+ * <a href="https://cloud.google.com/access-context-manager/docs/reference/rest/" target="_blank">API Documentation</a>
+ * </p>
+ *
+ * <p>
+ * This service uses {@link AccessContextManagerRequestInitializer} to initialize global parameters via its
+ * {@link Builder}.
+ * </p>
+ *
+ * @since 1.3
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public class AccessContextManager extends com.google.api.client.googleapis.services.json.AbstractGoogleJsonClient {
+
+  // Note: Leave this static initializer at the top of the file.
+  static {
+    com.google.api.client.util.Preconditions.checkState(
+        com.google.api.client.googleapis.GoogleUtils.MAJOR_VERSION == 1 &&
+        com.google.api.client.googleapis.GoogleUtils.MINOR_VERSION >= 15,
+        "You are currently running with version %s of google-api-client. " +
+        "You need at least version 1.15 of google-api-client to run version " +
+        "1.26.0 of the Access Context Manager API library.", com.google.api.client.googleapis.GoogleUtils.VERSION);
+  }
+
+  /**
+   * The default encoded root URL of the service. This is determined when the library is generated
+   * and normally should not be changed.
+   *
+   * @since 1.7
+   */
+  public static final String DEFAULT_ROOT_URL = "https://accesscontextmanager.googleapis.com/";
+
+  /**
+   * The default encoded service path of the service. This is determined when the library is
+   * generated and normally should not be changed.
+   *
+   * @since 1.7
+   */
+  public static final String DEFAULT_SERVICE_PATH = "";
+
+  /**
+   * The default encoded batch path of the service. This is determined when the library is
+   * generated and normally should not be changed.
+   *
+   * @since 1.23
+   */
+  public static final String DEFAULT_BATCH_PATH = "batch";
+
+  /**
+   * The default encoded base URL of the service. This is determined when the library is generated
+   * and normally should not be changed.
+   */
+  public static final String DEFAULT_BASE_URL = DEFAULT_ROOT_URL + DEFAULT_SERVICE_PATH;
+
+  /**
+   * Constructor.
+   *
+   * <p>
+   * Use {@link Builder} if you need to specify any of the optional parameters.
+   * </p>
+   *
+   * @param transport HTTP transport, which should normally be:
+   *        <ul>
+   *        <li>Google App Engine:
+   *        {@code com.google.api.client.extensions.appengine.http.UrlFetchTransport}</li>
+   *        <li>Android: {@code newCompatibleTransport} from
+   *        {@code com.google.api.client.extensions.android.http.AndroidHttp}</li>
+   *        <li>Java: {@link com.google.api.client.googleapis.javanet.GoogleNetHttpTransport#newTrustedTransport()}
+   *        </li>
+   *        </ul>
+   * @param jsonFactory JSON factory, which may be:
+   *        <ul>
+   *        <li>Jackson: {@code com.google.api.client.json.jackson2.JacksonFactory}</li>
+   *        <li>Google GSON: {@code com.google.api.client.json.gson.GsonFactory}</li>
+   *        <li>Android Honeycomb or higher:
+   *        {@code com.google.api.client.extensions.android.json.AndroidJsonFactory}</li>
+   *        </ul>
+   * @param httpRequestInitializer HTTP request initializer or {@code null} for none
+   * @since 1.7
+   */
+  public AccessContextManager(com.google.api.client.http.HttpTransport transport, com.google.api.client.json.JsonFactory jsonFactory,
+      com.google.api.client.http.HttpRequestInitializer httpRequestInitializer) {
+    this(new Builder(transport, jsonFactory, httpRequestInitializer));
+  }
+
+  /**
+   * @param builder builder
+   */
+  AccessContextManager(Builder builder) {
+    super(builder);
+  }
+
+  @Override
+  protected void initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest<?> httpClientRequest) throws java.io.IOException {
+    super.initialize(httpClientRequest);
+  }
+
+  /**
+   * An accessor for creating requests from the AccessPolicies collection.
+   *
+   * <p>The typical use is:</p>
+   * <pre>
+   *   {@code AccessContextManager accesscontextmanager = new AccessContextManager(...);}
+   *   {@code AccessContextManager.AccessPolicies.List request = accesscontextmanager.accessPolicies().list(parameters ...)}
+   * </pre>
+   *
+   * @return the resource collection
+   */
+  public AccessPolicies accessPolicies() {
+    return new AccessPolicies();
+  }
+
+  /**
+   * The "accessPolicies" collection of methods.
+   */
+  public class AccessPolicies {
+
+    /**
+     * Create an `AccessPolicy`. Fails if this organization already has a `AccessPolicy`. The
+     * longrunning Operation will have a successful status once the `AccessPolicy` has propagated to
+     * long-lasting storage. Syntactic and basic semantic errors will be returned in `metadata` as a
+     * BadRequest proto.
+     *
+     * Create a request for the method "accessPolicies.create".
+     *
+     * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+     * optional parameters, call the {@link Create#execute()} method to invoke the remote operation.
+     *
+     * @param content the {@link com.google.api.services.accesscontextmanager.v1.model.AccessPolicy}
+     * @return the request
+     */
+    public Create create(com.google.api.services.accesscontextmanager.v1.model.AccessPolicy content) throws java.io.IOException {
+      Create result = new Create(content);
+      initialize(result);
+      return result;
+    }
+
+    public class Create extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.Operation> {
+
+      private static final String REST_PATH = "v1/accessPolicies";
+
+      /**
+       * Create an `AccessPolicy`. Fails if this organization already has a `AccessPolicy`. The
+       * longrunning Operation will have a successful status once the `AccessPolicy` has propagated to
+       * long-lasting storage. Syntactic and basic semantic errors will be returned in `metadata` as a
+       * BadRequest proto.
+       *
+       * Create a request for the method "accessPolicies.create".
+       *
+       * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+       * any optional parameters, call the {@link Create#execute()} method to invoke the remote
+       * operation. <p> {@link
+       * Create#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must
+       * be called to initialize this instance immediately after invoking the constructor. </p>
+       *
+       * @param content the {@link com.google.api.services.accesscontextmanager.v1.model.AccessPolicy}
+       * @since 1.13
+       */
+      protected Create(com.google.api.services.accesscontextmanager.v1.model.AccessPolicy content) {
+        super(AccessContextManager.this, "POST", REST_PATH, content, com.google.api.services.accesscontextmanager.v1.model.Operation.class);
+      }
+
+      @Override
+      public Create set$Xgafv(java.lang.String $Xgafv) {
+        return (Create) super.set$Xgafv($Xgafv);
+      }
+
+      @Override
+      public Create setAccessToken(java.lang.String accessToken) {
+        return (Create) super.setAccessToken(accessToken);
+      }
+
+      @Override
+      public Create setAlt(java.lang.String alt) {
+        return (Create) super.setAlt(alt);
+      }
+
+      @Override
+      public Create setCallback(java.lang.String callback) {
+        return (Create) super.setCallback(callback);
+      }
+
+      @Override
+      public Create setFields(java.lang.String fields) {
+        return (Create) super.setFields(fields);
+      }
+
+      @Override
+      public Create setKey(java.lang.String key) {
+        return (Create) super.setKey(key);
+      }
+
+      @Override
+      public Create setOauthToken(java.lang.String oauthToken) {
+        return (Create) super.setOauthToken(oauthToken);
+      }
+
+      @Override
+      public Create setPrettyPrint(java.lang.Boolean prettyPrint) {
+        return (Create) super.setPrettyPrint(prettyPrint);
+      }
+
+      @Override
+      public Create setQuotaUser(java.lang.String quotaUser) {
+        return (Create) super.setQuotaUser(quotaUser);
+      }
+
+      @Override
+      public Create setUploadType(java.lang.String uploadType) {
+        return (Create) super.setUploadType(uploadType);
+      }
+
+      @Override
+      public Create setUploadProtocol(java.lang.String uploadProtocol) {
+        return (Create) super.setUploadProtocol(uploadProtocol);
+      }
+
+      @Override
+      public Create set(String parameterName, Object value) {
+        return (Create) super.set(parameterName, value);
+      }
+    }
+    /**
+     * Delete an AccessPolicy by resource name. The longrunning Operation will have a successful status
+     * once the AccessPolicy has been removed from long-lasting storage.
+     *
+     * Create a request for the method "accessPolicies.delete".
+     *
+     * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+     * optional parameters, call the {@link Delete#execute()} method to invoke the remote operation.
+     *
+     * @param name Required. Resource name for the access policy to delete.
+    Format `accessPolicies/{policy_id}`
+     * @return the request
+     */
+    public Delete delete(java.lang.String name) throws java.io.IOException {
+      Delete result = new Delete(name);
+      initialize(result);
+      return result;
+    }
+
+    public class Delete extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.Operation> {
+
+      private static final String REST_PATH = "v1/{+name}";
+
+      private final java.util.regex.Pattern NAME_PATTERN =
+          java.util.regex.Pattern.compile("^accessPolicies/[^/]+$");
+
+      /**
+       * Delete an AccessPolicy by resource name. The longrunning Operation will have a successful
+       * status once the AccessPolicy has been removed from long-lasting storage.
+       *
+       * Create a request for the method "accessPolicies.delete".
+       *
+       * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+       * any optional parameters, call the {@link Delete#execute()} method to invoke the remote
+       * operation. <p> {@link
+       * Delete#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must
+       * be called to initialize this instance immediately after invoking the constructor. </p>
+       *
+       * @param name Required. Resource name for the access policy to delete.
+    Format `accessPolicies/{policy_id}`
+       * @since 1.13
+       */
+      protected Delete(java.lang.String name) {
+        super(AccessContextManager.this, "DELETE", REST_PATH, null, com.google.api.services.accesscontextmanager.v1.model.Operation.class);
+        this.name = com.google.api.client.util.Preconditions.checkNotNull(name, "Required parameter name must be specified.");
+        if (!getSuppressPatternChecks()) {
+          com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+              "Parameter name must conform to the pattern " +
+              "^accessPolicies/[^/]+$");
+        }
+      }
+
+      @Override
+      public Delete set$Xgafv(java.lang.String $Xgafv) {
+        return (Delete) super.set$Xgafv($Xgafv);
+      }
+
+      @Override
+      public Delete setAccessToken(java.lang.String accessToken) {
+        return (Delete) super.setAccessToken(accessToken);
+      }
+
+      @Override
+      public Delete setAlt(java.lang.String alt) {
+        return (Delete) super.setAlt(alt);
+      }
+
+      @Override
+      public Delete setCallback(java.lang.String callback) {
+        return (Delete) super.setCallback(callback);
+      }
+
+      @Override
+      public Delete setFields(java.lang.String fields) {
+        return (Delete) super.setFields(fields);
+      }
+
+      @Override
+      public Delete setKey(java.lang.String key) {
+        return (Delete) super.setKey(key);
+      }
+
+      @Override
+      public Delete setOauthToken(java.lang.String oauthToken) {
+        return (Delete) super.setOauthToken(oauthToken);
+      }
+
+      @Override
+      public Delete setPrettyPrint(java.lang.Boolean prettyPrint) {
+        return (Delete) super.setPrettyPrint(prettyPrint);
+      }
+
+      @Override
+      public Delete setQuotaUser(java.lang.String quotaUser) {
+        return (Delete) super.setQuotaUser(quotaUser);
+      }
+
+      @Override
+      public Delete setUploadType(java.lang.String uploadType) {
+        return (Delete) super.setUploadType(uploadType);
+      }
+
+      @Override
+      public Delete setUploadProtocol(java.lang.String uploadProtocol) {
+        return (Delete) super.setUploadProtocol(uploadProtocol);
+      }
+
+      /**
+       * Required. Resource name for the access policy to delete.
+       *
+       * Format `accessPolicies/{policy_id}`
+       */
+      @com.google.api.client.util.Key
+      private java.lang.String name;
+
+      /** Required. Resource name for the access policy to delete.
+
+     Format `accessPolicies/{policy_id}`
+       */
+      public java.lang.String getName() {
+        return name;
+      }
+
+      /**
+       * Required. Resource name for the access policy to delete.
+       *
+       * Format `accessPolicies/{policy_id}`
+       */
+      public Delete setName(java.lang.String name) {
+        if (!getSuppressPatternChecks()) {
+          com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+              "Parameter name must conform to the pattern " +
+              "^accessPolicies/[^/]+$");
+        }
+        this.name = name;
+        return this;
+      }
+
+      @Override
+      public Delete set(String parameterName, Object value) {
+        return (Delete) super.set(parameterName, value);
+      }
+    }
+    /**
+     * Get an AccessPolicy by name.
+     *
+     * Create a request for the method "accessPolicies.get".
+     *
+     * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+     * optional parameters, call the {@link Get#execute()} method to invoke the remote operation.
+     *
+     * @param name Required. Resource name for the access policy to get.
+    Format `accessPolicies/{policy_id}`
+     * @return the request
+     */
+    public Get get(java.lang.String name) throws java.io.IOException {
+      Get result = new Get(name);
+      initialize(result);
+      return result;
+    }
+
+    public class Get extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.AccessPolicy> {
+
+      private static final String REST_PATH = "v1/{+name}";
+
+      private final java.util.regex.Pattern NAME_PATTERN =
+          java.util.regex.Pattern.compile("^accessPolicies/[^/]+$");
+
+      /**
+       * Get an AccessPolicy by name.
+       *
+       * Create a request for the method "accessPolicies.get".
+       *
+       * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+       * any optional parameters, call the {@link Get#execute()} method to invoke the remote operation.
+       * <p> {@link
+       * Get#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must be
+       * called to initialize this instance immediately after invoking the constructor. </p>
+       *
+       * @param name Required. Resource name for the access policy to get.
+    Format `accessPolicies/{policy_id}`
+       * @since 1.13
+       */
+      protected Get(java.lang.String name) {
+        super(AccessContextManager.this, "GET", REST_PATH, null, com.google.api.services.accesscontextmanager.v1.model.AccessPolicy.class);
+        this.name = com.google.api.client.util.Preconditions.checkNotNull(name, "Required parameter name must be specified.");
+        if (!getSuppressPatternChecks()) {
+          com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+              "Parameter name must conform to the pattern " +
+              "^accessPolicies/[^/]+$");
+        }
+      }
+
+      @Override
+      public com.google.api.client.http.HttpResponse executeUsingHead() throws java.io.IOException {
+        return super.executeUsingHead();
+      }
+
+      @Override
+      public com.google.api.client.http.HttpRequest buildHttpRequestUsingHead() throws java.io.IOException {
+        return super.buildHttpRequestUsingHead();
+      }
+
+      @Override
+      public Get set$Xgafv(java.lang.String $Xgafv) {
+        return (Get) super.set$Xgafv($Xgafv);
+      }
+
+      @Override
+      public Get setAccessToken(java.lang.String accessToken) {
+        return (Get) super.setAccessToken(accessToken);
+      }
+
+      @Override
+      public Get setAlt(java.lang.String alt) {
+        return (Get) super.setAlt(alt);
+      }
+
+      @Override
+      public Get setCallback(java.lang.String callback) {
+        return (Get) super.setCallback(callback);
+      }
+
+      @Override
+      public Get setFields(java.lang.String fields) {
+        return (Get) super.setFields(fields);
+      }
+
+      @Override
+      public Get setKey(java.lang.String key) {
+        return (Get) super.setKey(key);
+      }
+
+      @Override
+      public Get setOauthToken(java.lang.String oauthToken) {
+        return (Get) super.setOauthToken(oauthToken);
+      }
+
+      @Override
+      public Get setPrettyPrint(java.lang.Boolean prettyPrint) {
+        return (Get) super.setPrettyPrint(prettyPrint);
+      }
+
+      @Override
+      public Get setQuotaUser(java.lang.String quotaUser) {
+        return (Get) super.setQuotaUser(quotaUser);
+      }
+
+      @Override
+      public Get setUploadType(java.lang.String uploadType) {
+        return (Get) super.setUploadType(uploadType);
+      }
+
+      @Override
+      public Get setUploadProtocol(java.lang.String uploadProtocol) {
+        return (Get) super.setUploadProtocol(uploadProtocol);
+      }
+
+      /**
+       * Required. Resource name for the access policy to get.
+       *
+       * Format `accessPolicies/{policy_id}`
+       */
+      @com.google.api.client.util.Key
+      private java.lang.String name;
+
+      /** Required. Resource name for the access policy to get.
+
+     Format `accessPolicies/{policy_id}`
+       */
+      public java.lang.String getName() {
+        return name;
+      }
+
+      /**
+       * Required. Resource name for the access policy to get.
+       *
+       * Format `accessPolicies/{policy_id}`
+       */
+      public Get setName(java.lang.String name) {
+        if (!getSuppressPatternChecks()) {
+          com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+              "Parameter name must conform to the pattern " +
+              "^accessPolicies/[^/]+$");
+        }
+        this.name = name;
+        return this;
+      }
+
+      @Override
+      public Get set(String parameterName, Object value) {
+        return (Get) super.set(parameterName, value);
+      }
+    }
+    /**
+     * List all AccessPolicies under a container.
+     *
+     * Create a request for the method "accessPolicies.list".
+     *
+     * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+     * optional parameters, call the {@link List#execute()} method to invoke the remote operation.
+     *
+     * @return the request
+     */
+    public List list() throws java.io.IOException {
+      List result = new List();
+      initialize(result);
+      return result;
+    }
+
+    public class List extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.ListAccessPoliciesResponse> {
+
+      private static final String REST_PATH = "v1/accessPolicies";
+
+      /**
+       * List all AccessPolicies under a container.
+       *
+       * Create a request for the method "accessPolicies.list".
+       *
+       * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+       * any optional parameters, call the {@link List#execute()} method to invoke the remote operation.
+       * <p> {@link
+       * List#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must be
+       * called to initialize this instance immediately after invoking the constructor. </p>
+       *
+       * @since 1.13
+       */
+      protected List() {
+        super(AccessContextManager.this, "GET", REST_PATH, null, com.google.api.services.accesscontextmanager.v1.model.ListAccessPoliciesResponse.class);
+      }
+
+      @Override
+      public com.google.api.client.http.HttpResponse executeUsingHead() throws java.io.IOException {
+        return super.executeUsingHead();
+      }
+
+      @Override
+      public com.google.api.client.http.HttpRequest buildHttpRequestUsingHead() throws java.io.IOException {
+        return super.buildHttpRequestUsingHead();
+      }
+
+      @Override
+      public List set$Xgafv(java.lang.String $Xgafv) {
+        return (List) super.set$Xgafv($Xgafv);
+      }
+
+      @Override
+      public List setAccessToken(java.lang.String accessToken) {
+        return (List) super.setAccessToken(accessToken);
+      }
+
+      @Override
+      public List setAlt(java.lang.String alt) {
+        return (List) super.setAlt(alt);
+      }
+
+      @Override
+      public List setCallback(java.lang.String callback) {
+        return (List) super.setCallback(callback);
+      }
+
+      @Override
+      public List setFields(java.lang.String fields) {
+        return (List) super.setFields(fields);
+      }
+
+      @Override
+      public List setKey(java.lang.String key) {
+        return (List) super.setKey(key);
+      }
+
+      @Override
+      public List setOauthToken(java.lang.String oauthToken) {
+        return (List) super.setOauthToken(oauthToken);
+      }
+
+      @Override
+      public List setPrettyPrint(java.lang.Boolean prettyPrint) {
+        return (List) super.setPrettyPrint(prettyPrint);
+      }
+
+      @Override
+      public List setQuotaUser(java.lang.String quotaUser) {
+        return (List) super.setQuotaUser(quotaUser);
+      }
+
+      @Override
+      public List setUploadType(java.lang.String uploadType) {
+        return (List) super.setUploadType(uploadType);
+      }
+
+      @Override
+      public List setUploadProtocol(java.lang.String uploadProtocol) {
+        return (List) super.setUploadProtocol(uploadProtocol);
+      }
+
+      /** Number of AccessPolicy instances to include in the list. Default 100. */
+      @com.google.api.client.util.Key
+      private java.lang.Integer pageSize;
+
+      /** Number of AccessPolicy instances to include in the list. Default 100.
+       */
+      public java.lang.Integer getPageSize() {
+        return pageSize;
+      }
+
+      /** Number of AccessPolicy instances to include in the list. Default 100. */
+      public List setPageSize(java.lang.Integer pageSize) {
+        this.pageSize = pageSize;
+        return this;
+      }
+
+      /**
+       * Next page token for the next batch of AccessPolicy instances. Defaults to the first page of
+       * results.
+       */
+      @com.google.api.client.util.Key
+      private java.lang.String pageToken;
+
+      /** Next page token for the next batch of AccessPolicy instances. Defaults to the first page of
+     results.
+       */
+      public java.lang.String getPageToken() {
+        return pageToken;
+      }
+
+      /**
+       * Next page token for the next batch of AccessPolicy instances. Defaults to the first page of
+       * results.
+       */
+      public List setPageToken(java.lang.String pageToken) {
+        this.pageToken = pageToken;
+        return this;
+      }
+
+      /**
+       * Required. Resource name for the container to list AccessPolicy instances from.
+       *
+       * Format: `organizations/{org_id}`
+       */
+      @com.google.api.client.util.Key
+      private java.lang.String parent;
+
+      /** Required. Resource name for the container to list AccessPolicy instances from.
+
+     Format: `organizations/{org_id}`
+       */
+      public java.lang.String getParent() {
+        return parent;
+      }
+
+      /**
+       * Required. Resource name for the container to list AccessPolicy instances from.
+       *
+       * Format: `organizations/{org_id}`
+       */
+      public List setParent(java.lang.String parent) {
+        this.parent = parent;
+        return this;
+      }
+
+      @Override
+      public List set(String parameterName, Object value) {
+        return (List) super.set(parameterName, value);
+      }
+    }
+    /**
+     * Update an AccessPolicy. The longrunning Operation from this RPC will have a successful status
+     * once the changes to the AccessPolicy have propagated to long-lasting storage. Syntactic and basic
+     * semantic errors will be returned in `metadata` as a BadRequest proto.
+     *
+     * Create a request for the method "accessPolicies.patch".
+     *
+     * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+     * optional parameters, call the {@link Patch#execute()} method to invoke the remote operation.
+     *
+     * @param name Output only. Resource name of the `AccessPolicy`. Format:
+    `accessPolicies/{policy_id}`
+     * @param content the {@link com.google.api.services.accesscontextmanager.v1.model.AccessPolicy}
+     * @return the request
+     */
+    public Patch patch(java.lang.String name, com.google.api.services.accesscontextmanager.v1.model.AccessPolicy content) throws java.io.IOException {
+      Patch result = new Patch(name, content);
+      initialize(result);
+      return result;
+    }
+
+    public class Patch extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.Operation> {
+
+      private static final String REST_PATH = "v1/{+name}";
+
+      private final java.util.regex.Pattern NAME_PATTERN =
+          java.util.regex.Pattern.compile("^accessPolicies/[^/]+$");
+
+      /**
+       * Update an AccessPolicy. The longrunning Operation from this RPC will have a successful status
+       * once the changes to the AccessPolicy have propagated to long-lasting storage. Syntactic and
+       * basic semantic errors will be returned in `metadata` as a BadRequest proto.
+       *
+       * Create a request for the method "accessPolicies.patch".
+       *
+       * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+       * any optional parameters, call the {@link Patch#execute()} method to invoke the remote
+       * operation. <p> {@link
+       * Patch#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must
+       * be called to initialize this instance immediately after invoking the constructor. </p>
+       *
+       * @param name Output only. Resource name of the `AccessPolicy`. Format:
+    `accessPolicies/{policy_id}`
+       * @param content the {@link com.google.api.services.accesscontextmanager.v1.model.AccessPolicy}
+       * @since 1.13
+       */
+      protected Patch(java.lang.String name, com.google.api.services.accesscontextmanager.v1.model.AccessPolicy content) {
+        super(AccessContextManager.this, "PATCH", REST_PATH, content, com.google.api.services.accesscontextmanager.v1.model.Operation.class);
+        this.name = com.google.api.client.util.Preconditions.checkNotNull(name, "Required parameter name must be specified.");
+        if (!getSuppressPatternChecks()) {
+          com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+              "Parameter name must conform to the pattern " +
+              "^accessPolicies/[^/]+$");
+        }
+      }
+
+      @Override
+      public Patch set$Xgafv(java.lang.String $Xgafv) {
+        return (Patch) super.set$Xgafv($Xgafv);
+      }
+
+      @Override
+      public Patch setAccessToken(java.lang.String accessToken) {
+        return (Patch) super.setAccessToken(accessToken);
+      }
+
+      @Override
+      public Patch setAlt(java.lang.String alt) {
+        return (Patch) super.setAlt(alt);
+      }
+
+      @Override
+      public Patch setCallback(java.lang.String callback) {
+        return (Patch) super.setCallback(callback);
+      }
+
+      @Override
+      public Patch setFields(java.lang.String fields) {
+        return (Patch) super.setFields(fields);
+      }
+
+      @Override
+      public Patch setKey(java.lang.String key) {
+        return (Patch) super.setKey(key);
+      }
+
+      @Override
+      public Patch setOauthToken(java.lang.String oauthToken) {
+        return (Patch) super.setOauthToken(oauthToken);
+      }
+
+      @Override
+      public Patch setPrettyPrint(java.lang.Boolean prettyPrint) {
+        return (Patch) super.setPrettyPrint(prettyPrint);
+      }
+
+      @Override
+      public Patch setQuotaUser(java.lang.String quotaUser) {
+        return (Patch) super.setQuotaUser(quotaUser);
+      }
+
+      @Override
+      public Patch setUploadType(java.lang.String uploadType) {
+        return (Patch) super.setUploadType(uploadType);
+      }
+
+      @Override
+      public Patch setUploadProtocol(java.lang.String uploadProtocol) {
+        return (Patch) super.setUploadProtocol(uploadProtocol);
+      }
+
+      /**
+       * Output only. Resource name of the `AccessPolicy`. Format: `accessPolicies/{policy_id}`
+       */
+      @com.google.api.client.util.Key
+      private java.lang.String name;
+
+      /** Output only. Resource name of the `AccessPolicy`. Format: `accessPolicies/{policy_id}`
+       */
+      public java.lang.String getName() {
+        return name;
+      }
+
+      /**
+       * Output only. Resource name of the `AccessPolicy`. Format: `accessPolicies/{policy_id}`
+       */
+      public Patch setName(java.lang.String name) {
+        if (!getSuppressPatternChecks()) {
+          com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+              "Parameter name must conform to the pattern " +
+              "^accessPolicies/[^/]+$");
+        }
+        this.name = name;
+        return this;
+      }
+
+      /** Required. Mask to control which fields get updated. Must be non-empty. */
+      @com.google.api.client.util.Key
+      private String updateMask;
+
+      /** Required. Mask to control which fields get updated. Must be non-empty.
+       */
+      public String getUpdateMask() {
+        return updateMask;
+      }
+
+      /** Required. Mask to control which fields get updated. Must be non-empty. */
+      public Patch setUpdateMask(String updateMask) {
+        this.updateMask = updateMask;
+        return this;
+      }
+
+      @Override
+      public Patch set(String parameterName, Object value) {
+        return (Patch) super.set(parameterName, value);
+      }
+    }
+
+    /**
+     * An accessor for creating requests from the AccessLevels collection.
+     *
+     * <p>The typical use is:</p>
+     * <pre>
+     *   {@code AccessContextManager accesscontextmanager = new AccessContextManager(...);}
+     *   {@code AccessContextManager.AccessLevels.List request = accesscontextmanager.accessLevels().list(parameters ...)}
+     * </pre>
+     *
+     * @return the resource collection
+     */
+    public AccessLevels accessLevels() {
+      return new AccessLevels();
+    }
+
+    /**
+     * The "accessLevels" collection of methods.
+     */
+    public class AccessLevels {
+
+      /**
+       * Create an Access Level. The longrunning operation from this RPC will have a successful status
+       * once the Access Level has propagated to long-lasting storage. Access Levels containing errors
+       * will result in an error response for the first error encountered.
+       *
+       * Create a request for the method "accessLevels.create".
+       *
+       * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+       * optional parameters, call the {@link Create#execute()} method to invoke the remote operation.
+       *
+       * @param parent Required. Resource name for the access policy which owns this Access
+      Level.
+      Format:
+       *        `accessPolicies/{policy_id}`
+       * @param content the {@link com.google.api.services.accesscontextmanager.v1.model.AccessLevel}
+       * @return the request
+       */
+      public Create create(java.lang.String parent, com.google.api.services.accesscontextmanager.v1.model.AccessLevel content) throws java.io.IOException {
+        Create result = new Create(parent, content);
+        initialize(result);
+        return result;
+      }
+
+      public class Create extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.Operation> {
+
+        private static final String REST_PATH = "v1/{+parent}/accessLevels";
+
+        private final java.util.regex.Pattern PARENT_PATTERN =
+            java.util.regex.Pattern.compile("^accessPolicies/[^/]+$");
+
+        /**
+         * Create an Access Level. The longrunning operation from this RPC will have a successful status
+         * once the Access Level has propagated to long-lasting storage. Access Levels containing errors
+         * will result in an error response for the first error encountered.
+         *
+         * Create a request for the method "accessLevels.create".
+         *
+         * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+         * any optional parameters, call the {@link Create#execute()} method to invoke the remote
+         * operation. <p> {@link
+         * Create#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must
+         * be called to initialize this instance immediately after invoking the constructor. </p>
+         *
+         * @param parent Required. Resource name for the access policy which owns this Access
+      Level.
+      Format:
+       *        `accessPolicies/{policy_id}`
+         * @param content the {@link com.google.api.services.accesscontextmanager.v1.model.AccessLevel}
+         * @since 1.13
+         */
+        protected Create(java.lang.String parent, com.google.api.services.accesscontextmanager.v1.model.AccessLevel content) {
+          super(AccessContextManager.this, "POST", REST_PATH, content, com.google.api.services.accesscontextmanager.v1.model.Operation.class);
+          this.parent = com.google.api.client.util.Preconditions.checkNotNull(parent, "Required parameter parent must be specified.");
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(PARENT_PATTERN.matcher(parent).matches(),
+                "Parameter parent must conform to the pattern " +
+                "^accessPolicies/[^/]+$");
+          }
+        }
+
+        @Override
+        public Create set$Xgafv(java.lang.String $Xgafv) {
+          return (Create) super.set$Xgafv($Xgafv);
+        }
+
+        @Override
+        public Create setAccessToken(java.lang.String accessToken) {
+          return (Create) super.setAccessToken(accessToken);
+        }
+
+        @Override
+        public Create setAlt(java.lang.String alt) {
+          return (Create) super.setAlt(alt);
+        }
+
+        @Override
+        public Create setCallback(java.lang.String callback) {
+          return (Create) super.setCallback(callback);
+        }
+
+        @Override
+        public Create setFields(java.lang.String fields) {
+          return (Create) super.setFields(fields);
+        }
+
+        @Override
+        public Create setKey(java.lang.String key) {
+          return (Create) super.setKey(key);
+        }
+
+        @Override
+        public Create setOauthToken(java.lang.String oauthToken) {
+          return (Create) super.setOauthToken(oauthToken);
+        }
+
+        @Override
+        public Create setPrettyPrint(java.lang.Boolean prettyPrint) {
+          return (Create) super.setPrettyPrint(prettyPrint);
+        }
+
+        @Override
+        public Create setQuotaUser(java.lang.String quotaUser) {
+          return (Create) super.setQuotaUser(quotaUser);
+        }
+
+        @Override
+        public Create setUploadType(java.lang.String uploadType) {
+          return (Create) super.setUploadType(uploadType);
+        }
+
+        @Override
+        public Create setUploadProtocol(java.lang.String uploadProtocol) {
+          return (Create) super.setUploadProtocol(uploadProtocol);
+        }
+
+        /**
+         * Required. Resource name for the access policy which owns this Access Level.
+         *
+         * Format: `accessPolicies/{policy_id}`
+         */
+        @com.google.api.client.util.Key
+        private java.lang.String parent;
+
+        /** Required. Resource name for the access policy which owns this Access Level.
+
+       Format: `accessPolicies/{policy_id}`
+         */
+        public java.lang.String getParent() {
+          return parent;
+        }
+
+        /**
+         * Required. Resource name for the access policy which owns this Access Level.
+         *
+         * Format: `accessPolicies/{policy_id}`
+         */
+        public Create setParent(java.lang.String parent) {
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(PARENT_PATTERN.matcher(parent).matches(),
+                "Parameter parent must conform to the pattern " +
+                "^accessPolicies/[^/]+$");
+          }
+          this.parent = parent;
+          return this;
+        }
+
+        @Override
+        public Create set(String parameterName, Object value) {
+          return (Create) super.set(parameterName, value);
+        }
+      }
+      /**
+       * Delete an Access Level by resource name. The longrunning operation from this RPC will have a
+       * successful status once the Access Level has been removed from long-lasting storage.
+       *
+       * Create a request for the method "accessLevels.delete".
+       *
+       * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+       * optional parameters, call the {@link Delete#execute()} method to invoke the remote operation.
+       *
+       * @param name Required. Resource name for the Access Level.
+      Format:
+       *        `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
+       * @return the request
+       */
+      public Delete delete(java.lang.String name) throws java.io.IOException {
+        Delete result = new Delete(name);
+        initialize(result);
+        return result;
+      }
+
+      public class Delete extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.Operation> {
+
+        private static final String REST_PATH = "v1/{+name}";
+
+        private final java.util.regex.Pattern NAME_PATTERN =
+            java.util.regex.Pattern.compile("^accessPolicies/[^/]+/accessLevels/[^/]+$");
+
+        /**
+         * Delete an Access Level by resource name. The longrunning operation from this RPC will have a
+         * successful status once the Access Level has been removed from long-lasting storage.
+         *
+         * Create a request for the method "accessLevels.delete".
+         *
+         * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+         * any optional parameters, call the {@link Delete#execute()} method to invoke the remote
+         * operation. <p> {@link
+         * Delete#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must
+         * be called to initialize this instance immediately after invoking the constructor. </p>
+         *
+         * @param name Required. Resource name for the Access Level.
+      Format:
+       *        `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
+         * @since 1.13
+         */
+        protected Delete(java.lang.String name) {
+          super(AccessContextManager.this, "DELETE", REST_PATH, null, com.google.api.services.accesscontextmanager.v1.model.Operation.class);
+          this.name = com.google.api.client.util.Preconditions.checkNotNull(name, "Required parameter name must be specified.");
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+                "Parameter name must conform to the pattern " +
+                "^accessPolicies/[^/]+/accessLevels/[^/]+$");
+          }
+        }
+
+        @Override
+        public Delete set$Xgafv(java.lang.String $Xgafv) {
+          return (Delete) super.set$Xgafv($Xgafv);
+        }
+
+        @Override
+        public Delete setAccessToken(java.lang.String accessToken) {
+          return (Delete) super.setAccessToken(accessToken);
+        }
+
+        @Override
+        public Delete setAlt(java.lang.String alt) {
+          return (Delete) super.setAlt(alt);
+        }
+
+        @Override
+        public Delete setCallback(java.lang.String callback) {
+          return (Delete) super.setCallback(callback);
+        }
+
+        @Override
+        public Delete setFields(java.lang.String fields) {
+          return (Delete) super.setFields(fields);
+        }
+
+        @Override
+        public Delete setKey(java.lang.String key) {
+          return (Delete) super.setKey(key);
+        }
+
+        @Override
+        public Delete setOauthToken(java.lang.String oauthToken) {
+          return (Delete) super.setOauthToken(oauthToken);
+        }
+
+        @Override
+        public Delete setPrettyPrint(java.lang.Boolean prettyPrint) {
+          return (Delete) super.setPrettyPrint(prettyPrint);
+        }
+
+        @Override
+        public Delete setQuotaUser(java.lang.String quotaUser) {
+          return (Delete) super.setQuotaUser(quotaUser);
+        }
+
+        @Override
+        public Delete setUploadType(java.lang.String uploadType) {
+          return (Delete) super.setUploadType(uploadType);
+        }
+
+        @Override
+        public Delete setUploadProtocol(java.lang.String uploadProtocol) {
+          return (Delete) super.setUploadProtocol(uploadProtocol);
+        }
+
+        /**
+         * Required. Resource name for the Access Level.
+         *
+         * Format: `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
+         */
+        @com.google.api.client.util.Key
+        private java.lang.String name;
+
+        /** Required. Resource name for the Access Level.
+
+       Format: `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
+         */
+        public java.lang.String getName() {
+          return name;
+        }
+
+        /**
+         * Required. Resource name for the Access Level.
+         *
+         * Format: `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
+         */
+        public Delete setName(java.lang.String name) {
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+                "Parameter name must conform to the pattern " +
+                "^accessPolicies/[^/]+/accessLevels/[^/]+$");
+          }
+          this.name = name;
+          return this;
+        }
+
+        @Override
+        public Delete set(String parameterName, Object value) {
+          return (Delete) super.set(parameterName, value);
+        }
+      }
+      /**
+       * Get an Access Level by resource name.
+       *
+       * Create a request for the method "accessLevels.get".
+       *
+       * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+       * optional parameters, call the {@link Get#execute()} method to invoke the remote operation.
+       *
+       * @param name Required. Resource name for the Access Level.
+      Format:
+       *        `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
+       * @return the request
+       */
+      public Get get(java.lang.String name) throws java.io.IOException {
+        Get result = new Get(name);
+        initialize(result);
+        return result;
+      }
+
+      public class Get extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.AccessLevel> {
+
+        private static final String REST_PATH = "v1/{+name}";
+
+        private final java.util.regex.Pattern NAME_PATTERN =
+            java.util.regex.Pattern.compile("^accessPolicies/[^/]+/accessLevels/[^/]+$");
+
+        /**
+         * Get an Access Level by resource name.
+         *
+         * Create a request for the method "accessLevels.get".
+         *
+         * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+         * any optional parameters, call the {@link Get#execute()} method to invoke the remote operation.
+         * <p> {@link
+         * Get#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must be
+         * called to initialize this instance immediately after invoking the constructor. </p>
+         *
+         * @param name Required. Resource name for the Access Level.
+      Format:
+       *        `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
+         * @since 1.13
+         */
+        protected Get(java.lang.String name) {
+          super(AccessContextManager.this, "GET", REST_PATH, null, com.google.api.services.accesscontextmanager.v1.model.AccessLevel.class);
+          this.name = com.google.api.client.util.Preconditions.checkNotNull(name, "Required parameter name must be specified.");
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+                "Parameter name must conform to the pattern " +
+                "^accessPolicies/[^/]+/accessLevels/[^/]+$");
+          }
+        }
+
+        @Override
+        public com.google.api.client.http.HttpResponse executeUsingHead() throws java.io.IOException {
+          return super.executeUsingHead();
+        }
+
+        @Override
+        public com.google.api.client.http.HttpRequest buildHttpRequestUsingHead() throws java.io.IOException {
+          return super.buildHttpRequestUsingHead();
+        }
+
+        @Override
+        public Get set$Xgafv(java.lang.String $Xgafv) {
+          return (Get) super.set$Xgafv($Xgafv);
+        }
+
+        @Override
+        public Get setAccessToken(java.lang.String accessToken) {
+          return (Get) super.setAccessToken(accessToken);
+        }
+
+        @Override
+        public Get setAlt(java.lang.String alt) {
+          return (Get) super.setAlt(alt);
+        }
+
+        @Override
+        public Get setCallback(java.lang.String callback) {
+          return (Get) super.setCallback(callback);
+        }
+
+        @Override
+        public Get setFields(java.lang.String fields) {
+          return (Get) super.setFields(fields);
+        }
+
+        @Override
+        public Get setKey(java.lang.String key) {
+          return (Get) super.setKey(key);
+        }
+
+        @Override
+        public Get setOauthToken(java.lang.String oauthToken) {
+          return (Get) super.setOauthToken(oauthToken);
+        }
+
+        @Override
+        public Get setPrettyPrint(java.lang.Boolean prettyPrint) {
+          return (Get) super.setPrettyPrint(prettyPrint);
+        }
+
+        @Override
+        public Get setQuotaUser(java.lang.String quotaUser) {
+          return (Get) super.setQuotaUser(quotaUser);
+        }
+
+        @Override
+        public Get setUploadType(java.lang.String uploadType) {
+          return (Get) super.setUploadType(uploadType);
+        }
+
+        @Override
+        public Get setUploadProtocol(java.lang.String uploadProtocol) {
+          return (Get) super.setUploadProtocol(uploadProtocol);
+        }
+
+        /**
+         * Required. Resource name for the Access Level.
+         *
+         * Format: `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
+         */
+        @com.google.api.client.util.Key
+        private java.lang.String name;
+
+        /** Required. Resource name for the Access Level.
+
+       Format: `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
+         */
+        public java.lang.String getName() {
+          return name;
+        }
+
+        /**
+         * Required. Resource name for the Access Level.
+         *
+         * Format: `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
+         */
+        public Get setName(java.lang.String name) {
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+                "Parameter name must conform to the pattern " +
+                "^accessPolicies/[^/]+/accessLevels/[^/]+$");
+          }
+          this.name = name;
+          return this;
+        }
+
+        /**
+         * Whether to return `BasicLevels` in the Cloud Common Expression Language rather than as
+         * `BasicLevels`. Defaults to AS_DEFINED, where Access Levels are returned as `BasicLevels`
+         * or `CustomLevels` based on how they were created. If set to CEL, all Access Levels are
+         * returned as `CustomLevels`. In the CEL case, `BasicLevels` are translated to equivalent
+         * `CustomLevels`.
+         */
+        @com.google.api.client.util.Key
+        private java.lang.String accessLevelFormat;
+
+        /** Whether to return `BasicLevels` in the Cloud Common Expression Language rather than as
+       `BasicLevels`. Defaults to AS_DEFINED, where Access Levels are returned as `BasicLevels` or
+       `CustomLevels` based on how they were created. If set to CEL, all Access Levels are returned as
+       `CustomLevels`. In the CEL case, `BasicLevels` are translated to equivalent `CustomLevels`.
+         */
+        public java.lang.String getAccessLevelFormat() {
+          return accessLevelFormat;
+        }
+
+        /**
+         * Whether to return `BasicLevels` in the Cloud Common Expression Language rather than as
+         * `BasicLevels`. Defaults to AS_DEFINED, where Access Levels are returned as `BasicLevels`
+         * or `CustomLevels` based on how they were created. If set to CEL, all Access Levels are
+         * returned as `CustomLevels`. In the CEL case, `BasicLevels` are translated to equivalent
+         * `CustomLevels`.
+         */
+        public Get setAccessLevelFormat(java.lang.String accessLevelFormat) {
+          this.accessLevelFormat = accessLevelFormat;
+          return this;
+        }
+
+        @Override
+        public Get set(String parameterName, Object value) {
+          return (Get) super.set(parameterName, value);
+        }
+      }
+      /**
+       * List all Access Levels for an access policy.
+       *
+       * Create a request for the method "accessLevels.list".
+       *
+       * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+       * optional parameters, call the {@link List#execute()} method to invoke the remote operation.
+       *
+       * @param parent Required. Resource name for the access policy to list Access Levels from.
+      Format:
+       *        `accessPolicies/{policy_id}`
+       * @return the request
+       */
+      public List list(java.lang.String parent) throws java.io.IOException {
+        List result = new List(parent);
+        initialize(result);
+        return result;
+      }
+
+      public class List extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.ListAccessLevelsResponse> {
+
+        private static final String REST_PATH = "v1/{+parent}/accessLevels";
+
+        private final java.util.regex.Pattern PARENT_PATTERN =
+            java.util.regex.Pattern.compile("^accessPolicies/[^/]+$");
+
+        /**
+         * List all Access Levels for an access policy.
+         *
+         * Create a request for the method "accessLevels.list".
+         *
+         * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+         * any optional parameters, call the {@link List#execute()} method to invoke the remote operation.
+         * <p> {@link
+         * List#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must be
+         * called to initialize this instance immediately after invoking the constructor. </p>
+         *
+         * @param parent Required. Resource name for the access policy to list Access Levels from.
+      Format:
+       *        `accessPolicies/{policy_id}`
+         * @since 1.13
+         */
+        protected List(java.lang.String parent) {
+          super(AccessContextManager.this, "GET", REST_PATH, null, com.google.api.services.accesscontextmanager.v1.model.ListAccessLevelsResponse.class);
+          this.parent = com.google.api.client.util.Preconditions.checkNotNull(parent, "Required parameter parent must be specified.");
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(PARENT_PATTERN.matcher(parent).matches(),
+                "Parameter parent must conform to the pattern " +
+                "^accessPolicies/[^/]+$");
+          }
+        }
+
+        @Override
+        public com.google.api.client.http.HttpResponse executeUsingHead() throws java.io.IOException {
+          return super.executeUsingHead();
+        }
+
+        @Override
+        public com.google.api.client.http.HttpRequest buildHttpRequestUsingHead() throws java.io.IOException {
+          return super.buildHttpRequestUsingHead();
+        }
+
+        @Override
+        public List set$Xgafv(java.lang.String $Xgafv) {
+          return (List) super.set$Xgafv($Xgafv);
+        }
+
+        @Override
+        public List setAccessToken(java.lang.String accessToken) {
+          return (List) super.setAccessToken(accessToken);
+        }
+
+        @Override
+        public List setAlt(java.lang.String alt) {
+          return (List) super.setAlt(alt);
+        }
+
+        @Override
+        public List setCallback(java.lang.String callback) {
+          return (List) super.setCallback(callback);
+        }
+
+        @Override
+        public List setFields(java.lang.String fields) {
+          return (List) super.setFields(fields);
+        }
+
+        @Override
+        public List setKey(java.lang.String key) {
+          return (List) super.setKey(key);
+        }
+
+        @Override
+        public List setOauthToken(java.lang.String oauthToken) {
+          return (List) super.setOauthToken(oauthToken);
+        }
+
+        @Override
+        public List setPrettyPrint(java.lang.Boolean prettyPrint) {
+          return (List) super.setPrettyPrint(prettyPrint);
+        }
+
+        @Override
+        public List setQuotaUser(java.lang.String quotaUser) {
+          return (List) super.setQuotaUser(quotaUser);
+        }
+
+        @Override
+        public List setUploadType(java.lang.String uploadType) {
+          return (List) super.setUploadType(uploadType);
+        }
+
+        @Override
+        public List setUploadProtocol(java.lang.String uploadProtocol) {
+          return (List) super.setUploadProtocol(uploadProtocol);
+        }
+
+        /**
+         * Required. Resource name for the access policy to list Access Levels from.
+         *
+         * Format: `accessPolicies/{policy_id}`
+         */
+        @com.google.api.client.util.Key
+        private java.lang.String parent;
+
+        /** Required. Resource name for the access policy to list Access Levels from.
+
+       Format: `accessPolicies/{policy_id}`
+         */
+        public java.lang.String getParent() {
+          return parent;
+        }
+
+        /**
+         * Required. Resource name for the access policy to list Access Levels from.
+         *
+         * Format: `accessPolicies/{policy_id}`
+         */
+        public List setParent(java.lang.String parent) {
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(PARENT_PATTERN.matcher(parent).matches(),
+                "Parameter parent must conform to the pattern " +
+                "^accessPolicies/[^/]+$");
+          }
+          this.parent = parent;
+          return this;
+        }
+
+        /**
+         * Whether to return `BasicLevels` in the Cloud Common Expression language, as
+         * `CustomLevels`, rather than as `BasicLevels`. Defaults to returning `AccessLevels` in the
+         * format they were defined.
+         */
+        @com.google.api.client.util.Key
+        private java.lang.String accessLevelFormat;
+
+        /** Whether to return `BasicLevels` in the Cloud Common Expression language, as `CustomLevels`, rather
+       than as `BasicLevels`. Defaults to returning `AccessLevels` in the format they were defined.
+         */
+        public java.lang.String getAccessLevelFormat() {
+          return accessLevelFormat;
+        }
+
+        /**
+         * Whether to return `BasicLevels` in the Cloud Common Expression language, as
+         * `CustomLevels`, rather than as `BasicLevels`. Defaults to returning `AccessLevels` in the
+         * format they were defined.
+         */
+        public List setAccessLevelFormat(java.lang.String accessLevelFormat) {
+          this.accessLevelFormat = accessLevelFormat;
+          return this;
+        }
+
+        /**
+         * Number of Access Levels to include in the list. Default 100.
+         */
+        @com.google.api.client.util.Key
+        private java.lang.Integer pageSize;
+
+        /** Number of Access Levels to include in the list. Default 100.
+         */
+        public java.lang.Integer getPageSize() {
+          return pageSize;
+        }
+
+        /**
+         * Number of Access Levels to include in the list. Default 100.
+         */
+        public List setPageSize(java.lang.Integer pageSize) {
+          this.pageSize = pageSize;
+          return this;
+        }
+
+        /**
+         * Next page token for the next batch of Access Level instances. Defaults to the first page
+         * of results.
+         */
+        @com.google.api.client.util.Key
+        private java.lang.String pageToken;
+
+        /** Next page token for the next batch of Access Level instances. Defaults to the first page of
+       results.
+         */
+        public java.lang.String getPageToken() {
+          return pageToken;
+        }
+
+        /**
+         * Next page token for the next batch of Access Level instances. Defaults to the first page
+         * of results.
+         */
+        public List setPageToken(java.lang.String pageToken) {
+          this.pageToken = pageToken;
+          return this;
+        }
+
+        @Override
+        public List set(String parameterName, Object value) {
+          return (List) super.set(parameterName, value);
+        }
+      }
+      /**
+       * Update an Access Level. The longrunning operation from this RPC will have a successful status
+       * once the changes to the Access Level have propagated to long-lasting storage. Access Levels
+       * containing errors will result in an error response for the first error encountered.
+       *
+       * Create a request for the method "accessLevels.patch".
+       *
+       * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+       * optional parameters, call the {@link Patch#execute()} method to invoke the remote operation.
+       *
+       * @param name Required. Resource name for the Access Level. The `short_name` component
+      must begin with a letter
+       *        and only include alphanumeric and '_'. Format:
+       *        `accessPolicies/{policy_id}/accessLevels/{short_name}`
+       * @param content the {@link com.google.api.services.accesscontextmanager.v1.model.AccessLevel}
+       * @return the request
+       */
+      public Patch patch(java.lang.String name, com.google.api.services.accesscontextmanager.v1.model.AccessLevel content) throws java.io.IOException {
+        Patch result = new Patch(name, content);
+        initialize(result);
+        return result;
+      }
+
+      public class Patch extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.Operation> {
+
+        private static final String REST_PATH = "v1/{+name}";
+
+        private final java.util.regex.Pattern NAME_PATTERN =
+            java.util.regex.Pattern.compile("^accessPolicies/[^/]+/accessLevels/[^/]+$");
+
+        /**
+         * Update an Access Level. The longrunning operation from this RPC will have a successful status
+         * once the changes to the Access Level have propagated to long-lasting storage. Access Levels
+         * containing errors will result in an error response for the first error encountered.
+         *
+         * Create a request for the method "accessLevels.patch".
+         *
+         * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+         * any optional parameters, call the {@link Patch#execute()} method to invoke the remote
+         * operation. <p> {@link
+         * Patch#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must
+         * be called to initialize this instance immediately after invoking the constructor. </p>
+         *
+         * @param name Required. Resource name for the Access Level. The `short_name` component
+      must begin with a letter
+       *        and only include alphanumeric and '_'. Format:
+       *        `accessPolicies/{policy_id}/accessLevels/{short_name}`
+         * @param content the {@link com.google.api.services.accesscontextmanager.v1.model.AccessLevel}
+         * @since 1.13
+         */
+        protected Patch(java.lang.String name, com.google.api.services.accesscontextmanager.v1.model.AccessLevel content) {
+          super(AccessContextManager.this, "PATCH", REST_PATH, content, com.google.api.services.accesscontextmanager.v1.model.Operation.class);
+          this.name = com.google.api.client.util.Preconditions.checkNotNull(name, "Required parameter name must be specified.");
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+                "Parameter name must conform to the pattern " +
+                "^accessPolicies/[^/]+/accessLevels/[^/]+$");
+          }
+        }
+
+        @Override
+        public Patch set$Xgafv(java.lang.String $Xgafv) {
+          return (Patch) super.set$Xgafv($Xgafv);
+        }
+
+        @Override
+        public Patch setAccessToken(java.lang.String accessToken) {
+          return (Patch) super.setAccessToken(accessToken);
+        }
+
+        @Override
+        public Patch setAlt(java.lang.String alt) {
+          return (Patch) super.setAlt(alt);
+        }
+
+        @Override
+        public Patch setCallback(java.lang.String callback) {
+          return (Patch) super.setCallback(callback);
+        }
+
+        @Override
+        public Patch setFields(java.lang.String fields) {
+          return (Patch) super.setFields(fields);
+        }
+
+        @Override
+        public Patch setKey(java.lang.String key) {
+          return (Patch) super.setKey(key);
+        }
+
+        @Override
+        public Patch setOauthToken(java.lang.String oauthToken) {
+          return (Patch) super.setOauthToken(oauthToken);
+        }
+
+        @Override
+        public Patch setPrettyPrint(java.lang.Boolean prettyPrint) {
+          return (Patch) super.setPrettyPrint(prettyPrint);
+        }
+
+        @Override
+        public Patch setQuotaUser(java.lang.String quotaUser) {
+          return (Patch) super.setQuotaUser(quotaUser);
+        }
+
+        @Override
+        public Patch setUploadType(java.lang.String uploadType) {
+          return (Patch) super.setUploadType(uploadType);
+        }
+
+        @Override
+        public Patch setUploadProtocol(java.lang.String uploadProtocol) {
+          return (Patch) super.setUploadProtocol(uploadProtocol);
+        }
+
+        /**
+         * Required. Resource name for the Access Level. The `short_name` component must begin with
+         * a letter and only include alphanumeric and '_'. Format:
+         * `accessPolicies/{policy_id}/accessLevels/{short_name}`
+         */
+        @com.google.api.client.util.Key
+        private java.lang.String name;
+
+        /** Required. Resource name for the Access Level. The `short_name` component must begin with a letter
+       and only include alphanumeric and '_'. Format:
+       `accessPolicies/{policy_id}/accessLevels/{short_name}`
+         */
+        public java.lang.String getName() {
+          return name;
+        }
+
+        /**
+         * Required. Resource name for the Access Level. The `short_name` component must begin with
+         * a letter and only include alphanumeric and '_'. Format:
+         * `accessPolicies/{policy_id}/accessLevels/{short_name}`
+         */
+        public Patch setName(java.lang.String name) {
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+                "Parameter name must conform to the pattern " +
+                "^accessPolicies/[^/]+/accessLevels/[^/]+$");
+          }
+          this.name = name;
+          return this;
+        }
+
+        /** Required.  Mask to control which fields get updated. Must be non-empty. */
+        @com.google.api.client.util.Key
+        private String updateMask;
+
+        /** Required.  Mask to control which fields get updated. Must be non-empty.
+         */
+        public String getUpdateMask() {
+          return updateMask;
+        }
+
+        /** Required.  Mask to control which fields get updated. Must be non-empty. */
+        public Patch setUpdateMask(String updateMask) {
+          this.updateMask = updateMask;
+          return this;
+        }
+
+        @Override
+        public Patch set(String parameterName, Object value) {
+          return (Patch) super.set(parameterName, value);
+        }
+      }
+
+    }
+    /**
+     * An accessor for creating requests from the ServicePerimeters collection.
+     *
+     * <p>The typical use is:</p>
+     * <pre>
+     *   {@code AccessContextManager accesscontextmanager = new AccessContextManager(...);}
+     *   {@code AccessContextManager.ServicePerimeters.List request = accesscontextmanager.servicePerimeters().list(parameters ...)}
+     * </pre>
+     *
+     * @return the resource collection
+     */
+    public ServicePerimeters servicePerimeters() {
+      return new ServicePerimeters();
+    }
+
+    /**
+     * The "servicePerimeters" collection of methods.
+     */
+    public class ServicePerimeters {
+
+      /**
+       * Create an Service Perimeter. The longrunning operation from this RPC will have a successful
+       * status once the Service Perimeter has propagated to long-lasting storage. Service Perimeters
+       * containing errors will result in an error response for the first error encountered.
+       *
+       * Create a request for the method "servicePerimeters.create".
+       *
+       * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+       * optional parameters, call the {@link Create#execute()} method to invoke the remote operation.
+       *
+       * @param parent Required. Resource name for the access policy which owns this Service
+      Perimeter.
+      Format:
+       *        `accessPolicies/{policy_id}`
+       * @param content the {@link com.google.api.services.accesscontextmanager.v1.model.ServicePerimeter}
+       * @return the request
+       */
+      public Create create(java.lang.String parent, com.google.api.services.accesscontextmanager.v1.model.ServicePerimeter content) throws java.io.IOException {
+        Create result = new Create(parent, content);
+        initialize(result);
+        return result;
+      }
+
+      public class Create extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.Operation> {
+
+        private static final String REST_PATH = "v1/{+parent}/servicePerimeters";
+
+        private final java.util.regex.Pattern PARENT_PATTERN =
+            java.util.regex.Pattern.compile("^accessPolicies/[^/]+$");
+
+        /**
+         * Create an Service Perimeter. The longrunning operation from this RPC will have a successful
+         * status once the Service Perimeter has propagated to long-lasting storage. Service Perimeters
+         * containing errors will result in an error response for the first error encountered.
+         *
+         * Create a request for the method "servicePerimeters.create".
+         *
+         * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+         * any optional parameters, call the {@link Create#execute()} method to invoke the remote
+         * operation. <p> {@link
+         * Create#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must
+         * be called to initialize this instance immediately after invoking the constructor. </p>
+         *
+         * @param parent Required. Resource name for the access policy which owns this Service
+      Perimeter.
+      Format:
+       *        `accessPolicies/{policy_id}`
+         * @param content the {@link com.google.api.services.accesscontextmanager.v1.model.ServicePerimeter}
+         * @since 1.13
+         */
+        protected Create(java.lang.String parent, com.google.api.services.accesscontextmanager.v1.model.ServicePerimeter content) {
+          super(AccessContextManager.this, "POST", REST_PATH, content, com.google.api.services.accesscontextmanager.v1.model.Operation.class);
+          this.parent = com.google.api.client.util.Preconditions.checkNotNull(parent, "Required parameter parent must be specified.");
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(PARENT_PATTERN.matcher(parent).matches(),
+                "Parameter parent must conform to the pattern " +
+                "^accessPolicies/[^/]+$");
+          }
+        }
+
+        @Override
+        public Create set$Xgafv(java.lang.String $Xgafv) {
+          return (Create) super.set$Xgafv($Xgafv);
+        }
+
+        @Override
+        public Create setAccessToken(java.lang.String accessToken) {
+          return (Create) super.setAccessToken(accessToken);
+        }
+
+        @Override
+        public Create setAlt(java.lang.String alt) {
+          return (Create) super.setAlt(alt);
+        }
+
+        @Override
+        public Create setCallback(java.lang.String callback) {
+          return (Create) super.setCallback(callback);
+        }
+
+        @Override
+        public Create setFields(java.lang.String fields) {
+          return (Create) super.setFields(fields);
+        }
+
+        @Override
+        public Create setKey(java.lang.String key) {
+          return (Create) super.setKey(key);
+        }
+
+        @Override
+        public Create setOauthToken(java.lang.String oauthToken) {
+          return (Create) super.setOauthToken(oauthToken);
+        }
+
+        @Override
+        public Create setPrettyPrint(java.lang.Boolean prettyPrint) {
+          return (Create) super.setPrettyPrint(prettyPrint);
+        }
+
+        @Override
+        public Create setQuotaUser(java.lang.String quotaUser) {
+          return (Create) super.setQuotaUser(quotaUser);
+        }
+
+        @Override
+        public Create setUploadType(java.lang.String uploadType) {
+          return (Create) super.setUploadType(uploadType);
+        }
+
+        @Override
+        public Create setUploadProtocol(java.lang.String uploadProtocol) {
+          return (Create) super.setUploadProtocol(uploadProtocol);
+        }
+
+        /**
+         * Required. Resource name for the access policy which owns this Service Perimeter.
+         *
+         * Format: `accessPolicies/{policy_id}`
+         */
+        @com.google.api.client.util.Key
+        private java.lang.String parent;
+
+        /** Required. Resource name for the access policy which owns this Service Perimeter.
+
+       Format: `accessPolicies/{policy_id}`
+         */
+        public java.lang.String getParent() {
+          return parent;
+        }
+
+        /**
+         * Required. Resource name for the access policy which owns this Service Perimeter.
+         *
+         * Format: `accessPolicies/{policy_id}`
+         */
+        public Create setParent(java.lang.String parent) {
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(PARENT_PATTERN.matcher(parent).matches(),
+                "Parameter parent must conform to the pattern " +
+                "^accessPolicies/[^/]+$");
+          }
+          this.parent = parent;
+          return this;
+        }
+
+        @Override
+        public Create set(String parameterName, Object value) {
+          return (Create) super.set(parameterName, value);
+        }
+      }
+      /**
+       * Delete an Service Perimeter by resource name. The longrunning operation from this RPC will have a
+       * successful status once the Service Perimeter has been removed from long-lasting storage.
+       *
+       * Create a request for the method "servicePerimeters.delete".
+       *
+       * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+       * optional parameters, call the {@link Delete#execute()} method to invoke the remote operation.
+       *
+       * @param name Required. Resource name for the Service Perimeter.
+      Format:
+       *        `accessPolicies/{policy_id}/servicePerimeters/{service_perimeter_id}`
+       * @return the request
+       */
+      public Delete delete(java.lang.String name) throws java.io.IOException {
+        Delete result = new Delete(name);
+        initialize(result);
+        return result;
+      }
+
+      public class Delete extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.Operation> {
+
+        private static final String REST_PATH = "v1/{+name}";
+
+        private final java.util.regex.Pattern NAME_PATTERN =
+            java.util.regex.Pattern.compile("^accessPolicies/[^/]+/servicePerimeters/[^/]+$");
+
+        /**
+         * Delete an Service Perimeter by resource name. The longrunning operation from this RPC will have
+         * a successful status once the Service Perimeter has been removed from long-lasting storage.
+         *
+         * Create a request for the method "servicePerimeters.delete".
+         *
+         * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+         * any optional parameters, call the {@link Delete#execute()} method to invoke the remote
+         * operation. <p> {@link
+         * Delete#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must
+         * be called to initialize this instance immediately after invoking the constructor. </p>
+         *
+         * @param name Required. Resource name for the Service Perimeter.
+      Format:
+       *        `accessPolicies/{policy_id}/servicePerimeters/{service_perimeter_id}`
+         * @since 1.13
+         */
+        protected Delete(java.lang.String name) {
+          super(AccessContextManager.this, "DELETE", REST_PATH, null, com.google.api.services.accesscontextmanager.v1.model.Operation.class);
+          this.name = com.google.api.client.util.Preconditions.checkNotNull(name, "Required parameter name must be specified.");
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+                "Parameter name must conform to the pattern " +
+                "^accessPolicies/[^/]+/servicePerimeters/[^/]+$");
+          }
+        }
+
+        @Override
+        public Delete set$Xgafv(java.lang.String $Xgafv) {
+          return (Delete) super.set$Xgafv($Xgafv);
+        }
+
+        @Override
+        public Delete setAccessToken(java.lang.String accessToken) {
+          return (Delete) super.setAccessToken(accessToken);
+        }
+
+        @Override
+        public Delete setAlt(java.lang.String alt) {
+          return (Delete) super.setAlt(alt);
+        }
+
+        @Override
+        public Delete setCallback(java.lang.String callback) {
+          return (Delete) super.setCallback(callback);
+        }
+
+        @Override
+        public Delete setFields(java.lang.String fields) {
+          return (Delete) super.setFields(fields);
+        }
+
+        @Override
+        public Delete setKey(java.lang.String key) {
+          return (Delete) super.setKey(key);
+        }
+
+        @Override
+        public Delete setOauthToken(java.lang.String oauthToken) {
+          return (Delete) super.setOauthToken(oauthToken);
+        }
+
+        @Override
+        public Delete setPrettyPrint(java.lang.Boolean prettyPrint) {
+          return (Delete) super.setPrettyPrint(prettyPrint);
+        }
+
+        @Override
+        public Delete setQuotaUser(java.lang.String quotaUser) {
+          return (Delete) super.setQuotaUser(quotaUser);
+        }
+
+        @Override
+        public Delete setUploadType(java.lang.String uploadType) {
+          return (Delete) super.setUploadType(uploadType);
+        }
+
+        @Override
+        public Delete setUploadProtocol(java.lang.String uploadProtocol) {
+          return (Delete) super.setUploadProtocol(uploadProtocol);
+        }
+
+        /**
+         * Required. Resource name for the Service Perimeter.
+         *
+         * Format: `accessPolicies/{policy_id}/servicePerimeters/{service_perimeter_id}`
+         */
+        @com.google.api.client.util.Key
+        private java.lang.String name;
+
+        /** Required. Resource name for the Service Perimeter.
+
+       Format: `accessPolicies/{policy_id}/servicePerimeters/{service_perimeter_id}`
+         */
+        public java.lang.String getName() {
+          return name;
+        }
+
+        /**
+         * Required. Resource name for the Service Perimeter.
+         *
+         * Format: `accessPolicies/{policy_id}/servicePerimeters/{service_perimeter_id}`
+         */
+        public Delete setName(java.lang.String name) {
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+                "Parameter name must conform to the pattern " +
+                "^accessPolicies/[^/]+/servicePerimeters/[^/]+$");
+          }
+          this.name = name;
+          return this;
+        }
+
+        @Override
+        public Delete set(String parameterName, Object value) {
+          return (Delete) super.set(parameterName, value);
+        }
+      }
+      /**
+       * Get an Service Perimeter by resource name.
+       *
+       * Create a request for the method "servicePerimeters.get".
+       *
+       * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+       * optional parameters, call the {@link Get#execute()} method to invoke the remote operation.
+       *
+       * @param name Required. Resource name for the Service Perimeter.
+      Format:
+       *        `accessPolicies/{policy_id}/servicePerimeters/{service_perimeters_id}`
+       * @return the request
+       */
+      public Get get(java.lang.String name) throws java.io.IOException {
+        Get result = new Get(name);
+        initialize(result);
+        return result;
+      }
+
+      public class Get extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.ServicePerimeter> {
+
+        private static final String REST_PATH = "v1/{+name}";
+
+        private final java.util.regex.Pattern NAME_PATTERN =
+            java.util.regex.Pattern.compile("^accessPolicies/[^/]+/servicePerimeters/[^/]+$");
+
+        /**
+         * Get an Service Perimeter by resource name.
+         *
+         * Create a request for the method "servicePerimeters.get".
+         *
+         * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+         * any optional parameters, call the {@link Get#execute()} method to invoke the remote operation.
+         * <p> {@link
+         * Get#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must be
+         * called to initialize this instance immediately after invoking the constructor. </p>
+         *
+         * @param name Required. Resource name for the Service Perimeter.
+      Format:
+       *        `accessPolicies/{policy_id}/servicePerimeters/{service_perimeters_id}`
+         * @since 1.13
+         */
+        protected Get(java.lang.String name) {
+          super(AccessContextManager.this, "GET", REST_PATH, null, com.google.api.services.accesscontextmanager.v1.model.ServicePerimeter.class);
+          this.name = com.google.api.client.util.Preconditions.checkNotNull(name, "Required parameter name must be specified.");
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+                "Parameter name must conform to the pattern " +
+                "^accessPolicies/[^/]+/servicePerimeters/[^/]+$");
+          }
+        }
+
+        @Override
+        public com.google.api.client.http.HttpResponse executeUsingHead() throws java.io.IOException {
+          return super.executeUsingHead();
+        }
+
+        @Override
+        public com.google.api.client.http.HttpRequest buildHttpRequestUsingHead() throws java.io.IOException {
+          return super.buildHttpRequestUsingHead();
+        }
+
+        @Override
+        public Get set$Xgafv(java.lang.String $Xgafv) {
+          return (Get) super.set$Xgafv($Xgafv);
+        }
+
+        @Override
+        public Get setAccessToken(java.lang.String accessToken) {
+          return (Get) super.setAccessToken(accessToken);
+        }
+
+        @Override
+        public Get setAlt(java.lang.String alt) {
+          return (Get) super.setAlt(alt);
+        }
+
+        @Override
+        public Get setCallback(java.lang.String callback) {
+          return (Get) super.setCallback(callback);
+        }
+
+        @Override
+        public Get setFields(java.lang.String fields) {
+          return (Get) super.setFields(fields);
+        }
+
+        @Override
+        public Get setKey(java.lang.String key) {
+          return (Get) super.setKey(key);
+        }
+
+        @Override
+        public Get setOauthToken(java.lang.String oauthToken) {
+          return (Get) super.setOauthToken(oauthToken);
+        }
+
+        @Override
+        public Get setPrettyPrint(java.lang.Boolean prettyPrint) {
+          return (Get) super.setPrettyPrint(prettyPrint);
+        }
+
+        @Override
+        public Get setQuotaUser(java.lang.String quotaUser) {
+          return (Get) super.setQuotaUser(quotaUser);
+        }
+
+        @Override
+        public Get setUploadType(java.lang.String uploadType) {
+          return (Get) super.setUploadType(uploadType);
+        }
+
+        @Override
+        public Get setUploadProtocol(java.lang.String uploadProtocol) {
+          return (Get) super.setUploadProtocol(uploadProtocol);
+        }
+
+        /**
+         * Required. Resource name for the Service Perimeter.
+         *
+         * Format: `accessPolicies/{policy_id}/servicePerimeters/{service_perimeters_id}`
+         */
+        @com.google.api.client.util.Key
+        private java.lang.String name;
+
+        /** Required. Resource name for the Service Perimeter.
+
+       Format: `accessPolicies/{policy_id}/servicePerimeters/{service_perimeters_id}`
+         */
+        public java.lang.String getName() {
+          return name;
+        }
+
+        /**
+         * Required. Resource name for the Service Perimeter.
+         *
+         * Format: `accessPolicies/{policy_id}/servicePerimeters/{service_perimeters_id}`
+         */
+        public Get setName(java.lang.String name) {
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+                "Parameter name must conform to the pattern " +
+                "^accessPolicies/[^/]+/servicePerimeters/[^/]+$");
+          }
+          this.name = name;
+          return this;
+        }
+
+        @Override
+        public Get set(String parameterName, Object value) {
+          return (Get) super.set(parameterName, value);
+        }
+      }
+      /**
+       * List all Service Perimeters for an access policy.
+       *
+       * Create a request for the method "servicePerimeters.list".
+       *
+       * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+       * optional parameters, call the {@link List#execute()} method to invoke the remote operation.
+       *
+       * @param parent Required. Resource name for the access policy to list Service Perimeters from.
+      Format:
+       *        `accessPolicies/{policy_id}`
+       * @return the request
+       */
+      public List list(java.lang.String parent) throws java.io.IOException {
+        List result = new List(parent);
+        initialize(result);
+        return result;
+      }
+
+      public class List extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.ListServicePerimetersResponse> {
+
+        private static final String REST_PATH = "v1/{+parent}/servicePerimeters";
+
+        private final java.util.regex.Pattern PARENT_PATTERN =
+            java.util.regex.Pattern.compile("^accessPolicies/[^/]+$");
+
+        /**
+         * List all Service Perimeters for an access policy.
+         *
+         * Create a request for the method "servicePerimeters.list".
+         *
+         * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+         * any optional parameters, call the {@link List#execute()} method to invoke the remote operation.
+         * <p> {@link
+         * List#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must be
+         * called to initialize this instance immediately after invoking the constructor. </p>
+         *
+         * @param parent Required. Resource name for the access policy to list Service Perimeters from.
+      Format:
+       *        `accessPolicies/{policy_id}`
+         * @since 1.13
+         */
+        protected List(java.lang.String parent) {
+          super(AccessContextManager.this, "GET", REST_PATH, null, com.google.api.services.accesscontextmanager.v1.model.ListServicePerimetersResponse.class);
+          this.parent = com.google.api.client.util.Preconditions.checkNotNull(parent, "Required parameter parent must be specified.");
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(PARENT_PATTERN.matcher(parent).matches(),
+                "Parameter parent must conform to the pattern " +
+                "^accessPolicies/[^/]+$");
+          }
+        }
+
+        @Override
+        public com.google.api.client.http.HttpResponse executeUsingHead() throws java.io.IOException {
+          return super.executeUsingHead();
+        }
+
+        @Override
+        public com.google.api.client.http.HttpRequest buildHttpRequestUsingHead() throws java.io.IOException {
+          return super.buildHttpRequestUsingHead();
+        }
+
+        @Override
+        public List set$Xgafv(java.lang.String $Xgafv) {
+          return (List) super.set$Xgafv($Xgafv);
+        }
+
+        @Override
+        public List setAccessToken(java.lang.String accessToken) {
+          return (List) super.setAccessToken(accessToken);
+        }
+
+        @Override
+        public List setAlt(java.lang.String alt) {
+          return (List) super.setAlt(alt);
+        }
+
+        @Override
+        public List setCallback(java.lang.String callback) {
+          return (List) super.setCallback(callback);
+        }
+
+        @Override
+        public List setFields(java.lang.String fields) {
+          return (List) super.setFields(fields);
+        }
+
+        @Override
+        public List setKey(java.lang.String key) {
+          return (List) super.setKey(key);
+        }
+
+        @Override
+        public List setOauthToken(java.lang.String oauthToken) {
+          return (List) super.setOauthToken(oauthToken);
+        }
+
+        @Override
+        public List setPrettyPrint(java.lang.Boolean prettyPrint) {
+          return (List) super.setPrettyPrint(prettyPrint);
+        }
+
+        @Override
+        public List setQuotaUser(java.lang.String quotaUser) {
+          return (List) super.setQuotaUser(quotaUser);
+        }
+
+        @Override
+        public List setUploadType(java.lang.String uploadType) {
+          return (List) super.setUploadType(uploadType);
+        }
+
+        @Override
+        public List setUploadProtocol(java.lang.String uploadProtocol) {
+          return (List) super.setUploadProtocol(uploadProtocol);
+        }
+
+        /**
+         * Required. Resource name for the access policy to list Service Perimeters from.
+         *
+         * Format: `accessPolicies/{policy_id}`
+         */
+        @com.google.api.client.util.Key
+        private java.lang.String parent;
+
+        /** Required. Resource name for the access policy to list Service Perimeters from.
+
+       Format: `accessPolicies/{policy_id}`
+         */
+        public java.lang.String getParent() {
+          return parent;
+        }
+
+        /**
+         * Required. Resource name for the access policy to list Service Perimeters from.
+         *
+         * Format: `accessPolicies/{policy_id}`
+         */
+        public List setParent(java.lang.String parent) {
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(PARENT_PATTERN.matcher(parent).matches(),
+                "Parameter parent must conform to the pattern " +
+                "^accessPolicies/[^/]+$");
+          }
+          this.parent = parent;
+          return this;
+        }
+
+        /**
+         * Number of Service Perimeters to include in the list. Default 100.
+         */
+        @com.google.api.client.util.Key
+        private java.lang.Integer pageSize;
+
+        /** Number of Service Perimeters to include in the list. Default 100.
+         */
+        public java.lang.Integer getPageSize() {
+          return pageSize;
+        }
+
+        /**
+         * Number of Service Perimeters to include in the list. Default 100.
+         */
+        public List setPageSize(java.lang.Integer pageSize) {
+          this.pageSize = pageSize;
+          return this;
+        }
+
+        /**
+         * Next page token for the next batch of Service Perimeter instances. Defaults to the first
+         * page of results.
+         */
+        @com.google.api.client.util.Key
+        private java.lang.String pageToken;
+
+        /** Next page token for the next batch of Service Perimeter instances. Defaults to the first page of
+       results.
+         */
+        public java.lang.String getPageToken() {
+          return pageToken;
+        }
+
+        /**
+         * Next page token for the next batch of Service Perimeter instances. Defaults to the first
+         * page of results.
+         */
+        public List setPageToken(java.lang.String pageToken) {
+          this.pageToken = pageToken;
+          return this;
+        }
+
+        @Override
+        public List set(String parameterName, Object value) {
+          return (List) super.set(parameterName, value);
+        }
+      }
+      /**
+       * Update an Service Perimeter. The longrunning operation from this RPC will have a successful
+       * status once the changes to the Service Perimeter have propagated to long-lasting storage. Service
+       * Perimeter containing errors will result in an error response for the first error encountered.
+       *
+       * Create a request for the method "servicePerimeters.patch".
+       *
+       * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+       * optional parameters, call the {@link Patch#execute()} method to invoke the remote operation.
+       *
+       * @param name Required. Resource name for the ServicePerimeter.  The `short_name`
+      component must begin with a
+       *        letter and only include alphanumeric and '_'.
+      Format:
+       *        `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
+       * @param content the {@link com.google.api.services.accesscontextmanager.v1.model.ServicePerimeter}
+       * @return the request
+       */
+      public Patch patch(java.lang.String name, com.google.api.services.accesscontextmanager.v1.model.ServicePerimeter content) throws java.io.IOException {
+        Patch result = new Patch(name, content);
+        initialize(result);
+        return result;
+      }
+
+      public class Patch extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.Operation> {
+
+        private static final String REST_PATH = "v1/{+name}";
+
+        private final java.util.regex.Pattern NAME_PATTERN =
+            java.util.regex.Pattern.compile("^accessPolicies/[^/]+/servicePerimeters/[^/]+$");
+
+        /**
+         * Update an Service Perimeter. The longrunning operation from this RPC will have a successful
+         * status once the changes to the Service Perimeter have propagated to long-lasting storage.
+         * Service Perimeter containing errors will result in an error response for the first error
+         * encountered.
+         *
+         * Create a request for the method "servicePerimeters.patch".
+         *
+         * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+         * any optional parameters, call the {@link Patch#execute()} method to invoke the remote
+         * operation. <p> {@link
+         * Patch#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must
+         * be called to initialize this instance immediately after invoking the constructor. </p>
+         *
+         * @param name Required. Resource name for the ServicePerimeter.  The `short_name`
+      component must begin with a
+       *        letter and only include alphanumeric and '_'.
+      Format:
+       *        `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
+         * @param content the {@link com.google.api.services.accesscontextmanager.v1.model.ServicePerimeter}
+         * @since 1.13
+         */
+        protected Patch(java.lang.String name, com.google.api.services.accesscontextmanager.v1.model.ServicePerimeter content) {
+          super(AccessContextManager.this, "PATCH", REST_PATH, content, com.google.api.services.accesscontextmanager.v1.model.Operation.class);
+          this.name = com.google.api.client.util.Preconditions.checkNotNull(name, "Required parameter name must be specified.");
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+                "Parameter name must conform to the pattern " +
+                "^accessPolicies/[^/]+/servicePerimeters/[^/]+$");
+          }
+        }
+
+        @Override
+        public Patch set$Xgafv(java.lang.String $Xgafv) {
+          return (Patch) super.set$Xgafv($Xgafv);
+        }
+
+        @Override
+        public Patch setAccessToken(java.lang.String accessToken) {
+          return (Patch) super.setAccessToken(accessToken);
+        }
+
+        @Override
+        public Patch setAlt(java.lang.String alt) {
+          return (Patch) super.setAlt(alt);
+        }
+
+        @Override
+        public Patch setCallback(java.lang.String callback) {
+          return (Patch) super.setCallback(callback);
+        }
+
+        @Override
+        public Patch setFields(java.lang.String fields) {
+          return (Patch) super.setFields(fields);
+        }
+
+        @Override
+        public Patch setKey(java.lang.String key) {
+          return (Patch) super.setKey(key);
+        }
+
+        @Override
+        public Patch setOauthToken(java.lang.String oauthToken) {
+          return (Patch) super.setOauthToken(oauthToken);
+        }
+
+        @Override
+        public Patch setPrettyPrint(java.lang.Boolean prettyPrint) {
+          return (Patch) super.setPrettyPrint(prettyPrint);
+        }
+
+        @Override
+        public Patch setQuotaUser(java.lang.String quotaUser) {
+          return (Patch) super.setQuotaUser(quotaUser);
+        }
+
+        @Override
+        public Patch setUploadType(java.lang.String uploadType) {
+          return (Patch) super.setUploadType(uploadType);
+        }
+
+        @Override
+        public Patch setUploadProtocol(java.lang.String uploadProtocol) {
+          return (Patch) super.setUploadProtocol(uploadProtocol);
+        }
+
+        /**
+         * Required. Resource name for the ServicePerimeter.  The `short_name` component must begin
+         * with a letter and only include alphanumeric and '_'. Format:
+         * `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
+         */
+        @com.google.api.client.util.Key
+        private java.lang.String name;
+
+        /** Required. Resource name for the ServicePerimeter.  The `short_name` component must begin with a
+       letter and only include alphanumeric and '_'. Format:
+       `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
+         */
+        public java.lang.String getName() {
+          return name;
+        }
+
+        /**
+         * Required. Resource name for the ServicePerimeter.  The `short_name` component must begin
+         * with a letter and only include alphanumeric and '_'. Format:
+         * `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
+         */
+        public Patch setName(java.lang.String name) {
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+                "Parameter name must conform to the pattern " +
+                "^accessPolicies/[^/]+/servicePerimeters/[^/]+$");
+          }
+          this.name = name;
+          return this;
+        }
+
+        /** Required. Mask to control which fields get updated. Must be non-empty. */
+        @com.google.api.client.util.Key
+        private String updateMask;
+
+        /** Required. Mask to control which fields get updated. Must be non-empty.
+         */
+        public String getUpdateMask() {
+          return updateMask;
+        }
+
+        /** Required. Mask to control which fields get updated. Must be non-empty. */
+        public Patch setUpdateMask(String updateMask) {
+          this.updateMask = updateMask;
+          return this;
+        }
+
+        @Override
+        public Patch set(String parameterName, Object value) {
+          return (Patch) super.set(parameterName, value);
+        }
+      }
+
+    }
+  }
+
+  /**
+   * An accessor for creating requests from the Operations collection.
+   *
+   * <p>The typical use is:</p>
+   * <pre>
+   *   {@code AccessContextManager accesscontextmanager = new AccessContextManager(...);}
+   *   {@code AccessContextManager.Operations.List request = accesscontextmanager.operations().list(parameters ...)}
+   * </pre>
+   *
+   * @return the resource collection
+   */
+  public Operations operations() {
+    return new Operations();
+  }
+
+  /**
+   * The "operations" collection of methods.
+   */
+  public class Operations {
+
+    /**
+     * Starts asynchronous cancellation on a long-running operation.  The server makes a best effort to
+     * cancel the operation, but success is not guaranteed.  If the server doesn't support this method,
+     * it returns `google.rpc.Code.UNIMPLEMENTED`.  Clients can use Operations.GetOperation or other
+     * methods to check whether the cancellation succeeded or whether the operation completed despite
+     * cancellation. On successful cancellation, the operation is not deleted; instead, it becomes an
+     * operation with an Operation.error value with a google.rpc.Status.code of 1, corresponding to
+     * `Code.CANCELLED`.
+     *
+     * Create a request for the method "operations.cancel".
+     *
+     * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+     * optional parameters, call the {@link Cancel#execute()} method to invoke the remote operation.
+     *
+     * @param name The name of the operation resource to be cancelled.
+     * @param content the {@link com.google.api.services.accesscontextmanager.v1.model.CancelOperationRequest}
+     * @return the request
+     */
+    public Cancel cancel(java.lang.String name, com.google.api.services.accesscontextmanager.v1.model.CancelOperationRequest content) throws java.io.IOException {
+      Cancel result = new Cancel(name, content);
+      initialize(result);
+      return result;
+    }
+
+    public class Cancel extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.Empty> {
+
+      private static final String REST_PATH = "v1/{+name}:cancel";
+
+      private final java.util.regex.Pattern NAME_PATTERN =
+          java.util.regex.Pattern.compile("^operations/.+$");
+
+      /**
+       * Starts asynchronous cancellation on a long-running operation.  The server makes a best effort
+       * to cancel the operation, but success is not guaranteed.  If the server doesn't support this
+       * method, it returns `google.rpc.Code.UNIMPLEMENTED`.  Clients can use Operations.GetOperation or
+       * other methods to check whether the cancellation succeeded or whether the operation completed
+       * despite cancellation. On successful cancellation, the operation is not deleted; instead, it
+       * becomes an operation with an Operation.error value with a google.rpc.Status.code of 1,
+       * corresponding to `Code.CANCELLED`.
+       *
+       * Create a request for the method "operations.cancel".
+       *
+       * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+       * any optional parameters, call the {@link Cancel#execute()} method to invoke the remote
+       * operation. <p> {@link
+       * Cancel#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must
+       * be called to initialize this instance immediately after invoking the constructor. </p>
+       *
+       * @param name The name of the operation resource to be cancelled.
+       * @param content the {@link com.google.api.services.accesscontextmanager.v1.model.CancelOperationRequest}
+       * @since 1.13
+       */
+      protected Cancel(java.lang.String name, com.google.api.services.accesscontextmanager.v1.model.CancelOperationRequest content) {
+        super(AccessContextManager.this, "POST", REST_PATH, content, com.google.api.services.accesscontextmanager.v1.model.Empty.class);
+        this.name = com.google.api.client.util.Preconditions.checkNotNull(name, "Required parameter name must be specified.");
+        if (!getSuppressPatternChecks()) {
+          com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+              "Parameter name must conform to the pattern " +
+              "^operations/.+$");
+        }
+      }
+
+      @Override
+      public Cancel set$Xgafv(java.lang.String $Xgafv) {
+        return (Cancel) super.set$Xgafv($Xgafv);
+      }
+
+      @Override
+      public Cancel setAccessToken(java.lang.String accessToken) {
+        return (Cancel) super.setAccessToken(accessToken);
+      }
+
+      @Override
+      public Cancel setAlt(java.lang.String alt) {
+        return (Cancel) super.setAlt(alt);
+      }
+
+      @Override
+      public Cancel setCallback(java.lang.String callback) {
+        return (Cancel) super.setCallback(callback);
+      }
+
+      @Override
+      public Cancel setFields(java.lang.String fields) {
+        return (Cancel) super.setFields(fields);
+      }
+
+      @Override
+      public Cancel setKey(java.lang.String key) {
+        return (Cancel) super.setKey(key);
+      }
+
+      @Override
+      public Cancel setOauthToken(java.lang.String oauthToken) {
+        return (Cancel) super.setOauthToken(oauthToken);
+      }
+
+      @Override
+      public Cancel setPrettyPrint(java.lang.Boolean prettyPrint) {
+        return (Cancel) super.setPrettyPrint(prettyPrint);
+      }
+
+      @Override
+      public Cancel setQuotaUser(java.lang.String quotaUser) {
+        return (Cancel) super.setQuotaUser(quotaUser);
+      }
+
+      @Override
+      public Cancel setUploadType(java.lang.String uploadType) {
+        return (Cancel) super.setUploadType(uploadType);
+      }
+
+      @Override
+      public Cancel setUploadProtocol(java.lang.String uploadProtocol) {
+        return (Cancel) super.setUploadProtocol(uploadProtocol);
+      }
+
+      /** The name of the operation resource to be cancelled. */
+      @com.google.api.client.util.Key
+      private java.lang.String name;
+
+      /** The name of the operation resource to be cancelled.
+       */
+      public java.lang.String getName() {
+        return name;
+      }
+
+      /** The name of the operation resource to be cancelled. */
+      public Cancel setName(java.lang.String name) {
+        if (!getSuppressPatternChecks()) {
+          com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+              "Parameter name must conform to the pattern " +
+              "^operations/.+$");
+        }
+        this.name = name;
+        return this;
+      }
+
+      @Override
+      public Cancel set(String parameterName, Object value) {
+        return (Cancel) super.set(parameterName, value);
+      }
+    }
+    /**
+     * Deletes a long-running operation. This method indicates that the client is no longer interested
+     * in the operation result. It does not cancel the operation. If the server doesn't support this
+     * method, it returns `google.rpc.Code.UNIMPLEMENTED`.
+     *
+     * Create a request for the method "operations.delete".
+     *
+     * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+     * optional parameters, call the {@link Delete#execute()} method to invoke the remote operation.
+     *
+     * @param name The name of the operation resource to be deleted.
+     * @return the request
+     */
+    public Delete delete(java.lang.String name) throws java.io.IOException {
+      Delete result = new Delete(name);
+      initialize(result);
+      return result;
+    }
+
+    public class Delete extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.Empty> {
+
+      private static final String REST_PATH = "v1/{+name}";
+
+      private final java.util.regex.Pattern NAME_PATTERN =
+          java.util.regex.Pattern.compile("^operations/.+$");
+
+      /**
+       * Deletes a long-running operation. This method indicates that the client is no longer interested
+       * in the operation result. It does not cancel the operation. If the server doesn't support this
+       * method, it returns `google.rpc.Code.UNIMPLEMENTED`.
+       *
+       * Create a request for the method "operations.delete".
+       *
+       * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+       * any optional parameters, call the {@link Delete#execute()} method to invoke the remote
+       * operation. <p> {@link
+       * Delete#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must
+       * be called to initialize this instance immediately after invoking the constructor. </p>
+       *
+       * @param name The name of the operation resource to be deleted.
+       * @since 1.13
+       */
+      protected Delete(java.lang.String name) {
+        super(AccessContextManager.this, "DELETE", REST_PATH, null, com.google.api.services.accesscontextmanager.v1.model.Empty.class);
+        this.name = com.google.api.client.util.Preconditions.checkNotNull(name, "Required parameter name must be specified.");
+        if (!getSuppressPatternChecks()) {
+          com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+              "Parameter name must conform to the pattern " +
+              "^operations/.+$");
+        }
+      }
+
+      @Override
+      public Delete set$Xgafv(java.lang.String $Xgafv) {
+        return (Delete) super.set$Xgafv($Xgafv);
+      }
+
+      @Override
+      public Delete setAccessToken(java.lang.String accessToken) {
+        return (Delete) super.setAccessToken(accessToken);
+      }
+
+      @Override
+      public Delete setAlt(java.lang.String alt) {
+        return (Delete) super.setAlt(alt);
+      }
+
+      @Override
+      public Delete setCallback(java.lang.String callback) {
+        return (Delete) super.setCallback(callback);
+      }
+
+      @Override
+      public Delete setFields(java.lang.String fields) {
+        return (Delete) super.setFields(fields);
+      }
+
+      @Override
+      public Delete setKey(java.lang.String key) {
+        return (Delete) super.setKey(key);
+      }
+
+      @Override
+      public Delete setOauthToken(java.lang.String oauthToken) {
+        return (Delete) super.setOauthToken(oauthToken);
+      }
+
+      @Override
+      public Delete setPrettyPrint(java.lang.Boolean prettyPrint) {
+        return (Delete) super.setPrettyPrint(prettyPrint);
+      }
+
+      @Override
+      public Delete setQuotaUser(java.lang.String quotaUser) {
+        return (Delete) super.setQuotaUser(quotaUser);
+      }
+
+      @Override
+      public Delete setUploadType(java.lang.String uploadType) {
+        return (Delete) super.setUploadType(uploadType);
+      }
+
+      @Override
+      public Delete setUploadProtocol(java.lang.String uploadProtocol) {
+        return (Delete) super.setUploadProtocol(uploadProtocol);
+      }
+
+      /** The name of the operation resource to be deleted. */
+      @com.google.api.client.util.Key
+      private java.lang.String name;
+
+      /** The name of the operation resource to be deleted.
+       */
+      public java.lang.String getName() {
+        return name;
+      }
+
+      /** The name of the operation resource to be deleted. */
+      public Delete setName(java.lang.String name) {
+        if (!getSuppressPatternChecks()) {
+          com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+              "Parameter name must conform to the pattern " +
+              "^operations/.+$");
+        }
+        this.name = name;
+        return this;
+      }
+
+      @Override
+      public Delete set(String parameterName, Object value) {
+        return (Delete) super.set(parameterName, value);
+      }
+    }
+    /**
+     * Gets the latest state of a long-running operation.  Clients can use this method to poll the
+     * operation result at intervals as recommended by the API service.
+     *
+     * Create a request for the method "operations.get".
+     *
+     * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+     * optional parameters, call the {@link Get#execute()} method to invoke the remote operation.
+     *
+     * @param name The name of the operation resource.
+     * @return the request
+     */
+    public Get get(java.lang.String name) throws java.io.IOException {
+      Get result = new Get(name);
+      initialize(result);
+      return result;
+    }
+
+    public class Get extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.Operation> {
+
+      private static final String REST_PATH = "v1/{+name}";
+
+      private final java.util.regex.Pattern NAME_PATTERN =
+          java.util.regex.Pattern.compile("^operations/.+$");
+
+      /**
+       * Gets the latest state of a long-running operation.  Clients can use this method to poll the
+       * operation result at intervals as recommended by the API service.
+       *
+       * Create a request for the method "operations.get".
+       *
+       * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+       * any optional parameters, call the {@link Get#execute()} method to invoke the remote operation.
+       * <p> {@link
+       * Get#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must be
+       * called to initialize this instance immediately after invoking the constructor. </p>
+       *
+       * @param name The name of the operation resource.
+       * @since 1.13
+       */
+      protected Get(java.lang.String name) {
+        super(AccessContextManager.this, "GET", REST_PATH, null, com.google.api.services.accesscontextmanager.v1.model.Operation.class);
+        this.name = com.google.api.client.util.Preconditions.checkNotNull(name, "Required parameter name must be specified.");
+        if (!getSuppressPatternChecks()) {
+          com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+              "Parameter name must conform to the pattern " +
+              "^operations/.+$");
+        }
+      }
+
+      @Override
+      public com.google.api.client.http.HttpResponse executeUsingHead() throws java.io.IOException {
+        return super.executeUsingHead();
+      }
+
+      @Override
+      public com.google.api.client.http.HttpRequest buildHttpRequestUsingHead() throws java.io.IOException {
+        return super.buildHttpRequestUsingHead();
+      }
+
+      @Override
+      public Get set$Xgafv(java.lang.String $Xgafv) {
+        return (Get) super.set$Xgafv($Xgafv);
+      }
+
+      @Override
+      public Get setAccessToken(java.lang.String accessToken) {
+        return (Get) super.setAccessToken(accessToken);
+      }
+
+      @Override
+      public Get setAlt(java.lang.String alt) {
+        return (Get) super.setAlt(alt);
+      }
+
+      @Override
+      public Get setCallback(java.lang.String callback) {
+        return (Get) super.setCallback(callback);
+      }
+
+      @Override
+      public Get setFields(java.lang.String fields) {
+        return (Get) super.setFields(fields);
+      }
+
+      @Override
+      public Get setKey(java.lang.String key) {
+        return (Get) super.setKey(key);
+      }
+
+      @Override
+      public Get setOauthToken(java.lang.String oauthToken) {
+        return (Get) super.setOauthToken(oauthToken);
+      }
+
+      @Override
+      public Get setPrettyPrint(java.lang.Boolean prettyPrint) {
+        return (Get) super.setPrettyPrint(prettyPrint);
+      }
+
+      @Override
+      public Get setQuotaUser(java.lang.String quotaUser) {
+        return (Get) super.setQuotaUser(quotaUser);
+      }
+
+      @Override
+      public Get setUploadType(java.lang.String uploadType) {
+        return (Get) super.setUploadType(uploadType);
+      }
+
+      @Override
+      public Get setUploadProtocol(java.lang.String uploadProtocol) {
+        return (Get) super.setUploadProtocol(uploadProtocol);
+      }
+
+      /** The name of the operation resource. */
+      @com.google.api.client.util.Key
+      private java.lang.String name;
+
+      /** The name of the operation resource.
+       */
+      public java.lang.String getName() {
+        return name;
+      }
+
+      /** The name of the operation resource. */
+      public Get setName(java.lang.String name) {
+        if (!getSuppressPatternChecks()) {
+          com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+              "Parameter name must conform to the pattern " +
+              "^operations/.+$");
+        }
+        this.name = name;
+        return this;
+      }
+
+      @Override
+      public Get set(String parameterName, Object value) {
+        return (Get) super.set(parameterName, value);
+      }
+    }
+    /**
+     * Lists operations that match the specified filter in the request. If the server doesn't support
+     * this method, it returns `UNIMPLEMENTED`.
+     *
+     * NOTE: the `name` binding allows API services to override the binding to use different resource
+     * name schemes, such as `users/operations`. To override the binding, API services can add a binding
+     * such as `"/v1/{name=users}/operations"` to their service configuration. For backwards
+     * compatibility, the default name includes the operations collection id, however overriding users
+     * must ensure the name binding is the parent resource, without the operations collection id.
+     *
+     * Create a request for the method "operations.list".
+     *
+     * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+     * optional parameters, call the {@link List#execute()} method to invoke the remote operation.
+     *
+     * @param name The name of the operation's parent resource.
+     * @return the request
+     */
+    public List list(java.lang.String name) throws java.io.IOException {
+      List result = new List(name);
+      initialize(result);
+      return result;
+    }
+
+    public class List extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.ListOperationsResponse> {
+
+      private static final String REST_PATH = "v1/{+name}";
+
+      private final java.util.regex.Pattern NAME_PATTERN =
+          java.util.regex.Pattern.compile("^operations$");
+
+      /**
+       * Lists operations that match the specified filter in the request. If the server doesn't support
+       * this method, it returns `UNIMPLEMENTED`.
+       *
+       * NOTE: the `name` binding allows API services to override the binding to use different resource
+       * name schemes, such as `users/operations`. To override the binding, API services can add a
+       * binding such as `"/v1/{name=users}/operations"` to their service configuration. For backwards
+       * compatibility, the default name includes the operations collection id, however overriding users
+       * must ensure the name binding is the parent resource, without the operations collection id.
+       *
+       * Create a request for the method "operations.list".
+       *
+       * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+       * any optional parameters, call the {@link List#execute()} method to invoke the remote operation.
+       * <p> {@link
+       * List#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must be
+       * called to initialize this instance immediately after invoking the constructor. </p>
+       *
+       * @param name The name of the operation's parent resource.
+       * @since 1.13
+       */
+      protected List(java.lang.String name) {
+        super(AccessContextManager.this, "GET", REST_PATH, null, com.google.api.services.accesscontextmanager.v1.model.ListOperationsResponse.class);
+        this.name = com.google.api.client.util.Preconditions.checkNotNull(name, "Required parameter name must be specified.");
+        if (!getSuppressPatternChecks()) {
+          com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+              "Parameter name must conform to the pattern " +
+              "^operations$");
+        }
+      }
+
+      @Override
+      public com.google.api.client.http.HttpResponse executeUsingHead() throws java.io.IOException {
+        return super.executeUsingHead();
+      }
+
+      @Override
+      public com.google.api.client.http.HttpRequest buildHttpRequestUsingHead() throws java.io.IOException {
+        return super.buildHttpRequestUsingHead();
+      }
+
+      @Override
+      public List set$Xgafv(java.lang.String $Xgafv) {
+        return (List) super.set$Xgafv($Xgafv);
+      }
+
+      @Override
+      public List setAccessToken(java.lang.String accessToken) {
+        return (List) super.setAccessToken(accessToken);
+      }
+
+      @Override
+      public List setAlt(java.lang.String alt) {
+        return (List) super.setAlt(alt);
+      }
+
+      @Override
+      public List setCallback(java.lang.String callback) {
+        return (List) super.setCallback(callback);
+      }
+
+      @Override
+      public List setFields(java.lang.String fields) {
+        return (List) super.setFields(fields);
+      }
+
+      @Override
+      public List setKey(java.lang.String key) {
+        return (List) super.setKey(key);
+      }
+
+      @Override
+      public List setOauthToken(java.lang.String oauthToken) {
+        return (List) super.setOauthToken(oauthToken);
+      }
+
+      @Override
+      public List setPrettyPrint(java.lang.Boolean prettyPrint) {
+        return (List) super.setPrettyPrint(prettyPrint);
+      }
+
+      @Override
+      public List setQuotaUser(java.lang.String quotaUser) {
+        return (List) super.setQuotaUser(quotaUser);
+      }
+
+      @Override
+      public List setUploadType(java.lang.String uploadType) {
+        return (List) super.setUploadType(uploadType);
+      }
+
+      @Override
+      public List setUploadProtocol(java.lang.String uploadProtocol) {
+        return (List) super.setUploadProtocol(uploadProtocol);
+      }
+
+      /** The name of the operation's parent resource. */
+      @com.google.api.client.util.Key
+      private java.lang.String name;
+
+      /** The name of the operation's parent resource.
+       */
+      public java.lang.String getName() {
+        return name;
+      }
+
+      /** The name of the operation's parent resource. */
+      public List setName(java.lang.String name) {
+        if (!getSuppressPatternChecks()) {
+          com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+              "Parameter name must conform to the pattern " +
+              "^operations$");
+        }
+        this.name = name;
+        return this;
+      }
+
+      /** The standard list filter. */
+      @com.google.api.client.util.Key
+      private java.lang.String filter;
+
+      /** The standard list filter.
+       */
+      public java.lang.String getFilter() {
+        return filter;
+      }
+
+      /** The standard list filter. */
+      public List setFilter(java.lang.String filter) {
+        this.filter = filter;
+        return this;
+      }
+
+      /** The standard list page size. */
+      @com.google.api.client.util.Key
+      private java.lang.Integer pageSize;
+
+      /** The standard list page size.
+       */
+      public java.lang.Integer getPageSize() {
+        return pageSize;
+      }
+
+      /** The standard list page size. */
+      public List setPageSize(java.lang.Integer pageSize) {
+        this.pageSize = pageSize;
+        return this;
+      }
+
+      /** The standard list page token. */
+      @com.google.api.client.util.Key
+      private java.lang.String pageToken;
+
+      /** The standard list page token.
+       */
+      public java.lang.String getPageToken() {
+        return pageToken;
+      }
+
+      /** The standard list page token. */
+      public List setPageToken(java.lang.String pageToken) {
+        this.pageToken = pageToken;
+        return this;
+      }
+
+      @Override
+      public List set(String parameterName, Object value) {
+        return (List) super.set(parameterName, value);
+      }
+    }
+
+  }
+
+  /**
+   * Builder for {@link AccessContextManager}.
+   *
+   * <p>
+   * Implementation is not thread-safe.
+   * </p>
+   *
+   * @since 1.3.0
+   */
+  public static final class Builder extends com.google.api.client.googleapis.services.json.AbstractGoogleJsonClient.Builder {
+
+    /**
+     * Returns an instance of a new builder.
+     *
+     * @param transport HTTP transport, which should normally be:
+     *        <ul>
+     *        <li>Google App Engine:
+     *        {@code com.google.api.client.extensions.appengine.http.UrlFetchTransport}</li>
+     *        <li>Android: {@code newCompatibleTransport} from
+     *        {@code com.google.api.client.extensions.android.http.AndroidHttp}</li>
+     *        <li>Java: {@link com.google.api.client.googleapis.javanet.GoogleNetHttpTransport#newTrustedTransport()}
+     *        </li>
+     *        </ul>
+     * @param jsonFactory JSON factory, which may be:
+     *        <ul>
+     *        <li>Jackson: {@code com.google.api.client.json.jackson2.JacksonFactory}</li>
+     *        <li>Google GSON: {@code com.google.api.client.json.gson.GsonFactory}</li>
+     *        <li>Android Honeycomb or higher:
+     *        {@code com.google.api.client.extensions.android.json.AndroidJsonFactory}</li>
+     *        </ul>
+     * @param httpRequestInitializer HTTP request initializer or {@code null} for none
+     * @since 1.7
+     */
+    public Builder(com.google.api.client.http.HttpTransport transport, com.google.api.client.json.JsonFactory jsonFactory,
+        com.google.api.client.http.HttpRequestInitializer httpRequestInitializer) {
+      super(
+          transport,
+          jsonFactory,
+          DEFAULT_ROOT_URL,
+          DEFAULT_SERVICE_PATH,
+          httpRequestInitializer,
+          false);
+      setBatchPath(DEFAULT_BATCH_PATH);
+    }
+
+    /** Builds a new instance of {@link AccessContextManager}. */
+    @Override
+    public AccessContextManager build() {
+      return new AccessContextManager(this);
+    }
+
+    @Override
+    public Builder setRootUrl(String rootUrl) {
+      return (Builder) super.setRootUrl(rootUrl);
+    }
+
+    @Override
+    public Builder setServicePath(String servicePath) {
+      return (Builder) super.setServicePath(servicePath);
+    }
+
+    @Override
+    public Builder setBatchPath(String batchPath) {
+      return (Builder) super.setBatchPath(batchPath);
+    }
+
+    @Override
+    public Builder setHttpRequestInitializer(com.google.api.client.http.HttpRequestInitializer httpRequestInitializer) {
+      return (Builder) super.setHttpRequestInitializer(httpRequestInitializer);
+    }
+
+    @Override
+    public Builder setApplicationName(String applicationName) {
+      return (Builder) super.setApplicationName(applicationName);
+    }
+
+    @Override
+    public Builder setSuppressPatternChecks(boolean suppressPatternChecks) {
+      return (Builder) super.setSuppressPatternChecks(suppressPatternChecks);
+    }
+
+    @Override
+    public Builder setSuppressRequiredParameterChecks(boolean suppressRequiredParameterChecks) {
+      return (Builder) super.setSuppressRequiredParameterChecks(suppressRequiredParameterChecks);
+    }
+
+    @Override
+    public Builder setSuppressAllChecks(boolean suppressAllChecks) {
+      return (Builder) super.setSuppressAllChecks(suppressAllChecks);
+    }
+
+    /**
+     * Set the {@link AccessContextManagerRequestInitializer}.
+     *
+     * @since 1.12
+     */
+    public Builder setAccessContextManagerRequestInitializer(
+        AccessContextManagerRequestInitializer accesscontextmanagerRequestInitializer) {
+      return (Builder) super.setGoogleClientRequestInitializer(accesscontextmanagerRequestInitializer);
+    }
+
+    @Override
+    public Builder setGoogleClientRequestInitializer(
+        com.google.api.client.googleapis.services.GoogleClientRequestInitializer googleClientRequestInitializer) {
+      return (Builder) super.setGoogleClientRequestInitializer(googleClientRequestInitializer);
+    }
+  }
+}
diff --git a/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/AccessContextManagerRequest.java b/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/AccessContextManagerRequest.java
new file mode 100644
index 00000000000..bd9642ba468
--- /dev/null
+++ b/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/AccessContextManagerRequest.java
@@ -0,0 +1,267 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1;
+
+/**
+ * AccessContextManager request.
+ *
+ * @since 1.3
+ */
+@SuppressWarnings("javadoc")
+public abstract class AccessContextManagerRequest<T> extends com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest<T> {
+
+  /**
+   * @param client Google client
+   * @param method HTTP Method
+   * @param uriTemplate URI template for the path relative to the base URL. If it starts with a "/"
+   *        the base path from the base URL will be stripped out. The URI template can also be a
+   *        full URL. URI template expansion is done using
+   *        {@link com.google.api.client.http.UriTemplate#expand(String, String, Object, boolean)}
+   * @param content A POJO that can be serialized into JSON or {@code null} for none
+   * @param responseClass response class to parse into
+   */
+  public AccessContextManagerRequest(
+      AccessContextManager client, String method, String uriTemplate, Object content, Class<T> responseClass) {
+    super(
+        client,
+        method,
+        uriTemplate,
+        content,
+        responseClass);
+  }
+
+  /** V1 error format. */
+  @com.google.api.client.util.Key("$.xgafv")
+  private java.lang.String $Xgafv;
+
+  /**
+   * V1 error format.
+   */
+  public java.lang.String get$Xgafv() {
+    return $Xgafv;
+  }
+
+  /** V1 error format. */
+  public AccessContextManagerRequest<T> set$Xgafv(java.lang.String $Xgafv) {
+    this.$Xgafv = $Xgafv;
+    return this;
+  }
+
+  /** OAuth access token. */
+  @com.google.api.client.util.Key("access_token")
+  private java.lang.String accessToken;
+
+  /**
+   * OAuth access token.
+   */
+  public java.lang.String getAccessToken() {
+    return accessToken;
+  }
+
+  /** OAuth access token. */
+  public AccessContextManagerRequest<T> setAccessToken(java.lang.String accessToken) {
+    this.accessToken = accessToken;
+    return this;
+  }
+
+  /** Data format for response. */
+  @com.google.api.client.util.Key
+  private java.lang.String alt;
+
+  /**
+   * Data format for response. [default: json]
+   */
+  public java.lang.String getAlt() {
+    return alt;
+  }
+
+  /** Data format for response. */
+  public AccessContextManagerRequest<T> setAlt(java.lang.String alt) {
+    this.alt = alt;
+    return this;
+  }
+
+  /** JSONP */
+  @com.google.api.client.util.Key
+  private java.lang.String callback;
+
+  /**
+   * JSONP
+   */
+  public java.lang.String getCallback() {
+    return callback;
+  }
+
+  /** JSONP */
+  public AccessContextManagerRequest<T> setCallback(java.lang.String callback) {
+    this.callback = callback;
+    return this;
+  }
+
+  /** Selector specifying which fields to include in a partial response. */
+  @com.google.api.client.util.Key
+  private java.lang.String fields;
+
+  /**
+   * Selector specifying which fields to include in a partial response.
+   */
+  public java.lang.String getFields() {
+    return fields;
+  }
+
+  /** Selector specifying which fields to include in a partial response. */
+  public AccessContextManagerRequest<T> setFields(java.lang.String fields) {
+    this.fields = fields;
+    return this;
+  }
+
+  /**
+   * API key. Your API key identifies your project and provides you with API access, quota, and
+   * reports. Required unless you provide an OAuth 2.0 token.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String key;
+
+  /**
+   * API key. Your API key identifies your project and provides you with API access, quota, and
+   * reports. Required unless you provide an OAuth 2.0 token.
+   */
+  public java.lang.String getKey() {
+    return key;
+  }
+
+  /**
+   * API key. Your API key identifies your project and provides you with API access, quota, and
+   * reports. Required unless you provide an OAuth 2.0 token.
+   */
+  public AccessContextManagerRequest<T> setKey(java.lang.String key) {
+    this.key = key;
+    return this;
+  }
+
+  /** OAuth 2.0 token for the current user. */
+  @com.google.api.client.util.Key("oauth_token")
+  private java.lang.String oauthToken;
+
+  /**
+   * OAuth 2.0 token for the current user.
+   */
+  public java.lang.String getOauthToken() {
+    return oauthToken;
+  }
+
+  /** OAuth 2.0 token for the current user. */
+  public AccessContextManagerRequest<T> setOauthToken(java.lang.String oauthToken) {
+    this.oauthToken = oauthToken;
+    return this;
+  }
+
+  /** Returns response with indentations and line breaks. */
+  @com.google.api.client.util.Key
+  private java.lang.Boolean prettyPrint;
+
+  /**
+   * Returns response with indentations and line breaks. [default: true]
+   */
+  public java.lang.Boolean getPrettyPrint() {
+    return prettyPrint;
+  }
+
+  /** Returns response with indentations and line breaks. */
+  public AccessContextManagerRequest<T> setPrettyPrint(java.lang.Boolean prettyPrint) {
+    this.prettyPrint = prettyPrint;
+    return this;
+  }
+
+  /**
+   * Available to use for quota purposes for server-side applications. Can be any arbitrary string
+   * assigned to a user, but should not exceed 40 characters.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String quotaUser;
+
+  /**
+   * Available to use for quota purposes for server-side applications. Can be any arbitrary string
+   * assigned to a user, but should not exceed 40 characters.
+   */
+  public java.lang.String getQuotaUser() {
+    return quotaUser;
+  }
+
+  /**
+   * Available to use for quota purposes for server-side applications. Can be any arbitrary string
+   * assigned to a user, but should not exceed 40 characters.
+   */
+  public AccessContextManagerRequest<T> setQuotaUser(java.lang.String quotaUser) {
+    this.quotaUser = quotaUser;
+    return this;
+  }
+
+  /** Legacy upload protocol for media (e.g. "media", "multipart"). */
+  @com.google.api.client.util.Key
+  private java.lang.String uploadType;
+
+  /**
+   * Legacy upload protocol for media (e.g. "media", "multipart").
+   */
+  public java.lang.String getUploadType() {
+    return uploadType;
+  }
+
+  /** Legacy upload protocol for media (e.g. "media", "multipart"). */
+  public AccessContextManagerRequest<T> setUploadType(java.lang.String uploadType) {
+    this.uploadType = uploadType;
+    return this;
+  }
+
+  /** Upload protocol for media (e.g. "raw", "multipart"). */
+  @com.google.api.client.util.Key("upload_protocol")
+  private java.lang.String uploadProtocol;
+
+  /**
+   * Upload protocol for media (e.g. "raw", "multipart").
+   */
+  public java.lang.String getUploadProtocol() {
+    return uploadProtocol;
+  }
+
+  /** Upload protocol for media (e.g. "raw", "multipart"). */
+  public AccessContextManagerRequest<T> setUploadProtocol(java.lang.String uploadProtocol) {
+    this.uploadProtocol = uploadProtocol;
+    return this;
+  }
+
+  @Override
+  public final AccessContextManager getAbstractGoogleClient() {
+    return (AccessContextManager) super.getAbstractGoogleClient();
+  }
+
+  @Override
+  public AccessContextManagerRequest<T> setDisableGZipContent(boolean disableGZipContent) {
+    return (AccessContextManagerRequest<T>) super.setDisableGZipContent(disableGZipContent);
+  }
+
+  @Override
+  public AccessContextManagerRequest<T> setRequestHeaders(com.google.api.client.http.HttpHeaders headers) {
+    return (AccessContextManagerRequest<T>) super.setRequestHeaders(headers);
+  }
+
+  @Override
+  public AccessContextManagerRequest<T> set(String parameterName, Object value) {
+    return (AccessContextManagerRequest<T>) super.set(parameterName, value);
+  }
+}
diff --git a/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/AccessContextManagerRequestInitializer.java b/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/AccessContextManagerRequestInitializer.java
new file mode 100644
index 00000000000..72585d9e6e6
--- /dev/null
+++ b/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/AccessContextManagerRequestInitializer.java
@@ -0,0 +1,119 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1;
+
+/**
+ * AccessContextManager request initializer for setting properties like key and userIp.
+ *
+ * <p>
+ * The simplest usage is to use it to set the key parameter:
+ * </p>
+ *
+ * <pre>
+  public static final GoogleClientRequestInitializer KEY_INITIALIZER =
+      new AccessContextManagerRequestInitializer(KEY);
+ * </pre>
+ *
+ * <p>
+ * There is also a constructor to set both the key and userIp parameters:
+ * </p>
+ *
+ * <pre>
+  public static final GoogleClientRequestInitializer INITIALIZER =
+      new AccessContextManagerRequestInitializer(KEY, USER_IP);
+ * </pre>
+ *
+ * <p>
+ * If you want to implement custom logic, extend it like this:
+ * </p>
+ *
+ * <pre>
+  public static class MyRequestInitializer extends AccessContextManagerRequestInitializer {
+
+    {@literal @}Override
+    public void initializeAccessContextManagerRequest(AccessContextManagerRequest{@literal <}?{@literal >} request)
+        throws IOException {
+      // custom logic
+    }
+  }
+ * </pre>
+ *
+ * <p>
+ * Finally, to set the key and userIp parameters and insert custom logic, extend it like this:
+ * </p>
+ *
+ * <pre>
+  public static class MyRequestInitializer2 extends AccessContextManagerRequestInitializer {
+
+    public MyKeyRequestInitializer() {
+      super(KEY, USER_IP);
+    }
+
+    {@literal @}Override
+    public void initializeAccessContextManagerRequest(AccessContextManagerRequest{@literal <}?{@literal >} request)
+        throws IOException {
+      // custom logic
+    }
+  }
+ * </pre>
+ *
+ * <p>
+ * Subclasses should be thread-safe.
+ * </p>
+ *
+ * @since 1.12
+ */
+public class AccessContextManagerRequestInitializer extends com.google.api.client.googleapis.services.json.CommonGoogleJsonClientRequestInitializer {
+
+  public AccessContextManagerRequestInitializer() {
+    super();
+  }
+
+  /**
+   * @param key API key or {@code null} to leave it unchanged
+   */
+  public AccessContextManagerRequestInitializer(String key) {
+    super(key);
+  }
+
+  /**
+   * @param key API key or {@code null} to leave it unchanged
+   * @param userIp user IP or {@code null} to leave it unchanged
+   */
+  public AccessContextManagerRequestInitializer(String key, String userIp) {
+    super(key, userIp);
+  }
+
+  @Override
+  public final void initializeJsonRequest(com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest<?> request) throws java.io.IOException {
+    super.initializeJsonRequest(request);
+    initializeAccessContextManagerRequest((AccessContextManagerRequest<?>) request);
+  }
+
+  /**
+   * Initializes AccessContextManager request.
+   *
+   * <p>
+   * Default implementation does nothing. Called from
+   * {@link #initializeJsonRequest(com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest)}.
+   * </p>
+   *
+   * @throws java.io.IOException I/O exception
+   */
+  protected void initializeAccessContextManagerRequest(AccessContextManagerRequest<?> request) throws java.io.IOException {
+  }
+}
diff --git a/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/AccessContextManagerScopes.java b/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/AccessContextManagerScopes.java
new file mode 100644
index 00000000000..a24cc91248f
--- /dev/null
+++ b/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/AccessContextManagerScopes.java
@@ -0,0 +1,42 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1;
+
+/**
+ * Available OAuth 2.0 scopes for use with the Access Context Manager API.
+ *
+ * @since 1.4
+ */
+public class AccessContextManagerScopes {
+
+  /** View and manage your data across Google Cloud Platform services. */
+  public static final String CLOUD_PLATFORM = "https://www.googleapis.com/auth/cloud-platform";
+
+  /**
+   * Returns an unmodifiable set that contains all scopes declared by this class.
+   *
+   * @since 1.16
+   */
+  public static java.util.Set<String> all() {
+    java.util.Set<String> set = new java.util.HashSet<String>();
+    set.add(CLOUD_PLATFORM);
+    return java.util.Collections.unmodifiableSet(set);
+  }
+
+  private AccessContextManagerScopes() {
+  }
+}
diff --git a/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/AccessLevel.java b/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/AccessLevel.java
new file mode 100644
index 00000000000..e114803aaef
--- /dev/null
+++ b/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/AccessLevel.java
@@ -0,0 +1,194 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * An `AccessLevel` is a label that can be applied to requests to GCP services, along with a list of
+ * requirements necessary for the label to be applied.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class AccessLevel extends com.google.api.client.json.GenericJson {
+
+  /**
+   * A `BasicLevel` composed of `Conditions`.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private BasicLevel basic;
+
+  /**
+   * Output only. Time the `AccessLevel` was created in UTC.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private String createTime;
+
+  /**
+   * Description of the `AccessLevel` and its use. Does not affect behavior.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String description;
+
+  /**
+   * Required. Resource name for the Access Level. The `short_name` component must begin with a
+   * letter and only include alphanumeric and '_'. Format:
+   * `accessPolicies/{policy_id}/accessLevels/{short_name}`
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String name;
+
+  /**
+   * Human readable title. Must be unique within the Policy.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String title;
+
+  /**
+   * Output only. Time the `AccessLevel` was updated in UTC.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private String updateTime;
+
+  /**
+   * A `BasicLevel` composed of `Conditions`.
+   * @return value or {@code null} for none
+   */
+  public BasicLevel getBasic() {
+    return basic;
+  }
+
+  /**
+   * A `BasicLevel` composed of `Conditions`.
+   * @param basic basic or {@code null} for none
+   */
+  public AccessLevel setBasic(BasicLevel basic) {
+    this.basic = basic;
+    return this;
+  }
+
+  /**
+   * Output only. Time the `AccessLevel` was created in UTC.
+   * @return value or {@code null} for none
+   */
+  public String getCreateTime() {
+    return createTime;
+  }
+
+  /**
+   * Output only. Time the `AccessLevel` was created in UTC.
+   * @param createTime createTime or {@code null} for none
+   */
+  public AccessLevel setCreateTime(String createTime) {
+    this.createTime = createTime;
+    return this;
+  }
+
+  /**
+   * Description of the `AccessLevel` and its use. Does not affect behavior.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getDescription() {
+    return description;
+  }
+
+  /**
+   * Description of the `AccessLevel` and its use. Does not affect behavior.
+   * @param description description or {@code null} for none
+   */
+  public AccessLevel setDescription(java.lang.String description) {
+    this.description = description;
+    return this;
+  }
+
+  /**
+   * Required. Resource name for the Access Level. The `short_name` component must begin with a
+   * letter and only include alphanumeric and '_'. Format:
+   * `accessPolicies/{policy_id}/accessLevels/{short_name}`
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getName() {
+    return name;
+  }
+
+  /**
+   * Required. Resource name for the Access Level. The `short_name` component must begin with a
+   * letter and only include alphanumeric and '_'. Format:
+   * `accessPolicies/{policy_id}/accessLevels/{short_name}`
+   * @param name name or {@code null} for none
+   */
+  public AccessLevel setName(java.lang.String name) {
+    this.name = name;
+    return this;
+  }
+
+  /**
+   * Human readable title. Must be unique within the Policy.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getTitle() {
+    return title;
+  }
+
+  /**
+   * Human readable title. Must be unique within the Policy.
+   * @param title title or {@code null} for none
+   */
+  public AccessLevel setTitle(java.lang.String title) {
+    this.title = title;
+    return this;
+  }
+
+  /**
+   * Output only. Time the `AccessLevel` was updated in UTC.
+   * @return value or {@code null} for none
+   */
+  public String getUpdateTime() {
+    return updateTime;
+  }
+
+  /**
+   * Output only. Time the `AccessLevel` was updated in UTC.
+   * @param updateTime updateTime or {@code null} for none
+   */
+  public AccessLevel setUpdateTime(String updateTime) {
+    this.updateTime = updateTime;
+    return this;
+  }
+
+  @Override
+  public AccessLevel set(String fieldName, Object value) {
+    return (AccessLevel) super.set(fieldName, value);
+  }
+
+  @Override
+  public AccessLevel clone() {
+    return (AccessLevel) super.clone();
+  }
+
+}
diff --git a/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/AccessPolicy.java b/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/AccessPolicy.java
new file mode 100644
index 00000000000..6efa50a0759
--- /dev/null
+++ b/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/AccessPolicy.java
@@ -0,0 +1,169 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * `AccessPolicy` is a container for `AccessLevels` (which define the necessary attributes to use
+ * GCP services) and `ServicePerimeters` (which define regions of services able to freely pass data
+ * within a perimeter). An access policy is globally visible within an organization, and the
+ * restrictions it specifies apply to all projects within an organization.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class AccessPolicy extends com.google.api.client.json.GenericJson {
+
+  /**
+   * Output only. Time the `AccessPolicy` was created in UTC.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private String createTime;
+
+  /**
+   * Output only. Resource name of the `AccessPolicy`. Format: `accessPolicies/{policy_id}`
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String name;
+
+  /**
+   * Required. The parent of this `AccessPolicy` in the Cloud Resource Hierarchy. Currently
+   * immutable once created. Format: `organizations/{organization_id}`
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String parent;
+
+  /**
+   * Required. Human readable title. Does not affect behavior.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String title;
+
+  /**
+   * Output only. Time the `AccessPolicy` was updated in UTC.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private String updateTime;
+
+  /**
+   * Output only. Time the `AccessPolicy` was created in UTC.
+   * @return value or {@code null} for none
+   */
+  public String getCreateTime() {
+    return createTime;
+  }
+
+  /**
+   * Output only. Time the `AccessPolicy` was created in UTC.
+   * @param createTime createTime or {@code null} for none
+   */
+  public AccessPolicy setCreateTime(String createTime) {
+    this.createTime = createTime;
+    return this;
+  }
+
+  /**
+   * Output only. Resource name of the `AccessPolicy`. Format: `accessPolicies/{policy_id}`
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getName() {
+    return name;
+  }
+
+  /**
+   * Output only. Resource name of the `AccessPolicy`. Format: `accessPolicies/{policy_id}`
+   * @param name name or {@code null} for none
+   */
+  public AccessPolicy setName(java.lang.String name) {
+    this.name = name;
+    return this;
+  }
+
+  /**
+   * Required. The parent of this `AccessPolicy` in the Cloud Resource Hierarchy. Currently
+   * immutable once created. Format: `organizations/{organization_id}`
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getParent() {
+    return parent;
+  }
+
+  /**
+   * Required. The parent of this `AccessPolicy` in the Cloud Resource Hierarchy. Currently
+   * immutable once created. Format: `organizations/{organization_id}`
+   * @param parent parent or {@code null} for none
+   */
+  public AccessPolicy setParent(java.lang.String parent) {
+    this.parent = parent;
+    return this;
+  }
+
+  /**
+   * Required. Human readable title. Does not affect behavior.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getTitle() {
+    return title;
+  }
+
+  /**
+   * Required. Human readable title. Does not affect behavior.
+   * @param title title or {@code null} for none
+   */
+  public AccessPolicy setTitle(java.lang.String title) {
+    this.title = title;
+    return this;
+  }
+
+  /**
+   * Output only. Time the `AccessPolicy` was updated in UTC.
+   * @return value or {@code null} for none
+   */
+  public String getUpdateTime() {
+    return updateTime;
+  }
+
+  /**
+   * Output only. Time the `AccessPolicy` was updated in UTC.
+   * @param updateTime updateTime or {@code null} for none
+   */
+  public AccessPolicy setUpdateTime(String updateTime) {
+    this.updateTime = updateTime;
+    return this;
+  }
+
+  @Override
+  public AccessPolicy set(String fieldName, Object value) {
+    return (AccessPolicy) super.set(fieldName, value);
+  }
+
+  @Override
+  public AccessPolicy clone() {
+    return (AccessPolicy) super.clone();
+  }
+
+}
diff --git a/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/BasicLevel.java b/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/BasicLevel.java
new file mode 100644
index 00000000000..061db767856
--- /dev/null
+++ b/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/BasicLevel.java
@@ -0,0 +1,100 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * `BasicLevel` is an `AccessLevel` using a set of recommended features.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class BasicLevel extends com.google.api.client.json.GenericJson {
+
+  /**
+   * How the `conditions` list should be combined to determine if a request is granted this
+   * `AccessLevel`. If AND is used, each `Condition` in `conditions` must be satisfied for the
+   * `AccessLevel` to be applied. If OR is used, at least one `Condition` in `conditions` must be
+   * satisfied for the `AccessLevel` to be applied. Default behavior is AND.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String combiningFunction;
+
+  /**
+   * Required. A list of requirements for the `AccessLevel` to be granted.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<Condition> conditions;
+
+  /**
+   * How the `conditions` list should be combined to determine if a request is granted this
+   * `AccessLevel`. If AND is used, each `Condition` in `conditions` must be satisfied for the
+   * `AccessLevel` to be applied. If OR is used, at least one `Condition` in `conditions` must be
+   * satisfied for the `AccessLevel` to be applied. Default behavior is AND.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getCombiningFunction() {
+    return combiningFunction;
+  }
+
+  /**
+   * How the `conditions` list should be combined to determine if a request is granted this
+   * `AccessLevel`. If AND is used, each `Condition` in `conditions` must be satisfied for the
+   * `AccessLevel` to be applied. If OR is used, at least one `Condition` in `conditions` must be
+   * satisfied for the `AccessLevel` to be applied. Default behavior is AND.
+   * @param combiningFunction combiningFunction or {@code null} for none
+   */
+  public BasicLevel setCombiningFunction(java.lang.String combiningFunction) {
+    this.combiningFunction = combiningFunction;
+    return this;
+  }
+
+  /**
+   * Required. A list of requirements for the `AccessLevel` to be granted.
+   * @return value or {@code null} for none
+   */
+  public java.util.List<Condition> getConditions() {
+    return conditions;
+  }
+
+  /**
+   * Required. A list of requirements for the `AccessLevel` to be granted.
+   * @param conditions conditions or {@code null} for none
+   */
+  public BasicLevel setConditions(java.util.List<Condition> conditions) {
+    this.conditions = conditions;
+    return this;
+  }
+
+  @Override
+  public BasicLevel set(String fieldName, Object value) {
+    return (BasicLevel) super.set(fieldName, value);
+  }
+
+  @Override
+  public BasicLevel clone() {
+    return (BasicLevel) super.clone();
+  }
+
+}
diff --git a/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/CancelOperationRequest.java b/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/CancelOperationRequest.java
new file mode 100644
index 00000000000..8c5f4c2a21d
--- /dev/null
+++ b/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/CancelOperationRequest.java
@@ -0,0 +1,43 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * The request message for Operations.CancelOperation.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class CancelOperationRequest extends com.google.api.client.json.GenericJson {
+
+  @Override
+  public CancelOperationRequest set(String fieldName, Object value) {
+    return (CancelOperationRequest) super.set(fieldName, value);
+  }
+
+  @Override
+  public CancelOperationRequest clone() {
+    return (CancelOperationRequest) super.clone();
+  }
+
+}
diff --git a/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/Condition.java b/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/Condition.java
new file mode 100644
index 00000000000..dcca9056144
--- /dev/null
+++ b/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/Condition.java
@@ -0,0 +1,202 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * A condition necessary for an `AccessLevel` to be granted. The Condition is an AND over its
+ * fields. So a Condition is true if: 1) the request IP is from one of the listed subnetworks AND 2)
+ * the originating device complies with the listed device policy AND 3) all listed access levels are
+ * granted AND 4) the request was sent at a time allowed by the DateTimeRestriction.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class Condition extends com.google.api.client.json.GenericJson {
+
+  /**
+   * Device specific restrictions, all restrictions must hold for the Condition to be true. If not
+   * specified, all devices are allowed.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private DevicePolicy devicePolicy;
+
+  /**
+   * CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address
+   * block, the specified IP address portion must be properly truncated (i.e. all the host bits must
+   * be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but
+   * "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas
+   * "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets
+   * in order for this Condition to be true. If empty, all IP addresses are allowed.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<java.lang.String> ipSubnetworks;
+
+  /**
+   * The request must be made by one of the provided user or service accounts. Groups are not
+   * supported. Syntax: `user:{emailid}` `serviceAccount:{emailid}` If not specified, a request may
+   * come from any user.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<java.lang.String> members;
+
+  /**
+   * Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty
+   * fields, each field must be false for the Condition overall to be satisfied. Defaults to false.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.Boolean negate;
+
+  /**
+   * A list of other access levels defined in the same `Policy`, referenced by resource name.
+   * Referencing an `AccessLevel` which does not exist is an error. All access levels listed must be
+   * granted for the Condition to be true. Example:
+   * "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<java.lang.String> requiredAccessLevels;
+
+  /**
+   * Device specific restrictions, all restrictions must hold for the Condition to be true. If not
+   * specified, all devices are allowed.
+   * @return value or {@code null} for none
+   */
+  public DevicePolicy getDevicePolicy() {
+    return devicePolicy;
+  }
+
+  /**
+   * Device specific restrictions, all restrictions must hold for the Condition to be true. If not
+   * specified, all devices are allowed.
+   * @param devicePolicy devicePolicy or {@code null} for none
+   */
+  public Condition setDevicePolicy(DevicePolicy devicePolicy) {
+    this.devicePolicy = devicePolicy;
+    return this;
+  }
+
+  /**
+   * CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address
+   * block, the specified IP address portion must be properly truncated (i.e. all the host bits must
+   * be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but
+   * "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas
+   * "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets
+   * in order for this Condition to be true. If empty, all IP addresses are allowed.
+   * @return value or {@code null} for none
+   */
+  public java.util.List<java.lang.String> getIpSubnetworks() {
+    return ipSubnetworks;
+  }
+
+  /**
+   * CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address
+   * block, the specified IP address portion must be properly truncated (i.e. all the host bits must
+   * be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but
+   * "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas
+   * "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets
+   * in order for this Condition to be true. If empty, all IP addresses are allowed.
+   * @param ipSubnetworks ipSubnetworks or {@code null} for none
+   */
+  public Condition setIpSubnetworks(java.util.List<java.lang.String> ipSubnetworks) {
+    this.ipSubnetworks = ipSubnetworks;
+    return this;
+  }
+
+  /**
+   * The request must be made by one of the provided user or service accounts. Groups are not
+   * supported. Syntax: `user:{emailid}` `serviceAccount:{emailid}` If not specified, a request may
+   * come from any user.
+   * @return value or {@code null} for none
+   */
+  public java.util.List<java.lang.String> getMembers() {
+    return members;
+  }
+
+  /**
+   * The request must be made by one of the provided user or service accounts. Groups are not
+   * supported. Syntax: `user:{emailid}` `serviceAccount:{emailid}` If not specified, a request may
+   * come from any user.
+   * @param members members or {@code null} for none
+   */
+  public Condition setMembers(java.util.List<java.lang.String> members) {
+    this.members = members;
+    return this;
+  }
+
+  /**
+   * Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty
+   * fields, each field must be false for the Condition overall to be satisfied. Defaults to false.
+   * @return value or {@code null} for none
+   */
+  public java.lang.Boolean getNegate() {
+    return negate;
+  }
+
+  /**
+   * Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty
+   * fields, each field must be false for the Condition overall to be satisfied. Defaults to false.
+   * @param negate negate or {@code null} for none
+   */
+  public Condition setNegate(java.lang.Boolean negate) {
+    this.negate = negate;
+    return this;
+  }
+
+  /**
+   * A list of other access levels defined in the same `Policy`, referenced by resource name.
+   * Referencing an `AccessLevel` which does not exist is an error. All access levels listed must be
+   * granted for the Condition to be true. Example:
+   * "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`
+   * @return value or {@code null} for none
+   */
+  public java.util.List<java.lang.String> getRequiredAccessLevels() {
+    return requiredAccessLevels;
+  }
+
+  /**
+   * A list of other access levels defined in the same `Policy`, referenced by resource name.
+   * Referencing an `AccessLevel` which does not exist is an error. All access levels listed must be
+   * granted for the Condition to be true. Example:
+   * "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`
+   * @param requiredAccessLevels requiredAccessLevels or {@code null} for none
+   */
+  public Condition setRequiredAccessLevels(java.util.List<java.lang.String> requiredAccessLevels) {
+    this.requiredAccessLevels = requiredAccessLevels;
+    return this;
+  }
+
+  @Override
+  public Condition set(String fieldName, Object value) {
+    return (Condition) super.set(fieldName, value);
+  }
+
+  @Override
+  public Condition clone() {
+    return (Condition) super.clone();
+  }
+
+}
diff --git a/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/DevicePolicy.java b/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/DevicePolicy.java
new file mode 100644
index 00000000000..b1dc97483f0
--- /dev/null
+++ b/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/DevicePolicy.java
@@ -0,0 +1,145 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * `DevicePolicy` specifies device specific restrictions necessary to acquire a given access level.
+ * A `DevicePolicy` specifies requirements for requests from devices to be granted access levels, it
+ * does not do any enforcement on the device. `DevicePolicy` acts as an AND over all specified
+ * fields, and each repeated field is an OR over its elements. Any unset fields are ignored. For
+ * example, if the proto is { os_type : DESKTOP_WINDOWS, os_type : DESKTOP_LINUX, encryption_status:
+ * ENCRYPTED}, then the DevicePolicy will be true for requests originating from encrypted Linux
+ * desktops and encrypted Windows desktops.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class DevicePolicy extends com.google.api.client.json.GenericJson {
+
+  /**
+   * Allowed device management levels, an empty list allows all management levels.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<java.lang.String> allowedDeviceManagementLevels;
+
+  /**
+   * Allowed encryptions statuses, an empty list allows all statuses.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<java.lang.String> allowedEncryptionStatuses;
+
+  /**
+   * Allowed OS versions, an empty list allows all types and all versions.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<OsConstraint> osConstraints;
+
+  /**
+   * Whether or not screenlock is required for the DevicePolicy to be true. Defaults to `false`.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.Boolean requireScreenlock;
+
+  /**
+   * Allowed device management levels, an empty list allows all management levels.
+   * @return value or {@code null} for none
+   */
+  public java.util.List<java.lang.String> getAllowedDeviceManagementLevels() {
+    return allowedDeviceManagementLevels;
+  }
+
+  /**
+   * Allowed device management levels, an empty list allows all management levels.
+   * @param allowedDeviceManagementLevels allowedDeviceManagementLevels or {@code null} for none
+   */
+  public DevicePolicy setAllowedDeviceManagementLevels(java.util.List<java.lang.String> allowedDeviceManagementLevels) {
+    this.allowedDeviceManagementLevels = allowedDeviceManagementLevels;
+    return this;
+  }
+
+  /**
+   * Allowed encryptions statuses, an empty list allows all statuses.
+   * @return value or {@code null} for none
+   */
+  public java.util.List<java.lang.String> getAllowedEncryptionStatuses() {
+    return allowedEncryptionStatuses;
+  }
+
+  /**
+   * Allowed encryptions statuses, an empty list allows all statuses.
+   * @param allowedEncryptionStatuses allowedEncryptionStatuses or {@code null} for none
+   */
+  public DevicePolicy setAllowedEncryptionStatuses(java.util.List<java.lang.String> allowedEncryptionStatuses) {
+    this.allowedEncryptionStatuses = allowedEncryptionStatuses;
+    return this;
+  }
+
+  /**
+   * Allowed OS versions, an empty list allows all types and all versions.
+   * @return value or {@code null} for none
+   */
+  public java.util.List<OsConstraint> getOsConstraints() {
+    return osConstraints;
+  }
+
+  /**
+   * Allowed OS versions, an empty list allows all types and all versions.
+   * @param osConstraints osConstraints or {@code null} for none
+   */
+  public DevicePolicy setOsConstraints(java.util.List<OsConstraint> osConstraints) {
+    this.osConstraints = osConstraints;
+    return this;
+  }
+
+  /**
+   * Whether or not screenlock is required for the DevicePolicy to be true. Defaults to `false`.
+   * @return value or {@code null} for none
+   */
+  public java.lang.Boolean getRequireScreenlock() {
+    return requireScreenlock;
+  }
+
+  /**
+   * Whether or not screenlock is required for the DevicePolicy to be true. Defaults to `false`.
+   * @param requireScreenlock requireScreenlock or {@code null} for none
+   */
+  public DevicePolicy setRequireScreenlock(java.lang.Boolean requireScreenlock) {
+    this.requireScreenlock = requireScreenlock;
+    return this;
+  }
+
+  @Override
+  public DevicePolicy set(String fieldName, Object value) {
+    return (DevicePolicy) super.set(fieldName, value);
+  }
+
+  @Override
+  public DevicePolicy clone() {
+    return (DevicePolicy) super.clone();
+  }
+
+}
diff --git a/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/Empty.java b/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/Empty.java
new file mode 100644
index 00000000000..06e257a53ec
--- /dev/null
+++ b/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/Empty.java
@@ -0,0 +1,49 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * A generic empty message that you can re-use to avoid defining duplicated empty messages in your
+ * APIs. A typical example is to use it as the request or the response type of an API method. For
+ * instance:
+ *
+ *     service Foo {       rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);     }
+ *
+ * The JSON representation for `Empty` is empty JSON object `{}`.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class Empty extends com.google.api.client.json.GenericJson {
+
+  @Override
+  public Empty set(String fieldName, Object value) {
+    return (Empty) super.set(fieldName, value);
+  }
+
+  @Override
+  public Empty clone() {
+    return (Empty) super.clone();
+  }
+
+}
diff --git a/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ListAccessLevelsResponse.java b/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ListAccessLevelsResponse.java
new file mode 100644
index 00000000000..2d1a52a0e16
--- /dev/null
+++ b/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ListAccessLevelsResponse.java
@@ -0,0 +1,100 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * A response to `ListAccessLevelsRequest`.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class ListAccessLevelsResponse extends com.google.api.client.json.GenericJson {
+
+  /**
+   * List of the Access Level instances.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<AccessLevel> accessLevels;
+
+  static {
+    // hack to force ProGuard to consider AccessLevel used, since otherwise it would be stripped out
+    // see https://github.com/google/google-api-java-client/issues/543
+    com.google.api.client.util.Data.nullOf(AccessLevel.class);
+  }
+
+  /**
+   * The pagination token to retrieve the next page of results. If the value is empty, no further
+   * results remain.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String nextPageToken;
+
+  /**
+   * List of the Access Level instances.
+   * @return value or {@code null} for none
+   */
+  public java.util.List<AccessLevel> getAccessLevels() {
+    return accessLevels;
+  }
+
+  /**
+   * List of the Access Level instances.
+   * @param accessLevels accessLevels or {@code null} for none
+   */
+  public ListAccessLevelsResponse setAccessLevels(java.util.List<AccessLevel> accessLevels) {
+    this.accessLevels = accessLevels;
+    return this;
+  }
+
+  /**
+   * The pagination token to retrieve the next page of results. If the value is empty, no further
+   * results remain.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getNextPageToken() {
+    return nextPageToken;
+  }
+
+  /**
+   * The pagination token to retrieve the next page of results. If the value is empty, no further
+   * results remain.
+   * @param nextPageToken nextPageToken or {@code null} for none
+   */
+  public ListAccessLevelsResponse setNextPageToken(java.lang.String nextPageToken) {
+    this.nextPageToken = nextPageToken;
+    return this;
+  }
+
+  @Override
+  public ListAccessLevelsResponse set(String fieldName, Object value) {
+    return (ListAccessLevelsResponse) super.set(fieldName, value);
+  }
+
+  @Override
+  public ListAccessLevelsResponse clone() {
+    return (ListAccessLevelsResponse) super.clone();
+  }
+
+}
diff --git a/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ListAccessPoliciesResponse.java b/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ListAccessPoliciesResponse.java
new file mode 100644
index 00000000000..ef181c0d354
--- /dev/null
+++ b/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ListAccessPoliciesResponse.java
@@ -0,0 +1,100 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * A response to `ListAccessPoliciesRequest`.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class ListAccessPoliciesResponse extends com.google.api.client.json.GenericJson {
+
+  /**
+   * List of the AccessPolicy instances.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<AccessPolicy> accessPolicies;
+
+  static {
+    // hack to force ProGuard to consider AccessPolicy used, since otherwise it would be stripped out
+    // see https://github.com/google/google-api-java-client/issues/543
+    com.google.api.client.util.Data.nullOf(AccessPolicy.class);
+  }
+
+  /**
+   * The pagination token to retrieve the next page of results. If the value is empty, no further
+   * results remain.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String nextPageToken;
+
+  /**
+   * List of the AccessPolicy instances.
+   * @return value or {@code null} for none
+   */
+  public java.util.List<AccessPolicy> getAccessPolicies() {
+    return accessPolicies;
+  }
+
+  /**
+   * List of the AccessPolicy instances.
+   * @param accessPolicies accessPolicies or {@code null} for none
+   */
+  public ListAccessPoliciesResponse setAccessPolicies(java.util.List<AccessPolicy> accessPolicies) {
+    this.accessPolicies = accessPolicies;
+    return this;
+  }
+
+  /**
+   * The pagination token to retrieve the next page of results. If the value is empty, no further
+   * results remain.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getNextPageToken() {
+    return nextPageToken;
+  }
+
+  /**
+   * The pagination token to retrieve the next page of results. If the value is empty, no further
+   * results remain.
+   * @param nextPageToken nextPageToken or {@code null} for none
+   */
+  public ListAccessPoliciesResponse setNextPageToken(java.lang.String nextPageToken) {
+    this.nextPageToken = nextPageToken;
+    return this;
+  }
+
+  @Override
+  public ListAccessPoliciesResponse set(String fieldName, Object value) {
+    return (ListAccessPoliciesResponse) super.set(fieldName, value);
+  }
+
+  @Override
+  public ListAccessPoliciesResponse clone() {
+    return (ListAccessPoliciesResponse) super.clone();
+  }
+
+}
diff --git a/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ListOperationsResponse.java b/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ListOperationsResponse.java
new file mode 100644
index 00000000000..c7d23609cff
--- /dev/null
+++ b/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ListOperationsResponse.java
@@ -0,0 +1,91 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * The response message for Operations.ListOperations.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class ListOperationsResponse extends com.google.api.client.json.GenericJson {
+
+  /**
+   * The standard List next-page token.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String nextPageToken;
+
+  /**
+   * A list of operations that matches the specified filter in the request.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<Operation> operations;
+
+  /**
+   * The standard List next-page token.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getNextPageToken() {
+    return nextPageToken;
+  }
+
+  /**
+   * The standard List next-page token.
+   * @param nextPageToken nextPageToken or {@code null} for none
+   */
+  public ListOperationsResponse setNextPageToken(java.lang.String nextPageToken) {
+    this.nextPageToken = nextPageToken;
+    return this;
+  }
+
+  /**
+   * A list of operations that matches the specified filter in the request.
+   * @return value or {@code null} for none
+   */
+  public java.util.List<Operation> getOperations() {
+    return operations;
+  }
+
+  /**
+   * A list of operations that matches the specified filter in the request.
+   * @param operations operations or {@code null} for none
+   */
+  public ListOperationsResponse setOperations(java.util.List<Operation> operations) {
+    this.operations = operations;
+    return this;
+  }
+
+  @Override
+  public ListOperationsResponse set(String fieldName, Object value) {
+    return (ListOperationsResponse) super.set(fieldName, value);
+  }
+
+  @Override
+  public ListOperationsResponse clone() {
+    return (ListOperationsResponse) super.clone();
+  }
+
+}
diff --git a/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ListServicePerimetersResponse.java b/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ListServicePerimetersResponse.java
new file mode 100644
index 00000000000..9071e1ef6b6
--- /dev/null
+++ b/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ListServicePerimetersResponse.java
@@ -0,0 +1,94 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * A response to `ListServicePerimetersRequest`.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class ListServicePerimetersResponse extends com.google.api.client.json.GenericJson {
+
+  /**
+   * The pagination token to retrieve the next page of results. If the value is empty, no further
+   * results remain.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String nextPageToken;
+
+  /**
+   * List of the Service Perimeter instances.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<ServicePerimeter> servicePerimeters;
+
+  /**
+   * The pagination token to retrieve the next page of results. If the value is empty, no further
+   * results remain.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getNextPageToken() {
+    return nextPageToken;
+  }
+
+  /**
+   * The pagination token to retrieve the next page of results. If the value is empty, no further
+   * results remain.
+   * @param nextPageToken nextPageToken or {@code null} for none
+   */
+  public ListServicePerimetersResponse setNextPageToken(java.lang.String nextPageToken) {
+    this.nextPageToken = nextPageToken;
+    return this;
+  }
+
+  /**
+   * List of the Service Perimeter instances.
+   * @return value or {@code null} for none
+   */
+  public java.util.List<ServicePerimeter> getServicePerimeters() {
+    return servicePerimeters;
+  }
+
+  /**
+   * List of the Service Perimeter instances.
+   * @param servicePerimeters servicePerimeters or {@code null} for none
+   */
+  public ListServicePerimetersResponse setServicePerimeters(java.util.List<ServicePerimeter> servicePerimeters) {
+    this.servicePerimeters = servicePerimeters;
+    return this;
+  }
+
+  @Override
+  public ListServicePerimetersResponse set(String fieldName, Object value) {
+    return (ListServicePerimetersResponse) super.set(fieldName, value);
+  }
+
+  @Override
+  public ListServicePerimetersResponse clone() {
+    return (ListServicePerimetersResponse) super.clone();
+  }
+
+}
diff --git a/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/Operation.java b/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/Operation.java
new file mode 100644
index 00000000000..7dc4533df21
--- /dev/null
+++ b/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/Operation.java
@@ -0,0 +1,196 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * This resource represents a long-running operation that is the result of a network API call.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class Operation extends com.google.api.client.json.GenericJson {
+
+  /**
+   * If the value is `false`, it means the operation is still in progress. If `true`, the operation
+   * is completed, and either `error` or `response` is available.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.Boolean done;
+
+  /**
+   * The error result of the operation in case of failure or cancellation.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private Status error;
+
+  /**
+   * Service-specific metadata associated with the operation.  It typically contains progress
+   * information and common metadata such as create time. Some services might not provide such
+   * metadata.  Any method that returns a long-running operation should document the metadata type,
+   * if any.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.Map<String, java.lang.Object> metadata;
+
+  /**
+   * The server-assigned name, which is only unique within the same service that originally returns
+   * it. If you use the default HTTP mapping, the `name` should have the format of
+   * `operations/some/unique/name`.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String name;
+
+  /**
+   * The normal response of the operation in case of success.  If the original method returns no
+   * data on success, such as `Delete`, the response is `google.protobuf.Empty`.  If the original
+   * method is standard `Get`/`Create`/`Update`, the response should be the resource.  For other
+   * methods, the response should have the type `XxxResponse`, where `Xxx` is the original method
+   * name.  For example, if the original method name is `TakeSnapshot()`, the inferred response type
+   * is `TakeSnapshotResponse`.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.Map<String, java.lang.Object> response;
+
+  /**
+   * If the value is `false`, it means the operation is still in progress. If `true`, the operation
+   * is completed, and either `error` or `response` is available.
+   * @return value or {@code null} for none
+   */
+  public java.lang.Boolean getDone() {
+    return done;
+  }
+
+  /**
+   * If the value is `false`, it means the operation is still in progress. If `true`, the operation
+   * is completed, and either `error` or `response` is available.
+   * @param done done or {@code null} for none
+   */
+  public Operation setDone(java.lang.Boolean done) {
+    this.done = done;
+    return this;
+  }
+
+  /**
+   * The error result of the operation in case of failure or cancellation.
+   * @return value or {@code null} for none
+   */
+  public Status getError() {
+    return error;
+  }
+
+  /**
+   * The error result of the operation in case of failure or cancellation.
+   * @param error error or {@code null} for none
+   */
+  public Operation setError(Status error) {
+    this.error = error;
+    return this;
+  }
+
+  /**
+   * Service-specific metadata associated with the operation.  It typically contains progress
+   * information and common metadata such as create time. Some services might not provide such
+   * metadata.  Any method that returns a long-running operation should document the metadata type,
+   * if any.
+   * @return value or {@code null} for none
+   */
+  public java.util.Map<String, java.lang.Object> getMetadata() {
+    return metadata;
+  }
+
+  /**
+   * Service-specific metadata associated with the operation.  It typically contains progress
+   * information and common metadata such as create time. Some services might not provide such
+   * metadata.  Any method that returns a long-running operation should document the metadata type,
+   * if any.
+   * @param metadata metadata or {@code null} for none
+   */
+  public Operation setMetadata(java.util.Map<String, java.lang.Object> metadata) {
+    this.metadata = metadata;
+    return this;
+  }
+
+  /**
+   * The server-assigned name, which is only unique within the same service that originally returns
+   * it. If you use the default HTTP mapping, the `name` should have the format of
+   * `operations/some/unique/name`.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getName() {
+    return name;
+  }
+
+  /**
+   * The server-assigned name, which is only unique within the same service that originally returns
+   * it. If you use the default HTTP mapping, the `name` should have the format of
+   * `operations/some/unique/name`.
+   * @param name name or {@code null} for none
+   */
+  public Operation setName(java.lang.String name) {
+    this.name = name;
+    return this;
+  }
+
+  /**
+   * The normal response of the operation in case of success.  If the original method returns no
+   * data on success, such as `Delete`, the response is `google.protobuf.Empty`.  If the original
+   * method is standard `Get`/`Create`/`Update`, the response should be the resource.  For other
+   * methods, the response should have the type `XxxResponse`, where `Xxx` is the original method
+   * name.  For example, if the original method name is `TakeSnapshot()`, the inferred response type
+   * is `TakeSnapshotResponse`.
+   * @return value or {@code null} for none
+   */
+  public java.util.Map<String, java.lang.Object> getResponse() {
+    return response;
+  }
+
+  /**
+   * The normal response of the operation in case of success.  If the original method returns no
+   * data on success, such as `Delete`, the response is `google.protobuf.Empty`.  If the original
+   * method is standard `Get`/`Create`/`Update`, the response should be the resource.  For other
+   * methods, the response should have the type `XxxResponse`, where `Xxx` is the original method
+   * name.  For example, if the original method name is `TakeSnapshot()`, the inferred response type
+   * is `TakeSnapshotResponse`.
+   * @param response response or {@code null} for none
+   */
+  public Operation setResponse(java.util.Map<String, java.lang.Object> response) {
+    this.response = response;
+    return this;
+  }
+
+  @Override
+  public Operation set(String fieldName, Object value) {
+    return (Operation) super.set(fieldName, value);
+  }
+
+  @Override
+  public Operation clone() {
+    return (Operation) super.clone();
+  }
+
+}
diff --git a/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/OsConstraint.java b/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/OsConstraint.java
new file mode 100644
index 00000000000..db6ef9f2889
--- /dev/null
+++ b/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/OsConstraint.java
@@ -0,0 +1,94 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * A restriction on the OS type and version of devices making requests.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class OsConstraint extends com.google.api.client.json.GenericJson {
+
+  /**
+   * The minimum allowed OS version. If not set, any version of this OS satisfies the constraint.
+   * Format: `"major.minor.patch"`. Examples: `"10.5.301"`, `"9.2.1"`.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String minimumVersion;
+
+  /**
+   * Required. The allowed OS type.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String osType;
+
+  /**
+   * The minimum allowed OS version. If not set, any version of this OS satisfies the constraint.
+   * Format: `"major.minor.patch"`. Examples: `"10.5.301"`, `"9.2.1"`.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getMinimumVersion() {
+    return minimumVersion;
+  }
+
+  /**
+   * The minimum allowed OS version. If not set, any version of this OS satisfies the constraint.
+   * Format: `"major.minor.patch"`. Examples: `"10.5.301"`, `"9.2.1"`.
+   * @param minimumVersion minimumVersion or {@code null} for none
+   */
+  public OsConstraint setMinimumVersion(java.lang.String minimumVersion) {
+    this.minimumVersion = minimumVersion;
+    return this;
+  }
+
+  /**
+   * Required. The allowed OS type.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getOsType() {
+    return osType;
+  }
+
+  /**
+   * Required. The allowed OS type.
+   * @param osType osType or {@code null} for none
+   */
+  public OsConstraint setOsType(java.lang.String osType) {
+    this.osType = osType;
+    return this;
+  }
+
+  @Override
+  public OsConstraint set(String fieldName, Object value) {
+    return (OsConstraint) super.set(fieldName, value);
+  }
+
+  @Override
+  public OsConstraint clone() {
+    return (OsConstraint) super.clone();
+  }
+
+}
diff --git a/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ServicePerimeter.java b/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ServicePerimeter.java
new file mode 100644
index 00000000000..17c2c7a3a29
--- /dev/null
+++ b/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ServicePerimeter.java
@@ -0,0 +1,235 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * `ServicePerimeter` describes a set of GCP resources which can freely import and export data
+ * amongst themselves, but not export outside of the `ServicePerimeter`. If a request with a source
+ * within this `ServicePerimeter` has a target outside of the `ServicePerimeter`, the request will
+ * be blocked. Otherwise the request is allowed. There are two types of Service Perimeter - Regular
+ * and Bridge. Regular Service Perimeters cannot overlap, a single GCP project can only belong to a
+ * single regular Service Perimeter. Service Perimeter Bridges can contain only GCP projects as
+ * members, a single GCP project may belong to multiple Service Perimeter Bridges.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class ServicePerimeter extends com.google.api.client.json.GenericJson {
+
+  /**
+   * Output only. Time the `ServicePerimeter` was created in UTC.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private String createTime;
+
+  /**
+   * Description of the `ServicePerimeter` and its use. Does not affect behavior.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String description;
+
+  /**
+   * Required. Resource name for the ServicePerimeter.  The `short_name` component must begin with a
+   * letter and only include alphanumeric and '_'. Format:
+   * `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String name;
+
+  /**
+   * Perimeter type indicator. A single project is allowed to be a member of single regular
+   * perimeter, but multiple service perimeter bridges. A project cannot be a included in a
+   * perimeter bridge without being included in regular perimeter. For perimeter bridges, the
+   * restricted service list as well as access level lists must be empty.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String perimeterType;
+
+  /**
+   * Current ServicePerimeter configuration. Specifies sets of resources, restricted services and
+   * access levels that determine perimeter content and boundaries.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private ServicePerimeterConfig status;
+
+  /**
+   * Human readable title. Must be unique within the Policy.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String title;
+
+  /**
+   * Output only. Time the `ServicePerimeter` was updated in UTC.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private String updateTime;
+
+  /**
+   * Output only. Time the `ServicePerimeter` was created in UTC.
+   * @return value or {@code null} for none
+   */
+  public String getCreateTime() {
+    return createTime;
+  }
+
+  /**
+   * Output only. Time the `ServicePerimeter` was created in UTC.
+   * @param createTime createTime or {@code null} for none
+   */
+  public ServicePerimeter setCreateTime(String createTime) {
+    this.createTime = createTime;
+    return this;
+  }
+
+  /**
+   * Description of the `ServicePerimeter` and its use. Does not affect behavior.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getDescription() {
+    return description;
+  }
+
+  /**
+   * Description of the `ServicePerimeter` and its use. Does not affect behavior.
+   * @param description description or {@code null} for none
+   */
+  public ServicePerimeter setDescription(java.lang.String description) {
+    this.description = description;
+    return this;
+  }
+
+  /**
+   * Required. Resource name for the ServicePerimeter.  The `short_name` component must begin with a
+   * letter and only include alphanumeric and '_'. Format:
+   * `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getName() {
+    return name;
+  }
+
+  /**
+   * Required. Resource name for the ServicePerimeter.  The `short_name` component must begin with a
+   * letter and only include alphanumeric and '_'. Format:
+   * `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
+   * @param name name or {@code null} for none
+   */
+  public ServicePerimeter setName(java.lang.String name) {
+    this.name = name;
+    return this;
+  }
+
+  /**
+   * Perimeter type indicator. A single project is allowed to be a member of single regular
+   * perimeter, but multiple service perimeter bridges. A project cannot be a included in a
+   * perimeter bridge without being included in regular perimeter. For perimeter bridges, the
+   * restricted service list as well as access level lists must be empty.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getPerimeterType() {
+    return perimeterType;
+  }
+
+  /**
+   * Perimeter type indicator. A single project is allowed to be a member of single regular
+   * perimeter, but multiple service perimeter bridges. A project cannot be a included in a
+   * perimeter bridge without being included in regular perimeter. For perimeter bridges, the
+   * restricted service list as well as access level lists must be empty.
+   * @param perimeterType perimeterType or {@code null} for none
+   */
+  public ServicePerimeter setPerimeterType(java.lang.String perimeterType) {
+    this.perimeterType = perimeterType;
+    return this;
+  }
+
+  /**
+   * Current ServicePerimeter configuration. Specifies sets of resources, restricted services and
+   * access levels that determine perimeter content and boundaries.
+   * @return value or {@code null} for none
+   */
+  public ServicePerimeterConfig getStatus() {
+    return status;
+  }
+
+  /**
+   * Current ServicePerimeter configuration. Specifies sets of resources, restricted services and
+   * access levels that determine perimeter content and boundaries.
+   * @param status status or {@code null} for none
+   */
+  public ServicePerimeter setStatus(ServicePerimeterConfig status) {
+    this.status = status;
+    return this;
+  }
+
+  /**
+   * Human readable title. Must be unique within the Policy.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getTitle() {
+    return title;
+  }
+
+  /**
+   * Human readable title. Must be unique within the Policy.
+   * @param title title or {@code null} for none
+   */
+  public ServicePerimeter setTitle(java.lang.String title) {
+    this.title = title;
+    return this;
+  }
+
+  /**
+   * Output only. Time the `ServicePerimeter` was updated in UTC.
+   * @return value or {@code null} for none
+   */
+  public String getUpdateTime() {
+    return updateTime;
+  }
+
+  /**
+   * Output only. Time the `ServicePerimeter` was updated in UTC.
+   * @param updateTime updateTime or {@code null} for none
+   */
+  public ServicePerimeter setUpdateTime(String updateTime) {
+    this.updateTime = updateTime;
+    return this;
+  }
+
+  @Override
+  public ServicePerimeter set(String fieldName, Object value) {
+    return (ServicePerimeter) super.set(fieldName, value);
+  }
+
+  @Override
+  public ServicePerimeter clone() {
+    return (ServicePerimeter) super.clone();
+  }
+
+}
diff --git a/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ServicePerimeterConfig.java b/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ServicePerimeterConfig.java
new file mode 100644
index 00000000000..11d6fb42e5d
--- /dev/null
+++ b/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ServicePerimeterConfig.java
@@ -0,0 +1,143 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * `ServicePerimeterConfig` specifies a set of GCP resources that describe specific Service
+ * Perimeter configuration.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class ServicePerimeterConfig extends com.google.api.client.json.GenericJson {
+
+  /**
+   * A list of `AccessLevel` resource names that allow resources within the `ServicePerimeter` to be
+   * accessed from the internet. `AccessLevels` listed must be in the same policy as this
+   * `ServicePerimeter`. Referencing a nonexistent `AccessLevel` is a syntax error. If no
+   * `AccessLevel` names are listed, resources within the perimeter can only be accessed via GCP
+   * calls with request origins within the perimeter. Example:
+   * `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`. For Service Perimeter Bridge, must be
+   * empty.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<java.lang.String> accessLevels;
+
+  /**
+   * A list of GCP resources that are inside of the service perimeter. Currently only projects are
+   * allowed. Format: `projects/{project_number}`
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<java.lang.String> resources;
+
+  /**
+   * GCP services that are subject to the Service Perimeter restrictions. For example, if
+   * `storage.googleapis.com` is specified, access to the storage buckets inside the perimeter must
+   * meet the perimeter's access restrictions.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<java.lang.String> restrictedServices;
+
+  /**
+   * A list of `AccessLevel` resource names that allow resources within the `ServicePerimeter` to be
+   * accessed from the internet. `AccessLevels` listed must be in the same policy as this
+   * `ServicePerimeter`. Referencing a nonexistent `AccessLevel` is a syntax error. If no
+   * `AccessLevel` names are listed, resources within the perimeter can only be accessed via GCP
+   * calls with request origins within the perimeter. Example:
+   * `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`. For Service Perimeter Bridge, must be
+   * empty.
+   * @return value or {@code null} for none
+   */
+  public java.util.List<java.lang.String> getAccessLevels() {
+    return accessLevels;
+  }
+
+  /**
+   * A list of `AccessLevel` resource names that allow resources within the `ServicePerimeter` to be
+   * accessed from the internet. `AccessLevels` listed must be in the same policy as this
+   * `ServicePerimeter`. Referencing a nonexistent `AccessLevel` is a syntax error. If no
+   * `AccessLevel` names are listed, resources within the perimeter can only be accessed via GCP
+   * calls with request origins within the perimeter. Example:
+   * `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`. For Service Perimeter Bridge, must be
+   * empty.
+   * @param accessLevels accessLevels or {@code null} for none
+   */
+  public ServicePerimeterConfig setAccessLevels(java.util.List<java.lang.String> accessLevels) {
+    this.accessLevels = accessLevels;
+    return this;
+  }
+
+  /**
+   * A list of GCP resources that are inside of the service perimeter. Currently only projects are
+   * allowed. Format: `projects/{project_number}`
+   * @return value or {@code null} for none
+   */
+  public java.util.List<java.lang.String> getResources() {
+    return resources;
+  }
+
+  /**
+   * A list of GCP resources that are inside of the service perimeter. Currently only projects are
+   * allowed. Format: `projects/{project_number}`
+   * @param resources resources or {@code null} for none
+   */
+  public ServicePerimeterConfig setResources(java.util.List<java.lang.String> resources) {
+    this.resources = resources;
+    return this;
+  }
+
+  /**
+   * GCP services that are subject to the Service Perimeter restrictions. For example, if
+   * `storage.googleapis.com` is specified, access to the storage buckets inside the perimeter must
+   * meet the perimeter's access restrictions.
+   * @return value or {@code null} for none
+   */
+  public java.util.List<java.lang.String> getRestrictedServices() {
+    return restrictedServices;
+  }
+
+  /**
+   * GCP services that are subject to the Service Perimeter restrictions. For example, if
+   * `storage.googleapis.com` is specified, access to the storage buckets inside the perimeter must
+   * meet the perimeter's access restrictions.
+   * @param restrictedServices restrictedServices or {@code null} for none
+   */
+  public ServicePerimeterConfig setRestrictedServices(java.util.List<java.lang.String> restrictedServices) {
+    this.restrictedServices = restrictedServices;
+    return this;
+  }
+
+  @Override
+  public ServicePerimeterConfig set(String fieldName, Object value) {
+    return (ServicePerimeterConfig) super.set(fieldName, value);
+  }
+
+  @Override
+  public ServicePerimeterConfig clone() {
+    return (ServicePerimeterConfig) super.clone();
+  }
+
+}
diff --git a/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/Status.java b/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/Status.java
new file mode 100644
index 00000000000..c8fddc1b6b2
--- /dev/null
+++ b/clients/1.26.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/Status.java
@@ -0,0 +1,168 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * The `Status` type defines a logical error model that is suitable for different programming
+ * environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc).
+ * The error model is designed to be:
+ *
+ * - Simple to use and understand for most users - Flexible enough to meet unexpected needs
+ *
+ * # Overview
+ *
+ * The `Status` message contains three pieces of data: error code, error message, and error details.
+ * The error code should be an enum value of google.rpc.Code, but it may accept additional error
+ * codes if needed.  The error message should be a developer-facing English message that helps
+ * developers *understand* and *resolve* the error. If a localized user-facing error message is
+ * needed, put the localized message in the error details or localize it in the client. The optional
+ * error details may contain arbitrary information about the error. There is a predefined set of
+ * error detail types in the package `google.rpc` that can be used for common error conditions.
+ *
+ * # Language mapping
+ *
+ * The `Status` message is the logical representation of the error model, but it is not necessarily
+ * the actual wire format. When the `Status` message is exposed in different client libraries and
+ * different wire protocols, it can be mapped differently. For example, it will likely be mapped to
+ * some exceptions in Java, but more likely mapped to some error codes in C.
+ *
+ * # Other uses
+ *
+ * The error model and the `Status` message can be used in a variety of environments, either with or
+ * without APIs, to provide a consistent developer experience across different environments.
+ *
+ * Example uses of this error model include:
+ *
+ * - Partial errors. If a service needs to return partial errors to the client,     it may embed the
+ * `Status` in the normal response to indicate the partial     errors.
+ *
+ * - Workflow errors. A typical workflow has multiple steps. Each step may     have a `Status`
+ * message for error reporting.
+ *
+ * - Batch operations. If a client uses batch request and batch response, the     `Status` message
+ * should be used directly inside batch response, one for     each error sub-response.
+ *
+ * - Asynchronous operations. If an API call embeds asynchronous operation     results in its
+ * response, the status of those operations should be     represented directly using the `Status`
+ * message.
+ *
+ * - Logging. If some API errors are stored in logs, the message `Status` could     be used directly
+ * after any stripping needed for security/privacy reasons.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class Status extends com.google.api.client.json.GenericJson {
+
+  /**
+   * The status code, which should be an enum value of google.rpc.Code.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.Integer code;
+
+  /**
+   * A list of messages that carry the error details.  There is a common set of message types for
+   * APIs to use.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<java.util.Map<String, java.lang.Object>> details;
+
+  /**
+   * A developer-facing error message, which should be in English. Any user-facing error message
+   * should be localized and sent in the google.rpc.Status.details field, or localized by the
+   * client.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String message;
+
+  /**
+   * The status code, which should be an enum value of google.rpc.Code.
+   * @return value or {@code null} for none
+   */
+  public java.lang.Integer getCode() {
+    return code;
+  }
+
+  /**
+   * The status code, which should be an enum value of google.rpc.Code.
+   * @param code code or {@code null} for none
+   */
+  public Status setCode(java.lang.Integer code) {
+    this.code = code;
+    return this;
+  }
+
+  /**
+   * A list of messages that carry the error details.  There is a common set of message types for
+   * APIs to use.
+   * @return value or {@code null} for none
+   */
+  public java.util.List<java.util.Map<String, java.lang.Object>> getDetails() {
+    return details;
+  }
+
+  /**
+   * A list of messages that carry the error details.  There is a common set of message types for
+   * APIs to use.
+   * @param details details or {@code null} for none
+   */
+  public Status setDetails(java.util.List<java.util.Map<String, java.lang.Object>> details) {
+    this.details = details;
+    return this;
+  }
+
+  /**
+   * A developer-facing error message, which should be in English. Any user-facing error message
+   * should be localized and sent in the google.rpc.Status.details field, or localized by the
+   * client.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getMessage() {
+    return message;
+  }
+
+  /**
+   * A developer-facing error message, which should be in English. Any user-facing error message
+   * should be localized and sent in the google.rpc.Status.details field, or localized by the
+   * client.
+   * @param message message or {@code null} for none
+   */
+  public Status setMessage(java.lang.String message) {
+    this.message = message;
+    return this;
+  }
+
+  @Override
+  public Status set(String fieldName, Object value) {
+    return (Status) super.set(fieldName, value);
+  }
+
+  @Override
+  public Status clone() {
+    return (Status) super.clone();
+  }
+
+}
diff --git a/clients/1.26.0/google-api-services-accesscontextmanager/v1/pom.xml b/clients/1.26.0/google-api-services-accesscontextmanager/v1/pom.xml
new file mode 100644
index 00000000000..e4dc860c346
--- /dev/null
+++ b/clients/1.26.0/google-api-services-accesscontextmanager/v1/pom.xml
@@ -0,0 +1,142 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <parent>
+    <groupId>org.sonatype.oss</groupId>
+    <artifactId>oss-parent</artifactId>
+    <version>7</version>
+  </parent>
+
+  <groupId>com.google.apis</groupId>
+  <artifactId>google-api-services-accesscontextmanager</artifactId>
+  <version>v1-rev20190306-1.26.0</version>
+  <name>Access Context Manager API v1-rev20190306-1.26.0</name>
+  <packaging>jar</packaging>
+
+  <inceptionYear>2011</inceptionYear>
+
+  <organization>
+    <name>Google</name>
+    <url>http://www.google.com/</url>
+  </organization>
+
+  <licenses>
+    <license>
+      <name>The Apache Software License, Version 2.0</name>
+      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+      <distribution>repo</distribution>
+    </license>
+  </licenses>
+
+  <distributionManagement>
+    <snapshotRepository>
+      <id>ossrh</id>
+      <url>https://oss.sonatype.org/content/repositories/snapshots</url>
+    </snapshotRepository>
+  </distributionManagement>
+
+  <build>
+    <plugins>
+      <plugin>
+        <artifactId>maven-compiler-plugin</artifactId>
+        <version>3.5.1</version>
+        <configuration>
+          <source>1.6</source>
+          <target>1.6</target>
+        </configuration>
+      </plugin>
+      <plugin>
+        <groupId>org.sonatype.plugins</groupId>
+        <artifactId>nexus-staging-maven-plugin</artifactId>
+        <version>1.6.5</version>
+        <extensions>true</extensions>
+        <configuration>
+          <serverId>ossrh</serverId>
+          <nexusUrl>https://oss.sonatype.org/</nexusUrl>
+          <autoReleaseAfterClose>true</autoReleaseAfterClose>
+        </configuration>
+      </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-source-plugin</artifactId>
+        <version>2.2.1</version>
+      </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-javadoc-plugin</artifactId>
+        <version>2.9.1</version>
+        <executions>
+          <execution>
+            <id>attach-javadocs</id>
+            <goals>
+              <goal>jar</goal>
+            </goals>
+          </execution>
+        </executions>
+        <configuration>
+          <doctitle>Access Context Manager API ${project.version}</doctitle>
+          <windowtitle>Access Context Manager API ${project.version}</windowtitle>
+          <links>
+            <link>http://docs.oracle.com/javase/6/docs/api</link>
+            <link>https://google.github.io/google-http-java-client/releases/1.26.0/javadoc/index.html</link>
+            <link>https://google.github.io/google-oauth-java-client/releases/1.26.0/javadoc/index.html</link>
+            <link>https://google.github.io/google-api-java-client/releases/1.26.0/javadoc/index.html</link>
+          </links>
+        </configuration>
+      </plugin>
+    </plugins>
+    <sourceDirectory>.</sourceDirectory>
+    <resources>
+      <resource>
+        <directory>./resources</directory>
+      </resource>
+    </resources>
+  </build>
+
+  <dependencies>
+    <dependency>
+      <groupId>com.google.api-client</groupId>
+      <artifactId>google-api-client</artifactId>
+      <version>1.26.0</version>
+    </dependency>
+  </dependencies>
+
+  <properties>
+    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+  </properties>
+
+  <profiles>
+    <profile>
+      <id>release-sign-artifacts</id>
+      <activation>
+        <property>
+          <name>performRelease</name>
+          <value>true</value>
+        </property>
+      </activation>
+      <build>
+        <plugins>
+          <plugin>
+            <groupId>org.apache.maven.plugins</groupId>
+            <artifactId>maven-gpg-plugin</artifactId>
+            <version>1.6</version>
+            <executions>
+              <execution>
+                <id>sign-artifacts</id>
+                <phase>verify</phase>
+                <goals>
+                  <goal>sign</goal>
+                </goals>
+                <configuration>
+                  <gpgArguments>
+                    <arg>--pinentry-mode</arg>
+                    <arg>loopback</arg>
+                  </gpgArguments>
+                </configuration>
+              </execution>
+            </executions>
+          </plugin>
+        </plugins>
+      </build>
+    </profile>
+  </profiles>
+</project>
\ No newline at end of file
diff --git a/clients/1.26.0/google-api-services-accesscontextmanager/v1/resources/accesscontextmanager.v1.json b/clients/1.26.0/google-api-services-accesscontextmanager/v1/resources/accesscontextmanager.v1.json
new file mode 100644
index 00000000000..0c17e656588
--- /dev/null
+++ b/clients/1.26.0/google-api-services-accesscontextmanager/v1/resources/accesscontextmanager.v1.json
@@ -0,0 +1,1131 @@
+{
+  "version_module": true,
+  "schemas": {
+    "BasicLevel": {
+      "description": "`BasicLevel` is an `AccessLevel` using a set of recommended features.",
+      "type": "object",
+      "properties": {
+        "conditions": {
+          "description": "Required. A list of requirements for the `AccessLevel` to be granted.",
+          "type": "array",
+          "items": {
+            "$ref": "Condition"
+          }
+        },
+        "combiningFunction": {
+          "description": "How the `conditions` list should be combined to determine if a request is\ngranted this `AccessLevel`. If AND is used, each `Condition` in\n`conditions` must be satisfied for the `AccessLevel` to be applied. If OR\nis used, at least one `Condition` in `conditions` must be satisfied for the\n`AccessLevel` to be applied. Default behavior is AND.",
+          "type": "string",
+          "enumDescriptions": [
+            "All `Conditions` must be true for the `BasicLevel` to be true.",
+            "If at least one `Condition` is true, then the `BasicLevel` is true."
+          ],
+          "enum": [
+            "AND",
+            "OR"
+          ]
+        }
+      },
+      "id": "BasicLevel"
+    },
+    "ListServicePerimetersResponse": {
+      "description": "A response to `ListServicePerimetersRequest`.",
+      "type": "object",
+      "properties": {
+        "servicePerimeters": {
+          "description": "List of the Service Perimeter instances.",
+          "type": "array",
+          "items": {
+            "$ref": "ServicePerimeter"
+          }
+        },
+        "nextPageToken": {
+          "description": "The pagination token to retrieve the next page of results. If the value is\nempty, no further results remain.",
+          "type": "string"
+        }
+      },
+      "id": "ListServicePerimetersResponse"
+    },
+    "ListAccessPoliciesResponse": {
+      "description": "A response to `ListAccessPoliciesRequest`.",
+      "type": "object",
+      "properties": {
+        "accessPolicies": {
+          "description": "List of the AccessPolicy instances.",
+          "type": "array",
+          "items": {
+            "$ref": "AccessPolicy"
+          }
+        },
+        "nextPageToken": {
+          "description": "The pagination token to retrieve the next page of results. If the value is\nempty, no further results remain.",
+          "type": "string"
+        }
+      },
+      "id": "ListAccessPoliciesResponse"
+    },
+    "DevicePolicy": {
+      "description": "`DevicePolicy` specifies device specific restrictions necessary to acquire a\ngiven access level. A `DevicePolicy` specifies requirements for requests from\ndevices to be granted access levels, it does not do any enforcement on the\ndevice. `DevicePolicy` acts as an AND over all specified fields, and each\nrepeated field is an OR over its elements. Any unset fields are ignored. For\nexample, if the proto is { os_type : DESKTOP_WINDOWS, os_type :\nDESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be\ntrue for requests originating from encrypted Linux desktops and encrypted\nWindows desktops.",
+      "type": "object",
+      "properties": {
+        "allowedDeviceManagementLevels": {
+          "description": "Allowed device management levels, an empty list allows all management\nlevels.",
+          "type": "array",
+          "items": {
+            "enum": [
+              "MANAGEMENT_UNSPECIFIED",
+              "NONE",
+              "BASIC",
+              "COMPLETE"
+            ],
+            "type": "string"
+          },
+          "enumDescriptions": [
+            "The device's management level is not specified or not known.",
+            "The device is not managed.",
+            "Basic management is enabled, which is generally limited to monitoring and\nwiping the corporate account.",
+            "Complete device management. This includes more thorough monitoring and the\nability to directly manage the device (such as remote wiping). This can be\nenabled through the Android Enterprise Platform."
+          ]
+        },
+        "osConstraints": {
+          "description": "Allowed OS versions, an empty list allows all types and all versions.",
+          "type": "array",
+          "items": {
+            "$ref": "OsConstraint"
+          }
+        },
+        "allowedEncryptionStatuses": {
+          "description": "Allowed encryptions statuses, an empty list allows all statuses.",
+          "type": "array",
+          "items": {
+            "enum": [
+              "ENCRYPTION_UNSPECIFIED",
+              "ENCRYPTION_UNSUPPORTED",
+              "UNENCRYPTED",
+              "ENCRYPTED"
+            ],
+            "type": "string"
+          },
+          "enumDescriptions": [
+            "The encryption status of the device is not specified or not known.",
+            "The device does not support encryption.",
+            "The device supports encryption, but is currently unencrypted.",
+            "The device is encrypted."
+          ]
+        },
+        "requireScreenlock": {
+          "description": "Whether or not screenlock is required for the DevicePolicy to be true.\nDefaults to `false`.",
+          "type": "boolean"
+        }
+      },
+      "id": "DevicePolicy"
+    },
+    "AccessLevel": {
+      "description": "An `AccessLevel` is a label that can be applied to requests to GCP services,\nalong with a list of requirements necessary for the label to be applied.",
+      "type": "object",
+      "properties": {
+        "createTime": {
+          "description": "Output only. Time the `AccessLevel` was created in UTC.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "updateTime": {
+          "description": "Output only. Time the `AccessLevel` was updated in UTC.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "name": {
+          "description": "Required. Resource name for the Access Level. The `short_name` component\nmust begin with a letter and only include alphanumeric and '_'. Format:\n`accessPolicies/{policy_id}/accessLevels/{short_name}`",
+          "type": "string"
+        },
+        "basic": {
+          "description": "A `BasicLevel` composed of `Conditions`.",
+          "$ref": "BasicLevel"
+        },
+        "title": {
+          "description": "Human readable title. Must be unique within the Policy.",
+          "type": "string"
+        },
+        "description": {
+          "description": "Description of the `AccessLevel` and its use. Does not affect behavior.",
+          "type": "string"
+        }
+      },
+      "id": "AccessLevel"
+    },
+    "CancelOperationRequest": {
+      "description": "The request message for Operations.CancelOperation.",
+      "type": "object",
+      "properties": {},
+      "id": "CancelOperationRequest"
+    },
+    "AccessPolicy": {
+      "description": "`AccessPolicy` is a container for `AccessLevels` (which define the necessary\nattributes to use GCP services) and `ServicePerimeters` (which define regions\nof services able to freely pass data within a perimeter). An access policy is\nglobally visible within an organization, and the restrictions it specifies\napply to all projects within an organization.",
+      "type": "object",
+      "properties": {
+        "parent": {
+          "description": "Required. The parent of this `AccessPolicy` in the Cloud Resource\nHierarchy. Currently immutable once created. Format:\n`organizations/{organization_id}`",
+          "type": "string"
+        },
+        "createTime": {
+          "description": "Output only. Time the `AccessPolicy` was created in UTC.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "title": {
+          "description": "Required. Human readable title. Does not affect behavior.",
+          "type": "string"
+        },
+        "updateTime": {
+          "description": "Output only. Time the `AccessPolicy` was updated in UTC.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "name": {
+          "description": "Output only. Resource name of the `AccessPolicy`. Format:\n`accessPolicies/{policy_id}`",
+          "type": "string"
+        }
+      },
+      "id": "AccessPolicy"
+    },
+    "Operation": {
+      "description": "This resource represents a long-running operation that is the result of a\nnetwork API call.",
+      "type": "object",
+      "properties": {
+        "error": {
+          "description": "The error result of the operation in case of failure or cancellation.",
+          "$ref": "Status"
+        },
+        "metadata": {
+          "description": "Service-specific metadata associated with the operation.  It typically\ncontains progress information and common metadata such as create time.\nSome services might not provide such metadata.  Any method that returns a\nlong-running operation should document the metadata type, if any.",
+          "type": "object",
+          "additionalProperties": {
+            "description": "Properties of the object. Contains field @type with type URL.",
+            "type": "any"
+          }
+        },
+        "done": {
+          "description": "If the value is `false`, it means the operation is still in progress.\nIf `true`, the operation is completed, and either `error` or `response` is\navailable.",
+          "type": "boolean"
+        },
+        "response": {
+          "description": "The normal response of the operation in case of success.  If the original\nmethod returns no data on success, such as `Delete`, the response is\n`google.protobuf.Empty`.  If the original method is standard\n`Get`/`Create`/`Update`, the response should be the resource.  For other\nmethods, the response should have the type `XxxResponse`, where `Xxx`\nis the original method name.  For example, if the original method name\nis `TakeSnapshot()`, the inferred response type is\n`TakeSnapshotResponse`.",
+          "type": "object",
+          "additionalProperties": {
+            "description": "Properties of the object. Contains field @type with type URL.",
+            "type": "any"
+          }
+        },
+        "name": {
+          "description": "The server-assigned name, which is only unique within the same service that\noriginally returns it. If you use the default HTTP mapping, the\n`name` should have the format of `operations/some/unique/name`.",
+          "type": "string"
+        }
+      },
+      "id": "Operation"
+    },
+    "Status": {
+      "description": "The `Status` type defines a logical error model that is suitable for different\nprogramming environments, including REST APIs and RPC APIs. It is used by\n[gRPC](https://github.com/grpc). The error model is designed to be:\n\n- Simple to use and understand for most users\n- Flexible enough to meet unexpected needs\n\n# Overview\n\nThe `Status` message contains three pieces of data: error code, error message,\nand error details. The error code should be an enum value of\ngoogle.rpc.Code, but it may accept additional error codes if needed.  The\nerror message should be a developer-facing English message that helps\ndevelopers *understand* and *resolve* the error. If a localized user-facing\nerror message is needed, put the localized message in the error details or\nlocalize it in the client. The optional error details may contain arbitrary\ninformation about the error. There is a predefined set of error detail types\nin the package `google.rpc` that can be used for common error conditions.\n\n# Language mapping\n\nThe `Status` message is the logical representation of the error model, but it\nis not necessarily the actual wire format. When the `Status` message is\nexposed in different client libraries and different wire protocols, it can be\nmapped differently. For example, it will likely be mapped to some exceptions\nin Java, but more likely mapped to some error codes in C.\n\n# Other uses\n\nThe error model and the `Status` message can be used in a variety of\nenvironments, either with or without APIs, to provide a\nconsistent developer experience across different environments.\n\nExample uses of this error model include:\n\n- Partial errors. If a service needs to return partial errors to the client,\n    it may embed the `Status` in the normal response to indicate the partial\n    errors.\n\n- Workflow errors. A typical workflow has multiple steps. Each step may\n    have a `Status` message for error reporting.\n\n- Batch operations. If a client uses batch request and batch response, the\n    `Status` message should be used directly inside batch response, one for\n    each error sub-response.\n\n- Asynchronous operations. If an API call embeds asynchronous operation\n    results in its response, the status of those operations should be\n    represented directly using the `Status` message.\n\n- Logging. If some API errors are stored in logs, the message `Status` could\n    be used directly after any stripping needed for security/privacy reasons.",
+      "type": "object",
+      "properties": {
+        "code": {
+          "description": "The status code, which should be an enum value of google.rpc.Code.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "message": {
+          "description": "A developer-facing error message, which should be in English. Any\nuser-facing error message should be localized and sent in the\ngoogle.rpc.Status.details field, or localized by the client.",
+          "type": "string"
+        },
+        "details": {
+          "description": "A list of messages that carry the error details.  There is a common set of\nmessage types for APIs to use.",
+          "type": "array",
+          "items": {
+            "additionalProperties": {
+              "description": "Properties of the object. Contains field @type with type URL.",
+              "type": "any"
+            },
+            "type": "object"
+          }
+        }
+      },
+      "id": "Status"
+    },
+    "Empty": {
+      "description": "A generic empty message that you can re-use to avoid defining duplicated\nempty messages in your APIs. A typical example is to use it as the request\nor the response type of an API method. For instance:\n\n    service Foo {\n      rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);\n    }\n\nThe JSON representation for `Empty` is empty JSON object `{}`.",
+      "type": "object",
+      "properties": {},
+      "id": "Empty"
+    },
+    "OsConstraint": {
+      "description": "A restriction on the OS type and version of devices making requests.",
+      "type": "object",
+      "properties": {
+        "minimumVersion": {
+          "description": "The minimum allowed OS version. If not set, any version of this OS\nsatisfies the constraint. Format: `\"major.minor.patch\"`.\nExamples: `\"10.5.301\"`, `\"9.2.1\"`.",
+          "type": "string"
+        },
+        "osType": {
+          "enumDescriptions": [
+            "The operating system of the device is not specified or not known.",
+            "A desktop Mac operating system.",
+            "A desktop Windows operating system.",
+            "A desktop Linux operating system.",
+            "A desktop ChromeOS operating system."
+          ],
+          "enum": [
+            "OS_UNSPECIFIED",
+            "DESKTOP_MAC",
+            "DESKTOP_WINDOWS",
+            "DESKTOP_LINUX",
+            "DESKTOP_CHROME_OS"
+          ],
+          "description": "Required. The allowed OS type.",
+          "type": "string"
+        }
+      },
+      "id": "OsConstraint"
+    },
+    "ServicePerimeter": {
+      "description": "`ServicePerimeter` describes a set of GCP resources which can freely import\nand export data amongst themselves, but not export outside of the\n`ServicePerimeter`. If a request with a source within this `ServicePerimeter`\nhas a target outside of the `ServicePerimeter`, the request will be blocked.\nOtherwise the request is allowed. There are two types of Service Perimeter -\nRegular and Bridge. Regular Service Perimeters cannot overlap, a single GCP\nproject can only belong to a single regular Service Perimeter. Service\nPerimeter Bridges can contain only GCP projects as members, a single GCP\nproject may belong to multiple Service Perimeter Bridges.",
+      "type": "object",
+      "properties": {
+        "perimeterType": {
+          "enumDescriptions": [
+            "Regular Perimeter.",
+            "Perimeter Bridge."
+          ],
+          "enum": [
+            "PERIMETER_TYPE_REGULAR",
+            "PERIMETER_TYPE_BRIDGE"
+          ],
+          "description": "Perimeter type indicator. A single project is\nallowed to be a member of single regular perimeter, but multiple service\nperimeter bridges. A project cannot be a included in a perimeter bridge\nwithout being included in regular perimeter. For perimeter bridges,\nthe restricted service list as well as access level lists must be\nempty.",
+          "type": "string"
+        },
+        "title": {
+          "description": "Human readable title. Must be unique within the Policy.",
+          "type": "string"
+        },
+        "description": {
+          "description": "Description of the `ServicePerimeter` and its use. Does not affect\nbehavior.",
+          "type": "string"
+        },
+        "createTime": {
+          "description": "Output only. Time the `ServicePerimeter` was created in UTC.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "status": {
+          "description": "Current ServicePerimeter configuration. Specifies sets of resources,\nrestricted services and access levels that determine perimeter\ncontent and boundaries.",
+          "$ref": "ServicePerimeterConfig"
+        },
+        "updateTime": {
+          "description": "Output only. Time the `ServicePerimeter` was updated in UTC.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "name": {
+          "description": "Required. Resource name for the ServicePerimeter.  The `short_name`\ncomponent must begin with a letter and only include alphanumeric and '_'.\nFormat: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`",
+          "type": "string"
+        }
+      },
+      "id": "ServicePerimeter"
+    },
+    "Condition": {
+      "description": "A condition necessary for an `AccessLevel` to be granted. The Condition is an\nAND over its fields. So a Condition is true if: 1) the request IP is from one\nof the listed subnetworks AND 2) the originating device complies with the\nlisted device policy AND 3) all listed access levels are granted AND 4) the\nrequest was sent at a time allowed by the DateTimeRestriction.",
+      "type": "object",
+      "properties": {
+        "members": {
+          "description": "The request must be made by one of the provided user or service\naccounts. Groups are not supported.\nSyntax:\n`user:{emailid}`\n`serviceAccount:{emailid}`\nIf not specified, a request may come from any user.",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "ipSubnetworks": {
+          "description": "CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for\na CIDR IP address block, the specified IP address portion must be properly\ntruncated (i.e. all the host bits must be zero) or the input is considered\nmalformed. For example, \"192.0.2.0/24\" is accepted but \"192.0.2.1/24\" is\nnot. Similarly, for IPv6, \"2001:db8::/32\" is accepted whereas\n\"2001:db8::1/32\" is not. The originating IP of a request must be in one of\nthe listed subnets in order for this Condition to be true. If empty, all IP\naddresses are allowed.",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "requiredAccessLevels": {
+          "description": "A list of other access levels defined in the same `Policy`, referenced by\nresource name. Referencing an `AccessLevel` which does not exist is an\nerror. All access levels listed must be granted for the Condition\nto be true. Example:\n\"`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME\"`",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "negate": {
+          "description": "Whether to negate the Condition. If true, the Condition becomes a NAND over\nits non-empty fields, each field must be false for the Condition overall to\nbe satisfied. Defaults to false.",
+          "type": "boolean"
+        },
+        "devicePolicy": {
+          "$ref": "DevicePolicy",
+          "description": "Device specific restrictions, all restrictions must hold for the\nCondition to be true. If not specified, all devices are allowed."
+        }
+      },
+      "id": "Condition"
+    },
+    "ListAccessLevelsResponse": {
+      "description": "A response to `ListAccessLevelsRequest`.",
+      "type": "object",
+      "properties": {
+        "nextPageToken": {
+          "description": "The pagination token to retrieve the next page of results. If the value is\nempty, no further results remain.",
+          "type": "string"
+        },
+        "accessLevels": {
+          "description": "List of the Access Level instances.",
+          "type": "array",
+          "items": {
+            "$ref": "AccessLevel"
+          }
+        }
+      },
+      "id": "ListAccessLevelsResponse"
+    },
+    "ListOperationsResponse": {
+      "description": "The response message for Operations.ListOperations.",
+      "type": "object",
+      "properties": {
+        "operations": {
+          "description": "A list of operations that matches the specified filter in the request.",
+          "type": "array",
+          "items": {
+            "$ref": "Operation"
+          }
+        },
+        "nextPageToken": {
+          "description": "The standard List next-page token.",
+          "type": "string"
+        }
+      },
+      "id": "ListOperationsResponse"
+    },
+    "ServicePerimeterConfig": {
+      "description": "`ServicePerimeterConfig` specifies a set of GCP resources that describe\nspecific Service Perimeter configuration.",
+      "type": "object",
+      "properties": {
+        "resources": {
+          "description": "A list of GCP resources that are inside of the service perimeter.\nCurrently only projects are allowed. Format: `projects/{project_number}`",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "accessLevels": {
+          "description": "A list of `AccessLevel` resource names that allow resources within the\n`ServicePerimeter` to be accessed from the internet. `AccessLevels` listed\nmust be in the same policy as this `ServicePerimeter`. Referencing a\nnonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are\nlisted, resources within the perimeter can only be accessed via GCP calls\nwith request origins within the perimeter. Example:\n`\"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL\"`.\nFor Service Perimeter Bridge, must be empty.",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "restrictedServices": {
+          "description": "GCP services that are subject to the Service Perimeter restrictions. For\nexample, if `storage.googleapis.com` is specified, access to the storage\nbuckets inside the perimeter must meet the perimeter's access restrictions.",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        }
+      },
+      "id": "ServicePerimeterConfig"
+    }
+  },
+  "protocol": "rest",
+  "icons": {
+    "x32": "http://www.google.com/images/icons/product/search-32.gif",
+    "x16": "http://www.google.com/images/icons/product/search-16.gif"
+  },
+  "canonicalName": "Access Context Manager",
+  "auth": {
+    "oauth2": {
+      "scopes": {
+        "https://www.googleapis.com/auth/cloud-platform": {
+          "description": "View and manage your data across Google Cloud Platform services"
+        }
+      }
+    }
+  },
+  "rootUrl": "https://accesscontextmanager.googleapis.com/",
+  "ownerDomain": "google.com",
+  "name": "accesscontextmanager",
+  "batchPath": "batch",
+  "fullyEncodeReservedExpansion": true,
+  "title": "Access Context Manager API",
+  "ownerName": "Google",
+  "resources": {
+    "operations": {
+      "methods": {
+        "list": {
+          "description": "Lists operations that match the specified filter in the request. If the\nserver doesn't support this method, it returns `UNIMPLEMENTED`.\n\nNOTE: the `name` binding allows API services to override the binding\nto use different resource name schemes, such as `users/*/operations`. To\noverride the binding, API services can add a binding such as\n`\"/v1/{name=users/*}/operations\"` to their service configuration.\nFor backwards compatibility, the default name includes the operations\ncollection id, however overriding users must ensure the name binding\nis the parent resource, without the operations collection id.",
+          "response": {
+            "$ref": "ListOperationsResponse"
+          },
+          "parameterOrder": [
+            "name"
+          ],
+          "httpMethod": "GET",
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ],
+          "parameters": {
+            "pageSize": {
+              "location": "query",
+              "description": "The standard list page size.",
+              "format": "int32",
+              "type": "integer"
+            },
+            "filter": {
+              "description": "The standard list filter.",
+              "type": "string",
+              "location": "query"
+            },
+            "name": {
+              "description": "The name of the operation's parent resource.",
+              "required": true,
+              "type": "string",
+              "pattern": "^operations$",
+              "location": "path"
+            },
+            "pageToken": {
+              "location": "query",
+              "description": "The standard list page token.",
+              "type": "string"
+            }
+          },
+          "flatPath": "v1/operations",
+          "path": "v1/{+name}",
+          "id": "accesscontextmanager.operations.list"
+        },
+        "get": {
+          "description": "Gets the latest state of a long-running operation.  Clients can use this\nmethod to poll the operation result at intervals as recommended by the API\nservice.",
+          "httpMethod": "GET",
+          "response": {
+            "$ref": "Operation"
+          },
+          "parameterOrder": [
+            "name"
+          ],
+          "parameters": {
+            "name": {
+              "description": "The name of the operation resource.",
+              "required": true,
+              "type": "string",
+              "pattern": "^operations/.+$",
+              "location": "path"
+            }
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ],
+          "flatPath": "v1/operations/{operationsId}",
+          "id": "accesscontextmanager.operations.get",
+          "path": "v1/{+name}"
+        },
+        "cancel": {
+          "flatPath": "v1/operations/{operationsId}:cancel",
+          "path": "v1/{+name}:cancel",
+          "id": "accesscontextmanager.operations.cancel",
+          "description": "Starts asynchronous cancellation on a long-running operation.  The server\nmakes a best effort to cancel the operation, but success is not\nguaranteed.  If the server doesn't support this method, it returns\n`google.rpc.Code.UNIMPLEMENTED`.  Clients can use\nOperations.GetOperation or\nother methods to check whether the cancellation succeeded or whether the\noperation completed despite cancellation. On successful cancellation,\nthe operation is not deleted; instead, it becomes an operation with\nan Operation.error value with a google.rpc.Status.code of 1,\ncorresponding to `Code.CANCELLED`.",
+          "request": {
+            "$ref": "CancelOperationRequest"
+          },
+          "response": {
+            "$ref": "Empty"
+          },
+          "parameterOrder": [
+            "name"
+          ],
+          "httpMethod": "POST",
+          "parameters": {
+            "name": {
+              "description": "The name of the operation resource to be cancelled.",
+              "required": true,
+              "type": "string",
+              "pattern": "^operations/.+$",
+              "location": "path"
+            }
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ]
+        },
+        "delete": {
+          "response": {
+            "$ref": "Empty"
+          },
+          "parameterOrder": [
+            "name"
+          ],
+          "httpMethod": "DELETE",
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ],
+          "parameters": {
+            "name": {
+              "location": "path",
+              "description": "The name of the operation resource to be deleted.",
+              "required": true,
+              "type": "string",
+              "pattern": "^operations/.+$"
+            }
+          },
+          "flatPath": "v1/operations/{operationsId}",
+          "path": "v1/{+name}",
+          "id": "accesscontextmanager.operations.delete",
+          "description": "Deletes a long-running operation. This method indicates that the client is\nno longer interested in the operation result. It does not cancel the\noperation. If the server doesn't support this method, it returns\n`google.rpc.Code.UNIMPLEMENTED`."
+        }
+      }
+    },
+    "accessPolicies": {
+      "methods": {
+        "list": {
+          "flatPath": "v1/accessPolicies",
+          "id": "accesscontextmanager.accessPolicies.list",
+          "path": "v1/accessPolicies",
+          "description": "List all AccessPolicies under a\ncontainer.",
+          "httpMethod": "GET",
+          "response": {
+            "$ref": "ListAccessPoliciesResponse"
+          },
+          "parameterOrder": [],
+          "parameters": {
+            "pageSize": {
+              "description": "Number of AccessPolicy instances to include in the list. Default 100.",
+              "format": "int32",
+              "type": "integer",
+              "location": "query"
+            },
+            "parent": {
+              "description": "Required. Resource name for the container to list AccessPolicy instances\nfrom.\n\nFormat:\n`organizations/{org_id}`",
+              "type": "string",
+              "location": "query"
+            },
+            "pageToken": {
+              "description": "Next page token for the next batch of AccessPolicy instances. Defaults to\nthe first page of results.",
+              "type": "string",
+              "location": "query"
+            }
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ]
+        },
+        "get": {
+          "flatPath": "v1/accessPolicies/{accessPoliciesId}",
+          "path": "v1/{+name}",
+          "id": "accesscontextmanager.accessPolicies.get",
+          "description": "Get an AccessPolicy by name.",
+          "response": {
+            "$ref": "AccessPolicy"
+          },
+          "parameterOrder": [
+            "name"
+          ],
+          "httpMethod": "GET",
+          "parameters": {
+            "name": {
+              "location": "path",
+              "description": "Required. Resource name for the access policy to get.\n\nFormat `accessPolicies/{policy_id}`",
+              "required": true,
+              "type": "string",
+              "pattern": "^accessPolicies/[^/]+$"
+            }
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ]
+        },
+        "patch": {
+          "description": "Update an AccessPolicy. The\nlongrunning Operation from this RPC will have a successful status once the\nchanges to the AccessPolicy have propagated\nto long-lasting storage. Syntactic and basic semantic errors will be\nreturned in `metadata` as a BadRequest proto.",
+          "request": {
+            "$ref": "AccessPolicy"
+          },
+          "httpMethod": "PATCH",
+          "parameterOrder": [
+            "name"
+          ],
+          "response": {
+            "$ref": "Operation"
+          },
+          "parameters": {
+            "updateMask": {
+              "location": "query",
+              "description": "Required. Mask to control which fields get updated. Must be non-empty.",
+              "format": "google-fieldmask",
+              "type": "string"
+            },
+            "name": {
+              "description": "Output only. Resource name of the `AccessPolicy`. Format:\n`accessPolicies/{policy_id}`",
+              "required": true,
+              "type": "string",
+              "pattern": "^accessPolicies/[^/]+$",
+              "location": "path"
+            }
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ],
+          "flatPath": "v1/accessPolicies/{accessPoliciesId}",
+          "id": "accesscontextmanager.accessPolicies.patch",
+          "path": "v1/{+name}"
+        },
+        "create": {
+          "response": {
+            "$ref": "Operation"
+          },
+          "parameterOrder": [],
+          "httpMethod": "POST",
+          "parameters": {},
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ],
+          "flatPath": "v1/accessPolicies",
+          "path": "v1/accessPolicies",
+          "id": "accesscontextmanager.accessPolicies.create",
+          "description": "Create an `AccessPolicy`. Fails if this organization already has a\n`AccessPolicy`. The longrunning Operation will have a successful status\nonce the `AccessPolicy` has propagated to long-lasting storage.\nSyntactic and basic semantic errors will be returned in `metadata` as a\nBadRequest proto.",
+          "request": {
+            "$ref": "AccessPolicy"
+          }
+        },
+        "delete": {
+          "flatPath": "v1/accessPolicies/{accessPoliciesId}",
+          "path": "v1/{+name}",
+          "id": "accesscontextmanager.accessPolicies.delete",
+          "description": "Delete an AccessPolicy by resource\nname. The longrunning Operation will have a successful status once the\nAccessPolicy\nhas been removed from long-lasting storage.",
+          "response": {
+            "$ref": "Operation"
+          },
+          "parameterOrder": [
+            "name"
+          ],
+          "httpMethod": "DELETE",
+          "parameters": {
+            "name": {
+              "location": "path",
+              "description": "Required. Resource name for the access policy to delete.\n\nFormat `accessPolicies/{policy_id}`",
+              "required": true,
+              "type": "string",
+              "pattern": "^accessPolicies/[^/]+$"
+            }
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ]
+        }
+      },
+      "resources": {
+        "servicePerimeters": {
+          "methods": {
+            "list": {
+              "description": "List all Service Perimeters for an\naccess policy.",
+              "response": {
+                "$ref": "ListServicePerimetersResponse"
+              },
+              "parameterOrder": [
+                "parent"
+              ],
+              "httpMethod": "GET",
+              "parameters": {
+                "pageToken": {
+                  "location": "query",
+                  "description": "Next page token for the next batch of Service Perimeter instances.\nDefaults to the first page of results.",
+                  "type": "string"
+                },
+                "pageSize": {
+                  "location": "query",
+                  "description": "Number of Service Perimeters to include\nin the list. Default 100.",
+                  "format": "int32",
+                  "type": "integer"
+                },
+                "parent": {
+                  "description": "Required. Resource name for the access policy to list Service Perimeters from.\n\nFormat:\n`accessPolicies/{policy_id}`",
+                  "required": true,
+                  "type": "string",
+                  "pattern": "^accessPolicies/[^/]+$",
+                  "location": "path"
+                }
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "flatPath": "v1/accessPolicies/{accessPoliciesId}/servicePerimeters",
+              "path": "v1/{+parent}/servicePerimeters",
+              "id": "accesscontextmanager.accessPolicies.servicePerimeters.list"
+            },
+            "get": {
+              "response": {
+                "$ref": "ServicePerimeter"
+              },
+              "parameterOrder": [
+                "name"
+              ],
+              "httpMethod": "GET",
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "parameters": {
+                "name": {
+                  "description": "Required. Resource name for the Service Perimeter.\n\nFormat:\n`accessPolicies/{policy_id}/servicePerimeters/{service_perimeters_id}`",
+                  "required": true,
+                  "type": "string",
+                  "pattern": "^accessPolicies/[^/]+/servicePerimeters/[^/]+$",
+                  "location": "path"
+                }
+              },
+              "flatPath": "v1/accessPolicies/{accessPoliciesId}/servicePerimeters/{servicePerimetersId}",
+              "path": "v1/{+name}",
+              "id": "accesscontextmanager.accessPolicies.servicePerimeters.get",
+              "description": "Get an Service Perimeter by resource\nname."
+            },
+            "patch": {
+              "response": {
+                "$ref": "Operation"
+              },
+              "parameterOrder": [
+                "name"
+              ],
+              "httpMethod": "PATCH",
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "parameters": {
+                "updateMask": {
+                  "location": "query",
+                  "description": "Required. Mask to control which fields get updated. Must be non-empty.",
+                  "format": "google-fieldmask",
+                  "type": "string"
+                },
+                "name": {
+                  "description": "Required. Resource name for the ServicePerimeter.  The `short_name`\ncomponent must begin with a letter and only include alphanumeric and '_'.\nFormat: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`",
+                  "required": true,
+                  "type": "string",
+                  "pattern": "^accessPolicies/[^/]+/servicePerimeters/[^/]+$",
+                  "location": "path"
+                }
+              },
+              "flatPath": "v1/accessPolicies/{accessPoliciesId}/servicePerimeters/{servicePerimetersId}",
+              "path": "v1/{+name}",
+              "id": "accesscontextmanager.accessPolicies.servicePerimeters.patch",
+              "request": {
+                "$ref": "ServicePerimeter"
+              },
+              "description": "Update an Service Perimeter. The\nlongrunning operation from this RPC will have a successful status once the\nchanges to the Service Perimeter have\npropagated to long-lasting storage. Service Perimeter containing\nerrors will result in an error response for the first error encountered."
+            },
+            "create": {
+              "response": {
+                "$ref": "Operation"
+              },
+              "parameterOrder": [
+                "parent"
+              ],
+              "httpMethod": "POST",
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "parameters": {
+                "parent": {
+                  "location": "path",
+                  "description": "Required. Resource name for the access policy which owns this Service\nPerimeter.\n\nFormat: `accessPolicies/{policy_id}`",
+                  "required": true,
+                  "type": "string",
+                  "pattern": "^accessPolicies/[^/]+$"
+                }
+              },
+              "flatPath": "v1/accessPolicies/{accessPoliciesId}/servicePerimeters",
+              "path": "v1/{+parent}/servicePerimeters",
+              "id": "accesscontextmanager.accessPolicies.servicePerimeters.create",
+              "request": {
+                "$ref": "ServicePerimeter"
+              },
+              "description": "Create an Service Perimeter. The\nlongrunning operation from this RPC will have a successful status once the\nService Perimeter has\npropagated to long-lasting storage. Service Perimeters containing\nerrors will result in an error response for the first error encountered."
+            },
+            "delete": {
+              "description": "Delete an Service Perimeter by resource\nname. The longrunning operation from this RPC will have a successful status\nonce the Service Perimeter has been\nremoved from long-lasting storage.",
+              "response": {
+                "$ref": "Operation"
+              },
+              "parameterOrder": [
+                "name"
+              ],
+              "httpMethod": "DELETE",
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "parameters": {
+                "name": {
+                  "description": "Required. Resource name for the Service Perimeter.\n\nFormat:\n`accessPolicies/{policy_id}/servicePerimeters/{service_perimeter_id}`",
+                  "required": true,
+                  "type": "string",
+                  "pattern": "^accessPolicies/[^/]+/servicePerimeters/[^/]+$",
+                  "location": "path"
+                }
+              },
+              "flatPath": "v1/accessPolicies/{accessPoliciesId}/servicePerimeters/{servicePerimetersId}",
+              "path": "v1/{+name}",
+              "id": "accesscontextmanager.accessPolicies.servicePerimeters.delete"
+            }
+          }
+        },
+        "accessLevels": {
+          "methods": {
+            "list": {
+              "flatPath": "v1/accessPolicies/{accessPoliciesId}/accessLevels",
+              "id": "accesscontextmanager.accessPolicies.accessLevels.list",
+              "path": "v1/{+parent}/accessLevels",
+              "description": "List all Access Levels for an access\npolicy.",
+              "httpMethod": "GET",
+              "response": {
+                "$ref": "ListAccessLevelsResponse"
+              },
+              "parameterOrder": [
+                "parent"
+              ],
+              "parameters": {
+                "pageToken": {
+                  "description": "Next page token for the next batch of Access Level instances.\nDefaults to the first page of results.",
+                  "type": "string",
+                  "location": "query"
+                },
+                "pageSize": {
+                  "location": "query",
+                  "description": "Number of Access Levels to include in\nthe list. Default 100.",
+                  "format": "int32",
+                  "type": "integer"
+                },
+                "accessLevelFormat": {
+                  "location": "query",
+                  "enum": [
+                    "LEVEL_FORMAT_UNSPECIFIED",
+                    "AS_DEFINED",
+                    "CEL"
+                  ],
+                  "description": "Whether to return `BasicLevels` in the Cloud Common Expression language, as\n`CustomLevels`, rather than as `BasicLevels`. Defaults to returning\n`AccessLevels` in the format they were defined.",
+                  "type": "string"
+                },
+                "parent": {
+                  "description": "Required. Resource name for the access policy to list Access Levels from.\n\nFormat:\n`accessPolicies/{policy_id}`",
+                  "required": true,
+                  "type": "string",
+                  "pattern": "^accessPolicies/[^/]+$",
+                  "location": "path"
+                }
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ]
+            },
+            "get": {
+              "description": "Get an Access Level by resource\nname.",
+              "response": {
+                "$ref": "AccessLevel"
+              },
+              "parameterOrder": [
+                "name"
+              ],
+              "httpMethod": "GET",
+              "parameters": {
+                "accessLevelFormat": {
+                  "location": "query",
+                  "enum": [
+                    "LEVEL_FORMAT_UNSPECIFIED",
+                    "AS_DEFINED",
+                    "CEL"
+                  ],
+                  "description": "Whether to return `BasicLevels` in the Cloud Common Expression\nLanguage rather than as `BasicLevels`. Defaults to AS_DEFINED, where\nAccess Levels\nare returned as `BasicLevels` or `CustomLevels` based on how they were\ncreated. If set to CEL, all Access Levels are returned as\n`CustomLevels`. In the CEL case, `BasicLevels` are translated to equivalent\n`CustomLevels`.",
+                  "type": "string"
+                },
+                "name": {
+                  "location": "path",
+                  "description": "Required. Resource name for the Access Level.\n\nFormat:\n`accessPolicies/{policy_id}/accessLevels/{access_level_id}`",
+                  "required": true,
+                  "type": "string",
+                  "pattern": "^accessPolicies/[^/]+/accessLevels/[^/]+$"
+                }
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "flatPath": "v1/accessPolicies/{accessPoliciesId}/accessLevels/{accessLevelsId}",
+              "path": "v1/{+name}",
+              "id": "accesscontextmanager.accessPolicies.accessLevels.get"
+            },
+            "patch": {
+              "request": {
+                "$ref": "AccessLevel"
+              },
+              "description": "Update an Access Level. The longrunning\noperation from this RPC will have a successful status once the changes to\nthe Access Level have propagated\nto long-lasting storage. Access Levels containing\nerrors will result in an error response for the first error encountered.",
+              "response": {
+                "$ref": "Operation"
+              },
+              "parameterOrder": [
+                "name"
+              ],
+              "httpMethod": "PATCH",
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "parameters": {
+                "updateMask": {
+                  "location": "query",
+                  "description": "Required.  Mask to control which fields get updated. Must be non-empty.",
+                  "format": "google-fieldmask",
+                  "type": "string"
+                },
+                "name": {
+                  "location": "path",
+                  "description": "Required. Resource name for the Access Level. The `short_name` component\nmust begin with a letter and only include alphanumeric and '_'. Format:\n`accessPolicies/{policy_id}/accessLevels/{short_name}`",
+                  "required": true,
+                  "type": "string",
+                  "pattern": "^accessPolicies/[^/]+/accessLevels/[^/]+$"
+                }
+              },
+              "flatPath": "v1/accessPolicies/{accessPoliciesId}/accessLevels/{accessLevelsId}",
+              "path": "v1/{+name}",
+              "id": "accesscontextmanager.accessPolicies.accessLevels.patch"
+            },
+            "create": {
+              "request": {
+                "$ref": "AccessLevel"
+              },
+              "description": "Create an Access Level. The longrunning\noperation from this RPC will have a successful status once the Access\nLevel has\npropagated to long-lasting storage. Access Levels containing\nerrors will result in an error response for the first error encountered.",
+              "response": {
+                "$ref": "Operation"
+              },
+              "parameterOrder": [
+                "parent"
+              ],
+              "httpMethod": "POST",
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "parameters": {
+                "parent": {
+                  "location": "path",
+                  "description": "Required. Resource name for the access policy which owns this Access\nLevel.\n\nFormat: `accessPolicies/{policy_id}`",
+                  "required": true,
+                  "type": "string",
+                  "pattern": "^accessPolicies/[^/]+$"
+                }
+              },
+              "flatPath": "v1/accessPolicies/{accessPoliciesId}/accessLevels",
+              "path": "v1/{+parent}/accessLevels",
+              "id": "accesscontextmanager.accessPolicies.accessLevels.create"
+            },
+            "delete": {
+              "description": "Delete an Access Level by resource\nname. The longrunning operation from this RPC will have a successful status\nonce the Access Level has been removed\nfrom long-lasting storage.",
+              "response": {
+                "$ref": "Operation"
+              },
+              "parameterOrder": [
+                "name"
+              ],
+              "httpMethod": "DELETE",
+              "parameters": {
+                "name": {
+                  "location": "path",
+                  "description": "Required. Resource name for the Access Level.\n\nFormat:\n`accessPolicies/{policy_id}/accessLevels/{access_level_id}`",
+                  "required": true,
+                  "type": "string",
+                  "pattern": "^accessPolicies/[^/]+/accessLevels/[^/]+$"
+                }
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "flatPath": "v1/accessPolicies/{accessPoliciesId}/accessLevels/{accessLevelsId}",
+              "path": "v1/{+name}",
+              "id": "accesscontextmanager.accessPolicies.accessLevels.delete"
+            }
+          }
+        }
+      }
+    }
+  },
+  "parameters": {
+    "upload_protocol": {
+      "description": "Upload protocol for media (e.g. \"raw\", \"multipart\").",
+      "type": "string",
+      "location": "query"
+    },
+    "quotaUser": {
+      "location": "query",
+      "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
+      "type": "string"
+    },
+    "prettyPrint": {
+      "description": "Returns response with indentations and line breaks.",
+      "type": "boolean",
+      "default": "true",
+      "location": "query"
+    },
+    "fields": {
+      "location": "query",
+      "description": "Selector specifying which fields to include in a partial response.",
+      "type": "string"
+    },
+    "uploadType": {
+      "description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
+      "type": "string",
+      "location": "query"
+    },
+    "callback": {
+      "location": "query",
+      "description": "JSONP",
+      "type": "string"
+    },
+    "oauth_token": {
+      "description": "OAuth 2.0 token for the current user.",
+      "type": "string",
+      "location": "query"
+    },
+    "$.xgafv": {
+      "enumDescriptions": [
+        "v1 error format",
+        "v2 error format"
+      ],
+      "location": "query",
+      "enum": [
+        "1",
+        "2"
+      ],
+      "description": "V1 error format.",
+      "type": "string"
+    },
+    "alt": {
+      "enum": [
+        "json",
+        "media",
+        "proto"
+      ],
+      "type": "string",
+      "enumDescriptions": [
+        "Responses with Content-Type of application/json",
+        "Media download with context-dependent Content-Type",
+        "Responses with Content-Type of application/x-protobuf"
+      ],
+      "location": "query",
+      "description": "Data format for response.",
+      "default": "json"
+    },
+    "access_token": {
+      "description": "OAuth access token.",
+      "type": "string",
+      "location": "query"
+    },
+    "key": {
+      "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
+      "type": "string",
+      "location": "query"
+    }
+  },
+  "version": "v1",
+  "baseUrl": "https://accesscontextmanager.googleapis.com/",
+  "servicePath": "",
+  "description": "An API for setting attribute based access control to requests to GCP services.",
+  "kind": "discovery#restDescription",
+  "basePath": "",
+  "documentationLink": "https://cloud.google.com/access-context-manager/docs/reference/rest/",
+  "id": "accesscontextmanager:v1",
+  "revision": "20190306",
+  "discoveryVersion": "v1"
+}
diff --git a/clients/1.26.0/google-api-services-accesscontextmanager/v1beta/com/google/api/services/accesscontextmanager/v1beta/model/ServicePerimeterConfig.java b/clients/1.26.0/google-api-services-accesscontextmanager/v1beta/com/google/api/services/accesscontextmanager/v1beta/model/ServicePerimeterConfig.java
index 259e5c2b643..c54d66c23ce 100644
--- a/clients/1.26.0/google-api-services-accesscontextmanager/v1beta/com/google/api/services/accesscontextmanager/v1beta/model/ServicePerimeterConfig.java
+++ b/clients/1.26.0/google-api-services-accesscontextmanager/v1beta/com/google/api/services/accesscontextmanager/v1beta/model/ServicePerimeterConfig.java
@@ -53,32 +53,20 @@ public final class ServicePerimeterConfig extends com.google.api.client.json.Gen
   private java.util.List<java.lang.String> resources;
 
   /**
-   * GCP services that are subject to the Service Perimeter restrictions. May contain a list of
-   * services or a single wildcard "*". For example, if `storage.googleapis.com` is specified,
-   * access to the storage buckets inside the perimeter must meet the perimeter's access
-   * restrictions.
-   *
-   * Wildcard means that unless explicitly specified by "unrestricted_services" list, any service is
-   * treated as restricted. One of the fields "restricted_services", "unrestricted_services" must
-   * contain a wildcard "*", otherwise the Service Perimeter specification is invalid. It also means
-   * that both field being empty is invalid as well. "restricted_services" can be empty if and only
-   * if "unrestricted_services" list contains a "*" wildcard.
+   * GCP services that are subject to the Service Perimeter restrictions. Must contain a list of
+   * services. For example, if `storage.googleapis.com` is specified, access to the storage buckets
+   * inside the perimeter must meet the perimeter's access restrictions.
    * The value may be {@code null}.
    */
   @com.google.api.client.util.Key
   private java.util.List<java.lang.String> restrictedServices;
 
   /**
-   * GCP services that are not subject to the Service Perimeter restrictions. May contain a list of
-   * services or a single wildcard "*". For example, if `logging.googleapis.com` is unrestricted,
-   * users can access logs inside the perimeter as if the perimeter doesn't exist, and it also means
-   * VMs inside the perimeter can access logs outside the perimeter.
+   * GCP services that are not subject to the Service Perimeter restrictions. Deprecated. Must be
+   * set to a single wildcard "*".
    *
    * The wildcard means that unless explicitly specified by "restricted_services" list, any service
-   * is treated as unrestricted. One of the fields "restricted_services", "unrestricted_services"
-   * must contain a wildcard "*", otherwise the Service Perimeter specification is invalid. It also
-   * means that both field being empty is invalid as well. "unrestricted_services" can be empty if
-   * and only if "restricted_services" list contains a "*" wildcard.
+   * is treated as unrestricted.
    * The value may be {@code null}.
    */
   @com.google.api.client.util.Key
@@ -133,16 +121,9 @@ public ServicePerimeterConfig setResources(java.util.List<java.lang.String> reso
   }
 
   /**
-   * GCP services that are subject to the Service Perimeter restrictions. May contain a list of
-   * services or a single wildcard "*". For example, if `storage.googleapis.com` is specified,
-   * access to the storage buckets inside the perimeter must meet the perimeter's access
-   * restrictions.
-   *
-   * Wildcard means that unless explicitly specified by "unrestricted_services" list, any service is
-   * treated as restricted. One of the fields "restricted_services", "unrestricted_services" must
-   * contain a wildcard "*", otherwise the Service Perimeter specification is invalid. It also means
-   * that both field being empty is invalid as well. "restricted_services" can be empty if and only
-   * if "unrestricted_services" list contains a "*" wildcard.
+   * GCP services that are subject to the Service Perimeter restrictions. Must contain a list of
+   * services. For example, if `storage.googleapis.com` is specified, access to the storage buckets
+   * inside the perimeter must meet the perimeter's access restrictions.
    * @return value or {@code null} for none
    */
   public java.util.List<java.lang.String> getRestrictedServices() {
@@ -150,16 +131,9 @@ public java.util.List<java.lang.String> getRestrictedServices() {
   }
 
   /**
-   * GCP services that are subject to the Service Perimeter restrictions. May contain a list of
-   * services or a single wildcard "*". For example, if `storage.googleapis.com` is specified,
-   * access to the storage buckets inside the perimeter must meet the perimeter's access
-   * restrictions.
-   *
-   * Wildcard means that unless explicitly specified by "unrestricted_services" list, any service is
-   * treated as restricted. One of the fields "restricted_services", "unrestricted_services" must
-   * contain a wildcard "*", otherwise the Service Perimeter specification is invalid. It also means
-   * that both field being empty is invalid as well. "restricted_services" can be empty if and only
-   * if "unrestricted_services" list contains a "*" wildcard.
+   * GCP services that are subject to the Service Perimeter restrictions. Must contain a list of
+   * services. For example, if `storage.googleapis.com` is specified, access to the storage buckets
+   * inside the perimeter must meet the perimeter's access restrictions.
    * @param restrictedServices restrictedServices or {@code null} for none
    */
   public ServicePerimeterConfig setRestrictedServices(java.util.List<java.lang.String> restrictedServices) {
@@ -168,16 +142,11 @@ public ServicePerimeterConfig setRestrictedServices(java.util.List<java.lang.Str
   }
 
   /**
-   * GCP services that are not subject to the Service Perimeter restrictions. May contain a list of
-   * services or a single wildcard "*". For example, if `logging.googleapis.com` is unrestricted,
-   * users can access logs inside the perimeter as if the perimeter doesn't exist, and it also means
-   * VMs inside the perimeter can access logs outside the perimeter.
+   * GCP services that are not subject to the Service Perimeter restrictions. Deprecated. Must be
+   * set to a single wildcard "*".
    *
    * The wildcard means that unless explicitly specified by "restricted_services" list, any service
-   * is treated as unrestricted. One of the fields "restricted_services", "unrestricted_services"
-   * must contain a wildcard "*", otherwise the Service Perimeter specification is invalid. It also
-   * means that both field being empty is invalid as well. "unrestricted_services" can be empty if
-   * and only if "restricted_services" list contains a "*" wildcard.
+   * is treated as unrestricted.
    * @return value or {@code null} for none
    */
   public java.util.List<java.lang.String> getUnrestrictedServices() {
@@ -185,16 +154,11 @@ public java.util.List<java.lang.String> getUnrestrictedServices() {
   }
 
   /**
-   * GCP services that are not subject to the Service Perimeter restrictions. May contain a list of
-   * services or a single wildcard "*". For example, if `logging.googleapis.com` is unrestricted,
-   * users can access logs inside the perimeter as if the perimeter doesn't exist, and it also means
-   * VMs inside the perimeter can access logs outside the perimeter.
+   * GCP services that are not subject to the Service Perimeter restrictions. Deprecated. Must be
+   * set to a single wildcard "*".
    *
    * The wildcard means that unless explicitly specified by "restricted_services" list, any service
-   * is treated as unrestricted. One of the fields "restricted_services", "unrestricted_services"
-   * must contain a wildcard "*", otherwise the Service Perimeter specification is invalid. It also
-   * means that both field being empty is invalid as well. "unrestricted_services" can be empty if
-   * and only if "restricted_services" list contains a "*" wildcard.
+   * is treated as unrestricted.
    * @param unrestrictedServices unrestrictedServices or {@code null} for none
    */
   public ServicePerimeterConfig setUnrestrictedServices(java.util.List<java.lang.String> unrestrictedServices) {
diff --git a/clients/1.26.0/google-api-services-accesscontextmanager/v1beta/pom.xml b/clients/1.26.0/google-api-services-accesscontextmanager/v1beta/pom.xml
index d9aaeeb8f73..80ce9abc66c 100644
--- a/clients/1.26.0/google-api-services-accesscontextmanager/v1beta/pom.xml
+++ b/clients/1.26.0/google-api-services-accesscontextmanager/v1beta/pom.xml
@@ -8,8 +8,8 @@
 
   <groupId>com.google.apis</groupId>
   <artifactId>google-api-services-accesscontextmanager</artifactId>
-  <version>v1beta-rev20190204-1.26.0</version>
-  <name>Access Context Manager API v1beta-rev20190204-1.26.0</name>
+  <version>v1beta-rev20190306-1.26.0</version>
+  <name>Access Context Manager API v1beta-rev20190306-1.26.0</name>
   <packaging>jar</packaging>
 
   <inceptionYear>2011</inceptionYear>
diff --git a/clients/1.26.0/google-api-services-accesscontextmanager/v1beta/resources/accesscontextmanager.v1beta.json b/clients/1.26.0/google-api-services-accesscontextmanager/v1beta/resources/accesscontextmanager.v1beta.json
index 3b26d87c832..e77baff584a 100644
--- a/clients/1.26.0/google-api-services-accesscontextmanager/v1beta/resources/accesscontextmanager.v1beta.json
+++ b/clients/1.26.0/google-api-services-accesscontextmanager/v1beta/resources/accesscontextmanager.v1beta.json
@@ -1,616 +1,217 @@
 {
-  "id": "accesscontextmanager:v1beta",
-  "documentationLink": "https://cloud.google.com/access-context-manager/docs/reference/rest/",
-  "revision": "20190204",
-  "discoveryVersion": "v1",
-  "version_module": true,
-  "schemas": {
-    "Status": {
-      "description": "The `Status` type defines a logical error model that is suitable for different\nprogramming environments, including REST APIs and RPC APIs. It is used by\n[gRPC](https://github.com/grpc). The error model is designed to be:\n\n- Simple to use and understand for most users\n- Flexible enough to meet unexpected needs\n\n# Overview\n\nThe `Status` message contains three pieces of data: error code, error message,\nand error details. The error code should be an enum value of\ngoogle.rpc.Code, but it may accept additional error codes if needed.  The\nerror message should be a developer-facing English message that helps\ndevelopers *understand* and *resolve* the error. If a localized user-facing\nerror message is needed, put the localized message in the error details or\nlocalize it in the client. The optional error details may contain arbitrary\ninformation about the error. There is a predefined set of error detail types\nin the package `google.rpc` that can be used for common error conditions.\n\n# Language mapping\n\nThe `Status` message is the logical representation of the error model, but it\nis not necessarily the actual wire format. When the `Status` message is\nexposed in different client libraries and different wire protocols, it can be\nmapped differently. For example, it will likely be mapped to some exceptions\nin Java, but more likely mapped to some error codes in C.\n\n# Other uses\n\nThe error model and the `Status` message can be used in a variety of\nenvironments, either with or without APIs, to provide a\nconsistent developer experience across different environments.\n\nExample uses of this error model include:\n\n- Partial errors. If a service needs to return partial errors to the client,\n    it may embed the `Status` in the normal response to indicate the partial\n    errors.\n\n- Workflow errors. A typical workflow has multiple steps. Each step may\n    have a `Status` message for error reporting.\n\n- Batch operations. If a client uses batch request and batch response, the\n    `Status` message should be used directly inside batch response, one for\n    each error sub-response.\n\n- Asynchronous operations. If an API call embeds asynchronous operation\n    results in its response, the status of those operations should be\n    represented directly using the `Status` message.\n\n- Logging. If some API errors are stored in logs, the message `Status` could\n    be used directly after any stripping needed for security/privacy reasons.",
-      "type": "object",
-      "properties": {
-        "message": {
-          "description": "A developer-facing error message, which should be in English. Any\nuser-facing error message should be localized and sent in the\ngoogle.rpc.Status.details field, or localized by the client.",
-          "type": "string"
-        },
-        "details": {
-          "description": "A list of messages that carry the error details.  There is a common set of\nmessage types for APIs to use.",
-          "type": "array",
-          "items": {
-            "additionalProperties": {
-              "description": "Properties of the object. Contains field @type with type URL.",
-              "type": "any"
-            },
-            "type": "object"
-          }
-        },
-        "code": {
-          "description": "The status code, which should be an enum value of google.rpc.Code.",
-          "format": "int32",
-          "type": "integer"
+  "canonicalName": "Access Context Manager",
+  "auth": {
+    "oauth2": {
+      "scopes": {
+        "https://www.googleapis.com/auth/cloud-platform": {
+          "description": "View and manage your data across Google Cloud Platform services"
         }
-      },
-      "id": "Status"
-    },
-    "OsConstraint": {
-      "description": "A restriction on the OS type and version of devices making requests.",
-      "type": "object",
-      "properties": {
-        "minimumVersion": {
-          "description": "The minimum allowed OS version. If not set, any version of this OS\nsatisfies the constraint. Format: `\"major.minor.patch\"`.\nExamples: `\"10.5.301\"`, `\"9.2.1\"`.",
-          "type": "string"
-        },
-        "osType": {
-          "description": "Required. The allowed OS type.",
-          "type": "string",
-          "enumDescriptions": [
-            "The operating system of the device is not specified or not known.",
-            "A desktop Mac operating system.",
-            "A desktop Windows operating system.",
-            "A desktop Linux operating system.",
-            "A desktop ChromeOS operating system.",
-            "An Android operating system.",
-            "An iOS operating system."
+      }
+    }
+  },
+  "rootUrl": "https://accesscontextmanager.googleapis.com/",
+  "ownerDomain": "google.com",
+  "name": "accesscontextmanager",
+  "batchPath": "batch",
+  "fullyEncodeReservedExpansion": true,
+  "title": "Access Context Manager API",
+  "ownerName": "Google",
+  "resources": {
+    "operations": {
+      "methods": {
+        "get": {
+          "id": "accesscontextmanager.operations.get",
+          "path": "v1beta/{+name}",
+          "description": "Gets the latest state of a long-running operation.  Clients can use this\nmethod to poll the operation result at intervals as recommended by the API\nservice.",
+          "httpMethod": "GET",
+          "parameterOrder": [
+            "name"
           ],
-          "enum": [
-            "OS_UNSPECIFIED",
-            "DESKTOP_MAC",
-            "DESKTOP_WINDOWS",
-            "DESKTOP_LINUX",
-            "DESKTOP_CHROME_OS",
-            "ANDROID",
-            "IOS"
-          ]
+          "response": {
+            "$ref": "Operation"
+          },
+          "parameters": {
+            "name": {
+              "pattern": "^operations/.+$",
+              "location": "path",
+              "description": "The name of the operation resource.",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ],
+          "flatPath": "v1beta/operations/{operationsId}"
         }
-      },
-      "id": "OsConstraint"
+      }
     },
-    "ServicePerimeter": {
-      "description": "`ServicePerimeter` describes a set of GCP resources which can freely import\nand export data amongst themselves, but not export outside of the\n`ServicePerimeter`. If a request with a source within this `ServicePerimeter`\nhas a target outside of the `ServicePerimeter`, the request will be blocked.\nOtherwise the request is allowed. There are two types of Service Perimeter -\nRegular and Bridge. Regular Service Perimeters cannot overlap, a single GCP\nproject can only belong to a single regular Service Perimeter. Service\nPerimeter Bridges can contain only GCP projects as members, a single GCP\nproject may belong to multiple Service Perimeter Bridges.",
-      "type": "object",
-      "properties": {
-        "description": {
-          "description": "Description of the `ServicePerimeter` and its use. Does not affect\nbehavior.",
-          "type": "string"
-        },
-        "createTime": {
-          "description": "Output only. Time the `ServicePerimeter` was created in UTC.",
-          "format": "google-datetime",
-          "type": "string"
-        },
-        "status": {
-          "description": "Current ServicePerimeter configuration. Specifies sets of resources,\nrestricted/unrestricted services and access levels that determine perimeter\ncontent and boundaries.",
-          "$ref": "ServicePerimeterConfig"
+    "accessPolicies": {
+      "methods": {
+        "delete": {
+          "response": {
+            "$ref": "Operation"
+          },
+          "parameterOrder": [
+            "name"
+          ],
+          "httpMethod": "DELETE",
+          "parameters": {
+            "name": {
+              "description": "Required. Resource name for the access policy to delete.\n\nFormat `accessPolicies/{policy_id}`",
+              "required": true,
+              "type": "string",
+              "pattern": "^accessPolicies/[^/]+$",
+              "location": "path"
+            }
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ],
+          "flatPath": "v1beta/accessPolicies/{accessPoliciesId}",
+          "path": "v1beta/{+name}",
+          "id": "accesscontextmanager.accessPolicies.delete",
+          "description": "Delete an AccessPolicy by resource\nname. The longrunning Operation will have a successful status once the\nAccessPolicy\nhas been removed from long-lasting storage."
         },
-        "updateTime": {
-          "description": "Output only. Time the `ServicePerimeter` was updated in UTC.",
-          "format": "google-datetime",
-          "type": "string"
+        "list": {
+          "response": {
+            "$ref": "ListAccessPoliciesResponse"
+          },
+          "parameterOrder": [],
+          "httpMethod": "GET",
+          "parameters": {
+            "pageToken": {
+              "location": "query",
+              "description": "Next page token for the next batch of AccessPolicy instances. Defaults to\nthe first page of results.",
+              "type": "string"
+            },
+            "pageSize": {
+              "description": "Number of AccessPolicy instances to include in the list. Default 100.",
+              "format": "int32",
+              "type": "integer",
+              "location": "query"
+            },
+            "parent": {
+              "description": "Required. Resource name for the container to list AccessPolicy instances\nfrom.\n\nFormat:\n`organizations/{org_id}`",
+              "type": "string",
+              "location": "query"
+            }
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ],
+          "flatPath": "v1beta/accessPolicies",
+          "path": "v1beta/accessPolicies",
+          "id": "accesscontextmanager.accessPolicies.list",
+          "description": "List all AccessPolicies under a\ncontainer."
         },
-        "name": {
-          "description": "Required. Resource name for the ServicePerimeter.  The `short_name`\ncomponent must begin with a letter and only include alphanumeric and '_'.\nFormat: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`",
-          "type": "string"
+        "get": {
+          "response": {
+            "$ref": "AccessPolicy"
+          },
+          "parameterOrder": [
+            "name"
+          ],
+          "httpMethod": "GET",
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ],
+          "parameters": {
+            "name": {
+              "description": "Required. Resource name for the access policy to get.\n\nFormat `accessPolicies/{policy_id}`",
+              "required": true,
+              "type": "string",
+              "pattern": "^accessPolicies/[^/]+$",
+              "location": "path"
+            }
+          },
+          "flatPath": "v1beta/accessPolicies/{accessPoliciesId}",
+          "path": "v1beta/{+name}",
+          "id": "accesscontextmanager.accessPolicies.get",
+          "description": "Get an AccessPolicy by name."
         },
-        "perimeterType": {
-          "enumDescriptions": [
-            "Regular Perimeter.",
-            "Perimeter Bridge."
+        "patch": {
+          "path": "v1beta/{+name}",
+          "id": "accesscontextmanager.accessPolicies.patch",
+          "description": "Update an AccessPolicy. The\nlongrunning Operation from this RPC will have a successful status once the\nchanges to the AccessPolicy have propagated\nto long-lasting storage. Syntactic and basic semantic errors will be\nreturned in `metadata` as a BadRequest proto.",
+          "request": {
+            "$ref": "AccessPolicy"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "parameterOrder": [
+            "name"
           ],
-          "enum": [
-            "PERIMETER_TYPE_REGULAR",
-            "PERIMETER_TYPE_BRIDGE"
+          "httpMethod": "PATCH",
+          "parameters": {
+            "updateMask": {
+              "description": "Required. Mask to control which fields get updated. Must be non-empty.",
+              "format": "google-fieldmask",
+              "type": "string",
+              "location": "query"
+            },
+            "name": {
+              "description": "Output only. Resource name of the `AccessPolicy`. Format:\n`accessPolicies/{policy_id}`",
+              "required": true,
+              "type": "string",
+              "pattern": "^accessPolicies/[^/]+$",
+              "location": "path"
+            }
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
           ],
-          "description": "Perimeter type indicator. A single project is\nallowed to be a member of single regular perimeter, but multiple service\nperimeter bridges. A project cannot be a included in a perimeter bridge\nwithout being included in regular perimeter. For perimeter bridges,\nrestricted/unrestricted service lists as well as access lists must be\nempty.",
-          "type": "string"
+          "flatPath": "v1beta/accessPolicies/{accessPoliciesId}"
         },
-        "title": {
-          "description": "Human readable title. Must be unique within the Policy.",
-          "type": "string"
-        }
-      },
-      "id": "ServicePerimeter"
-    },
-    "ServicePerimeterConfig": {
-      "description": "`ServicePerimeterConfig` specifies a set of GCP resources that describe\nspecific Service Perimeter configuration.",
-      "type": "object",
-      "properties": {
-        "resources": {
-          "description": "A list of GCP resources that are inside of the service perimeter.\nCurrently only projects are allowed. Format: `projects/{project_number}`",
-          "type": "array",
-          "items": {
-            "type": "string"
-          }
-        },
-        "unrestrictedServices": {
-          "description": "GCP services that are not subject to the Service Perimeter restrictions.\nMay contain a list of services or a single wildcard \"*\". For example, if\n`logging.googleapis.com` is unrestricted, users can access logs inside the\nperimeter as if the perimeter doesn't exist, and it also means VMs inside\nthe perimeter can access logs outside the perimeter.\n\nThe wildcard means that unless explicitly specified by\n\"restricted_services\" list, any service is treated as unrestricted. One of\nthe fields \"restricted_services\", \"unrestricted_services\" must contain a\nwildcard \"*\", otherwise the Service Perimeter specification is invalid. It\nalso means that both field being empty is invalid as well.\n\"unrestricted_services\" can be empty if and only if \"restricted_services\"\nlist contains a \"*\" wildcard.",
-          "type": "array",
-          "items": {
-            "type": "string"
-          }
-        },
-        "accessLevels": {
-          "description": "A list of `AccessLevel` resource names that allow resources within the\n`ServicePerimeter` to be accessed from the internet. `AccessLevels` listed\nmust be in the same policy as this `ServicePerimeter`. Referencing a\nnonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are\nlisted, resources within the perimeter can only be accessed via GCP calls\nwith request origins within the perimeter. Example:\n`\"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL\"`.\nFor Service Perimeter Bridge, must be empty.",
-          "type": "array",
-          "items": {
-            "type": "string"
-          }
-        },
-        "restrictedServices": {
-          "description": "GCP services that are subject to the Service Perimeter restrictions. May\ncontain a list of services or a single wildcard \"*\". For example, if\n`storage.googleapis.com` is specified, access to the storage buckets\ninside the perimeter must meet the perimeter's access restrictions.\n\nWildcard means that unless explicitly specified by \"unrestricted_services\"\nlist, any service is treated as restricted. One of the fields\n\"restricted_services\", \"unrestricted_services\" must contain a wildcard \"*\",\notherwise the Service Perimeter specification is invalid. It also means\nthat both field being empty is invalid as well. \"restricted_services\" can\nbe empty if and only if \"unrestricted_services\" list contains a \"*\"\nwildcard.",
-          "type": "array",
-          "items": {
-            "type": "string"
-          }
-        }
-      },
-      "id": "ServicePerimeterConfig"
-    },
-    "ListAccessLevelsResponse": {
-      "description": "A response to `ListAccessLevelsRequest`.",
-      "type": "object",
-      "properties": {
-        "nextPageToken": {
-          "description": "The pagination token to retrieve the next page of results. If the value is\nempty, no further results remain.",
-          "type": "string"
-        },
-        "accessLevels": {
-          "description": "List of the Access Level instances.",
-          "type": "array",
-          "items": {
-            "$ref": "AccessLevel"
-          }
-        }
-      },
-      "id": "ListAccessLevelsResponse"
-    },
-    "Condition": {
-      "description": "A condition necessary for an `AccessLevel` to be granted. The Condition is an\nAND over its fields. So a Condition is true if: 1) the request IP is from one\nof the listed subnetworks AND 2) the originating device complies with the\nlisted device policy AND 3) all listed access levels are granted AND 4) the\nrequest was sent at a time allowed by the DateTimeRestriction.",
-      "type": "object",
-      "properties": {
-        "devicePolicy": {
-          "description": "Device specific restrictions, all restrictions must hold for the\nCondition to be true. If not specified, all devices are allowed.",
-          "$ref": "DevicePolicy"
-        },
-        "members": {
-          "description": "The request must be made by one of the provided user or service\naccounts. Groups are not supported.\nSyntax:\n`user:{emailid}`\n`serviceAccount:{emailid}`\nIf not specified, a request may come from any user.",
-          "type": "array",
-          "items": {
-            "type": "string"
-          }
-        },
-        "ipSubnetworks": {
-          "description": "CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for\na CIDR IP address block, the specified IP address portion must be properly\ntruncated (i.e. all the host bits must be zero) or the input is considered\nmalformed. For example, \"192.0.2.0/24\" is accepted but \"192.0.2.1/24\" is\nnot. Similarly, for IPv6, \"2001:db8::/32\" is accepted whereas\n\"2001:db8::1/32\" is not. The originating IP of a request must be in one of\nthe listed subnets in order for this Condition to be true. If empty, all IP\naddresses are allowed.",
-          "type": "array",
-          "items": {
-            "type": "string"
-          }
-        },
-        "requiredAccessLevels": {
-          "description": "A list of other access levels defined in the same `Policy`, referenced by\nresource name. Referencing an `AccessLevel` which does not exist is an\nerror. All access levels listed must be granted for the Condition\nto be true. Example:\n\"`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME\"`",
-          "type": "array",
-          "items": {
-            "type": "string"
-          }
-        },
-        "negate": {
-          "description": "Whether to negate the Condition. If true, the Condition becomes a NAND over\nits non-empty fields, each field must be false for the Condition overall to\nbe satisfied. Defaults to false.",
-          "type": "boolean"
-        }
-      },
-      "id": "Condition"
-    },
-    "BasicLevel": {
-      "description": "`BasicLevel` is an `AccessLevel` using a set of recommended features.",
-      "type": "object",
-      "properties": {
-        "combiningFunction": {
-          "enumDescriptions": [
-            "All `Conditions` must be true for the `BasicLevel` to be true.",
-            "If at least one `Condition` is true, then the `BasicLevel` is true."
-          ],
-          "enum": [
-            "AND",
-            "OR"
-          ],
-          "description": "How the `conditions` list should be combined to determine if a request is\ngranted this `AccessLevel`. If AND is used, each `Condition` in\n`conditions` must be satisfied for the `AccessLevel` to be applied. If OR\nis used, at least one `Condition` in `conditions` must be satisfied for the\n`AccessLevel` to be applied. Default behavior is AND.",
-          "type": "string"
-        },
-        "conditions": {
-          "description": "Required. A list of requirements for the `AccessLevel` to be granted.",
-          "type": "array",
-          "items": {
-            "$ref": "Condition"
-          }
-        }
-      },
-      "id": "BasicLevel"
-    },
-    "ListAccessPoliciesResponse": {
-      "description": "A response to `ListAccessPoliciesRequest`.",
-      "type": "object",
-      "properties": {
-        "nextPageToken": {
-          "description": "The pagination token to retrieve the next page of results. If the value is\nempty, no further results remain.",
-          "type": "string"
-        },
-        "accessPolicies": {
-          "description": "List of the AccessPolicy instances.",
-          "type": "array",
-          "items": {
-            "$ref": "AccessPolicy"
-          }
-        }
-      },
-      "id": "ListAccessPoliciesResponse"
-    },
-    "ListServicePerimetersResponse": {
-      "description": "A response to `ListServicePerimetersRequest`.",
-      "type": "object",
-      "properties": {
-        "servicePerimeters": {
-          "description": "List of the Service Perimeter instances.",
-          "type": "array",
-          "items": {
-            "$ref": "ServicePerimeter"
-          }
-        },
-        "nextPageToken": {
-          "description": "The pagination token to retrieve the next page of results. If the value is\nempty, no further results remain.",
-          "type": "string"
-        }
-      },
-      "id": "ListServicePerimetersResponse"
-    },
-    "DevicePolicy": {
-      "description": "`DevicePolicy` specifies device specific restrictions necessary to acquire a\ngiven access level. A `DevicePolicy` specifies requirements for requests from\ndevices to be granted access levels, it does not do any enforcement on the\ndevice. `DevicePolicy` acts as an AND over all specified fields, and each\nrepeated field is an OR over its elements. Any unset fields are ignored. For\nexample, if the proto is { os_type : DESKTOP_WINDOWS, os_type :\nDESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be\ntrue for requests originating from encrypted Linux desktops and encrypted\nWindows desktops.",
-      "type": "object",
-      "properties": {
-        "allowedEncryptionStatuses": {
-          "description": "Allowed encryptions statuses, an empty list allows all statuses.",
-          "type": "array",
-          "items": {
-            "enum": [
-              "ENCRYPTION_UNSPECIFIED",
-              "ENCRYPTION_UNSUPPORTED",
-              "UNENCRYPTED",
-              "ENCRYPTED"
-            ],
-            "type": "string"
-          },
-          "enumDescriptions": [
-            "The encryption status of the device is not specified or not known.",
-            "The device does not support encryption.",
-            "The device supports encryption, but is currently unencrypted.",
-            "The device is encrypted."
-          ]
-        },
-        "requireScreenlock": {
-          "description": "Whether or not screenlock is required for the DevicePolicy to be true.\nDefaults to `false`.",
-          "type": "boolean"
-        },
-        "allowedDeviceManagementLevels": {
-          "enumDescriptions": [
-            "The device's management level is not specified or not known.",
-            "The device is not managed.",
-            "Basic management is enabled, which is generally limited to monitoring and\nwiping the corporate account.",
-            "Complete device management. This includes more thorough monitoring and the\nability to directly manage the device (such as remote wiping). This can be\nenabled through the Android Enterprise Platform."
-          ],
-          "description": "Allowed device management levels, an empty list allows all management\nlevels.",
-          "type": "array",
-          "items": {
-            "enum": [
-              "MANAGEMENT_UNSPECIFIED",
-              "NONE",
-              "BASIC",
-              "COMPLETE"
-            ],
-            "type": "string"
-          }
-        },
-        "osConstraints": {
-          "description": "Allowed OS versions, an empty list allows all types and all versions.",
-          "type": "array",
-          "items": {
-            "$ref": "OsConstraint"
-          }
-        }
-      },
-      "id": "DevicePolicy"
-    },
-    "AccessLevel": {
-      "description": "An `AccessLevel` is a label that can be applied to requests to GCP services,\nalong with a list of requirements necessary for the label to be applied.",
-      "type": "object",
-      "properties": {
-        "description": {
-          "description": "Description of the `AccessLevel` and its use. Does not affect behavior.",
-          "type": "string"
-        },
-        "createTime": {
-          "description": "Output only. Time the `AccessLevel` was created in UTC.",
-          "format": "google-datetime",
-          "type": "string"
-        },
-        "updateTime": {
-          "description": "Output only. Time the `AccessLevel` was updated in UTC.",
-          "format": "google-datetime",
-          "type": "string"
-        },
-        "basic": {
-          "description": "A `BasicLevel` composed of `Conditions`.",
-          "$ref": "BasicLevel"
-        },
-        "name": {
-          "description": "Required. Resource name for the Access Level. The `short_name` component\nmust begin with a letter and only include alphanumeric and '_'. Format:\n`accessPolicies/{policy_id}/accessLevels/{short_name}`",
-          "type": "string"
-        },
-        "title": {
-          "description": "Human readable title. Must be unique within the Policy.",
-          "type": "string"
-        }
-      },
-      "id": "AccessLevel"
-    },
-    "AccessPolicy": {
-      "properties": {
-        "parent": {
-          "description": "Required. The parent of this `AccessPolicy` in the Cloud Resource\nHierarchy. Currently immutable once created. Format:\n`organizations/{organization_id}`",
-          "type": "string"
-        },
-        "createTime": {
-          "description": "Output only. Time the `AccessPolicy` was created in UTC.",
-          "format": "google-datetime",
-          "type": "string"
-        },
-        "title": {
-          "description": "Required. Human readable title. Does not affect behavior.",
-          "type": "string"
-        },
-        "updateTime": {
-          "description": "Output only. Time the `AccessPolicy` was updated in UTC.",
-          "format": "google-datetime",
-          "type": "string"
-        },
-        "name": {
-          "description": "Output only. Resource name of the `AccessPolicy`. Format:\n`accessPolicies/{policy_id}`",
-          "type": "string"
-        }
-      },
-      "id": "AccessPolicy",
-      "description": "`AccessPolicy` is a container for `AccessLevels` (which define the necessary\nattributes to use GCP services) and `ServicePerimeters` (which define regions\nof services able to freely pass data within a perimeter). An access policy is\nglobally visible within an organization, and the restrictions it specifies\napply to all projects within an organization.",
-      "type": "object"
-    },
-    "Operation": {
-      "description": "This resource represents a long-running operation that is the result of a\nnetwork API call.",
-      "type": "object",
-      "properties": {
-        "done": {
-          "description": "If the value is `false`, it means the operation is still in progress.\nIf `true`, the operation is completed, and either `error` or `response` is\navailable.",
-          "type": "boolean"
-        },
-        "response": {
-          "additionalProperties": {
-            "description": "Properties of the object. Contains field @type with type URL.",
-            "type": "any"
-          },
-          "description": "The normal response of the operation in case of success.  If the original\nmethod returns no data on success, such as `Delete`, the response is\n`google.protobuf.Empty`.  If the original method is standard\n`Get`/`Create`/`Update`, the response should be the resource.  For other\nmethods, the response should have the type `XxxResponse`, where `Xxx`\nis the original method name.  For example, if the original method name\nis `TakeSnapshot()`, the inferred response type is\n`TakeSnapshotResponse`.",
-          "type": "object"
-        },
-        "name": {
-          "description": "The server-assigned name, which is only unique within the same service that\noriginally returns it. If you use the default HTTP mapping, the\n`name` should have the format of `operations/some/unique/name`.",
-          "type": "string"
-        },
-        "error": {
-          "$ref": "Status",
-          "description": "The error result of the operation in case of failure or cancellation."
-        },
-        "metadata": {
-          "additionalProperties": {
-            "description": "Properties of the object. Contains field @type with type URL.",
-            "type": "any"
-          },
-          "description": "Service-specific metadata associated with the operation.  It typically\ncontains progress information and common metadata such as create time.\nSome services might not provide such metadata.  Any method that returns a\nlong-running operation should document the metadata type, if any.",
-          "type": "object"
-        }
-      },
-      "id": "Operation"
-    }
-  },
-  "icons": {
-    "x16": "http://www.google.com/images/icons/product/search-16.gif",
-    "x32": "http://www.google.com/images/icons/product/search-32.gif"
-  },
-  "protocol": "rest",
-  "canonicalName": "Access Context Manager",
-  "auth": {
-    "oauth2": {
-      "scopes": {
-        "https://www.googleapis.com/auth/cloud-platform": {
-          "description": "View and manage your data across Google Cloud Platform services"
-        }
-      }
-    }
-  },
-  "rootUrl": "https://accesscontextmanager.googleapis.com/",
-  "ownerDomain": "google.com",
-  "name": "accesscontextmanager",
-  "batchPath": "batch",
-  "fullyEncodeReservedExpansion": true,
-  "title": "Access Context Manager API",
-  "ownerName": "Google",
-  "resources": {
-    "operations": {
-      "methods": {
-        "get": {
-          "response": {
-            "$ref": "Operation"
-          },
-          "parameterOrder": [
-            "name"
-          ],
-          "httpMethod": "GET",
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform"
-          ],
-          "parameters": {
-            "name": {
-              "pattern": "^operations/.+$",
-              "location": "path",
-              "description": "The name of the operation resource.",
-              "required": true,
-              "type": "string"
-            }
-          },
-          "flatPath": "v1beta/operations/{operationsId}",
-          "path": "v1beta/{+name}",
-          "id": "accesscontextmanager.operations.get",
-          "description": "Gets the latest state of a long-running operation.  Clients can use this\nmethod to poll the operation result at intervals as recommended by the API\nservice."
-        }
-      }
-    },
-    "accessPolicies": {
-      "methods": {
-        "delete": {
-          "flatPath": "v1beta/accessPolicies/{accessPoliciesId}",
-          "id": "accesscontextmanager.accessPolicies.delete",
-          "path": "v1beta/{+name}",
-          "description": "Delete an AccessPolicy by resource\nname. The longrunning Operation will have a successful status once the\nAccessPolicy\nhas been removed from long-lasting storage.",
-          "httpMethod": "DELETE",
-          "response": {
-            "$ref": "Operation"
-          },
-          "parameterOrder": [
-            "name"
-          ],
-          "parameters": {
-            "name": {
-              "location": "path",
-              "description": "Required. Resource name for the access policy to delete.\n\nFormat `accessPolicies/{policy_id}`",
-              "required": true,
-              "type": "string",
-              "pattern": "^accessPolicies/[^/]+$"
-            }
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform"
-          ]
-        },
-        "list": {
-          "description": "List all AccessPolicies under a\ncontainer.",
-          "response": {
-            "$ref": "ListAccessPoliciesResponse"
-          },
-          "parameterOrder": [],
-          "httpMethod": "GET",
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform"
-          ],
-          "parameters": {
-            "pageSize": {
-              "location": "query",
-              "description": "Number of AccessPolicy instances to include in the list. Default 100.",
-              "format": "int32",
-              "type": "integer"
-            },
-            "parent": {
-              "description": "Required. Resource name for the container to list AccessPolicy instances\nfrom.\n\nFormat:\n`organizations/{org_id}`",
-              "type": "string",
-              "location": "query"
-            },
-            "pageToken": {
-              "description": "Next page token for the next batch of AccessPolicy instances. Defaults to\nthe first page of results.",
-              "type": "string",
-              "location": "query"
-            }
-          },
-          "flatPath": "v1beta/accessPolicies",
-          "path": "v1beta/accessPolicies",
-          "id": "accesscontextmanager.accessPolicies.list"
-        },
-        "get": {
-          "description": "Get an AccessPolicy by name.",
-          "response": {
-            "$ref": "AccessPolicy"
-          },
-          "parameterOrder": [
-            "name"
-          ],
-          "httpMethod": "GET",
-          "parameters": {
-            "name": {
-              "description": "Required. Resource name for the access policy to get.\n\nFormat `accessPolicies/{policy_id}`",
-              "required": true,
-              "type": "string",
-              "pattern": "^accessPolicies/[^/]+$",
-              "location": "path"
-            }
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform"
-          ],
-          "flatPath": "v1beta/accessPolicies/{accessPoliciesId}",
-          "path": "v1beta/{+name}",
-          "id": "accesscontextmanager.accessPolicies.get"
-        },
-        "patch": {
-          "description": "Update an AccessPolicy. The\nlongrunning Operation from this RPC will have a successful status once the\nchanges to the AccessPolicy have propagated\nto long-lasting storage. Syntactic and basic semantic errors will be\nreturned in `metadata` as a BadRequest proto.",
-          "request": {
-            "$ref": "AccessPolicy"
-          },
-          "response": {
-            "$ref": "Operation"
-          },
-          "parameterOrder": [
-            "name"
-          ],
-          "httpMethod": "PATCH",
-          "parameters": {
-            "name": {
-              "description": "Output only. Resource name of the `AccessPolicy`. Format:\n`accessPolicies/{policy_id}`",
-              "required": true,
-              "type": "string",
-              "pattern": "^accessPolicies/[^/]+$",
-              "location": "path"
-            },
-            "updateMask": {
-              "location": "query",
-              "description": "Required. Mask to control which fields get updated. Must be non-empty.",
-              "format": "google-fieldmask",
-              "type": "string"
-            }
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform"
-          ],
-          "flatPath": "v1beta/accessPolicies/{accessPoliciesId}",
-          "path": "v1beta/{+name}",
-          "id": "accesscontextmanager.accessPolicies.patch"
-        },
-        "create": {
-          "request": {
-            "$ref": "AccessPolicy"
-          },
-          "description": "Create an `AccessPolicy`. Fails if this organization already has a\n`AccessPolicy`. The longrunning Operation will have a successful status\nonce the `AccessPolicy` has propagated to long-lasting storage.\nSyntactic and basic semantic errors will be returned in `metadata` as a\nBadRequest proto.",
-          "response": {
-            "$ref": "Operation"
-          },
-          "parameterOrder": [],
-          "httpMethod": "POST",
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform"
-          ],
-          "parameters": {},
-          "flatPath": "v1beta/accessPolicies",
-          "path": "v1beta/accessPolicies",
-          "id": "accesscontextmanager.accessPolicies.create"
+        "create": {
+          "description": "Create an `AccessPolicy`. Fails if this organization already has a\n`AccessPolicy`. The longrunning Operation will have a successful status\nonce the `AccessPolicy` has propagated to long-lasting storage.\nSyntactic and basic semantic errors will be returned in `metadata` as a\nBadRequest proto.",
+          "request": {
+            "$ref": "AccessPolicy"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "parameterOrder": [],
+          "httpMethod": "POST",
+          "parameters": {},
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ],
+          "flatPath": "v1beta/accessPolicies",
+          "path": "v1beta/accessPolicies",
+          "id": "accesscontextmanager.accessPolicies.create"
         }
       },
       "resources": {
         "servicePerimeters": {
           "methods": {
+            "delete": {
+              "path": "v1beta/{+name}",
+              "id": "accesscontextmanager.accessPolicies.servicePerimeters.delete",
+              "description": "Delete an Service Perimeter by resource\nname. The longrunning operation from this RPC will have a successful status\nonce the Service Perimeter has been\nremoved from long-lasting storage.",
+              "response": {
+                "$ref": "Operation"
+              },
+              "parameterOrder": [
+                "name"
+              ],
+              "httpMethod": "DELETE",
+              "parameters": {
+                "name": {
+                  "description": "Required. Resource name for the Service Perimeter.\n\nFormat:\n`accessPolicies/{policy_id}/servicePerimeters/{service_perimeter_id}`",
+                  "required": true,
+                  "type": "string",
+                  "pattern": "^accessPolicies/[^/]+/servicePerimeters/[^/]+$",
+                  "location": "path"
+                }
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/servicePerimeters/{servicePerimetersId}"
+            },
             "list": {
-              "path": "v1beta/{+parent}/servicePerimeters",
-              "id": "accesscontextmanager.accessPolicies.servicePerimeters.list",
-              "description": "List all Service Perimeters for an\naccess policy.",
               "response": {
                 "$ref": "ListServicePerimetersResponse"
               },
@@ -618,16 +219,7 @@
                 "parent"
               ],
               "httpMethod": "GET",
-              "scopes": [
-                "https://www.googleapis.com/auth/cloud-platform"
-              ],
               "parameters": {
-                "pageSize": {
-                  "description": "Number of Service Perimeters to include\nin the list. Default 100.",
-                  "format": "int32",
-                  "type": "integer",
-                  "location": "query"
-                },
                 "parent": {
                   "description": "Required. Resource name for the access policy to list Service Perimeters from.\n\nFormat:\n`accessPolicies/{policy_id}`",
                   "required": true,
@@ -636,14 +228,27 @@
                   "location": "path"
                 },
                 "pageToken": {
-                  "location": "query",
                   "description": "Next page token for the next batch of Service Perimeter instances.\nDefaults to the first page of results.",
-                  "type": "string"
+                  "type": "string",
+                  "location": "query"
+                },
+                "pageSize": {
+                  "description": "Number of Service Perimeters to include\nin the list. Default 100.",
+                  "format": "int32",
+                  "type": "integer",
+                  "location": "query"
                 }
               },
-              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/servicePerimeters"
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/servicePerimeters",
+              "path": "v1beta/{+parent}/servicePerimeters",
+              "id": "accesscontextmanager.accessPolicies.servicePerimeters.list",
+              "description": "List all Service Perimeters for an\naccess policy."
             },
             "get": {
+              "description": "Get an Service Perimeter by resource\nname.",
               "response": {
                 "$ref": "ServicePerimeter"
               },
@@ -651,35 +256,34 @@
                 "name"
               ],
               "httpMethod": "GET",
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
               "parameters": {
                 "name": {
-                  "pattern": "^accessPolicies/[^/]+/servicePerimeters/[^/]+$",
-                  "location": "path",
                   "description": "Required. Resource name for the Service Perimeter.\n\nFormat:\n`accessPolicies/{policy_id}/servicePerimeters/{service_perimeters_id}`",
                   "required": true,
-                  "type": "string"
+                  "type": "string",
+                  "pattern": "^accessPolicies/[^/]+/servicePerimeters/[^/]+$",
+                  "location": "path"
                 }
               },
-              "scopes": [
-                "https://www.googleapis.com/auth/cloud-platform"
-              ],
               "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/servicePerimeters/{servicePerimetersId}",
               "path": "v1beta/{+name}",
-              "id": "accesscontextmanager.accessPolicies.servicePerimeters.get",
-              "description": "Get an Service Perimeter by resource\nname."
+              "id": "accesscontextmanager.accessPolicies.servicePerimeters.get"
             },
             "patch": {
               "description": "Update an Service Perimeter. The\nlongrunning operation from this RPC will have a successful status once the\nchanges to the Service Perimeter have\npropagated to long-lasting storage. Service Perimeter containing\nerrors will result in an error response for the first error encountered.",
               "request": {
                 "$ref": "ServicePerimeter"
               },
-              "httpMethod": "PATCH",
-              "parameterOrder": [
-                "name"
-              ],
               "response": {
                 "$ref": "Operation"
               },
+              "parameterOrder": [
+                "name"
+              ],
+              "httpMethod": "PATCH",
               "parameters": {
                 "updateMask": {
                   "description": "Required. Mask to control which fields get updated. Must be non-empty.",
@@ -688,331 +292,723 @@
                   "location": "query"
                 },
                 "name": {
+                  "description": "Required. Resource name for the ServicePerimeter.  The `short_name`\ncomponent must begin with a letter and only include alphanumeric and '_'.\nFormat: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`",
+                  "required": true,
+                  "type": "string",
                   "pattern": "^accessPolicies/[^/]+/servicePerimeters/[^/]+$",
+                  "location": "path"
+                }
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/servicePerimeters/{servicePerimetersId}",
+              "path": "v1beta/{+name}",
+              "id": "accesscontextmanager.accessPolicies.servicePerimeters.patch"
+            },
+            "create": {
+              "httpMethod": "POST",
+              "parameterOrder": [
+                "parent"
+              ],
+              "response": {
+                "$ref": "Operation"
+              },
+              "parameters": {
+                "parent": {
+                  "description": "Required. Resource name for the access policy which owns this Service\nPerimeter.\n\nFormat: `accessPolicies/{policy_id}`",
+                  "required": true,
+                  "type": "string",
+                  "pattern": "^accessPolicies/[^/]+$",
+                  "location": "path"
+                }
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/servicePerimeters",
+              "id": "accesscontextmanager.accessPolicies.servicePerimeters.create",
+              "path": "v1beta/{+parent}/servicePerimeters",
+              "description": "Create an Service Perimeter. The\nlongrunning operation from this RPC will have a successful status once the\nService Perimeter has\npropagated to long-lasting storage. Service Perimeters containing\nerrors will result in an error response for the first error encountered.",
+              "request": {
+                "$ref": "ServicePerimeter"
+              }
+            }
+          }
+        },
+        "accessLevels": {
+          "methods": {
+            "delete": {
+              "description": "Delete an Access Level by resource\nname. The longrunning operation from this RPC will have a successful status\nonce the Access Level has been removed\nfrom long-lasting storage.",
+              "response": {
+                "$ref": "Operation"
+              },
+              "parameterOrder": [
+                "name"
+              ],
+              "httpMethod": "DELETE",
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "parameters": {
+                "name": {
+                  "pattern": "^accessPolicies/[^/]+/accessLevels/[^/]+$",
                   "location": "path",
-                  "description": "Required. Resource name for the ServicePerimeter.  The `short_name`\ncomponent must begin with a letter and only include alphanumeric and '_'.\nFormat: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`",
+                  "description": "Required. Resource name for the Access Level.\n\nFormat:\n`accessPolicies/{policy_id}/accessLevels/{access_level_id}`",
+                  "required": true,
+                  "type": "string"
+                }
+              },
+              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/accessLevels/{accessLevelsId}",
+              "path": "v1beta/{+name}",
+              "id": "accesscontextmanager.accessPolicies.accessLevels.delete"
+            },
+            "list": {
+              "path": "v1beta/{+parent}/accessLevels",
+              "id": "accesscontextmanager.accessPolicies.accessLevels.list",
+              "description": "List all Access Levels for an access\npolicy.",
+              "response": {
+                "$ref": "ListAccessLevelsResponse"
+              },
+              "parameterOrder": [
+                "parent"
+              ],
+              "httpMethod": "GET",
+              "parameters": {
+                "parent": {
+                  "pattern": "^accessPolicies/[^/]+$",
+                  "location": "path",
+                  "description": "Required. Resource name for the access policy to list Access Levels from.\n\nFormat:\n`accessPolicies/{policy_id}`",
                   "required": true,
                   "type": "string"
+                },
+                "pageToken": {
+                  "location": "query",
+                  "description": "Next page token for the next batch of Access Level instances.\nDefaults to the first page of results.",
+                  "type": "string"
+                },
+                "pageSize": {
+                  "description": "Number of Access Levels to include in\nthe list. Default 100.",
+                  "format": "int32",
+                  "type": "integer",
+                  "location": "query"
+                },
+                "accessLevelFormat": {
+                  "location": "query",
+                  "enum": [
+                    "LEVEL_FORMAT_UNSPECIFIED",
+                    "AS_DEFINED",
+                    "CEL"
+                  ],
+                  "description": "Whether to return `BasicLevels` in the Cloud Common Expression language, as\n`CustomLevels`, rather than as `BasicLevels`. Defaults to returning\n`AccessLevels` in the format they were defined.",
+                  "type": "string"
+                }
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/accessLevels"
+            },
+            "get": {
+              "description": "Get an Access Level by resource\nname.",
+              "response": {
+                "$ref": "AccessLevel"
+              },
+              "parameterOrder": [
+                "name"
+              ],
+              "httpMethod": "GET",
+              "parameters": {
+                "name": {
+                  "description": "Required. Resource name for the Access Level.\n\nFormat:\n`accessPolicies/{policy_id}/accessLevels/{access_level_id}`",
+                  "required": true,
+                  "type": "string",
+                  "pattern": "^accessPolicies/[^/]+/accessLevels/[^/]+$",
+                  "location": "path"
+                },
+                "accessLevelFormat": {
+                  "enum": [
+                    "LEVEL_FORMAT_UNSPECIFIED",
+                    "AS_DEFINED",
+                    "CEL"
+                  ],
+                  "description": "Whether to return `BasicLevels` in the Cloud Common Expression\nLanguage rather than as `BasicLevels`. Defaults to AS_DEFINED, where\nAccess Levels\nare returned as `BasicLevels` or `CustomLevels` based on how they were\ncreated. If set to CEL, all Access Levels are returned as\n`CustomLevels`. In the CEL case, `BasicLevels` are translated to equivalent\n`CustomLevels`.",
+                  "type": "string",
+                  "location": "query"
                 }
               },
               "scopes": [
                 "https://www.googleapis.com/auth/cloud-platform"
               ],
-              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/servicePerimeters/{servicePerimetersId}",
-              "id": "accesscontextmanager.accessPolicies.servicePerimeters.patch",
-              "path": "v1beta/{+name}"
+              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/accessLevels/{accessLevelsId}",
+              "path": "v1beta/{+name}",
+              "id": "accesscontextmanager.accessPolicies.accessLevels.get"
             },
-            "create": {
-              "description": "Create an Service Perimeter. The\nlongrunning operation from this RPC will have a successful status once the\nService Perimeter has\npropagated to long-lasting storage. Service Perimeters containing\nerrors will result in an error response for the first error encountered.",
+            "patch": {
+              "description": "Update an Access Level. The longrunning\noperation from this RPC will have a successful status once the changes to\nthe Access Level have propagated\nto long-lasting storage. Access Levels containing\nerrors will result in an error response for the first error encountered.",
               "request": {
-                "$ref": "ServicePerimeter"
+                "$ref": "AccessLevel"
               },
               "response": {
                 "$ref": "Operation"
               },
               "parameterOrder": [
-                "parent"
+                "name"
               ],
-              "httpMethod": "POST",
+              "httpMethod": "PATCH",
               "parameters": {
-                "parent": {
-                  "description": "Required. Resource name for the access policy which owns this Service\nPerimeter.\n\nFormat: `accessPolicies/{policy_id}`",
+                "name": {
+                  "description": "Required. Resource name for the Access Level. The `short_name` component\nmust begin with a letter and only include alphanumeric and '_'. Format:\n`accessPolicies/{policy_id}/accessLevels/{short_name}`",
                   "required": true,
                   "type": "string",
-                  "pattern": "^accessPolicies/[^/]+$",
+                  "pattern": "^accessPolicies/[^/]+/accessLevels/[^/]+$",
                   "location": "path"
+                },
+                "updateMask": {
+                  "description": "Required.  Mask to control which fields get updated. Must be non-empty.",
+                  "format": "google-fieldmask",
+                  "type": "string",
+                  "location": "query"
                 }
               },
               "scopes": [
                 "https://www.googleapis.com/auth/cloud-platform"
               ],
-              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/servicePerimeters",
-              "path": "v1beta/{+parent}/servicePerimeters",
-              "id": "accesscontextmanager.accessPolicies.servicePerimeters.create"
+              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/accessLevels/{accessLevelsId}",
+              "path": "v1beta/{+name}",
+              "id": "accesscontextmanager.accessPolicies.accessLevels.patch"
             },
-            "delete": {
+            "create": {
+              "path": "v1beta/{+parent}/accessLevels",
+              "id": "accesscontextmanager.accessPolicies.accessLevels.create",
+              "request": {
+                "$ref": "AccessLevel"
+              },
+              "description": "Create an Access Level. The longrunning\noperation from this RPC will have a successful status once the Access\nLevel has\npropagated to long-lasting storage. Access Levels containing\nerrors will result in an error response for the first error encountered.",
               "response": {
                 "$ref": "Operation"
               },
               "parameterOrder": [
-                "name"
+                "parent"
               ],
-              "httpMethod": "DELETE",
+              "httpMethod": "POST",
               "scopes": [
                 "https://www.googleapis.com/auth/cloud-platform"
               ],
               "parameters": {
-                "name": {
-                  "description": "Required. Resource name for the Service Perimeter.\n\nFormat:\n`accessPolicies/{policy_id}/servicePerimeters/{service_perimeter_id}`",
+                "parent": {
+                  "description": "Required. Resource name for the access policy which owns this Access\nLevel.\n\nFormat: `accessPolicies/{policy_id}`",
                   "required": true,
                   "type": "string",
-                  "pattern": "^accessPolicies/[^/]+/servicePerimeters/[^/]+$",
+                  "pattern": "^accessPolicies/[^/]+$",
                   "location": "path"
                 }
               },
-              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/servicePerimeters/{servicePerimetersId}",
-              "path": "v1beta/{+name}",
-              "id": "accesscontextmanager.accessPolicies.servicePerimeters.delete",
-              "description": "Delete an Service Perimeter by resource\nname. The longrunning operation from this RPC will have a successful status\nonce the Service Perimeter has been\nremoved from long-lasting storage."
+              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/accessLevels"
             }
           }
+        }
+      }
+    }
+  },
+  "parameters": {
+    "alt": {
+      "enum": [
+        "json",
+        "media",
+        "proto"
+      ],
+      "type": "string",
+      "enumDescriptions": [
+        "Responses with Content-Type of application/json",
+        "Media download with context-dependent Content-Type",
+        "Responses with Content-Type of application/x-protobuf"
+      ],
+      "location": "query",
+      "description": "Data format for response.",
+      "default": "json"
+    },
+    "key": {
+      "location": "query",
+      "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
+      "type": "string"
+    },
+    "access_token": {
+      "location": "query",
+      "description": "OAuth access token.",
+      "type": "string"
+    },
+    "upload_protocol": {
+      "location": "query",
+      "description": "Upload protocol for media (e.g. \"raw\", \"multipart\").",
+      "type": "string"
+    },
+    "prettyPrint": {
+      "location": "query",
+      "description": "Returns response with indentations and line breaks.",
+      "type": "boolean",
+      "default": "true"
+    },
+    "quotaUser": {
+      "location": "query",
+      "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
+      "type": "string"
+    },
+    "fields": {
+      "location": "query",
+      "description": "Selector specifying which fields to include in a partial response.",
+      "type": "string"
+    },
+    "uploadType": {
+      "location": "query",
+      "description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
+      "type": "string"
+    },
+    "$.xgafv": {
+      "enum": [
+        "1",
+        "2"
+      ],
+      "description": "V1 error format.",
+      "type": "string",
+      "enumDescriptions": [
+        "v1 error format",
+        "v2 error format"
+      ],
+      "location": "query"
+    },
+    "oauth_token": {
+      "description": "OAuth 2.0 token for the current user.",
+      "type": "string",
+      "location": "query"
+    },
+    "callback": {
+      "location": "query",
+      "description": "JSONP",
+      "type": "string"
+    }
+  },
+  "version": "v1beta",
+  "baseUrl": "https://accesscontextmanager.googleapis.com/",
+  "kind": "discovery#restDescription",
+  "description": "An API for setting attribute based access control to requests to GCP services.",
+  "servicePath": "",
+  "basePath": "",
+  "id": "accesscontextmanager:v1beta",
+  "documentationLink": "https://cloud.google.com/access-context-manager/docs/reference/rest/",
+  "revision": "20190306",
+  "discoveryVersion": "v1",
+  "version_module": true,
+  "schemas": {
+    "Status": {
+      "properties": {
+        "message": {
+          "description": "A developer-facing error message, which should be in English. Any\nuser-facing error message should be localized and sent in the\ngoogle.rpc.Status.details field, or localized by the client.",
+          "type": "string"
+        },
+        "details": {
+          "description": "A list of messages that carry the error details.  There is a common set of\nmessage types for APIs to use.",
+          "type": "array",
+          "items": {
+            "additionalProperties": {
+              "description": "Properties of the object. Contains field @type with type URL.",
+              "type": "any"
+            },
+            "type": "object"
+          }
+        },
+        "code": {
+          "description": "The status code, which should be an enum value of google.rpc.Code.",
+          "format": "int32",
+          "type": "integer"
+        }
+      },
+      "id": "Status",
+      "description": "The `Status` type defines a logical error model that is suitable for different\nprogramming environments, including REST APIs and RPC APIs. It is used by\n[gRPC](https://github.com/grpc). The error model is designed to be:\n\n- Simple to use and understand for most users\n- Flexible enough to meet unexpected needs\n\n# Overview\n\nThe `Status` message contains three pieces of data: error code, error message,\nand error details. The error code should be an enum value of\ngoogle.rpc.Code, but it may accept additional error codes if needed.  The\nerror message should be a developer-facing English message that helps\ndevelopers *understand* and *resolve* the error. If a localized user-facing\nerror message is needed, put the localized message in the error details or\nlocalize it in the client. The optional error details may contain arbitrary\ninformation about the error. There is a predefined set of error detail types\nin the package `google.rpc` that can be used for common error conditions.\n\n# Language mapping\n\nThe `Status` message is the logical representation of the error model, but it\nis not necessarily the actual wire format. When the `Status` message is\nexposed in different client libraries and different wire protocols, it can be\nmapped differently. For example, it will likely be mapped to some exceptions\nin Java, but more likely mapped to some error codes in C.\n\n# Other uses\n\nThe error model and the `Status` message can be used in a variety of\nenvironments, either with or without APIs, to provide a\nconsistent developer experience across different environments.\n\nExample uses of this error model include:\n\n- Partial errors. If a service needs to return partial errors to the client,\n    it may embed the `Status` in the normal response to indicate the partial\n    errors.\n\n- Workflow errors. A typical workflow has multiple steps. Each step may\n    have a `Status` message for error reporting.\n\n- Batch operations. If a client uses batch request and batch response, the\n    `Status` message should be used directly inside batch response, one for\n    each error sub-response.\n\n- Asynchronous operations. If an API call embeds asynchronous operation\n    results in its response, the status of those operations should be\n    represented directly using the `Status` message.\n\n- Logging. If some API errors are stored in logs, the message `Status` could\n    be used directly after any stripping needed for security/privacy reasons.",
+      "type": "object"
+    },
+    "OsConstraint": {
+      "description": "A restriction on the OS type and version of devices making requests.",
+      "type": "object",
+      "properties": {
+        "osType": {
+          "enumDescriptions": [
+            "The operating system of the device is not specified or not known.",
+            "A desktop Mac operating system.",
+            "A desktop Windows operating system.",
+            "A desktop Linux operating system.",
+            "A desktop ChromeOS operating system."
+          ],
+          "enum": [
+            "OS_UNSPECIFIED",
+            "DESKTOP_MAC",
+            "DESKTOP_WINDOWS",
+            "DESKTOP_LINUX",
+            "DESKTOP_CHROME_OS"
+          ],
+          "description": "Required. The allowed OS type.",
+          "type": "string"
+        },
+        "minimumVersion": {
+          "description": "The minimum allowed OS version. If not set, any version of this OS\nsatisfies the constraint. Format: `\"major.minor.patch\"`.\nExamples: `\"10.5.301\"`, `\"9.2.1\"`.",
+          "type": "string"
+        }
+      },
+      "id": "OsConstraint"
+    },
+    "ServicePerimeter": {
+      "properties": {
+        "title": {
+          "description": "Human readable title. Must be unique within the Policy.",
+          "type": "string"
+        },
+        "description": {
+          "description": "Description of the `ServicePerimeter` and its use. Does not affect\nbehavior.",
+          "type": "string"
+        },
+        "createTime": {
+          "description": "Output only. Time the `ServicePerimeter` was created in UTC.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "status": {
+          "$ref": "ServicePerimeterConfig",
+          "description": "Current ServicePerimeter configuration. Specifies sets of resources,\nrestricted/unrestricted services and access levels that determine perimeter\ncontent and boundaries."
+        },
+        "updateTime": {
+          "description": "Output only. Time the `ServicePerimeter` was updated in UTC.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "name": {
+          "description": "Required. Resource name for the ServicePerimeter.  The `short_name`\ncomponent must begin with a letter and only include alphanumeric and '_'.\nFormat: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`",
+          "type": "string"
+        },
+        "perimeterType": {
+          "enumDescriptions": [
+            "Regular Perimeter.",
+            "Perimeter Bridge."
+          ],
+          "enum": [
+            "PERIMETER_TYPE_REGULAR",
+            "PERIMETER_TYPE_BRIDGE"
+          ],
+          "description": "Perimeter type indicator. A single project is\nallowed to be a member of single regular perimeter, but multiple service\nperimeter bridges. A project cannot be a included in a perimeter bridge\nwithout being included in regular perimeter. For perimeter bridges,\nrestricted/unrestricted service lists as well as access lists must be\nempty.",
+          "type": "string"
+        }
+      },
+      "id": "ServicePerimeter",
+      "description": "`ServicePerimeter` describes a set of GCP resources which can freely import\nand export data amongst themselves, but not export outside of the\n`ServicePerimeter`. If a request with a source within this `ServicePerimeter`\nhas a target outside of the `ServicePerimeter`, the request will be blocked.\nOtherwise the request is allowed. There are two types of Service Perimeter -\nRegular and Bridge. Regular Service Perimeters cannot overlap, a single GCP\nproject can only belong to a single regular Service Perimeter. Service\nPerimeter Bridges can contain only GCP projects as members, a single GCP\nproject may belong to multiple Service Perimeter Bridges.",
+      "type": "object"
+    },
+    "Condition": {
+      "properties": {
+        "ipSubnetworks": {
+          "description": "CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for\na CIDR IP address block, the specified IP address portion must be properly\ntruncated (i.e. all the host bits must be zero) or the input is considered\nmalformed. For example, \"192.0.2.0/24\" is accepted but \"192.0.2.1/24\" is\nnot. Similarly, for IPv6, \"2001:db8::/32\" is accepted whereas\n\"2001:db8::1/32\" is not. The originating IP of a request must be in one of\nthe listed subnets in order for this Condition to be true. If empty, all IP\naddresses are allowed.",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "requiredAccessLevels": {
+          "description": "A list of other access levels defined in the same `Policy`, referenced by\nresource name. Referencing an `AccessLevel` which does not exist is an\nerror. All access levels listed must be granted for the Condition\nto be true. Example:\n\"`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME\"`",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "negate": {
+          "description": "Whether to negate the Condition. If true, the Condition becomes a NAND over\nits non-empty fields, each field must be false for the Condition overall to\nbe satisfied. Defaults to false.",
+          "type": "boolean"
+        },
+        "devicePolicy": {
+          "description": "Device specific restrictions, all restrictions must hold for the\nCondition to be true. If not specified, all devices are allowed.",
+          "$ref": "DevicePolicy"
+        },
+        "members": {
+          "description": "The request must be made by one of the provided user or service\naccounts. Groups are not supported.\nSyntax:\n`user:{emailid}`\n`serviceAccount:{emailid}`\nIf not specified, a request may come from any user.",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        }
+      },
+      "id": "Condition",
+      "description": "A condition necessary for an `AccessLevel` to be granted. The Condition is an\nAND over its fields. So a Condition is true if: 1) the request IP is from one\nof the listed subnetworks AND 2) the originating device complies with the\nlisted device policy AND 3) all listed access levels are granted AND 4) the\nrequest was sent at a time allowed by the DateTimeRestriction.",
+      "type": "object"
+    },
+    "ListAccessLevelsResponse": {
+      "description": "A response to `ListAccessLevelsRequest`.",
+      "type": "object",
+      "properties": {
+        "nextPageToken": {
+          "description": "The pagination token to retrieve the next page of results. If the value is\nempty, no further results remain.",
+          "type": "string"
         },
         "accessLevels": {
-          "methods": {
-            "delete": {
-              "response": {
-                "$ref": "Operation"
-              },
-              "parameterOrder": [
-                "name"
-              ],
-              "httpMethod": "DELETE",
-              "scopes": [
-                "https://www.googleapis.com/auth/cloud-platform"
-              ],
-              "parameters": {
-                "name": {
-                  "pattern": "^accessPolicies/[^/]+/accessLevels/[^/]+$",
-                  "location": "path",
-                  "description": "Required. Resource name for the Access Level.\n\nFormat:\n`accessPolicies/{policy_id}/accessLevels/{access_level_id}`",
-                  "required": true,
-                  "type": "string"
-                }
-              },
-              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/accessLevels/{accessLevelsId}",
-              "path": "v1beta/{+name}",
-              "id": "accesscontextmanager.accessPolicies.accessLevels.delete",
-              "description": "Delete an Access Level by resource\nname. The longrunning operation from this RPC will have a successful status\nonce the Access Level has been removed\nfrom long-lasting storage."
-            },
-            "list": {
-              "id": "accesscontextmanager.accessPolicies.accessLevels.list",
-              "path": "v1beta/{+parent}/accessLevels",
-              "description": "List all Access Levels for an access\npolicy.",
-              "httpMethod": "GET",
-              "parameterOrder": [
-                "parent"
-              ],
-              "response": {
-                "$ref": "ListAccessLevelsResponse"
-              },
-              "parameters": {
-                "pageSize": {
-                  "description": "Number of Access Levels to include in\nthe list. Default 100.",
-                  "format": "int32",
-                  "type": "integer",
-                  "location": "query"
-                },
-                "accessLevelFormat": {
-                  "location": "query",
-                  "enum": [
-                    "LEVEL_FORMAT_UNSPECIFIED",
-                    "AS_DEFINED",
-                    "CEL"
-                  ],
-                  "description": "Whether to return `BasicLevels` in the Cloud Common Expression language, as\n`CustomLevels`, rather than as `BasicLevels`. Defaults to returning\n`AccessLevels` in the format they were defined.",
-                  "type": "string"
-                },
-                "parent": {
-                  "pattern": "^accessPolicies/[^/]+$",
-                  "location": "path",
-                  "description": "Required. Resource name for the access policy to list Access Levels from.\n\nFormat:\n`accessPolicies/{policy_id}`",
-                  "required": true,
-                  "type": "string"
-                },
-                "pageToken": {
-                  "location": "query",
-                  "description": "Next page token for the next batch of Access Level instances.\nDefaults to the first page of results.",
-                  "type": "string"
-                }
-              },
-              "scopes": [
-                "https://www.googleapis.com/auth/cloud-platform"
-              ],
-              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/accessLevels"
-            },
-            "get": {
-              "description": "Get an Access Level by resource\nname.",
-              "response": {
-                "$ref": "AccessLevel"
-              },
-              "parameterOrder": [
-                "name"
-              ],
-              "httpMethod": "GET",
-              "parameters": {
-                "name": {
-                  "location": "path",
-                  "description": "Required. Resource name for the Access Level.\n\nFormat:\n`accessPolicies/{policy_id}/accessLevels/{access_level_id}`",
-                  "required": true,
-                  "type": "string",
-                  "pattern": "^accessPolicies/[^/]+/accessLevels/[^/]+$"
-                },
-                "accessLevelFormat": {
-                  "location": "query",
-                  "enum": [
-                    "LEVEL_FORMAT_UNSPECIFIED",
-                    "AS_DEFINED",
-                    "CEL"
-                  ],
-                  "description": "Whether to return `BasicLevels` in the Cloud Common Expression\nLanguage rather than as `BasicLevels`. Defaults to AS_DEFINED, where\nAccess Levels\nare returned as `BasicLevels` or `CustomLevels` based on how they were\ncreated. If set to CEL, all Access Levels are returned as\n`CustomLevels`. In the CEL case, `BasicLevels` are translated to equivalent\n`CustomLevels`.",
-                  "type": "string"
-                }
-              },
-              "scopes": [
-                "https://www.googleapis.com/auth/cloud-platform"
-              ],
-              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/accessLevels/{accessLevelsId}",
-              "path": "v1beta/{+name}",
-              "id": "accesscontextmanager.accessPolicies.accessLevels.get"
-            },
-            "patch": {
-              "description": "Update an Access Level. The longrunning\noperation from this RPC will have a successful status once the changes to\nthe Access Level have propagated\nto long-lasting storage. Access Levels containing\nerrors will result in an error response for the first error encountered.",
-              "request": {
-                "$ref": "AccessLevel"
-              },
-              "httpMethod": "PATCH",
-              "parameterOrder": [
-                "name"
-              ],
-              "response": {
-                "$ref": "Operation"
-              },
-              "parameters": {
-                "name": {
-                  "location": "path",
-                  "description": "Required. Resource name for the Access Level. The `short_name` component\nmust begin with a letter and only include alphanumeric and '_'. Format:\n`accessPolicies/{policy_id}/accessLevels/{short_name}`",
-                  "required": true,
-                  "type": "string",
-                  "pattern": "^accessPolicies/[^/]+/accessLevels/[^/]+$"
-                },
-                "updateMask": {
-                  "description": "Required.  Mask to control which fields get updated. Must be non-empty.",
-                  "format": "google-fieldmask",
-                  "type": "string",
-                  "location": "query"
-                }
-              },
-              "scopes": [
-                "https://www.googleapis.com/auth/cloud-platform"
-              ],
-              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/accessLevels/{accessLevelsId}",
-              "id": "accesscontextmanager.accessPolicies.accessLevels.patch",
-              "path": "v1beta/{+name}"
-            },
-            "create": {
-              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/accessLevels",
-              "id": "accesscontextmanager.accessPolicies.accessLevels.create",
-              "path": "v1beta/{+parent}/accessLevels",
-              "description": "Create an Access Level. The longrunning\noperation from this RPC will have a successful status once the Access\nLevel has\npropagated to long-lasting storage. Access Levels containing\nerrors will result in an error response for the first error encountered.",
-              "request": {
-                "$ref": "AccessLevel"
-              },
-              "httpMethod": "POST",
-              "parameterOrder": [
-                "parent"
-              ],
-              "response": {
-                "$ref": "Operation"
-              },
-              "parameters": {
-                "parent": {
-                  "location": "path",
-                  "description": "Required. Resource name for the access policy which owns this Access\nLevel.\n\nFormat: `accessPolicies/{policy_id}`",
-                  "required": true,
-                  "type": "string",
-                  "pattern": "^accessPolicies/[^/]+$"
-                }
-              },
-              "scopes": [
-                "https://www.googleapis.com/auth/cloud-platform"
-              ]
-            }
+          "description": "List of the Access Level instances.",
+          "type": "array",
+          "items": {
+            "$ref": "AccessLevel"
+          }
+        }
+      },
+      "id": "ListAccessLevelsResponse"
+    },
+    "ServicePerimeterConfig": {
+      "description": "`ServicePerimeterConfig` specifies a set of GCP resources that describe\nspecific Service Perimeter configuration.",
+      "type": "object",
+      "properties": {
+        "resources": {
+          "description": "A list of GCP resources that are inside of the service perimeter.\nCurrently only projects are allowed. Format: `projects/{project_number}`",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "unrestrictedServices": {
+          "description": "GCP services that are not subject to the Service Perimeter\nrestrictions. Deprecated. Must be set to a single wildcard \"*\".\n\nThe wildcard means that unless explicitly specified by\n\"restricted_services\" list, any service is treated as unrestricted.",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "accessLevels": {
+          "description": "A list of `AccessLevel` resource names that allow resources within the\n`ServicePerimeter` to be accessed from the internet. `AccessLevels` listed\nmust be in the same policy as this `ServicePerimeter`. Referencing a\nnonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are\nlisted, resources within the perimeter can only be accessed via GCP calls\nwith request origins within the perimeter. Example:\n`\"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL\"`.\nFor Service Perimeter Bridge, must be empty.",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "restrictedServices": {
+          "description": "GCP services that are subject to the Service Perimeter restrictions. Must\ncontain a list of services. For example, if\n`storage.googleapis.com` is specified, access to the storage buckets\ninside the perimeter must meet the perimeter's access restrictions.",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        }
+      },
+      "id": "ServicePerimeterConfig"
+    },
+    "BasicLevel": {
+      "description": "`BasicLevel` is an `AccessLevel` using a set of recommended features.",
+      "type": "object",
+      "properties": {
+        "combiningFunction": {
+          "enum": [
+            "AND",
+            "OR"
+          ],
+          "description": "How the `conditions` list should be combined to determine if a request is\ngranted this `AccessLevel`. If AND is used, each `Condition` in\n`conditions` must be satisfied for the `AccessLevel` to be applied. If OR\nis used, at least one `Condition` in `conditions` must be satisfied for the\n`AccessLevel` to be applied. Default behavior is AND.",
+          "type": "string",
+          "enumDescriptions": [
+            "All `Conditions` must be true for the `BasicLevel` to be true.",
+            "If at least one `Condition` is true, then the `BasicLevel` is true."
+          ]
+        },
+        "conditions": {
+          "description": "Required. A list of requirements for the `AccessLevel` to be granted.",
+          "type": "array",
+          "items": {
+            "$ref": "Condition"
+          }
+        }
+      },
+      "id": "BasicLevel"
+    },
+    "ListServicePerimetersResponse": {
+      "description": "A response to `ListServicePerimetersRequest`.",
+      "type": "object",
+      "properties": {
+        "servicePerimeters": {
+          "description": "List of the Service Perimeter instances.",
+          "type": "array",
+          "items": {
+            "$ref": "ServicePerimeter"
           }
+        },
+        "nextPageToken": {
+          "description": "The pagination token to retrieve the next page of results. If the value is\nempty, no further results remain.",
+          "type": "string"
         }
-      }
-    }
-  },
-  "parameters": {
-    "uploadType": {
-      "description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
-      "type": "string",
-      "location": "query"
-    },
-    "fields": {
-      "location": "query",
-      "description": "Selector specifying which fields to include in a partial response.",
-      "type": "string"
-    },
-    "callback": {
-      "location": "query",
-      "description": "JSONP",
-      "type": "string"
-    },
-    "oauth_token": {
-      "description": "OAuth 2.0 token for the current user.",
-      "type": "string",
-      "location": "query"
-    },
-    "$.xgafv": {
-      "description": "V1 error format.",
-      "type": "string",
-      "enumDescriptions": [
-        "v1 error format",
-        "v2 error format"
-      ],
-      "location": "query",
-      "enum": [
-        "1",
-        "2"
-      ]
-    },
-    "alt": {
-      "enum": [
-        "json",
-        "media",
-        "proto"
-      ],
-      "type": "string",
-      "enumDescriptions": [
-        "Responses with Content-Type of application/json",
-        "Media download with context-dependent Content-Type",
-        "Responses with Content-Type of application/x-protobuf"
-      ],
-      "location": "query",
-      "description": "Data format for response.",
-      "default": "json"
+      },
+      "id": "ListServicePerimetersResponse"
     },
-    "key": {
-      "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
-      "type": "string",
-      "location": "query"
+    "ListAccessPoliciesResponse": {
+      "description": "A response to `ListAccessPoliciesRequest`.",
+      "type": "object",
+      "properties": {
+        "nextPageToken": {
+          "description": "The pagination token to retrieve the next page of results. If the value is\nempty, no further results remain.",
+          "type": "string"
+        },
+        "accessPolicies": {
+          "description": "List of the AccessPolicy instances.",
+          "type": "array",
+          "items": {
+            "$ref": "AccessPolicy"
+          }
+        }
+      },
+      "id": "ListAccessPoliciesResponse"
     },
-    "access_token": {
-      "description": "OAuth access token.",
-      "type": "string",
-      "location": "query"
+    "DevicePolicy": {
+      "description": "`DevicePolicy` specifies device specific restrictions necessary to acquire a\ngiven access level. A `DevicePolicy` specifies requirements for requests from\ndevices to be granted access levels, it does not do any enforcement on the\ndevice. `DevicePolicy` acts as an AND over all specified fields, and each\nrepeated field is an OR over its elements. Any unset fields are ignored. For\nexample, if the proto is { os_type : DESKTOP_WINDOWS, os_type :\nDESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be\ntrue for requests originating from encrypted Linux desktops and encrypted\nWindows desktops.",
+      "type": "object",
+      "properties": {
+        "allowedEncryptionStatuses": {
+          "enumDescriptions": [
+            "The encryption status of the device is not specified or not known.",
+            "The device does not support encryption.",
+            "The device supports encryption, but is currently unencrypted.",
+            "The device is encrypted."
+          ],
+          "description": "Allowed encryptions statuses, an empty list allows all statuses.",
+          "type": "array",
+          "items": {
+            "enum": [
+              "ENCRYPTION_UNSPECIFIED",
+              "ENCRYPTION_UNSUPPORTED",
+              "UNENCRYPTED",
+              "ENCRYPTED"
+            ],
+            "type": "string"
+          }
+        },
+        "requireScreenlock": {
+          "description": "Whether or not screenlock is required for the DevicePolicy to be true.\nDefaults to `false`.",
+          "type": "boolean"
+        },
+        "allowedDeviceManagementLevels": {
+          "description": "Allowed device management levels, an empty list allows all management\nlevels.",
+          "type": "array",
+          "items": {
+            "enum": [
+              "MANAGEMENT_UNSPECIFIED",
+              "NONE",
+              "BASIC",
+              "COMPLETE"
+            ],
+            "type": "string"
+          },
+          "enumDescriptions": [
+            "The device's management level is not specified or not known.",
+            "The device is not managed.",
+            "Basic management is enabled, which is generally limited to monitoring and\nwiping the corporate account.",
+            "Complete device management. This includes more thorough monitoring and the\nability to directly manage the device (such as remote wiping). This can be\nenabled through the Android Enterprise Platform."
+          ]
+        },
+        "osConstraints": {
+          "description": "Allowed OS versions, an empty list allows all types and all versions.",
+          "type": "array",
+          "items": {
+            "$ref": "OsConstraint"
+          }
+        }
+      },
+      "id": "DevicePolicy"
     },
-    "upload_protocol": {
-      "location": "query",
-      "description": "Upload protocol for media (e.g. \"raw\", \"multipart\").",
-      "type": "string"
+    "AccessLevel": {
+      "description": "An `AccessLevel` is a label that can be applied to requests to GCP services,\nalong with a list of requirements necessary for the label to be applied.",
+      "type": "object",
+      "properties": {
+        "description": {
+          "description": "Description of the `AccessLevel` and its use. Does not affect behavior.",
+          "type": "string"
+        },
+        "createTime": {
+          "description": "Output only. Time the `AccessLevel` was created in UTC.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "updateTime": {
+          "description": "Output only. Time the `AccessLevel` was updated in UTC.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "name": {
+          "description": "Required. Resource name for the Access Level. The `short_name` component\nmust begin with a letter and only include alphanumeric and '_'. Format:\n`accessPolicies/{policy_id}/accessLevels/{short_name}`",
+          "type": "string"
+        },
+        "basic": {
+          "$ref": "BasicLevel",
+          "description": "A `BasicLevel` composed of `Conditions`."
+        },
+        "title": {
+          "description": "Human readable title. Must be unique within the Policy.",
+          "type": "string"
+        }
+      },
+      "id": "AccessLevel"
     },
-    "quotaUser": {
-      "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
-      "type": "string",
-      "location": "query"
+    "AccessPolicy": {
+      "description": "`AccessPolicy` is a container for `AccessLevels` (which define the necessary\nattributes to use GCP services) and `ServicePerimeters` (which define regions\nof services able to freely pass data within a perimeter). An access policy is\nglobally visible within an organization, and the restrictions it specifies\napply to all projects within an organization.",
+      "type": "object",
+      "properties": {
+        "updateTime": {
+          "description": "Output only. Time the `AccessPolicy` was updated in UTC.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "name": {
+          "description": "Output only. Resource name of the `AccessPolicy`. Format:\n`accessPolicies/{policy_id}`",
+          "type": "string"
+        },
+        "parent": {
+          "description": "Required. The parent of this `AccessPolicy` in the Cloud Resource\nHierarchy. Currently immutable once created. Format:\n`organizations/{organization_id}`",
+          "type": "string"
+        },
+        "createTime": {
+          "description": "Output only. Time the `AccessPolicy` was created in UTC.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "title": {
+          "description": "Required. Human readable title. Does not affect behavior.",
+          "type": "string"
+        }
+      },
+      "id": "AccessPolicy"
     },
-    "prettyPrint": {
-      "location": "query",
-      "description": "Returns response with indentations and line breaks.",
-      "type": "boolean",
-      "default": "true"
+    "Operation": {
+      "properties": {
+        "response": {
+          "additionalProperties": {
+            "description": "Properties of the object. Contains field @type with type URL.",
+            "type": "any"
+          },
+          "description": "The normal response of the operation in case of success.  If the original\nmethod returns no data on success, such as `Delete`, the response is\n`google.protobuf.Empty`.  If the original method is standard\n`Get`/`Create`/`Update`, the response should be the resource.  For other\nmethods, the response should have the type `XxxResponse`, where `Xxx`\nis the original method name.  For example, if the original method name\nis `TakeSnapshot()`, the inferred response type is\n`TakeSnapshotResponse`.",
+          "type": "object"
+        },
+        "name": {
+          "description": "The server-assigned name, which is only unique within the same service that\noriginally returns it. If you use the default HTTP mapping, the\n`name` should have the format of `operations/some/unique/name`.",
+          "type": "string"
+        },
+        "error": {
+          "description": "The error result of the operation in case of failure or cancellation.",
+          "$ref": "Status"
+        },
+        "metadata": {
+          "additionalProperties": {
+            "description": "Properties of the object. Contains field @type with type URL.",
+            "type": "any"
+          },
+          "description": "Service-specific metadata associated with the operation.  It typically\ncontains progress information and common metadata such as create time.\nSome services might not provide such metadata.  Any method that returns a\nlong-running operation should document the metadata type, if any.",
+          "type": "object"
+        },
+        "done": {
+          "description": "If the value is `false`, it means the operation is still in progress.\nIf `true`, the operation is completed, and either `error` or `response` is\navailable.",
+          "type": "boolean"
+        }
+      },
+      "id": "Operation",
+      "description": "This resource represents a long-running operation that is the result of a\nnetwork API call.",
+      "type": "object"
     }
   },
-  "version": "v1beta",
-  "baseUrl": "https://accesscontextmanager.googleapis.com/",
-  "servicePath": "",
-  "kind": "discovery#restDescription",
-  "description": "An API for setting attribute based access control to requests to GCP services.",
-  "basePath": ""
+  "protocol": "rest",
+  "icons": {
+    "x16": "http://www.google.com/images/icons/product/search-16.gif",
+    "x32": "http://www.google.com/images/icons/product/search-32.gif"
+  }
 }
diff --git a/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/AccessContextManager.java b/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/AccessContextManager.java
new file mode 100644
index 00000000000..93adf1c2ba2
--- /dev/null
+++ b/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/AccessContextManager.java
@@ -0,0 +1,3351 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1;
+
+/**
+ * Service definition for AccessContextManager (v1).
+ *
+ * <p>
+ * An API for setting attribute based access control to requests to GCP services.
+ * </p>
+ *
+ * <p>
+ * For more information about this service, see the
+ * <a href="https://cloud.google.com/access-context-manager/docs/reference/rest/" target="_blank">API Documentation</a>
+ * </p>
+ *
+ * <p>
+ * This service uses {@link AccessContextManagerRequestInitializer} to initialize global parameters via its
+ * {@link Builder}.
+ * </p>
+ *
+ * @since 1.3
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public class AccessContextManager extends com.google.api.client.googleapis.services.json.AbstractGoogleJsonClient {
+
+  // Note: Leave this static initializer at the top of the file.
+  static {
+    com.google.api.client.util.Preconditions.checkState(
+        com.google.api.client.googleapis.GoogleUtils.MAJOR_VERSION == 1 &&
+        com.google.api.client.googleapis.GoogleUtils.MINOR_VERSION >= 15,
+        "You are currently running with version %s of google-api-client. " +
+        "You need at least version 1.15 of google-api-client to run version " +
+        "1.27.0 of the Access Context Manager API library.", com.google.api.client.googleapis.GoogleUtils.VERSION);
+  }
+
+  /**
+   * The default encoded root URL of the service. This is determined when the library is generated
+   * and normally should not be changed.
+   *
+   * @since 1.7
+   */
+  public static final String DEFAULT_ROOT_URL = "https://accesscontextmanager.googleapis.com/";
+
+  /**
+   * The default encoded service path of the service. This is determined when the library is
+   * generated and normally should not be changed.
+   *
+   * @since 1.7
+   */
+  public static final String DEFAULT_SERVICE_PATH = "";
+
+  /**
+   * The default encoded batch path of the service. This is determined when the library is
+   * generated and normally should not be changed.
+   *
+   * @since 1.23
+   */
+  public static final String DEFAULT_BATCH_PATH = "batch";
+
+  /**
+   * The default encoded base URL of the service. This is determined when the library is generated
+   * and normally should not be changed.
+   */
+  public static final String DEFAULT_BASE_URL = DEFAULT_ROOT_URL + DEFAULT_SERVICE_PATH;
+
+  /**
+   * Constructor.
+   *
+   * <p>
+   * Use {@link Builder} if you need to specify any of the optional parameters.
+   * </p>
+   *
+   * @param transport HTTP transport, which should normally be:
+   *        <ul>
+   *        <li>Google App Engine:
+   *        {@code com.google.api.client.extensions.appengine.http.UrlFetchTransport}</li>
+   *        <li>Android: {@code newCompatibleTransport} from
+   *        {@code com.google.api.client.extensions.android.http.AndroidHttp}</li>
+   *        <li>Java: {@link com.google.api.client.googleapis.javanet.GoogleNetHttpTransport#newTrustedTransport()}
+   *        </li>
+   *        </ul>
+   * @param jsonFactory JSON factory, which may be:
+   *        <ul>
+   *        <li>Jackson: {@code com.google.api.client.json.jackson2.JacksonFactory}</li>
+   *        <li>Google GSON: {@code com.google.api.client.json.gson.GsonFactory}</li>
+   *        <li>Android Honeycomb or higher:
+   *        {@code com.google.api.client.extensions.android.json.AndroidJsonFactory}</li>
+   *        </ul>
+   * @param httpRequestInitializer HTTP request initializer or {@code null} for none
+   * @since 1.7
+   */
+  public AccessContextManager(com.google.api.client.http.HttpTransport transport, com.google.api.client.json.JsonFactory jsonFactory,
+      com.google.api.client.http.HttpRequestInitializer httpRequestInitializer) {
+    this(new Builder(transport, jsonFactory, httpRequestInitializer));
+  }
+
+  /**
+   * @param builder builder
+   */
+  AccessContextManager(Builder builder) {
+    super(builder);
+  }
+
+  @Override
+  protected void initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest<?> httpClientRequest) throws java.io.IOException {
+    super.initialize(httpClientRequest);
+  }
+
+  /**
+   * An accessor for creating requests from the AccessPolicies collection.
+   *
+   * <p>The typical use is:</p>
+   * <pre>
+   *   {@code AccessContextManager accesscontextmanager = new AccessContextManager(...);}
+   *   {@code AccessContextManager.AccessPolicies.List request = accesscontextmanager.accessPolicies().list(parameters ...)}
+   * </pre>
+   *
+   * @return the resource collection
+   */
+  public AccessPolicies accessPolicies() {
+    return new AccessPolicies();
+  }
+
+  /**
+   * The "accessPolicies" collection of methods.
+   */
+  public class AccessPolicies {
+
+    /**
+     * Create an `AccessPolicy`. Fails if this organization already has a `AccessPolicy`. The
+     * longrunning Operation will have a successful status once the `AccessPolicy` has propagated to
+     * long-lasting storage. Syntactic and basic semantic errors will be returned in `metadata` as a
+     * BadRequest proto.
+     *
+     * Create a request for the method "accessPolicies.create".
+     *
+     * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+     * optional parameters, call the {@link Create#execute()} method to invoke the remote operation.
+     *
+     * @param content the {@link com.google.api.services.accesscontextmanager.v1.model.AccessPolicy}
+     * @return the request
+     */
+    public Create create(com.google.api.services.accesscontextmanager.v1.model.AccessPolicy content) throws java.io.IOException {
+      Create result = new Create(content);
+      initialize(result);
+      return result;
+    }
+
+    public class Create extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.Operation> {
+
+      private static final String REST_PATH = "v1/accessPolicies";
+
+      /**
+       * Create an `AccessPolicy`. Fails if this organization already has a `AccessPolicy`. The
+       * longrunning Operation will have a successful status once the `AccessPolicy` has propagated to
+       * long-lasting storage. Syntactic and basic semantic errors will be returned in `metadata` as a
+       * BadRequest proto.
+       *
+       * Create a request for the method "accessPolicies.create".
+       *
+       * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+       * any optional parameters, call the {@link Create#execute()} method to invoke the remote
+       * operation. <p> {@link
+       * Create#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must
+       * be called to initialize this instance immediately after invoking the constructor. </p>
+       *
+       * @param content the {@link com.google.api.services.accesscontextmanager.v1.model.AccessPolicy}
+       * @since 1.13
+       */
+      protected Create(com.google.api.services.accesscontextmanager.v1.model.AccessPolicy content) {
+        super(AccessContextManager.this, "POST", REST_PATH, content, com.google.api.services.accesscontextmanager.v1.model.Operation.class);
+      }
+
+      @Override
+      public Create set$Xgafv(java.lang.String $Xgafv) {
+        return (Create) super.set$Xgafv($Xgafv);
+      }
+
+      @Override
+      public Create setAccessToken(java.lang.String accessToken) {
+        return (Create) super.setAccessToken(accessToken);
+      }
+
+      @Override
+      public Create setAlt(java.lang.String alt) {
+        return (Create) super.setAlt(alt);
+      }
+
+      @Override
+      public Create setCallback(java.lang.String callback) {
+        return (Create) super.setCallback(callback);
+      }
+
+      @Override
+      public Create setFields(java.lang.String fields) {
+        return (Create) super.setFields(fields);
+      }
+
+      @Override
+      public Create setKey(java.lang.String key) {
+        return (Create) super.setKey(key);
+      }
+
+      @Override
+      public Create setOauthToken(java.lang.String oauthToken) {
+        return (Create) super.setOauthToken(oauthToken);
+      }
+
+      @Override
+      public Create setPrettyPrint(java.lang.Boolean prettyPrint) {
+        return (Create) super.setPrettyPrint(prettyPrint);
+      }
+
+      @Override
+      public Create setQuotaUser(java.lang.String quotaUser) {
+        return (Create) super.setQuotaUser(quotaUser);
+      }
+
+      @Override
+      public Create setUploadType(java.lang.String uploadType) {
+        return (Create) super.setUploadType(uploadType);
+      }
+
+      @Override
+      public Create setUploadProtocol(java.lang.String uploadProtocol) {
+        return (Create) super.setUploadProtocol(uploadProtocol);
+      }
+
+      @Override
+      public Create set(String parameterName, Object value) {
+        return (Create) super.set(parameterName, value);
+      }
+    }
+    /**
+     * Delete an AccessPolicy by resource name. The longrunning Operation will have a successful status
+     * once the AccessPolicy has been removed from long-lasting storage.
+     *
+     * Create a request for the method "accessPolicies.delete".
+     *
+     * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+     * optional parameters, call the {@link Delete#execute()} method to invoke the remote operation.
+     *
+     * @param name Required. Resource name for the access policy to delete.
+    Format `accessPolicies/{policy_id}`
+     * @return the request
+     */
+    public Delete delete(java.lang.String name) throws java.io.IOException {
+      Delete result = new Delete(name);
+      initialize(result);
+      return result;
+    }
+
+    public class Delete extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.Operation> {
+
+      private static final String REST_PATH = "v1/{+name}";
+
+      private final java.util.regex.Pattern NAME_PATTERN =
+          java.util.regex.Pattern.compile("^accessPolicies/[^/]+$");
+
+      /**
+       * Delete an AccessPolicy by resource name. The longrunning Operation will have a successful
+       * status once the AccessPolicy has been removed from long-lasting storage.
+       *
+       * Create a request for the method "accessPolicies.delete".
+       *
+       * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+       * any optional parameters, call the {@link Delete#execute()} method to invoke the remote
+       * operation. <p> {@link
+       * Delete#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must
+       * be called to initialize this instance immediately after invoking the constructor. </p>
+       *
+       * @param name Required. Resource name for the access policy to delete.
+    Format `accessPolicies/{policy_id}`
+       * @since 1.13
+       */
+      protected Delete(java.lang.String name) {
+        super(AccessContextManager.this, "DELETE", REST_PATH, null, com.google.api.services.accesscontextmanager.v1.model.Operation.class);
+        this.name = com.google.api.client.util.Preconditions.checkNotNull(name, "Required parameter name must be specified.");
+        if (!getSuppressPatternChecks()) {
+          com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+              "Parameter name must conform to the pattern " +
+              "^accessPolicies/[^/]+$");
+        }
+      }
+
+      @Override
+      public Delete set$Xgafv(java.lang.String $Xgafv) {
+        return (Delete) super.set$Xgafv($Xgafv);
+      }
+
+      @Override
+      public Delete setAccessToken(java.lang.String accessToken) {
+        return (Delete) super.setAccessToken(accessToken);
+      }
+
+      @Override
+      public Delete setAlt(java.lang.String alt) {
+        return (Delete) super.setAlt(alt);
+      }
+
+      @Override
+      public Delete setCallback(java.lang.String callback) {
+        return (Delete) super.setCallback(callback);
+      }
+
+      @Override
+      public Delete setFields(java.lang.String fields) {
+        return (Delete) super.setFields(fields);
+      }
+
+      @Override
+      public Delete setKey(java.lang.String key) {
+        return (Delete) super.setKey(key);
+      }
+
+      @Override
+      public Delete setOauthToken(java.lang.String oauthToken) {
+        return (Delete) super.setOauthToken(oauthToken);
+      }
+
+      @Override
+      public Delete setPrettyPrint(java.lang.Boolean prettyPrint) {
+        return (Delete) super.setPrettyPrint(prettyPrint);
+      }
+
+      @Override
+      public Delete setQuotaUser(java.lang.String quotaUser) {
+        return (Delete) super.setQuotaUser(quotaUser);
+      }
+
+      @Override
+      public Delete setUploadType(java.lang.String uploadType) {
+        return (Delete) super.setUploadType(uploadType);
+      }
+
+      @Override
+      public Delete setUploadProtocol(java.lang.String uploadProtocol) {
+        return (Delete) super.setUploadProtocol(uploadProtocol);
+      }
+
+      /**
+       * Required. Resource name for the access policy to delete.
+       *
+       * Format `accessPolicies/{policy_id}`
+       */
+      @com.google.api.client.util.Key
+      private java.lang.String name;
+
+      /** Required. Resource name for the access policy to delete.
+
+     Format `accessPolicies/{policy_id}`
+       */
+      public java.lang.String getName() {
+        return name;
+      }
+
+      /**
+       * Required. Resource name for the access policy to delete.
+       *
+       * Format `accessPolicies/{policy_id}`
+       */
+      public Delete setName(java.lang.String name) {
+        if (!getSuppressPatternChecks()) {
+          com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+              "Parameter name must conform to the pattern " +
+              "^accessPolicies/[^/]+$");
+        }
+        this.name = name;
+        return this;
+      }
+
+      @Override
+      public Delete set(String parameterName, Object value) {
+        return (Delete) super.set(parameterName, value);
+      }
+    }
+    /**
+     * Get an AccessPolicy by name.
+     *
+     * Create a request for the method "accessPolicies.get".
+     *
+     * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+     * optional parameters, call the {@link Get#execute()} method to invoke the remote operation.
+     *
+     * @param name Required. Resource name for the access policy to get.
+    Format `accessPolicies/{policy_id}`
+     * @return the request
+     */
+    public Get get(java.lang.String name) throws java.io.IOException {
+      Get result = new Get(name);
+      initialize(result);
+      return result;
+    }
+
+    public class Get extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.AccessPolicy> {
+
+      private static final String REST_PATH = "v1/{+name}";
+
+      private final java.util.regex.Pattern NAME_PATTERN =
+          java.util.regex.Pattern.compile("^accessPolicies/[^/]+$");
+
+      /**
+       * Get an AccessPolicy by name.
+       *
+       * Create a request for the method "accessPolicies.get".
+       *
+       * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+       * any optional parameters, call the {@link Get#execute()} method to invoke the remote operation.
+       * <p> {@link
+       * Get#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must be
+       * called to initialize this instance immediately after invoking the constructor. </p>
+       *
+       * @param name Required. Resource name for the access policy to get.
+    Format `accessPolicies/{policy_id}`
+       * @since 1.13
+       */
+      protected Get(java.lang.String name) {
+        super(AccessContextManager.this, "GET", REST_PATH, null, com.google.api.services.accesscontextmanager.v1.model.AccessPolicy.class);
+        this.name = com.google.api.client.util.Preconditions.checkNotNull(name, "Required parameter name must be specified.");
+        if (!getSuppressPatternChecks()) {
+          com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+              "Parameter name must conform to the pattern " +
+              "^accessPolicies/[^/]+$");
+        }
+      }
+
+      @Override
+      public com.google.api.client.http.HttpResponse executeUsingHead() throws java.io.IOException {
+        return super.executeUsingHead();
+      }
+
+      @Override
+      public com.google.api.client.http.HttpRequest buildHttpRequestUsingHead() throws java.io.IOException {
+        return super.buildHttpRequestUsingHead();
+      }
+
+      @Override
+      public Get set$Xgafv(java.lang.String $Xgafv) {
+        return (Get) super.set$Xgafv($Xgafv);
+      }
+
+      @Override
+      public Get setAccessToken(java.lang.String accessToken) {
+        return (Get) super.setAccessToken(accessToken);
+      }
+
+      @Override
+      public Get setAlt(java.lang.String alt) {
+        return (Get) super.setAlt(alt);
+      }
+
+      @Override
+      public Get setCallback(java.lang.String callback) {
+        return (Get) super.setCallback(callback);
+      }
+
+      @Override
+      public Get setFields(java.lang.String fields) {
+        return (Get) super.setFields(fields);
+      }
+
+      @Override
+      public Get setKey(java.lang.String key) {
+        return (Get) super.setKey(key);
+      }
+
+      @Override
+      public Get setOauthToken(java.lang.String oauthToken) {
+        return (Get) super.setOauthToken(oauthToken);
+      }
+
+      @Override
+      public Get setPrettyPrint(java.lang.Boolean prettyPrint) {
+        return (Get) super.setPrettyPrint(prettyPrint);
+      }
+
+      @Override
+      public Get setQuotaUser(java.lang.String quotaUser) {
+        return (Get) super.setQuotaUser(quotaUser);
+      }
+
+      @Override
+      public Get setUploadType(java.lang.String uploadType) {
+        return (Get) super.setUploadType(uploadType);
+      }
+
+      @Override
+      public Get setUploadProtocol(java.lang.String uploadProtocol) {
+        return (Get) super.setUploadProtocol(uploadProtocol);
+      }
+
+      /**
+       * Required. Resource name for the access policy to get.
+       *
+       * Format `accessPolicies/{policy_id}`
+       */
+      @com.google.api.client.util.Key
+      private java.lang.String name;
+
+      /** Required. Resource name for the access policy to get.
+
+     Format `accessPolicies/{policy_id}`
+       */
+      public java.lang.String getName() {
+        return name;
+      }
+
+      /**
+       * Required. Resource name for the access policy to get.
+       *
+       * Format `accessPolicies/{policy_id}`
+       */
+      public Get setName(java.lang.String name) {
+        if (!getSuppressPatternChecks()) {
+          com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+              "Parameter name must conform to the pattern " +
+              "^accessPolicies/[^/]+$");
+        }
+        this.name = name;
+        return this;
+      }
+
+      @Override
+      public Get set(String parameterName, Object value) {
+        return (Get) super.set(parameterName, value);
+      }
+    }
+    /**
+     * List all AccessPolicies under a container.
+     *
+     * Create a request for the method "accessPolicies.list".
+     *
+     * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+     * optional parameters, call the {@link List#execute()} method to invoke the remote operation.
+     *
+     * @return the request
+     */
+    public List list() throws java.io.IOException {
+      List result = new List();
+      initialize(result);
+      return result;
+    }
+
+    public class List extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.ListAccessPoliciesResponse> {
+
+      private static final String REST_PATH = "v1/accessPolicies";
+
+      /**
+       * List all AccessPolicies under a container.
+       *
+       * Create a request for the method "accessPolicies.list".
+       *
+       * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+       * any optional parameters, call the {@link List#execute()} method to invoke the remote operation.
+       * <p> {@link
+       * List#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must be
+       * called to initialize this instance immediately after invoking the constructor. </p>
+       *
+       * @since 1.13
+       */
+      protected List() {
+        super(AccessContextManager.this, "GET", REST_PATH, null, com.google.api.services.accesscontextmanager.v1.model.ListAccessPoliciesResponse.class);
+      }
+
+      @Override
+      public com.google.api.client.http.HttpResponse executeUsingHead() throws java.io.IOException {
+        return super.executeUsingHead();
+      }
+
+      @Override
+      public com.google.api.client.http.HttpRequest buildHttpRequestUsingHead() throws java.io.IOException {
+        return super.buildHttpRequestUsingHead();
+      }
+
+      @Override
+      public List set$Xgafv(java.lang.String $Xgafv) {
+        return (List) super.set$Xgafv($Xgafv);
+      }
+
+      @Override
+      public List setAccessToken(java.lang.String accessToken) {
+        return (List) super.setAccessToken(accessToken);
+      }
+
+      @Override
+      public List setAlt(java.lang.String alt) {
+        return (List) super.setAlt(alt);
+      }
+
+      @Override
+      public List setCallback(java.lang.String callback) {
+        return (List) super.setCallback(callback);
+      }
+
+      @Override
+      public List setFields(java.lang.String fields) {
+        return (List) super.setFields(fields);
+      }
+
+      @Override
+      public List setKey(java.lang.String key) {
+        return (List) super.setKey(key);
+      }
+
+      @Override
+      public List setOauthToken(java.lang.String oauthToken) {
+        return (List) super.setOauthToken(oauthToken);
+      }
+
+      @Override
+      public List setPrettyPrint(java.lang.Boolean prettyPrint) {
+        return (List) super.setPrettyPrint(prettyPrint);
+      }
+
+      @Override
+      public List setQuotaUser(java.lang.String quotaUser) {
+        return (List) super.setQuotaUser(quotaUser);
+      }
+
+      @Override
+      public List setUploadType(java.lang.String uploadType) {
+        return (List) super.setUploadType(uploadType);
+      }
+
+      @Override
+      public List setUploadProtocol(java.lang.String uploadProtocol) {
+        return (List) super.setUploadProtocol(uploadProtocol);
+      }
+
+      /** Number of AccessPolicy instances to include in the list. Default 100. */
+      @com.google.api.client.util.Key
+      private java.lang.Integer pageSize;
+
+      /** Number of AccessPolicy instances to include in the list. Default 100.
+       */
+      public java.lang.Integer getPageSize() {
+        return pageSize;
+      }
+
+      /** Number of AccessPolicy instances to include in the list. Default 100. */
+      public List setPageSize(java.lang.Integer pageSize) {
+        this.pageSize = pageSize;
+        return this;
+      }
+
+      /**
+       * Next page token for the next batch of AccessPolicy instances. Defaults to the first page of
+       * results.
+       */
+      @com.google.api.client.util.Key
+      private java.lang.String pageToken;
+
+      /** Next page token for the next batch of AccessPolicy instances. Defaults to the first page of
+     results.
+       */
+      public java.lang.String getPageToken() {
+        return pageToken;
+      }
+
+      /**
+       * Next page token for the next batch of AccessPolicy instances. Defaults to the first page of
+       * results.
+       */
+      public List setPageToken(java.lang.String pageToken) {
+        this.pageToken = pageToken;
+        return this;
+      }
+
+      /**
+       * Required. Resource name for the container to list AccessPolicy instances from.
+       *
+       * Format: `organizations/{org_id}`
+       */
+      @com.google.api.client.util.Key
+      private java.lang.String parent;
+
+      /** Required. Resource name for the container to list AccessPolicy instances from.
+
+     Format: `organizations/{org_id}`
+       */
+      public java.lang.String getParent() {
+        return parent;
+      }
+
+      /**
+       * Required. Resource name for the container to list AccessPolicy instances from.
+       *
+       * Format: `organizations/{org_id}`
+       */
+      public List setParent(java.lang.String parent) {
+        this.parent = parent;
+        return this;
+      }
+
+      @Override
+      public List set(String parameterName, Object value) {
+        return (List) super.set(parameterName, value);
+      }
+    }
+    /**
+     * Update an AccessPolicy. The longrunning Operation from this RPC will have a successful status
+     * once the changes to the AccessPolicy have propagated to long-lasting storage. Syntactic and basic
+     * semantic errors will be returned in `metadata` as a BadRequest proto.
+     *
+     * Create a request for the method "accessPolicies.patch".
+     *
+     * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+     * optional parameters, call the {@link Patch#execute()} method to invoke the remote operation.
+     *
+     * @param name Output only. Resource name of the `AccessPolicy`. Format:
+    `accessPolicies/{policy_id}`
+     * @param content the {@link com.google.api.services.accesscontextmanager.v1.model.AccessPolicy}
+     * @return the request
+     */
+    public Patch patch(java.lang.String name, com.google.api.services.accesscontextmanager.v1.model.AccessPolicy content) throws java.io.IOException {
+      Patch result = new Patch(name, content);
+      initialize(result);
+      return result;
+    }
+
+    public class Patch extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.Operation> {
+
+      private static final String REST_PATH = "v1/{+name}";
+
+      private final java.util.regex.Pattern NAME_PATTERN =
+          java.util.regex.Pattern.compile("^accessPolicies/[^/]+$");
+
+      /**
+       * Update an AccessPolicy. The longrunning Operation from this RPC will have a successful status
+       * once the changes to the AccessPolicy have propagated to long-lasting storage. Syntactic and
+       * basic semantic errors will be returned in `metadata` as a BadRequest proto.
+       *
+       * Create a request for the method "accessPolicies.patch".
+       *
+       * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+       * any optional parameters, call the {@link Patch#execute()} method to invoke the remote
+       * operation. <p> {@link
+       * Patch#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must
+       * be called to initialize this instance immediately after invoking the constructor. </p>
+       *
+       * @param name Output only. Resource name of the `AccessPolicy`. Format:
+    `accessPolicies/{policy_id}`
+       * @param content the {@link com.google.api.services.accesscontextmanager.v1.model.AccessPolicy}
+       * @since 1.13
+       */
+      protected Patch(java.lang.String name, com.google.api.services.accesscontextmanager.v1.model.AccessPolicy content) {
+        super(AccessContextManager.this, "PATCH", REST_PATH, content, com.google.api.services.accesscontextmanager.v1.model.Operation.class);
+        this.name = com.google.api.client.util.Preconditions.checkNotNull(name, "Required parameter name must be specified.");
+        if (!getSuppressPatternChecks()) {
+          com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+              "Parameter name must conform to the pattern " +
+              "^accessPolicies/[^/]+$");
+        }
+      }
+
+      @Override
+      public Patch set$Xgafv(java.lang.String $Xgafv) {
+        return (Patch) super.set$Xgafv($Xgafv);
+      }
+
+      @Override
+      public Patch setAccessToken(java.lang.String accessToken) {
+        return (Patch) super.setAccessToken(accessToken);
+      }
+
+      @Override
+      public Patch setAlt(java.lang.String alt) {
+        return (Patch) super.setAlt(alt);
+      }
+
+      @Override
+      public Patch setCallback(java.lang.String callback) {
+        return (Patch) super.setCallback(callback);
+      }
+
+      @Override
+      public Patch setFields(java.lang.String fields) {
+        return (Patch) super.setFields(fields);
+      }
+
+      @Override
+      public Patch setKey(java.lang.String key) {
+        return (Patch) super.setKey(key);
+      }
+
+      @Override
+      public Patch setOauthToken(java.lang.String oauthToken) {
+        return (Patch) super.setOauthToken(oauthToken);
+      }
+
+      @Override
+      public Patch setPrettyPrint(java.lang.Boolean prettyPrint) {
+        return (Patch) super.setPrettyPrint(prettyPrint);
+      }
+
+      @Override
+      public Patch setQuotaUser(java.lang.String quotaUser) {
+        return (Patch) super.setQuotaUser(quotaUser);
+      }
+
+      @Override
+      public Patch setUploadType(java.lang.String uploadType) {
+        return (Patch) super.setUploadType(uploadType);
+      }
+
+      @Override
+      public Patch setUploadProtocol(java.lang.String uploadProtocol) {
+        return (Patch) super.setUploadProtocol(uploadProtocol);
+      }
+
+      /**
+       * Output only. Resource name of the `AccessPolicy`. Format: `accessPolicies/{policy_id}`
+       */
+      @com.google.api.client.util.Key
+      private java.lang.String name;
+
+      /** Output only. Resource name of the `AccessPolicy`. Format: `accessPolicies/{policy_id}`
+       */
+      public java.lang.String getName() {
+        return name;
+      }
+
+      /**
+       * Output only. Resource name of the `AccessPolicy`. Format: `accessPolicies/{policy_id}`
+       */
+      public Patch setName(java.lang.String name) {
+        if (!getSuppressPatternChecks()) {
+          com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+              "Parameter name must conform to the pattern " +
+              "^accessPolicies/[^/]+$");
+        }
+        this.name = name;
+        return this;
+      }
+
+      /** Required. Mask to control which fields get updated. Must be non-empty. */
+      @com.google.api.client.util.Key
+      private String updateMask;
+
+      /** Required. Mask to control which fields get updated. Must be non-empty.
+       */
+      public String getUpdateMask() {
+        return updateMask;
+      }
+
+      /** Required. Mask to control which fields get updated. Must be non-empty. */
+      public Patch setUpdateMask(String updateMask) {
+        this.updateMask = updateMask;
+        return this;
+      }
+
+      @Override
+      public Patch set(String parameterName, Object value) {
+        return (Patch) super.set(parameterName, value);
+      }
+    }
+
+    /**
+     * An accessor for creating requests from the AccessLevels collection.
+     *
+     * <p>The typical use is:</p>
+     * <pre>
+     *   {@code AccessContextManager accesscontextmanager = new AccessContextManager(...);}
+     *   {@code AccessContextManager.AccessLevels.List request = accesscontextmanager.accessLevels().list(parameters ...)}
+     * </pre>
+     *
+     * @return the resource collection
+     */
+    public AccessLevels accessLevels() {
+      return new AccessLevels();
+    }
+
+    /**
+     * The "accessLevels" collection of methods.
+     */
+    public class AccessLevels {
+
+      /**
+       * Create an Access Level. The longrunning operation from this RPC will have a successful status
+       * once the Access Level has propagated to long-lasting storage. Access Levels containing errors
+       * will result in an error response for the first error encountered.
+       *
+       * Create a request for the method "accessLevels.create".
+       *
+       * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+       * optional parameters, call the {@link Create#execute()} method to invoke the remote operation.
+       *
+       * @param parent Required. Resource name for the access policy which owns this Access
+      Level.
+      Format:
+       *        `accessPolicies/{policy_id}`
+       * @param content the {@link com.google.api.services.accesscontextmanager.v1.model.AccessLevel}
+       * @return the request
+       */
+      public Create create(java.lang.String parent, com.google.api.services.accesscontextmanager.v1.model.AccessLevel content) throws java.io.IOException {
+        Create result = new Create(parent, content);
+        initialize(result);
+        return result;
+      }
+
+      public class Create extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.Operation> {
+
+        private static final String REST_PATH = "v1/{+parent}/accessLevels";
+
+        private final java.util.regex.Pattern PARENT_PATTERN =
+            java.util.regex.Pattern.compile("^accessPolicies/[^/]+$");
+
+        /**
+         * Create an Access Level. The longrunning operation from this RPC will have a successful status
+         * once the Access Level has propagated to long-lasting storage. Access Levels containing errors
+         * will result in an error response for the first error encountered.
+         *
+         * Create a request for the method "accessLevels.create".
+         *
+         * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+         * any optional parameters, call the {@link Create#execute()} method to invoke the remote
+         * operation. <p> {@link
+         * Create#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must
+         * be called to initialize this instance immediately after invoking the constructor. </p>
+         *
+         * @param parent Required. Resource name for the access policy which owns this Access
+      Level.
+      Format:
+       *        `accessPolicies/{policy_id}`
+         * @param content the {@link com.google.api.services.accesscontextmanager.v1.model.AccessLevel}
+         * @since 1.13
+         */
+        protected Create(java.lang.String parent, com.google.api.services.accesscontextmanager.v1.model.AccessLevel content) {
+          super(AccessContextManager.this, "POST", REST_PATH, content, com.google.api.services.accesscontextmanager.v1.model.Operation.class);
+          this.parent = com.google.api.client.util.Preconditions.checkNotNull(parent, "Required parameter parent must be specified.");
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(PARENT_PATTERN.matcher(parent).matches(),
+                "Parameter parent must conform to the pattern " +
+                "^accessPolicies/[^/]+$");
+          }
+        }
+
+        @Override
+        public Create set$Xgafv(java.lang.String $Xgafv) {
+          return (Create) super.set$Xgafv($Xgafv);
+        }
+
+        @Override
+        public Create setAccessToken(java.lang.String accessToken) {
+          return (Create) super.setAccessToken(accessToken);
+        }
+
+        @Override
+        public Create setAlt(java.lang.String alt) {
+          return (Create) super.setAlt(alt);
+        }
+
+        @Override
+        public Create setCallback(java.lang.String callback) {
+          return (Create) super.setCallback(callback);
+        }
+
+        @Override
+        public Create setFields(java.lang.String fields) {
+          return (Create) super.setFields(fields);
+        }
+
+        @Override
+        public Create setKey(java.lang.String key) {
+          return (Create) super.setKey(key);
+        }
+
+        @Override
+        public Create setOauthToken(java.lang.String oauthToken) {
+          return (Create) super.setOauthToken(oauthToken);
+        }
+
+        @Override
+        public Create setPrettyPrint(java.lang.Boolean prettyPrint) {
+          return (Create) super.setPrettyPrint(prettyPrint);
+        }
+
+        @Override
+        public Create setQuotaUser(java.lang.String quotaUser) {
+          return (Create) super.setQuotaUser(quotaUser);
+        }
+
+        @Override
+        public Create setUploadType(java.lang.String uploadType) {
+          return (Create) super.setUploadType(uploadType);
+        }
+
+        @Override
+        public Create setUploadProtocol(java.lang.String uploadProtocol) {
+          return (Create) super.setUploadProtocol(uploadProtocol);
+        }
+
+        /**
+         * Required. Resource name for the access policy which owns this Access Level.
+         *
+         * Format: `accessPolicies/{policy_id}`
+         */
+        @com.google.api.client.util.Key
+        private java.lang.String parent;
+
+        /** Required. Resource name for the access policy which owns this Access Level.
+
+       Format: `accessPolicies/{policy_id}`
+         */
+        public java.lang.String getParent() {
+          return parent;
+        }
+
+        /**
+         * Required. Resource name for the access policy which owns this Access Level.
+         *
+         * Format: `accessPolicies/{policy_id}`
+         */
+        public Create setParent(java.lang.String parent) {
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(PARENT_PATTERN.matcher(parent).matches(),
+                "Parameter parent must conform to the pattern " +
+                "^accessPolicies/[^/]+$");
+          }
+          this.parent = parent;
+          return this;
+        }
+
+        @Override
+        public Create set(String parameterName, Object value) {
+          return (Create) super.set(parameterName, value);
+        }
+      }
+      /**
+       * Delete an Access Level by resource name. The longrunning operation from this RPC will have a
+       * successful status once the Access Level has been removed from long-lasting storage.
+       *
+       * Create a request for the method "accessLevels.delete".
+       *
+       * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+       * optional parameters, call the {@link Delete#execute()} method to invoke the remote operation.
+       *
+       * @param name Required. Resource name for the Access Level.
+      Format:
+       *        `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
+       * @return the request
+       */
+      public Delete delete(java.lang.String name) throws java.io.IOException {
+        Delete result = new Delete(name);
+        initialize(result);
+        return result;
+      }
+
+      public class Delete extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.Operation> {
+
+        private static final String REST_PATH = "v1/{+name}";
+
+        private final java.util.regex.Pattern NAME_PATTERN =
+            java.util.regex.Pattern.compile("^accessPolicies/[^/]+/accessLevels/[^/]+$");
+
+        /**
+         * Delete an Access Level by resource name. The longrunning operation from this RPC will have a
+         * successful status once the Access Level has been removed from long-lasting storage.
+         *
+         * Create a request for the method "accessLevels.delete".
+         *
+         * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+         * any optional parameters, call the {@link Delete#execute()} method to invoke the remote
+         * operation. <p> {@link
+         * Delete#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must
+         * be called to initialize this instance immediately after invoking the constructor. </p>
+         *
+         * @param name Required. Resource name for the Access Level.
+      Format:
+       *        `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
+         * @since 1.13
+         */
+        protected Delete(java.lang.String name) {
+          super(AccessContextManager.this, "DELETE", REST_PATH, null, com.google.api.services.accesscontextmanager.v1.model.Operation.class);
+          this.name = com.google.api.client.util.Preconditions.checkNotNull(name, "Required parameter name must be specified.");
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+                "Parameter name must conform to the pattern " +
+                "^accessPolicies/[^/]+/accessLevels/[^/]+$");
+          }
+        }
+
+        @Override
+        public Delete set$Xgafv(java.lang.String $Xgafv) {
+          return (Delete) super.set$Xgafv($Xgafv);
+        }
+
+        @Override
+        public Delete setAccessToken(java.lang.String accessToken) {
+          return (Delete) super.setAccessToken(accessToken);
+        }
+
+        @Override
+        public Delete setAlt(java.lang.String alt) {
+          return (Delete) super.setAlt(alt);
+        }
+
+        @Override
+        public Delete setCallback(java.lang.String callback) {
+          return (Delete) super.setCallback(callback);
+        }
+
+        @Override
+        public Delete setFields(java.lang.String fields) {
+          return (Delete) super.setFields(fields);
+        }
+
+        @Override
+        public Delete setKey(java.lang.String key) {
+          return (Delete) super.setKey(key);
+        }
+
+        @Override
+        public Delete setOauthToken(java.lang.String oauthToken) {
+          return (Delete) super.setOauthToken(oauthToken);
+        }
+
+        @Override
+        public Delete setPrettyPrint(java.lang.Boolean prettyPrint) {
+          return (Delete) super.setPrettyPrint(prettyPrint);
+        }
+
+        @Override
+        public Delete setQuotaUser(java.lang.String quotaUser) {
+          return (Delete) super.setQuotaUser(quotaUser);
+        }
+
+        @Override
+        public Delete setUploadType(java.lang.String uploadType) {
+          return (Delete) super.setUploadType(uploadType);
+        }
+
+        @Override
+        public Delete setUploadProtocol(java.lang.String uploadProtocol) {
+          return (Delete) super.setUploadProtocol(uploadProtocol);
+        }
+
+        /**
+         * Required. Resource name for the Access Level.
+         *
+         * Format: `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
+         */
+        @com.google.api.client.util.Key
+        private java.lang.String name;
+
+        /** Required. Resource name for the Access Level.
+
+       Format: `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
+         */
+        public java.lang.String getName() {
+          return name;
+        }
+
+        /**
+         * Required. Resource name for the Access Level.
+         *
+         * Format: `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
+         */
+        public Delete setName(java.lang.String name) {
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+                "Parameter name must conform to the pattern " +
+                "^accessPolicies/[^/]+/accessLevels/[^/]+$");
+          }
+          this.name = name;
+          return this;
+        }
+
+        @Override
+        public Delete set(String parameterName, Object value) {
+          return (Delete) super.set(parameterName, value);
+        }
+      }
+      /**
+       * Get an Access Level by resource name.
+       *
+       * Create a request for the method "accessLevels.get".
+       *
+       * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+       * optional parameters, call the {@link Get#execute()} method to invoke the remote operation.
+       *
+       * @param name Required. Resource name for the Access Level.
+      Format:
+       *        `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
+       * @return the request
+       */
+      public Get get(java.lang.String name) throws java.io.IOException {
+        Get result = new Get(name);
+        initialize(result);
+        return result;
+      }
+
+      public class Get extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.AccessLevel> {
+
+        private static final String REST_PATH = "v1/{+name}";
+
+        private final java.util.regex.Pattern NAME_PATTERN =
+            java.util.regex.Pattern.compile("^accessPolicies/[^/]+/accessLevels/[^/]+$");
+
+        /**
+         * Get an Access Level by resource name.
+         *
+         * Create a request for the method "accessLevels.get".
+         *
+         * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+         * any optional parameters, call the {@link Get#execute()} method to invoke the remote operation.
+         * <p> {@link
+         * Get#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must be
+         * called to initialize this instance immediately after invoking the constructor. </p>
+         *
+         * @param name Required. Resource name for the Access Level.
+      Format:
+       *        `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
+         * @since 1.13
+         */
+        protected Get(java.lang.String name) {
+          super(AccessContextManager.this, "GET", REST_PATH, null, com.google.api.services.accesscontextmanager.v1.model.AccessLevel.class);
+          this.name = com.google.api.client.util.Preconditions.checkNotNull(name, "Required parameter name must be specified.");
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+                "Parameter name must conform to the pattern " +
+                "^accessPolicies/[^/]+/accessLevels/[^/]+$");
+          }
+        }
+
+        @Override
+        public com.google.api.client.http.HttpResponse executeUsingHead() throws java.io.IOException {
+          return super.executeUsingHead();
+        }
+
+        @Override
+        public com.google.api.client.http.HttpRequest buildHttpRequestUsingHead() throws java.io.IOException {
+          return super.buildHttpRequestUsingHead();
+        }
+
+        @Override
+        public Get set$Xgafv(java.lang.String $Xgafv) {
+          return (Get) super.set$Xgafv($Xgafv);
+        }
+
+        @Override
+        public Get setAccessToken(java.lang.String accessToken) {
+          return (Get) super.setAccessToken(accessToken);
+        }
+
+        @Override
+        public Get setAlt(java.lang.String alt) {
+          return (Get) super.setAlt(alt);
+        }
+
+        @Override
+        public Get setCallback(java.lang.String callback) {
+          return (Get) super.setCallback(callback);
+        }
+
+        @Override
+        public Get setFields(java.lang.String fields) {
+          return (Get) super.setFields(fields);
+        }
+
+        @Override
+        public Get setKey(java.lang.String key) {
+          return (Get) super.setKey(key);
+        }
+
+        @Override
+        public Get setOauthToken(java.lang.String oauthToken) {
+          return (Get) super.setOauthToken(oauthToken);
+        }
+
+        @Override
+        public Get setPrettyPrint(java.lang.Boolean prettyPrint) {
+          return (Get) super.setPrettyPrint(prettyPrint);
+        }
+
+        @Override
+        public Get setQuotaUser(java.lang.String quotaUser) {
+          return (Get) super.setQuotaUser(quotaUser);
+        }
+
+        @Override
+        public Get setUploadType(java.lang.String uploadType) {
+          return (Get) super.setUploadType(uploadType);
+        }
+
+        @Override
+        public Get setUploadProtocol(java.lang.String uploadProtocol) {
+          return (Get) super.setUploadProtocol(uploadProtocol);
+        }
+
+        /**
+         * Required. Resource name for the Access Level.
+         *
+         * Format: `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
+         */
+        @com.google.api.client.util.Key
+        private java.lang.String name;
+
+        /** Required. Resource name for the Access Level.
+
+       Format: `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
+         */
+        public java.lang.String getName() {
+          return name;
+        }
+
+        /**
+         * Required. Resource name for the Access Level.
+         *
+         * Format: `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
+         */
+        public Get setName(java.lang.String name) {
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+                "Parameter name must conform to the pattern " +
+                "^accessPolicies/[^/]+/accessLevels/[^/]+$");
+          }
+          this.name = name;
+          return this;
+        }
+
+        /**
+         * Whether to return `BasicLevels` in the Cloud Common Expression Language rather than as
+         * `BasicLevels`. Defaults to AS_DEFINED, where Access Levels are returned as `BasicLevels`
+         * or `CustomLevels` based on how they were created. If set to CEL, all Access Levels are
+         * returned as `CustomLevels`. In the CEL case, `BasicLevels` are translated to equivalent
+         * `CustomLevels`.
+         */
+        @com.google.api.client.util.Key
+        private java.lang.String accessLevelFormat;
+
+        /** Whether to return `BasicLevels` in the Cloud Common Expression Language rather than as
+       `BasicLevels`. Defaults to AS_DEFINED, where Access Levels are returned as `BasicLevels` or
+       `CustomLevels` based on how they were created. If set to CEL, all Access Levels are returned as
+       `CustomLevels`. In the CEL case, `BasicLevels` are translated to equivalent `CustomLevels`.
+         */
+        public java.lang.String getAccessLevelFormat() {
+          return accessLevelFormat;
+        }
+
+        /**
+         * Whether to return `BasicLevels` in the Cloud Common Expression Language rather than as
+         * `BasicLevels`. Defaults to AS_DEFINED, where Access Levels are returned as `BasicLevels`
+         * or `CustomLevels` based on how they were created. If set to CEL, all Access Levels are
+         * returned as `CustomLevels`. In the CEL case, `BasicLevels` are translated to equivalent
+         * `CustomLevels`.
+         */
+        public Get setAccessLevelFormat(java.lang.String accessLevelFormat) {
+          this.accessLevelFormat = accessLevelFormat;
+          return this;
+        }
+
+        @Override
+        public Get set(String parameterName, Object value) {
+          return (Get) super.set(parameterName, value);
+        }
+      }
+      /**
+       * List all Access Levels for an access policy.
+       *
+       * Create a request for the method "accessLevels.list".
+       *
+       * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+       * optional parameters, call the {@link List#execute()} method to invoke the remote operation.
+       *
+       * @param parent Required. Resource name for the access policy to list Access Levels from.
+      Format:
+       *        `accessPolicies/{policy_id}`
+       * @return the request
+       */
+      public List list(java.lang.String parent) throws java.io.IOException {
+        List result = new List(parent);
+        initialize(result);
+        return result;
+      }
+
+      public class List extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.ListAccessLevelsResponse> {
+
+        private static final String REST_PATH = "v1/{+parent}/accessLevels";
+
+        private final java.util.regex.Pattern PARENT_PATTERN =
+            java.util.regex.Pattern.compile("^accessPolicies/[^/]+$");
+
+        /**
+         * List all Access Levels for an access policy.
+         *
+         * Create a request for the method "accessLevels.list".
+         *
+         * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+         * any optional parameters, call the {@link List#execute()} method to invoke the remote operation.
+         * <p> {@link
+         * List#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must be
+         * called to initialize this instance immediately after invoking the constructor. </p>
+         *
+         * @param parent Required. Resource name for the access policy to list Access Levels from.
+      Format:
+       *        `accessPolicies/{policy_id}`
+         * @since 1.13
+         */
+        protected List(java.lang.String parent) {
+          super(AccessContextManager.this, "GET", REST_PATH, null, com.google.api.services.accesscontextmanager.v1.model.ListAccessLevelsResponse.class);
+          this.parent = com.google.api.client.util.Preconditions.checkNotNull(parent, "Required parameter parent must be specified.");
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(PARENT_PATTERN.matcher(parent).matches(),
+                "Parameter parent must conform to the pattern " +
+                "^accessPolicies/[^/]+$");
+          }
+        }
+
+        @Override
+        public com.google.api.client.http.HttpResponse executeUsingHead() throws java.io.IOException {
+          return super.executeUsingHead();
+        }
+
+        @Override
+        public com.google.api.client.http.HttpRequest buildHttpRequestUsingHead() throws java.io.IOException {
+          return super.buildHttpRequestUsingHead();
+        }
+
+        @Override
+        public List set$Xgafv(java.lang.String $Xgafv) {
+          return (List) super.set$Xgafv($Xgafv);
+        }
+
+        @Override
+        public List setAccessToken(java.lang.String accessToken) {
+          return (List) super.setAccessToken(accessToken);
+        }
+
+        @Override
+        public List setAlt(java.lang.String alt) {
+          return (List) super.setAlt(alt);
+        }
+
+        @Override
+        public List setCallback(java.lang.String callback) {
+          return (List) super.setCallback(callback);
+        }
+
+        @Override
+        public List setFields(java.lang.String fields) {
+          return (List) super.setFields(fields);
+        }
+
+        @Override
+        public List setKey(java.lang.String key) {
+          return (List) super.setKey(key);
+        }
+
+        @Override
+        public List setOauthToken(java.lang.String oauthToken) {
+          return (List) super.setOauthToken(oauthToken);
+        }
+
+        @Override
+        public List setPrettyPrint(java.lang.Boolean prettyPrint) {
+          return (List) super.setPrettyPrint(prettyPrint);
+        }
+
+        @Override
+        public List setQuotaUser(java.lang.String quotaUser) {
+          return (List) super.setQuotaUser(quotaUser);
+        }
+
+        @Override
+        public List setUploadType(java.lang.String uploadType) {
+          return (List) super.setUploadType(uploadType);
+        }
+
+        @Override
+        public List setUploadProtocol(java.lang.String uploadProtocol) {
+          return (List) super.setUploadProtocol(uploadProtocol);
+        }
+
+        /**
+         * Required. Resource name for the access policy to list Access Levels from.
+         *
+         * Format: `accessPolicies/{policy_id}`
+         */
+        @com.google.api.client.util.Key
+        private java.lang.String parent;
+
+        /** Required. Resource name for the access policy to list Access Levels from.
+
+       Format: `accessPolicies/{policy_id}`
+         */
+        public java.lang.String getParent() {
+          return parent;
+        }
+
+        /**
+         * Required. Resource name for the access policy to list Access Levels from.
+         *
+         * Format: `accessPolicies/{policy_id}`
+         */
+        public List setParent(java.lang.String parent) {
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(PARENT_PATTERN.matcher(parent).matches(),
+                "Parameter parent must conform to the pattern " +
+                "^accessPolicies/[^/]+$");
+          }
+          this.parent = parent;
+          return this;
+        }
+
+        /**
+         * Whether to return `BasicLevels` in the Cloud Common Expression language, as
+         * `CustomLevels`, rather than as `BasicLevels`. Defaults to returning `AccessLevels` in the
+         * format they were defined.
+         */
+        @com.google.api.client.util.Key
+        private java.lang.String accessLevelFormat;
+
+        /** Whether to return `BasicLevels` in the Cloud Common Expression language, as `CustomLevels`, rather
+       than as `BasicLevels`. Defaults to returning `AccessLevels` in the format they were defined.
+         */
+        public java.lang.String getAccessLevelFormat() {
+          return accessLevelFormat;
+        }
+
+        /**
+         * Whether to return `BasicLevels` in the Cloud Common Expression language, as
+         * `CustomLevels`, rather than as `BasicLevels`. Defaults to returning `AccessLevels` in the
+         * format they were defined.
+         */
+        public List setAccessLevelFormat(java.lang.String accessLevelFormat) {
+          this.accessLevelFormat = accessLevelFormat;
+          return this;
+        }
+
+        /**
+         * Number of Access Levels to include in the list. Default 100.
+         */
+        @com.google.api.client.util.Key
+        private java.lang.Integer pageSize;
+
+        /** Number of Access Levels to include in the list. Default 100.
+         */
+        public java.lang.Integer getPageSize() {
+          return pageSize;
+        }
+
+        /**
+         * Number of Access Levels to include in the list. Default 100.
+         */
+        public List setPageSize(java.lang.Integer pageSize) {
+          this.pageSize = pageSize;
+          return this;
+        }
+
+        /**
+         * Next page token for the next batch of Access Level instances. Defaults to the first page
+         * of results.
+         */
+        @com.google.api.client.util.Key
+        private java.lang.String pageToken;
+
+        /** Next page token for the next batch of Access Level instances. Defaults to the first page of
+       results.
+         */
+        public java.lang.String getPageToken() {
+          return pageToken;
+        }
+
+        /**
+         * Next page token for the next batch of Access Level instances. Defaults to the first page
+         * of results.
+         */
+        public List setPageToken(java.lang.String pageToken) {
+          this.pageToken = pageToken;
+          return this;
+        }
+
+        @Override
+        public List set(String parameterName, Object value) {
+          return (List) super.set(parameterName, value);
+        }
+      }
+      /**
+       * Update an Access Level. The longrunning operation from this RPC will have a successful status
+       * once the changes to the Access Level have propagated to long-lasting storage. Access Levels
+       * containing errors will result in an error response for the first error encountered.
+       *
+       * Create a request for the method "accessLevels.patch".
+       *
+       * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+       * optional parameters, call the {@link Patch#execute()} method to invoke the remote operation.
+       *
+       * @param name Required. Resource name for the Access Level. The `short_name` component
+      must begin with a letter
+       *        and only include alphanumeric and '_'. Format:
+       *        `accessPolicies/{policy_id}/accessLevels/{short_name}`
+       * @param content the {@link com.google.api.services.accesscontextmanager.v1.model.AccessLevel}
+       * @return the request
+       */
+      public Patch patch(java.lang.String name, com.google.api.services.accesscontextmanager.v1.model.AccessLevel content) throws java.io.IOException {
+        Patch result = new Patch(name, content);
+        initialize(result);
+        return result;
+      }
+
+      public class Patch extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.Operation> {
+
+        private static final String REST_PATH = "v1/{+name}";
+
+        private final java.util.regex.Pattern NAME_PATTERN =
+            java.util.regex.Pattern.compile("^accessPolicies/[^/]+/accessLevels/[^/]+$");
+
+        /**
+         * Update an Access Level. The longrunning operation from this RPC will have a successful status
+         * once the changes to the Access Level have propagated to long-lasting storage. Access Levels
+         * containing errors will result in an error response for the first error encountered.
+         *
+         * Create a request for the method "accessLevels.patch".
+         *
+         * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+         * any optional parameters, call the {@link Patch#execute()} method to invoke the remote
+         * operation. <p> {@link
+         * Patch#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must
+         * be called to initialize this instance immediately after invoking the constructor. </p>
+         *
+         * @param name Required. Resource name for the Access Level. The `short_name` component
+      must begin with a letter
+       *        and only include alphanumeric and '_'. Format:
+       *        `accessPolicies/{policy_id}/accessLevels/{short_name}`
+         * @param content the {@link com.google.api.services.accesscontextmanager.v1.model.AccessLevel}
+         * @since 1.13
+         */
+        protected Patch(java.lang.String name, com.google.api.services.accesscontextmanager.v1.model.AccessLevel content) {
+          super(AccessContextManager.this, "PATCH", REST_PATH, content, com.google.api.services.accesscontextmanager.v1.model.Operation.class);
+          this.name = com.google.api.client.util.Preconditions.checkNotNull(name, "Required parameter name must be specified.");
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+                "Parameter name must conform to the pattern " +
+                "^accessPolicies/[^/]+/accessLevels/[^/]+$");
+          }
+        }
+
+        @Override
+        public Patch set$Xgafv(java.lang.String $Xgafv) {
+          return (Patch) super.set$Xgafv($Xgafv);
+        }
+
+        @Override
+        public Patch setAccessToken(java.lang.String accessToken) {
+          return (Patch) super.setAccessToken(accessToken);
+        }
+
+        @Override
+        public Patch setAlt(java.lang.String alt) {
+          return (Patch) super.setAlt(alt);
+        }
+
+        @Override
+        public Patch setCallback(java.lang.String callback) {
+          return (Patch) super.setCallback(callback);
+        }
+
+        @Override
+        public Patch setFields(java.lang.String fields) {
+          return (Patch) super.setFields(fields);
+        }
+
+        @Override
+        public Patch setKey(java.lang.String key) {
+          return (Patch) super.setKey(key);
+        }
+
+        @Override
+        public Patch setOauthToken(java.lang.String oauthToken) {
+          return (Patch) super.setOauthToken(oauthToken);
+        }
+
+        @Override
+        public Patch setPrettyPrint(java.lang.Boolean prettyPrint) {
+          return (Patch) super.setPrettyPrint(prettyPrint);
+        }
+
+        @Override
+        public Patch setQuotaUser(java.lang.String quotaUser) {
+          return (Patch) super.setQuotaUser(quotaUser);
+        }
+
+        @Override
+        public Patch setUploadType(java.lang.String uploadType) {
+          return (Patch) super.setUploadType(uploadType);
+        }
+
+        @Override
+        public Patch setUploadProtocol(java.lang.String uploadProtocol) {
+          return (Patch) super.setUploadProtocol(uploadProtocol);
+        }
+
+        /**
+         * Required. Resource name for the Access Level. The `short_name` component must begin with
+         * a letter and only include alphanumeric and '_'. Format:
+         * `accessPolicies/{policy_id}/accessLevels/{short_name}`
+         */
+        @com.google.api.client.util.Key
+        private java.lang.String name;
+
+        /** Required. Resource name for the Access Level. The `short_name` component must begin with a letter
+       and only include alphanumeric and '_'. Format:
+       `accessPolicies/{policy_id}/accessLevels/{short_name}`
+         */
+        public java.lang.String getName() {
+          return name;
+        }
+
+        /**
+         * Required. Resource name for the Access Level. The `short_name` component must begin with
+         * a letter and only include alphanumeric and '_'. Format:
+         * `accessPolicies/{policy_id}/accessLevels/{short_name}`
+         */
+        public Patch setName(java.lang.String name) {
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+                "Parameter name must conform to the pattern " +
+                "^accessPolicies/[^/]+/accessLevels/[^/]+$");
+          }
+          this.name = name;
+          return this;
+        }
+
+        /** Required.  Mask to control which fields get updated. Must be non-empty. */
+        @com.google.api.client.util.Key
+        private String updateMask;
+
+        /** Required.  Mask to control which fields get updated. Must be non-empty.
+         */
+        public String getUpdateMask() {
+          return updateMask;
+        }
+
+        /** Required.  Mask to control which fields get updated. Must be non-empty. */
+        public Patch setUpdateMask(String updateMask) {
+          this.updateMask = updateMask;
+          return this;
+        }
+
+        @Override
+        public Patch set(String parameterName, Object value) {
+          return (Patch) super.set(parameterName, value);
+        }
+      }
+
+    }
+    /**
+     * An accessor for creating requests from the ServicePerimeters collection.
+     *
+     * <p>The typical use is:</p>
+     * <pre>
+     *   {@code AccessContextManager accesscontextmanager = new AccessContextManager(...);}
+     *   {@code AccessContextManager.ServicePerimeters.List request = accesscontextmanager.servicePerimeters().list(parameters ...)}
+     * </pre>
+     *
+     * @return the resource collection
+     */
+    public ServicePerimeters servicePerimeters() {
+      return new ServicePerimeters();
+    }
+
+    /**
+     * The "servicePerimeters" collection of methods.
+     */
+    public class ServicePerimeters {
+
+      /**
+       * Create an Service Perimeter. The longrunning operation from this RPC will have a successful
+       * status once the Service Perimeter has propagated to long-lasting storage. Service Perimeters
+       * containing errors will result in an error response for the first error encountered.
+       *
+       * Create a request for the method "servicePerimeters.create".
+       *
+       * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+       * optional parameters, call the {@link Create#execute()} method to invoke the remote operation.
+       *
+       * @param parent Required. Resource name for the access policy which owns this Service
+      Perimeter.
+      Format:
+       *        `accessPolicies/{policy_id}`
+       * @param content the {@link com.google.api.services.accesscontextmanager.v1.model.ServicePerimeter}
+       * @return the request
+       */
+      public Create create(java.lang.String parent, com.google.api.services.accesscontextmanager.v1.model.ServicePerimeter content) throws java.io.IOException {
+        Create result = new Create(parent, content);
+        initialize(result);
+        return result;
+      }
+
+      public class Create extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.Operation> {
+
+        private static final String REST_PATH = "v1/{+parent}/servicePerimeters";
+
+        private final java.util.regex.Pattern PARENT_PATTERN =
+            java.util.regex.Pattern.compile("^accessPolicies/[^/]+$");
+
+        /**
+         * Create an Service Perimeter. The longrunning operation from this RPC will have a successful
+         * status once the Service Perimeter has propagated to long-lasting storage. Service Perimeters
+         * containing errors will result in an error response for the first error encountered.
+         *
+         * Create a request for the method "servicePerimeters.create".
+         *
+         * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+         * any optional parameters, call the {@link Create#execute()} method to invoke the remote
+         * operation. <p> {@link
+         * Create#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must
+         * be called to initialize this instance immediately after invoking the constructor. </p>
+         *
+         * @param parent Required. Resource name for the access policy which owns this Service
+      Perimeter.
+      Format:
+       *        `accessPolicies/{policy_id}`
+         * @param content the {@link com.google.api.services.accesscontextmanager.v1.model.ServicePerimeter}
+         * @since 1.13
+         */
+        protected Create(java.lang.String parent, com.google.api.services.accesscontextmanager.v1.model.ServicePerimeter content) {
+          super(AccessContextManager.this, "POST", REST_PATH, content, com.google.api.services.accesscontextmanager.v1.model.Operation.class);
+          this.parent = com.google.api.client.util.Preconditions.checkNotNull(parent, "Required parameter parent must be specified.");
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(PARENT_PATTERN.matcher(parent).matches(),
+                "Parameter parent must conform to the pattern " +
+                "^accessPolicies/[^/]+$");
+          }
+        }
+
+        @Override
+        public Create set$Xgafv(java.lang.String $Xgafv) {
+          return (Create) super.set$Xgafv($Xgafv);
+        }
+
+        @Override
+        public Create setAccessToken(java.lang.String accessToken) {
+          return (Create) super.setAccessToken(accessToken);
+        }
+
+        @Override
+        public Create setAlt(java.lang.String alt) {
+          return (Create) super.setAlt(alt);
+        }
+
+        @Override
+        public Create setCallback(java.lang.String callback) {
+          return (Create) super.setCallback(callback);
+        }
+
+        @Override
+        public Create setFields(java.lang.String fields) {
+          return (Create) super.setFields(fields);
+        }
+
+        @Override
+        public Create setKey(java.lang.String key) {
+          return (Create) super.setKey(key);
+        }
+
+        @Override
+        public Create setOauthToken(java.lang.String oauthToken) {
+          return (Create) super.setOauthToken(oauthToken);
+        }
+
+        @Override
+        public Create setPrettyPrint(java.lang.Boolean prettyPrint) {
+          return (Create) super.setPrettyPrint(prettyPrint);
+        }
+
+        @Override
+        public Create setQuotaUser(java.lang.String quotaUser) {
+          return (Create) super.setQuotaUser(quotaUser);
+        }
+
+        @Override
+        public Create setUploadType(java.lang.String uploadType) {
+          return (Create) super.setUploadType(uploadType);
+        }
+
+        @Override
+        public Create setUploadProtocol(java.lang.String uploadProtocol) {
+          return (Create) super.setUploadProtocol(uploadProtocol);
+        }
+
+        /**
+         * Required. Resource name for the access policy which owns this Service Perimeter.
+         *
+         * Format: `accessPolicies/{policy_id}`
+         */
+        @com.google.api.client.util.Key
+        private java.lang.String parent;
+
+        /** Required. Resource name for the access policy which owns this Service Perimeter.
+
+       Format: `accessPolicies/{policy_id}`
+         */
+        public java.lang.String getParent() {
+          return parent;
+        }
+
+        /**
+         * Required. Resource name for the access policy which owns this Service Perimeter.
+         *
+         * Format: `accessPolicies/{policy_id}`
+         */
+        public Create setParent(java.lang.String parent) {
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(PARENT_PATTERN.matcher(parent).matches(),
+                "Parameter parent must conform to the pattern " +
+                "^accessPolicies/[^/]+$");
+          }
+          this.parent = parent;
+          return this;
+        }
+
+        @Override
+        public Create set(String parameterName, Object value) {
+          return (Create) super.set(parameterName, value);
+        }
+      }
+      /**
+       * Delete an Service Perimeter by resource name. The longrunning operation from this RPC will have a
+       * successful status once the Service Perimeter has been removed from long-lasting storage.
+       *
+       * Create a request for the method "servicePerimeters.delete".
+       *
+       * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+       * optional parameters, call the {@link Delete#execute()} method to invoke the remote operation.
+       *
+       * @param name Required. Resource name for the Service Perimeter.
+      Format:
+       *        `accessPolicies/{policy_id}/servicePerimeters/{service_perimeter_id}`
+       * @return the request
+       */
+      public Delete delete(java.lang.String name) throws java.io.IOException {
+        Delete result = new Delete(name);
+        initialize(result);
+        return result;
+      }
+
+      public class Delete extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.Operation> {
+
+        private static final String REST_PATH = "v1/{+name}";
+
+        private final java.util.regex.Pattern NAME_PATTERN =
+            java.util.regex.Pattern.compile("^accessPolicies/[^/]+/servicePerimeters/[^/]+$");
+
+        /**
+         * Delete an Service Perimeter by resource name. The longrunning operation from this RPC will have
+         * a successful status once the Service Perimeter has been removed from long-lasting storage.
+         *
+         * Create a request for the method "servicePerimeters.delete".
+         *
+         * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+         * any optional parameters, call the {@link Delete#execute()} method to invoke the remote
+         * operation. <p> {@link
+         * Delete#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must
+         * be called to initialize this instance immediately after invoking the constructor. </p>
+         *
+         * @param name Required. Resource name for the Service Perimeter.
+      Format:
+       *        `accessPolicies/{policy_id}/servicePerimeters/{service_perimeter_id}`
+         * @since 1.13
+         */
+        protected Delete(java.lang.String name) {
+          super(AccessContextManager.this, "DELETE", REST_PATH, null, com.google.api.services.accesscontextmanager.v1.model.Operation.class);
+          this.name = com.google.api.client.util.Preconditions.checkNotNull(name, "Required parameter name must be specified.");
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+                "Parameter name must conform to the pattern " +
+                "^accessPolicies/[^/]+/servicePerimeters/[^/]+$");
+          }
+        }
+
+        @Override
+        public Delete set$Xgafv(java.lang.String $Xgafv) {
+          return (Delete) super.set$Xgafv($Xgafv);
+        }
+
+        @Override
+        public Delete setAccessToken(java.lang.String accessToken) {
+          return (Delete) super.setAccessToken(accessToken);
+        }
+
+        @Override
+        public Delete setAlt(java.lang.String alt) {
+          return (Delete) super.setAlt(alt);
+        }
+
+        @Override
+        public Delete setCallback(java.lang.String callback) {
+          return (Delete) super.setCallback(callback);
+        }
+
+        @Override
+        public Delete setFields(java.lang.String fields) {
+          return (Delete) super.setFields(fields);
+        }
+
+        @Override
+        public Delete setKey(java.lang.String key) {
+          return (Delete) super.setKey(key);
+        }
+
+        @Override
+        public Delete setOauthToken(java.lang.String oauthToken) {
+          return (Delete) super.setOauthToken(oauthToken);
+        }
+
+        @Override
+        public Delete setPrettyPrint(java.lang.Boolean prettyPrint) {
+          return (Delete) super.setPrettyPrint(prettyPrint);
+        }
+
+        @Override
+        public Delete setQuotaUser(java.lang.String quotaUser) {
+          return (Delete) super.setQuotaUser(quotaUser);
+        }
+
+        @Override
+        public Delete setUploadType(java.lang.String uploadType) {
+          return (Delete) super.setUploadType(uploadType);
+        }
+
+        @Override
+        public Delete setUploadProtocol(java.lang.String uploadProtocol) {
+          return (Delete) super.setUploadProtocol(uploadProtocol);
+        }
+
+        /**
+         * Required. Resource name for the Service Perimeter.
+         *
+         * Format: `accessPolicies/{policy_id}/servicePerimeters/{service_perimeter_id}`
+         */
+        @com.google.api.client.util.Key
+        private java.lang.String name;
+
+        /** Required. Resource name for the Service Perimeter.
+
+       Format: `accessPolicies/{policy_id}/servicePerimeters/{service_perimeter_id}`
+         */
+        public java.lang.String getName() {
+          return name;
+        }
+
+        /**
+         * Required. Resource name for the Service Perimeter.
+         *
+         * Format: `accessPolicies/{policy_id}/servicePerimeters/{service_perimeter_id}`
+         */
+        public Delete setName(java.lang.String name) {
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+                "Parameter name must conform to the pattern " +
+                "^accessPolicies/[^/]+/servicePerimeters/[^/]+$");
+          }
+          this.name = name;
+          return this;
+        }
+
+        @Override
+        public Delete set(String parameterName, Object value) {
+          return (Delete) super.set(parameterName, value);
+        }
+      }
+      /**
+       * Get an Service Perimeter by resource name.
+       *
+       * Create a request for the method "servicePerimeters.get".
+       *
+       * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+       * optional parameters, call the {@link Get#execute()} method to invoke the remote operation.
+       *
+       * @param name Required. Resource name for the Service Perimeter.
+      Format:
+       *        `accessPolicies/{policy_id}/servicePerimeters/{service_perimeters_id}`
+       * @return the request
+       */
+      public Get get(java.lang.String name) throws java.io.IOException {
+        Get result = new Get(name);
+        initialize(result);
+        return result;
+      }
+
+      public class Get extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.ServicePerimeter> {
+
+        private static final String REST_PATH = "v1/{+name}";
+
+        private final java.util.regex.Pattern NAME_PATTERN =
+            java.util.regex.Pattern.compile("^accessPolicies/[^/]+/servicePerimeters/[^/]+$");
+
+        /**
+         * Get an Service Perimeter by resource name.
+         *
+         * Create a request for the method "servicePerimeters.get".
+         *
+         * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+         * any optional parameters, call the {@link Get#execute()} method to invoke the remote operation.
+         * <p> {@link
+         * Get#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must be
+         * called to initialize this instance immediately after invoking the constructor. </p>
+         *
+         * @param name Required. Resource name for the Service Perimeter.
+      Format:
+       *        `accessPolicies/{policy_id}/servicePerimeters/{service_perimeters_id}`
+         * @since 1.13
+         */
+        protected Get(java.lang.String name) {
+          super(AccessContextManager.this, "GET", REST_PATH, null, com.google.api.services.accesscontextmanager.v1.model.ServicePerimeter.class);
+          this.name = com.google.api.client.util.Preconditions.checkNotNull(name, "Required parameter name must be specified.");
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+                "Parameter name must conform to the pattern " +
+                "^accessPolicies/[^/]+/servicePerimeters/[^/]+$");
+          }
+        }
+
+        @Override
+        public com.google.api.client.http.HttpResponse executeUsingHead() throws java.io.IOException {
+          return super.executeUsingHead();
+        }
+
+        @Override
+        public com.google.api.client.http.HttpRequest buildHttpRequestUsingHead() throws java.io.IOException {
+          return super.buildHttpRequestUsingHead();
+        }
+
+        @Override
+        public Get set$Xgafv(java.lang.String $Xgafv) {
+          return (Get) super.set$Xgafv($Xgafv);
+        }
+
+        @Override
+        public Get setAccessToken(java.lang.String accessToken) {
+          return (Get) super.setAccessToken(accessToken);
+        }
+
+        @Override
+        public Get setAlt(java.lang.String alt) {
+          return (Get) super.setAlt(alt);
+        }
+
+        @Override
+        public Get setCallback(java.lang.String callback) {
+          return (Get) super.setCallback(callback);
+        }
+
+        @Override
+        public Get setFields(java.lang.String fields) {
+          return (Get) super.setFields(fields);
+        }
+
+        @Override
+        public Get setKey(java.lang.String key) {
+          return (Get) super.setKey(key);
+        }
+
+        @Override
+        public Get setOauthToken(java.lang.String oauthToken) {
+          return (Get) super.setOauthToken(oauthToken);
+        }
+
+        @Override
+        public Get setPrettyPrint(java.lang.Boolean prettyPrint) {
+          return (Get) super.setPrettyPrint(prettyPrint);
+        }
+
+        @Override
+        public Get setQuotaUser(java.lang.String quotaUser) {
+          return (Get) super.setQuotaUser(quotaUser);
+        }
+
+        @Override
+        public Get setUploadType(java.lang.String uploadType) {
+          return (Get) super.setUploadType(uploadType);
+        }
+
+        @Override
+        public Get setUploadProtocol(java.lang.String uploadProtocol) {
+          return (Get) super.setUploadProtocol(uploadProtocol);
+        }
+
+        /**
+         * Required. Resource name for the Service Perimeter.
+         *
+         * Format: `accessPolicies/{policy_id}/servicePerimeters/{service_perimeters_id}`
+         */
+        @com.google.api.client.util.Key
+        private java.lang.String name;
+
+        /** Required. Resource name for the Service Perimeter.
+
+       Format: `accessPolicies/{policy_id}/servicePerimeters/{service_perimeters_id}`
+         */
+        public java.lang.String getName() {
+          return name;
+        }
+
+        /**
+         * Required. Resource name for the Service Perimeter.
+         *
+         * Format: `accessPolicies/{policy_id}/servicePerimeters/{service_perimeters_id}`
+         */
+        public Get setName(java.lang.String name) {
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+                "Parameter name must conform to the pattern " +
+                "^accessPolicies/[^/]+/servicePerimeters/[^/]+$");
+          }
+          this.name = name;
+          return this;
+        }
+
+        @Override
+        public Get set(String parameterName, Object value) {
+          return (Get) super.set(parameterName, value);
+        }
+      }
+      /**
+       * List all Service Perimeters for an access policy.
+       *
+       * Create a request for the method "servicePerimeters.list".
+       *
+       * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+       * optional parameters, call the {@link List#execute()} method to invoke the remote operation.
+       *
+       * @param parent Required. Resource name for the access policy to list Service Perimeters from.
+      Format:
+       *        `accessPolicies/{policy_id}`
+       * @return the request
+       */
+      public List list(java.lang.String parent) throws java.io.IOException {
+        List result = new List(parent);
+        initialize(result);
+        return result;
+      }
+
+      public class List extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.ListServicePerimetersResponse> {
+
+        private static final String REST_PATH = "v1/{+parent}/servicePerimeters";
+
+        private final java.util.regex.Pattern PARENT_PATTERN =
+            java.util.regex.Pattern.compile("^accessPolicies/[^/]+$");
+
+        /**
+         * List all Service Perimeters for an access policy.
+         *
+         * Create a request for the method "servicePerimeters.list".
+         *
+         * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+         * any optional parameters, call the {@link List#execute()} method to invoke the remote operation.
+         * <p> {@link
+         * List#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must be
+         * called to initialize this instance immediately after invoking the constructor. </p>
+         *
+         * @param parent Required. Resource name for the access policy to list Service Perimeters from.
+      Format:
+       *        `accessPolicies/{policy_id}`
+         * @since 1.13
+         */
+        protected List(java.lang.String parent) {
+          super(AccessContextManager.this, "GET", REST_PATH, null, com.google.api.services.accesscontextmanager.v1.model.ListServicePerimetersResponse.class);
+          this.parent = com.google.api.client.util.Preconditions.checkNotNull(parent, "Required parameter parent must be specified.");
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(PARENT_PATTERN.matcher(parent).matches(),
+                "Parameter parent must conform to the pattern " +
+                "^accessPolicies/[^/]+$");
+          }
+        }
+
+        @Override
+        public com.google.api.client.http.HttpResponse executeUsingHead() throws java.io.IOException {
+          return super.executeUsingHead();
+        }
+
+        @Override
+        public com.google.api.client.http.HttpRequest buildHttpRequestUsingHead() throws java.io.IOException {
+          return super.buildHttpRequestUsingHead();
+        }
+
+        @Override
+        public List set$Xgafv(java.lang.String $Xgafv) {
+          return (List) super.set$Xgafv($Xgafv);
+        }
+
+        @Override
+        public List setAccessToken(java.lang.String accessToken) {
+          return (List) super.setAccessToken(accessToken);
+        }
+
+        @Override
+        public List setAlt(java.lang.String alt) {
+          return (List) super.setAlt(alt);
+        }
+
+        @Override
+        public List setCallback(java.lang.String callback) {
+          return (List) super.setCallback(callback);
+        }
+
+        @Override
+        public List setFields(java.lang.String fields) {
+          return (List) super.setFields(fields);
+        }
+
+        @Override
+        public List setKey(java.lang.String key) {
+          return (List) super.setKey(key);
+        }
+
+        @Override
+        public List setOauthToken(java.lang.String oauthToken) {
+          return (List) super.setOauthToken(oauthToken);
+        }
+
+        @Override
+        public List setPrettyPrint(java.lang.Boolean prettyPrint) {
+          return (List) super.setPrettyPrint(prettyPrint);
+        }
+
+        @Override
+        public List setQuotaUser(java.lang.String quotaUser) {
+          return (List) super.setQuotaUser(quotaUser);
+        }
+
+        @Override
+        public List setUploadType(java.lang.String uploadType) {
+          return (List) super.setUploadType(uploadType);
+        }
+
+        @Override
+        public List setUploadProtocol(java.lang.String uploadProtocol) {
+          return (List) super.setUploadProtocol(uploadProtocol);
+        }
+
+        /**
+         * Required. Resource name for the access policy to list Service Perimeters from.
+         *
+         * Format: `accessPolicies/{policy_id}`
+         */
+        @com.google.api.client.util.Key
+        private java.lang.String parent;
+
+        /** Required. Resource name for the access policy to list Service Perimeters from.
+
+       Format: `accessPolicies/{policy_id}`
+         */
+        public java.lang.String getParent() {
+          return parent;
+        }
+
+        /**
+         * Required. Resource name for the access policy to list Service Perimeters from.
+         *
+         * Format: `accessPolicies/{policy_id}`
+         */
+        public List setParent(java.lang.String parent) {
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(PARENT_PATTERN.matcher(parent).matches(),
+                "Parameter parent must conform to the pattern " +
+                "^accessPolicies/[^/]+$");
+          }
+          this.parent = parent;
+          return this;
+        }
+
+        /**
+         * Number of Service Perimeters to include in the list. Default 100.
+         */
+        @com.google.api.client.util.Key
+        private java.lang.Integer pageSize;
+
+        /** Number of Service Perimeters to include in the list. Default 100.
+         */
+        public java.lang.Integer getPageSize() {
+          return pageSize;
+        }
+
+        /**
+         * Number of Service Perimeters to include in the list. Default 100.
+         */
+        public List setPageSize(java.lang.Integer pageSize) {
+          this.pageSize = pageSize;
+          return this;
+        }
+
+        /**
+         * Next page token for the next batch of Service Perimeter instances. Defaults to the first
+         * page of results.
+         */
+        @com.google.api.client.util.Key
+        private java.lang.String pageToken;
+
+        /** Next page token for the next batch of Service Perimeter instances. Defaults to the first page of
+       results.
+         */
+        public java.lang.String getPageToken() {
+          return pageToken;
+        }
+
+        /**
+         * Next page token for the next batch of Service Perimeter instances. Defaults to the first
+         * page of results.
+         */
+        public List setPageToken(java.lang.String pageToken) {
+          this.pageToken = pageToken;
+          return this;
+        }
+
+        @Override
+        public List set(String parameterName, Object value) {
+          return (List) super.set(parameterName, value);
+        }
+      }
+      /**
+       * Update an Service Perimeter. The longrunning operation from this RPC will have a successful
+       * status once the changes to the Service Perimeter have propagated to long-lasting storage. Service
+       * Perimeter containing errors will result in an error response for the first error encountered.
+       *
+       * Create a request for the method "servicePerimeters.patch".
+       *
+       * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+       * optional parameters, call the {@link Patch#execute()} method to invoke the remote operation.
+       *
+       * @param name Required. Resource name for the ServicePerimeter.  The `short_name`
+      component must begin with a
+       *        letter and only include alphanumeric and '_'.
+      Format:
+       *        `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
+       * @param content the {@link com.google.api.services.accesscontextmanager.v1.model.ServicePerimeter}
+       * @return the request
+       */
+      public Patch patch(java.lang.String name, com.google.api.services.accesscontextmanager.v1.model.ServicePerimeter content) throws java.io.IOException {
+        Patch result = new Patch(name, content);
+        initialize(result);
+        return result;
+      }
+
+      public class Patch extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.Operation> {
+
+        private static final String REST_PATH = "v1/{+name}";
+
+        private final java.util.regex.Pattern NAME_PATTERN =
+            java.util.regex.Pattern.compile("^accessPolicies/[^/]+/servicePerimeters/[^/]+$");
+
+        /**
+         * Update an Service Perimeter. The longrunning operation from this RPC will have a successful
+         * status once the changes to the Service Perimeter have propagated to long-lasting storage.
+         * Service Perimeter containing errors will result in an error response for the first error
+         * encountered.
+         *
+         * Create a request for the method "servicePerimeters.patch".
+         *
+         * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+         * any optional parameters, call the {@link Patch#execute()} method to invoke the remote
+         * operation. <p> {@link
+         * Patch#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must
+         * be called to initialize this instance immediately after invoking the constructor. </p>
+         *
+         * @param name Required. Resource name for the ServicePerimeter.  The `short_name`
+      component must begin with a
+       *        letter and only include alphanumeric and '_'.
+      Format:
+       *        `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
+         * @param content the {@link com.google.api.services.accesscontextmanager.v1.model.ServicePerimeter}
+         * @since 1.13
+         */
+        protected Patch(java.lang.String name, com.google.api.services.accesscontextmanager.v1.model.ServicePerimeter content) {
+          super(AccessContextManager.this, "PATCH", REST_PATH, content, com.google.api.services.accesscontextmanager.v1.model.Operation.class);
+          this.name = com.google.api.client.util.Preconditions.checkNotNull(name, "Required parameter name must be specified.");
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+                "Parameter name must conform to the pattern " +
+                "^accessPolicies/[^/]+/servicePerimeters/[^/]+$");
+          }
+        }
+
+        @Override
+        public Patch set$Xgafv(java.lang.String $Xgafv) {
+          return (Patch) super.set$Xgafv($Xgafv);
+        }
+
+        @Override
+        public Patch setAccessToken(java.lang.String accessToken) {
+          return (Patch) super.setAccessToken(accessToken);
+        }
+
+        @Override
+        public Patch setAlt(java.lang.String alt) {
+          return (Patch) super.setAlt(alt);
+        }
+
+        @Override
+        public Patch setCallback(java.lang.String callback) {
+          return (Patch) super.setCallback(callback);
+        }
+
+        @Override
+        public Patch setFields(java.lang.String fields) {
+          return (Patch) super.setFields(fields);
+        }
+
+        @Override
+        public Patch setKey(java.lang.String key) {
+          return (Patch) super.setKey(key);
+        }
+
+        @Override
+        public Patch setOauthToken(java.lang.String oauthToken) {
+          return (Patch) super.setOauthToken(oauthToken);
+        }
+
+        @Override
+        public Patch setPrettyPrint(java.lang.Boolean prettyPrint) {
+          return (Patch) super.setPrettyPrint(prettyPrint);
+        }
+
+        @Override
+        public Patch setQuotaUser(java.lang.String quotaUser) {
+          return (Patch) super.setQuotaUser(quotaUser);
+        }
+
+        @Override
+        public Patch setUploadType(java.lang.String uploadType) {
+          return (Patch) super.setUploadType(uploadType);
+        }
+
+        @Override
+        public Patch setUploadProtocol(java.lang.String uploadProtocol) {
+          return (Patch) super.setUploadProtocol(uploadProtocol);
+        }
+
+        /**
+         * Required. Resource name for the ServicePerimeter.  The `short_name` component must begin
+         * with a letter and only include alphanumeric and '_'. Format:
+         * `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
+         */
+        @com.google.api.client.util.Key
+        private java.lang.String name;
+
+        /** Required. Resource name for the ServicePerimeter.  The `short_name` component must begin with a
+       letter and only include alphanumeric and '_'. Format:
+       `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
+         */
+        public java.lang.String getName() {
+          return name;
+        }
+
+        /**
+         * Required. Resource name for the ServicePerimeter.  The `short_name` component must begin
+         * with a letter and only include alphanumeric and '_'. Format:
+         * `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
+         */
+        public Patch setName(java.lang.String name) {
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+                "Parameter name must conform to the pattern " +
+                "^accessPolicies/[^/]+/servicePerimeters/[^/]+$");
+          }
+          this.name = name;
+          return this;
+        }
+
+        /** Required. Mask to control which fields get updated. Must be non-empty. */
+        @com.google.api.client.util.Key
+        private String updateMask;
+
+        /** Required. Mask to control which fields get updated. Must be non-empty.
+         */
+        public String getUpdateMask() {
+          return updateMask;
+        }
+
+        /** Required. Mask to control which fields get updated. Must be non-empty. */
+        public Patch setUpdateMask(String updateMask) {
+          this.updateMask = updateMask;
+          return this;
+        }
+
+        @Override
+        public Patch set(String parameterName, Object value) {
+          return (Patch) super.set(parameterName, value);
+        }
+      }
+
+    }
+  }
+
+  /**
+   * An accessor for creating requests from the Operations collection.
+   *
+   * <p>The typical use is:</p>
+   * <pre>
+   *   {@code AccessContextManager accesscontextmanager = new AccessContextManager(...);}
+   *   {@code AccessContextManager.Operations.List request = accesscontextmanager.operations().list(parameters ...)}
+   * </pre>
+   *
+   * @return the resource collection
+   */
+  public Operations operations() {
+    return new Operations();
+  }
+
+  /**
+   * The "operations" collection of methods.
+   */
+  public class Operations {
+
+    /**
+     * Starts asynchronous cancellation on a long-running operation.  The server makes a best effort to
+     * cancel the operation, but success is not guaranteed.  If the server doesn't support this method,
+     * it returns `google.rpc.Code.UNIMPLEMENTED`.  Clients can use Operations.GetOperation or other
+     * methods to check whether the cancellation succeeded or whether the operation completed despite
+     * cancellation. On successful cancellation, the operation is not deleted; instead, it becomes an
+     * operation with an Operation.error value with a google.rpc.Status.code of 1, corresponding to
+     * `Code.CANCELLED`.
+     *
+     * Create a request for the method "operations.cancel".
+     *
+     * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+     * optional parameters, call the {@link Cancel#execute()} method to invoke the remote operation.
+     *
+     * @param name The name of the operation resource to be cancelled.
+     * @param content the {@link com.google.api.services.accesscontextmanager.v1.model.CancelOperationRequest}
+     * @return the request
+     */
+    public Cancel cancel(java.lang.String name, com.google.api.services.accesscontextmanager.v1.model.CancelOperationRequest content) throws java.io.IOException {
+      Cancel result = new Cancel(name, content);
+      initialize(result);
+      return result;
+    }
+
+    public class Cancel extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.Empty> {
+
+      private static final String REST_PATH = "v1/{+name}:cancel";
+
+      private final java.util.regex.Pattern NAME_PATTERN =
+          java.util.regex.Pattern.compile("^operations/.+$");
+
+      /**
+       * Starts asynchronous cancellation on a long-running operation.  The server makes a best effort
+       * to cancel the operation, but success is not guaranteed.  If the server doesn't support this
+       * method, it returns `google.rpc.Code.UNIMPLEMENTED`.  Clients can use Operations.GetOperation or
+       * other methods to check whether the cancellation succeeded or whether the operation completed
+       * despite cancellation. On successful cancellation, the operation is not deleted; instead, it
+       * becomes an operation with an Operation.error value with a google.rpc.Status.code of 1,
+       * corresponding to `Code.CANCELLED`.
+       *
+       * Create a request for the method "operations.cancel".
+       *
+       * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+       * any optional parameters, call the {@link Cancel#execute()} method to invoke the remote
+       * operation. <p> {@link
+       * Cancel#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must
+       * be called to initialize this instance immediately after invoking the constructor. </p>
+       *
+       * @param name The name of the operation resource to be cancelled.
+       * @param content the {@link com.google.api.services.accesscontextmanager.v1.model.CancelOperationRequest}
+       * @since 1.13
+       */
+      protected Cancel(java.lang.String name, com.google.api.services.accesscontextmanager.v1.model.CancelOperationRequest content) {
+        super(AccessContextManager.this, "POST", REST_PATH, content, com.google.api.services.accesscontextmanager.v1.model.Empty.class);
+        this.name = com.google.api.client.util.Preconditions.checkNotNull(name, "Required parameter name must be specified.");
+        if (!getSuppressPatternChecks()) {
+          com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+              "Parameter name must conform to the pattern " +
+              "^operations/.+$");
+        }
+      }
+
+      @Override
+      public Cancel set$Xgafv(java.lang.String $Xgafv) {
+        return (Cancel) super.set$Xgafv($Xgafv);
+      }
+
+      @Override
+      public Cancel setAccessToken(java.lang.String accessToken) {
+        return (Cancel) super.setAccessToken(accessToken);
+      }
+
+      @Override
+      public Cancel setAlt(java.lang.String alt) {
+        return (Cancel) super.setAlt(alt);
+      }
+
+      @Override
+      public Cancel setCallback(java.lang.String callback) {
+        return (Cancel) super.setCallback(callback);
+      }
+
+      @Override
+      public Cancel setFields(java.lang.String fields) {
+        return (Cancel) super.setFields(fields);
+      }
+
+      @Override
+      public Cancel setKey(java.lang.String key) {
+        return (Cancel) super.setKey(key);
+      }
+
+      @Override
+      public Cancel setOauthToken(java.lang.String oauthToken) {
+        return (Cancel) super.setOauthToken(oauthToken);
+      }
+
+      @Override
+      public Cancel setPrettyPrint(java.lang.Boolean prettyPrint) {
+        return (Cancel) super.setPrettyPrint(prettyPrint);
+      }
+
+      @Override
+      public Cancel setQuotaUser(java.lang.String quotaUser) {
+        return (Cancel) super.setQuotaUser(quotaUser);
+      }
+
+      @Override
+      public Cancel setUploadType(java.lang.String uploadType) {
+        return (Cancel) super.setUploadType(uploadType);
+      }
+
+      @Override
+      public Cancel setUploadProtocol(java.lang.String uploadProtocol) {
+        return (Cancel) super.setUploadProtocol(uploadProtocol);
+      }
+
+      /** The name of the operation resource to be cancelled. */
+      @com.google.api.client.util.Key
+      private java.lang.String name;
+
+      /** The name of the operation resource to be cancelled.
+       */
+      public java.lang.String getName() {
+        return name;
+      }
+
+      /** The name of the operation resource to be cancelled. */
+      public Cancel setName(java.lang.String name) {
+        if (!getSuppressPatternChecks()) {
+          com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+              "Parameter name must conform to the pattern " +
+              "^operations/.+$");
+        }
+        this.name = name;
+        return this;
+      }
+
+      @Override
+      public Cancel set(String parameterName, Object value) {
+        return (Cancel) super.set(parameterName, value);
+      }
+    }
+    /**
+     * Deletes a long-running operation. This method indicates that the client is no longer interested
+     * in the operation result. It does not cancel the operation. If the server doesn't support this
+     * method, it returns `google.rpc.Code.UNIMPLEMENTED`.
+     *
+     * Create a request for the method "operations.delete".
+     *
+     * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+     * optional parameters, call the {@link Delete#execute()} method to invoke the remote operation.
+     *
+     * @param name The name of the operation resource to be deleted.
+     * @return the request
+     */
+    public Delete delete(java.lang.String name) throws java.io.IOException {
+      Delete result = new Delete(name);
+      initialize(result);
+      return result;
+    }
+
+    public class Delete extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.Empty> {
+
+      private static final String REST_PATH = "v1/{+name}";
+
+      private final java.util.regex.Pattern NAME_PATTERN =
+          java.util.regex.Pattern.compile("^operations/.+$");
+
+      /**
+       * Deletes a long-running operation. This method indicates that the client is no longer interested
+       * in the operation result. It does not cancel the operation. If the server doesn't support this
+       * method, it returns `google.rpc.Code.UNIMPLEMENTED`.
+       *
+       * Create a request for the method "operations.delete".
+       *
+       * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+       * any optional parameters, call the {@link Delete#execute()} method to invoke the remote
+       * operation. <p> {@link
+       * Delete#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must
+       * be called to initialize this instance immediately after invoking the constructor. </p>
+       *
+       * @param name The name of the operation resource to be deleted.
+       * @since 1.13
+       */
+      protected Delete(java.lang.String name) {
+        super(AccessContextManager.this, "DELETE", REST_PATH, null, com.google.api.services.accesscontextmanager.v1.model.Empty.class);
+        this.name = com.google.api.client.util.Preconditions.checkNotNull(name, "Required parameter name must be specified.");
+        if (!getSuppressPatternChecks()) {
+          com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+              "Parameter name must conform to the pattern " +
+              "^operations/.+$");
+        }
+      }
+
+      @Override
+      public Delete set$Xgafv(java.lang.String $Xgafv) {
+        return (Delete) super.set$Xgafv($Xgafv);
+      }
+
+      @Override
+      public Delete setAccessToken(java.lang.String accessToken) {
+        return (Delete) super.setAccessToken(accessToken);
+      }
+
+      @Override
+      public Delete setAlt(java.lang.String alt) {
+        return (Delete) super.setAlt(alt);
+      }
+
+      @Override
+      public Delete setCallback(java.lang.String callback) {
+        return (Delete) super.setCallback(callback);
+      }
+
+      @Override
+      public Delete setFields(java.lang.String fields) {
+        return (Delete) super.setFields(fields);
+      }
+
+      @Override
+      public Delete setKey(java.lang.String key) {
+        return (Delete) super.setKey(key);
+      }
+
+      @Override
+      public Delete setOauthToken(java.lang.String oauthToken) {
+        return (Delete) super.setOauthToken(oauthToken);
+      }
+
+      @Override
+      public Delete setPrettyPrint(java.lang.Boolean prettyPrint) {
+        return (Delete) super.setPrettyPrint(prettyPrint);
+      }
+
+      @Override
+      public Delete setQuotaUser(java.lang.String quotaUser) {
+        return (Delete) super.setQuotaUser(quotaUser);
+      }
+
+      @Override
+      public Delete setUploadType(java.lang.String uploadType) {
+        return (Delete) super.setUploadType(uploadType);
+      }
+
+      @Override
+      public Delete setUploadProtocol(java.lang.String uploadProtocol) {
+        return (Delete) super.setUploadProtocol(uploadProtocol);
+      }
+
+      /** The name of the operation resource to be deleted. */
+      @com.google.api.client.util.Key
+      private java.lang.String name;
+
+      /** The name of the operation resource to be deleted.
+       */
+      public java.lang.String getName() {
+        return name;
+      }
+
+      /** The name of the operation resource to be deleted. */
+      public Delete setName(java.lang.String name) {
+        if (!getSuppressPatternChecks()) {
+          com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+              "Parameter name must conform to the pattern " +
+              "^operations/.+$");
+        }
+        this.name = name;
+        return this;
+      }
+
+      @Override
+      public Delete set(String parameterName, Object value) {
+        return (Delete) super.set(parameterName, value);
+      }
+    }
+    /**
+     * Gets the latest state of a long-running operation.  Clients can use this method to poll the
+     * operation result at intervals as recommended by the API service.
+     *
+     * Create a request for the method "operations.get".
+     *
+     * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+     * optional parameters, call the {@link Get#execute()} method to invoke the remote operation.
+     *
+     * @param name The name of the operation resource.
+     * @return the request
+     */
+    public Get get(java.lang.String name) throws java.io.IOException {
+      Get result = new Get(name);
+      initialize(result);
+      return result;
+    }
+
+    public class Get extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.Operation> {
+
+      private static final String REST_PATH = "v1/{+name}";
+
+      private final java.util.regex.Pattern NAME_PATTERN =
+          java.util.regex.Pattern.compile("^operations/.+$");
+
+      /**
+       * Gets the latest state of a long-running operation.  Clients can use this method to poll the
+       * operation result at intervals as recommended by the API service.
+       *
+       * Create a request for the method "operations.get".
+       *
+       * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+       * any optional parameters, call the {@link Get#execute()} method to invoke the remote operation.
+       * <p> {@link
+       * Get#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must be
+       * called to initialize this instance immediately after invoking the constructor. </p>
+       *
+       * @param name The name of the operation resource.
+       * @since 1.13
+       */
+      protected Get(java.lang.String name) {
+        super(AccessContextManager.this, "GET", REST_PATH, null, com.google.api.services.accesscontextmanager.v1.model.Operation.class);
+        this.name = com.google.api.client.util.Preconditions.checkNotNull(name, "Required parameter name must be specified.");
+        if (!getSuppressPatternChecks()) {
+          com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+              "Parameter name must conform to the pattern " +
+              "^operations/.+$");
+        }
+      }
+
+      @Override
+      public com.google.api.client.http.HttpResponse executeUsingHead() throws java.io.IOException {
+        return super.executeUsingHead();
+      }
+
+      @Override
+      public com.google.api.client.http.HttpRequest buildHttpRequestUsingHead() throws java.io.IOException {
+        return super.buildHttpRequestUsingHead();
+      }
+
+      @Override
+      public Get set$Xgafv(java.lang.String $Xgafv) {
+        return (Get) super.set$Xgafv($Xgafv);
+      }
+
+      @Override
+      public Get setAccessToken(java.lang.String accessToken) {
+        return (Get) super.setAccessToken(accessToken);
+      }
+
+      @Override
+      public Get setAlt(java.lang.String alt) {
+        return (Get) super.setAlt(alt);
+      }
+
+      @Override
+      public Get setCallback(java.lang.String callback) {
+        return (Get) super.setCallback(callback);
+      }
+
+      @Override
+      public Get setFields(java.lang.String fields) {
+        return (Get) super.setFields(fields);
+      }
+
+      @Override
+      public Get setKey(java.lang.String key) {
+        return (Get) super.setKey(key);
+      }
+
+      @Override
+      public Get setOauthToken(java.lang.String oauthToken) {
+        return (Get) super.setOauthToken(oauthToken);
+      }
+
+      @Override
+      public Get setPrettyPrint(java.lang.Boolean prettyPrint) {
+        return (Get) super.setPrettyPrint(prettyPrint);
+      }
+
+      @Override
+      public Get setQuotaUser(java.lang.String quotaUser) {
+        return (Get) super.setQuotaUser(quotaUser);
+      }
+
+      @Override
+      public Get setUploadType(java.lang.String uploadType) {
+        return (Get) super.setUploadType(uploadType);
+      }
+
+      @Override
+      public Get setUploadProtocol(java.lang.String uploadProtocol) {
+        return (Get) super.setUploadProtocol(uploadProtocol);
+      }
+
+      /** The name of the operation resource. */
+      @com.google.api.client.util.Key
+      private java.lang.String name;
+
+      /** The name of the operation resource.
+       */
+      public java.lang.String getName() {
+        return name;
+      }
+
+      /** The name of the operation resource. */
+      public Get setName(java.lang.String name) {
+        if (!getSuppressPatternChecks()) {
+          com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+              "Parameter name must conform to the pattern " +
+              "^operations/.+$");
+        }
+        this.name = name;
+        return this;
+      }
+
+      @Override
+      public Get set(String parameterName, Object value) {
+        return (Get) super.set(parameterName, value);
+      }
+    }
+    /**
+     * Lists operations that match the specified filter in the request. If the server doesn't support
+     * this method, it returns `UNIMPLEMENTED`.
+     *
+     * NOTE: the `name` binding allows API services to override the binding to use different resource
+     * name schemes, such as `users/operations`. To override the binding, API services can add a binding
+     * such as `"/v1/{name=users}/operations"` to their service configuration. For backwards
+     * compatibility, the default name includes the operations collection id, however overriding users
+     * must ensure the name binding is the parent resource, without the operations collection id.
+     *
+     * Create a request for the method "operations.list".
+     *
+     * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+     * optional parameters, call the {@link List#execute()} method to invoke the remote operation.
+     *
+     * @param name The name of the operation's parent resource.
+     * @return the request
+     */
+    public List list(java.lang.String name) throws java.io.IOException {
+      List result = new List(name);
+      initialize(result);
+      return result;
+    }
+
+    public class List extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.ListOperationsResponse> {
+
+      private static final String REST_PATH = "v1/{+name}";
+
+      private final java.util.regex.Pattern NAME_PATTERN =
+          java.util.regex.Pattern.compile("^operations$");
+
+      /**
+       * Lists operations that match the specified filter in the request. If the server doesn't support
+       * this method, it returns `UNIMPLEMENTED`.
+       *
+       * NOTE: the `name` binding allows API services to override the binding to use different resource
+       * name schemes, such as `users/operations`. To override the binding, API services can add a
+       * binding such as `"/v1/{name=users}/operations"` to their service configuration. For backwards
+       * compatibility, the default name includes the operations collection id, however overriding users
+       * must ensure the name binding is the parent resource, without the operations collection id.
+       *
+       * Create a request for the method "operations.list".
+       *
+       * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+       * any optional parameters, call the {@link List#execute()} method to invoke the remote operation.
+       * <p> {@link
+       * List#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must be
+       * called to initialize this instance immediately after invoking the constructor. </p>
+       *
+       * @param name The name of the operation's parent resource.
+       * @since 1.13
+       */
+      protected List(java.lang.String name) {
+        super(AccessContextManager.this, "GET", REST_PATH, null, com.google.api.services.accesscontextmanager.v1.model.ListOperationsResponse.class);
+        this.name = com.google.api.client.util.Preconditions.checkNotNull(name, "Required parameter name must be specified.");
+        if (!getSuppressPatternChecks()) {
+          com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+              "Parameter name must conform to the pattern " +
+              "^operations$");
+        }
+      }
+
+      @Override
+      public com.google.api.client.http.HttpResponse executeUsingHead() throws java.io.IOException {
+        return super.executeUsingHead();
+      }
+
+      @Override
+      public com.google.api.client.http.HttpRequest buildHttpRequestUsingHead() throws java.io.IOException {
+        return super.buildHttpRequestUsingHead();
+      }
+
+      @Override
+      public List set$Xgafv(java.lang.String $Xgafv) {
+        return (List) super.set$Xgafv($Xgafv);
+      }
+
+      @Override
+      public List setAccessToken(java.lang.String accessToken) {
+        return (List) super.setAccessToken(accessToken);
+      }
+
+      @Override
+      public List setAlt(java.lang.String alt) {
+        return (List) super.setAlt(alt);
+      }
+
+      @Override
+      public List setCallback(java.lang.String callback) {
+        return (List) super.setCallback(callback);
+      }
+
+      @Override
+      public List setFields(java.lang.String fields) {
+        return (List) super.setFields(fields);
+      }
+
+      @Override
+      public List setKey(java.lang.String key) {
+        return (List) super.setKey(key);
+      }
+
+      @Override
+      public List setOauthToken(java.lang.String oauthToken) {
+        return (List) super.setOauthToken(oauthToken);
+      }
+
+      @Override
+      public List setPrettyPrint(java.lang.Boolean prettyPrint) {
+        return (List) super.setPrettyPrint(prettyPrint);
+      }
+
+      @Override
+      public List setQuotaUser(java.lang.String quotaUser) {
+        return (List) super.setQuotaUser(quotaUser);
+      }
+
+      @Override
+      public List setUploadType(java.lang.String uploadType) {
+        return (List) super.setUploadType(uploadType);
+      }
+
+      @Override
+      public List setUploadProtocol(java.lang.String uploadProtocol) {
+        return (List) super.setUploadProtocol(uploadProtocol);
+      }
+
+      /** The name of the operation's parent resource. */
+      @com.google.api.client.util.Key
+      private java.lang.String name;
+
+      /** The name of the operation's parent resource.
+       */
+      public java.lang.String getName() {
+        return name;
+      }
+
+      /** The name of the operation's parent resource. */
+      public List setName(java.lang.String name) {
+        if (!getSuppressPatternChecks()) {
+          com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+              "Parameter name must conform to the pattern " +
+              "^operations$");
+        }
+        this.name = name;
+        return this;
+      }
+
+      /** The standard list filter. */
+      @com.google.api.client.util.Key
+      private java.lang.String filter;
+
+      /** The standard list filter.
+       */
+      public java.lang.String getFilter() {
+        return filter;
+      }
+
+      /** The standard list filter. */
+      public List setFilter(java.lang.String filter) {
+        this.filter = filter;
+        return this;
+      }
+
+      /** The standard list page size. */
+      @com.google.api.client.util.Key
+      private java.lang.Integer pageSize;
+
+      /** The standard list page size.
+       */
+      public java.lang.Integer getPageSize() {
+        return pageSize;
+      }
+
+      /** The standard list page size. */
+      public List setPageSize(java.lang.Integer pageSize) {
+        this.pageSize = pageSize;
+        return this;
+      }
+
+      /** The standard list page token. */
+      @com.google.api.client.util.Key
+      private java.lang.String pageToken;
+
+      /** The standard list page token.
+       */
+      public java.lang.String getPageToken() {
+        return pageToken;
+      }
+
+      /** The standard list page token. */
+      public List setPageToken(java.lang.String pageToken) {
+        this.pageToken = pageToken;
+        return this;
+      }
+
+      @Override
+      public List set(String parameterName, Object value) {
+        return (List) super.set(parameterName, value);
+      }
+    }
+
+  }
+
+  /**
+   * Builder for {@link AccessContextManager}.
+   *
+   * <p>
+   * Implementation is not thread-safe.
+   * </p>
+   *
+   * @since 1.3.0
+   */
+  public static final class Builder extends com.google.api.client.googleapis.services.json.AbstractGoogleJsonClient.Builder {
+
+    /**
+     * Returns an instance of a new builder.
+     *
+     * @param transport HTTP transport, which should normally be:
+     *        <ul>
+     *        <li>Google App Engine:
+     *        {@code com.google.api.client.extensions.appengine.http.UrlFetchTransport}</li>
+     *        <li>Android: {@code newCompatibleTransport} from
+     *        {@code com.google.api.client.extensions.android.http.AndroidHttp}</li>
+     *        <li>Java: {@link com.google.api.client.googleapis.javanet.GoogleNetHttpTransport#newTrustedTransport()}
+     *        </li>
+     *        </ul>
+     * @param jsonFactory JSON factory, which may be:
+     *        <ul>
+     *        <li>Jackson: {@code com.google.api.client.json.jackson2.JacksonFactory}</li>
+     *        <li>Google GSON: {@code com.google.api.client.json.gson.GsonFactory}</li>
+     *        <li>Android Honeycomb or higher:
+     *        {@code com.google.api.client.extensions.android.json.AndroidJsonFactory}</li>
+     *        </ul>
+     * @param httpRequestInitializer HTTP request initializer or {@code null} for none
+     * @since 1.7
+     */
+    public Builder(com.google.api.client.http.HttpTransport transport, com.google.api.client.json.JsonFactory jsonFactory,
+        com.google.api.client.http.HttpRequestInitializer httpRequestInitializer) {
+      super(
+          transport,
+          jsonFactory,
+          DEFAULT_ROOT_URL,
+          DEFAULT_SERVICE_PATH,
+          httpRequestInitializer,
+          false);
+      setBatchPath(DEFAULT_BATCH_PATH);
+    }
+
+    /** Builds a new instance of {@link AccessContextManager}. */
+    @Override
+    public AccessContextManager build() {
+      return new AccessContextManager(this);
+    }
+
+    @Override
+    public Builder setRootUrl(String rootUrl) {
+      return (Builder) super.setRootUrl(rootUrl);
+    }
+
+    @Override
+    public Builder setServicePath(String servicePath) {
+      return (Builder) super.setServicePath(servicePath);
+    }
+
+    @Override
+    public Builder setBatchPath(String batchPath) {
+      return (Builder) super.setBatchPath(batchPath);
+    }
+
+    @Override
+    public Builder setHttpRequestInitializer(com.google.api.client.http.HttpRequestInitializer httpRequestInitializer) {
+      return (Builder) super.setHttpRequestInitializer(httpRequestInitializer);
+    }
+
+    @Override
+    public Builder setApplicationName(String applicationName) {
+      return (Builder) super.setApplicationName(applicationName);
+    }
+
+    @Override
+    public Builder setSuppressPatternChecks(boolean suppressPatternChecks) {
+      return (Builder) super.setSuppressPatternChecks(suppressPatternChecks);
+    }
+
+    @Override
+    public Builder setSuppressRequiredParameterChecks(boolean suppressRequiredParameterChecks) {
+      return (Builder) super.setSuppressRequiredParameterChecks(suppressRequiredParameterChecks);
+    }
+
+    @Override
+    public Builder setSuppressAllChecks(boolean suppressAllChecks) {
+      return (Builder) super.setSuppressAllChecks(suppressAllChecks);
+    }
+
+    /**
+     * Set the {@link AccessContextManagerRequestInitializer}.
+     *
+     * @since 1.12
+     */
+    public Builder setAccessContextManagerRequestInitializer(
+        AccessContextManagerRequestInitializer accesscontextmanagerRequestInitializer) {
+      return (Builder) super.setGoogleClientRequestInitializer(accesscontextmanagerRequestInitializer);
+    }
+
+    @Override
+    public Builder setGoogleClientRequestInitializer(
+        com.google.api.client.googleapis.services.GoogleClientRequestInitializer googleClientRequestInitializer) {
+      return (Builder) super.setGoogleClientRequestInitializer(googleClientRequestInitializer);
+    }
+  }
+}
diff --git a/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/AccessContextManagerRequest.java b/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/AccessContextManagerRequest.java
new file mode 100644
index 00000000000..bd9642ba468
--- /dev/null
+++ b/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/AccessContextManagerRequest.java
@@ -0,0 +1,267 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1;
+
+/**
+ * AccessContextManager request.
+ *
+ * @since 1.3
+ */
+@SuppressWarnings("javadoc")
+public abstract class AccessContextManagerRequest<T> extends com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest<T> {
+
+  /**
+   * @param client Google client
+   * @param method HTTP Method
+   * @param uriTemplate URI template for the path relative to the base URL. If it starts with a "/"
+   *        the base path from the base URL will be stripped out. The URI template can also be a
+   *        full URL. URI template expansion is done using
+   *        {@link com.google.api.client.http.UriTemplate#expand(String, String, Object, boolean)}
+   * @param content A POJO that can be serialized into JSON or {@code null} for none
+   * @param responseClass response class to parse into
+   */
+  public AccessContextManagerRequest(
+      AccessContextManager client, String method, String uriTemplate, Object content, Class<T> responseClass) {
+    super(
+        client,
+        method,
+        uriTemplate,
+        content,
+        responseClass);
+  }
+
+  /** V1 error format. */
+  @com.google.api.client.util.Key("$.xgafv")
+  private java.lang.String $Xgafv;
+
+  /**
+   * V1 error format.
+   */
+  public java.lang.String get$Xgafv() {
+    return $Xgafv;
+  }
+
+  /** V1 error format. */
+  public AccessContextManagerRequest<T> set$Xgafv(java.lang.String $Xgafv) {
+    this.$Xgafv = $Xgafv;
+    return this;
+  }
+
+  /** OAuth access token. */
+  @com.google.api.client.util.Key("access_token")
+  private java.lang.String accessToken;
+
+  /**
+   * OAuth access token.
+   */
+  public java.lang.String getAccessToken() {
+    return accessToken;
+  }
+
+  /** OAuth access token. */
+  public AccessContextManagerRequest<T> setAccessToken(java.lang.String accessToken) {
+    this.accessToken = accessToken;
+    return this;
+  }
+
+  /** Data format for response. */
+  @com.google.api.client.util.Key
+  private java.lang.String alt;
+
+  /**
+   * Data format for response. [default: json]
+   */
+  public java.lang.String getAlt() {
+    return alt;
+  }
+
+  /** Data format for response. */
+  public AccessContextManagerRequest<T> setAlt(java.lang.String alt) {
+    this.alt = alt;
+    return this;
+  }
+
+  /** JSONP */
+  @com.google.api.client.util.Key
+  private java.lang.String callback;
+
+  /**
+   * JSONP
+   */
+  public java.lang.String getCallback() {
+    return callback;
+  }
+
+  /** JSONP */
+  public AccessContextManagerRequest<T> setCallback(java.lang.String callback) {
+    this.callback = callback;
+    return this;
+  }
+
+  /** Selector specifying which fields to include in a partial response. */
+  @com.google.api.client.util.Key
+  private java.lang.String fields;
+
+  /**
+   * Selector specifying which fields to include in a partial response.
+   */
+  public java.lang.String getFields() {
+    return fields;
+  }
+
+  /** Selector specifying which fields to include in a partial response. */
+  public AccessContextManagerRequest<T> setFields(java.lang.String fields) {
+    this.fields = fields;
+    return this;
+  }
+
+  /**
+   * API key. Your API key identifies your project and provides you with API access, quota, and
+   * reports. Required unless you provide an OAuth 2.0 token.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String key;
+
+  /**
+   * API key. Your API key identifies your project and provides you with API access, quota, and
+   * reports. Required unless you provide an OAuth 2.0 token.
+   */
+  public java.lang.String getKey() {
+    return key;
+  }
+
+  /**
+   * API key. Your API key identifies your project and provides you with API access, quota, and
+   * reports. Required unless you provide an OAuth 2.0 token.
+   */
+  public AccessContextManagerRequest<T> setKey(java.lang.String key) {
+    this.key = key;
+    return this;
+  }
+
+  /** OAuth 2.0 token for the current user. */
+  @com.google.api.client.util.Key("oauth_token")
+  private java.lang.String oauthToken;
+
+  /**
+   * OAuth 2.0 token for the current user.
+   */
+  public java.lang.String getOauthToken() {
+    return oauthToken;
+  }
+
+  /** OAuth 2.0 token for the current user. */
+  public AccessContextManagerRequest<T> setOauthToken(java.lang.String oauthToken) {
+    this.oauthToken = oauthToken;
+    return this;
+  }
+
+  /** Returns response with indentations and line breaks. */
+  @com.google.api.client.util.Key
+  private java.lang.Boolean prettyPrint;
+
+  /**
+   * Returns response with indentations and line breaks. [default: true]
+   */
+  public java.lang.Boolean getPrettyPrint() {
+    return prettyPrint;
+  }
+
+  /** Returns response with indentations and line breaks. */
+  public AccessContextManagerRequest<T> setPrettyPrint(java.lang.Boolean prettyPrint) {
+    this.prettyPrint = prettyPrint;
+    return this;
+  }
+
+  /**
+   * Available to use for quota purposes for server-side applications. Can be any arbitrary string
+   * assigned to a user, but should not exceed 40 characters.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String quotaUser;
+
+  /**
+   * Available to use for quota purposes for server-side applications. Can be any arbitrary string
+   * assigned to a user, but should not exceed 40 characters.
+   */
+  public java.lang.String getQuotaUser() {
+    return quotaUser;
+  }
+
+  /**
+   * Available to use for quota purposes for server-side applications. Can be any arbitrary string
+   * assigned to a user, but should not exceed 40 characters.
+   */
+  public AccessContextManagerRequest<T> setQuotaUser(java.lang.String quotaUser) {
+    this.quotaUser = quotaUser;
+    return this;
+  }
+
+  /** Legacy upload protocol for media (e.g. "media", "multipart"). */
+  @com.google.api.client.util.Key
+  private java.lang.String uploadType;
+
+  /**
+   * Legacy upload protocol for media (e.g. "media", "multipart").
+   */
+  public java.lang.String getUploadType() {
+    return uploadType;
+  }
+
+  /** Legacy upload protocol for media (e.g. "media", "multipart"). */
+  public AccessContextManagerRequest<T> setUploadType(java.lang.String uploadType) {
+    this.uploadType = uploadType;
+    return this;
+  }
+
+  /** Upload protocol for media (e.g. "raw", "multipart"). */
+  @com.google.api.client.util.Key("upload_protocol")
+  private java.lang.String uploadProtocol;
+
+  /**
+   * Upload protocol for media (e.g. "raw", "multipart").
+   */
+  public java.lang.String getUploadProtocol() {
+    return uploadProtocol;
+  }
+
+  /** Upload protocol for media (e.g. "raw", "multipart"). */
+  public AccessContextManagerRequest<T> setUploadProtocol(java.lang.String uploadProtocol) {
+    this.uploadProtocol = uploadProtocol;
+    return this;
+  }
+
+  @Override
+  public final AccessContextManager getAbstractGoogleClient() {
+    return (AccessContextManager) super.getAbstractGoogleClient();
+  }
+
+  @Override
+  public AccessContextManagerRequest<T> setDisableGZipContent(boolean disableGZipContent) {
+    return (AccessContextManagerRequest<T>) super.setDisableGZipContent(disableGZipContent);
+  }
+
+  @Override
+  public AccessContextManagerRequest<T> setRequestHeaders(com.google.api.client.http.HttpHeaders headers) {
+    return (AccessContextManagerRequest<T>) super.setRequestHeaders(headers);
+  }
+
+  @Override
+  public AccessContextManagerRequest<T> set(String parameterName, Object value) {
+    return (AccessContextManagerRequest<T>) super.set(parameterName, value);
+  }
+}
diff --git a/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/AccessContextManagerRequestInitializer.java b/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/AccessContextManagerRequestInitializer.java
new file mode 100644
index 00000000000..72585d9e6e6
--- /dev/null
+++ b/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/AccessContextManagerRequestInitializer.java
@@ -0,0 +1,119 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1;
+
+/**
+ * AccessContextManager request initializer for setting properties like key and userIp.
+ *
+ * <p>
+ * The simplest usage is to use it to set the key parameter:
+ * </p>
+ *
+ * <pre>
+  public static final GoogleClientRequestInitializer KEY_INITIALIZER =
+      new AccessContextManagerRequestInitializer(KEY);
+ * </pre>
+ *
+ * <p>
+ * There is also a constructor to set both the key and userIp parameters:
+ * </p>
+ *
+ * <pre>
+  public static final GoogleClientRequestInitializer INITIALIZER =
+      new AccessContextManagerRequestInitializer(KEY, USER_IP);
+ * </pre>
+ *
+ * <p>
+ * If you want to implement custom logic, extend it like this:
+ * </p>
+ *
+ * <pre>
+  public static class MyRequestInitializer extends AccessContextManagerRequestInitializer {
+
+    {@literal @}Override
+    public void initializeAccessContextManagerRequest(AccessContextManagerRequest{@literal <}?{@literal >} request)
+        throws IOException {
+      // custom logic
+    }
+  }
+ * </pre>
+ *
+ * <p>
+ * Finally, to set the key and userIp parameters and insert custom logic, extend it like this:
+ * </p>
+ *
+ * <pre>
+  public static class MyRequestInitializer2 extends AccessContextManagerRequestInitializer {
+
+    public MyKeyRequestInitializer() {
+      super(KEY, USER_IP);
+    }
+
+    {@literal @}Override
+    public void initializeAccessContextManagerRequest(AccessContextManagerRequest{@literal <}?{@literal >} request)
+        throws IOException {
+      // custom logic
+    }
+  }
+ * </pre>
+ *
+ * <p>
+ * Subclasses should be thread-safe.
+ * </p>
+ *
+ * @since 1.12
+ */
+public class AccessContextManagerRequestInitializer extends com.google.api.client.googleapis.services.json.CommonGoogleJsonClientRequestInitializer {
+
+  public AccessContextManagerRequestInitializer() {
+    super();
+  }
+
+  /**
+   * @param key API key or {@code null} to leave it unchanged
+   */
+  public AccessContextManagerRequestInitializer(String key) {
+    super(key);
+  }
+
+  /**
+   * @param key API key or {@code null} to leave it unchanged
+   * @param userIp user IP or {@code null} to leave it unchanged
+   */
+  public AccessContextManagerRequestInitializer(String key, String userIp) {
+    super(key, userIp);
+  }
+
+  @Override
+  public final void initializeJsonRequest(com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest<?> request) throws java.io.IOException {
+    super.initializeJsonRequest(request);
+    initializeAccessContextManagerRequest((AccessContextManagerRequest<?>) request);
+  }
+
+  /**
+   * Initializes AccessContextManager request.
+   *
+   * <p>
+   * Default implementation does nothing. Called from
+   * {@link #initializeJsonRequest(com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest)}.
+   * </p>
+   *
+   * @throws java.io.IOException I/O exception
+   */
+  protected void initializeAccessContextManagerRequest(AccessContextManagerRequest<?> request) throws java.io.IOException {
+  }
+}
diff --git a/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/AccessContextManagerScopes.java b/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/AccessContextManagerScopes.java
new file mode 100644
index 00000000000..a24cc91248f
--- /dev/null
+++ b/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/AccessContextManagerScopes.java
@@ -0,0 +1,42 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1;
+
+/**
+ * Available OAuth 2.0 scopes for use with the Access Context Manager API.
+ *
+ * @since 1.4
+ */
+public class AccessContextManagerScopes {
+
+  /** View and manage your data across Google Cloud Platform services. */
+  public static final String CLOUD_PLATFORM = "https://www.googleapis.com/auth/cloud-platform";
+
+  /**
+   * Returns an unmodifiable set that contains all scopes declared by this class.
+   *
+   * @since 1.16
+   */
+  public static java.util.Set<String> all() {
+    java.util.Set<String> set = new java.util.HashSet<String>();
+    set.add(CLOUD_PLATFORM);
+    return java.util.Collections.unmodifiableSet(set);
+  }
+
+  private AccessContextManagerScopes() {
+  }
+}
diff --git a/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/AccessLevel.java b/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/AccessLevel.java
new file mode 100644
index 00000000000..e114803aaef
--- /dev/null
+++ b/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/AccessLevel.java
@@ -0,0 +1,194 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * An `AccessLevel` is a label that can be applied to requests to GCP services, along with a list of
+ * requirements necessary for the label to be applied.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class AccessLevel extends com.google.api.client.json.GenericJson {
+
+  /**
+   * A `BasicLevel` composed of `Conditions`.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private BasicLevel basic;
+
+  /**
+   * Output only. Time the `AccessLevel` was created in UTC.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private String createTime;
+
+  /**
+   * Description of the `AccessLevel` and its use. Does not affect behavior.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String description;
+
+  /**
+   * Required. Resource name for the Access Level. The `short_name` component must begin with a
+   * letter and only include alphanumeric and '_'. Format:
+   * `accessPolicies/{policy_id}/accessLevels/{short_name}`
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String name;
+
+  /**
+   * Human readable title. Must be unique within the Policy.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String title;
+
+  /**
+   * Output only. Time the `AccessLevel` was updated in UTC.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private String updateTime;
+
+  /**
+   * A `BasicLevel` composed of `Conditions`.
+   * @return value or {@code null} for none
+   */
+  public BasicLevel getBasic() {
+    return basic;
+  }
+
+  /**
+   * A `BasicLevel` composed of `Conditions`.
+   * @param basic basic or {@code null} for none
+   */
+  public AccessLevel setBasic(BasicLevel basic) {
+    this.basic = basic;
+    return this;
+  }
+
+  /**
+   * Output only. Time the `AccessLevel` was created in UTC.
+   * @return value or {@code null} for none
+   */
+  public String getCreateTime() {
+    return createTime;
+  }
+
+  /**
+   * Output only. Time the `AccessLevel` was created in UTC.
+   * @param createTime createTime or {@code null} for none
+   */
+  public AccessLevel setCreateTime(String createTime) {
+    this.createTime = createTime;
+    return this;
+  }
+
+  /**
+   * Description of the `AccessLevel` and its use. Does not affect behavior.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getDescription() {
+    return description;
+  }
+
+  /**
+   * Description of the `AccessLevel` and its use. Does not affect behavior.
+   * @param description description or {@code null} for none
+   */
+  public AccessLevel setDescription(java.lang.String description) {
+    this.description = description;
+    return this;
+  }
+
+  /**
+   * Required. Resource name for the Access Level. The `short_name` component must begin with a
+   * letter and only include alphanumeric and '_'. Format:
+   * `accessPolicies/{policy_id}/accessLevels/{short_name}`
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getName() {
+    return name;
+  }
+
+  /**
+   * Required. Resource name for the Access Level. The `short_name` component must begin with a
+   * letter and only include alphanumeric and '_'. Format:
+   * `accessPolicies/{policy_id}/accessLevels/{short_name}`
+   * @param name name or {@code null} for none
+   */
+  public AccessLevel setName(java.lang.String name) {
+    this.name = name;
+    return this;
+  }
+
+  /**
+   * Human readable title. Must be unique within the Policy.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getTitle() {
+    return title;
+  }
+
+  /**
+   * Human readable title. Must be unique within the Policy.
+   * @param title title or {@code null} for none
+   */
+  public AccessLevel setTitle(java.lang.String title) {
+    this.title = title;
+    return this;
+  }
+
+  /**
+   * Output only. Time the `AccessLevel` was updated in UTC.
+   * @return value or {@code null} for none
+   */
+  public String getUpdateTime() {
+    return updateTime;
+  }
+
+  /**
+   * Output only. Time the `AccessLevel` was updated in UTC.
+   * @param updateTime updateTime or {@code null} for none
+   */
+  public AccessLevel setUpdateTime(String updateTime) {
+    this.updateTime = updateTime;
+    return this;
+  }
+
+  @Override
+  public AccessLevel set(String fieldName, Object value) {
+    return (AccessLevel) super.set(fieldName, value);
+  }
+
+  @Override
+  public AccessLevel clone() {
+    return (AccessLevel) super.clone();
+  }
+
+}
diff --git a/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/AccessPolicy.java b/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/AccessPolicy.java
new file mode 100644
index 00000000000..6efa50a0759
--- /dev/null
+++ b/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/AccessPolicy.java
@@ -0,0 +1,169 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * `AccessPolicy` is a container for `AccessLevels` (which define the necessary attributes to use
+ * GCP services) and `ServicePerimeters` (which define regions of services able to freely pass data
+ * within a perimeter). An access policy is globally visible within an organization, and the
+ * restrictions it specifies apply to all projects within an organization.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class AccessPolicy extends com.google.api.client.json.GenericJson {
+
+  /**
+   * Output only. Time the `AccessPolicy` was created in UTC.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private String createTime;
+
+  /**
+   * Output only. Resource name of the `AccessPolicy`. Format: `accessPolicies/{policy_id}`
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String name;
+
+  /**
+   * Required. The parent of this `AccessPolicy` in the Cloud Resource Hierarchy. Currently
+   * immutable once created. Format: `organizations/{organization_id}`
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String parent;
+
+  /**
+   * Required. Human readable title. Does not affect behavior.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String title;
+
+  /**
+   * Output only. Time the `AccessPolicy` was updated in UTC.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private String updateTime;
+
+  /**
+   * Output only. Time the `AccessPolicy` was created in UTC.
+   * @return value or {@code null} for none
+   */
+  public String getCreateTime() {
+    return createTime;
+  }
+
+  /**
+   * Output only. Time the `AccessPolicy` was created in UTC.
+   * @param createTime createTime or {@code null} for none
+   */
+  public AccessPolicy setCreateTime(String createTime) {
+    this.createTime = createTime;
+    return this;
+  }
+
+  /**
+   * Output only. Resource name of the `AccessPolicy`. Format: `accessPolicies/{policy_id}`
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getName() {
+    return name;
+  }
+
+  /**
+   * Output only. Resource name of the `AccessPolicy`. Format: `accessPolicies/{policy_id}`
+   * @param name name or {@code null} for none
+   */
+  public AccessPolicy setName(java.lang.String name) {
+    this.name = name;
+    return this;
+  }
+
+  /**
+   * Required. The parent of this `AccessPolicy` in the Cloud Resource Hierarchy. Currently
+   * immutable once created. Format: `organizations/{organization_id}`
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getParent() {
+    return parent;
+  }
+
+  /**
+   * Required. The parent of this `AccessPolicy` in the Cloud Resource Hierarchy. Currently
+   * immutable once created. Format: `organizations/{organization_id}`
+   * @param parent parent or {@code null} for none
+   */
+  public AccessPolicy setParent(java.lang.String parent) {
+    this.parent = parent;
+    return this;
+  }
+
+  /**
+   * Required. Human readable title. Does not affect behavior.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getTitle() {
+    return title;
+  }
+
+  /**
+   * Required. Human readable title. Does not affect behavior.
+   * @param title title or {@code null} for none
+   */
+  public AccessPolicy setTitle(java.lang.String title) {
+    this.title = title;
+    return this;
+  }
+
+  /**
+   * Output only. Time the `AccessPolicy` was updated in UTC.
+   * @return value or {@code null} for none
+   */
+  public String getUpdateTime() {
+    return updateTime;
+  }
+
+  /**
+   * Output only. Time the `AccessPolicy` was updated in UTC.
+   * @param updateTime updateTime or {@code null} for none
+   */
+  public AccessPolicy setUpdateTime(String updateTime) {
+    this.updateTime = updateTime;
+    return this;
+  }
+
+  @Override
+  public AccessPolicy set(String fieldName, Object value) {
+    return (AccessPolicy) super.set(fieldName, value);
+  }
+
+  @Override
+  public AccessPolicy clone() {
+    return (AccessPolicy) super.clone();
+  }
+
+}
diff --git a/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/BasicLevel.java b/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/BasicLevel.java
new file mode 100644
index 00000000000..061db767856
--- /dev/null
+++ b/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/BasicLevel.java
@@ -0,0 +1,100 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * `BasicLevel` is an `AccessLevel` using a set of recommended features.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class BasicLevel extends com.google.api.client.json.GenericJson {
+
+  /**
+   * How the `conditions` list should be combined to determine if a request is granted this
+   * `AccessLevel`. If AND is used, each `Condition` in `conditions` must be satisfied for the
+   * `AccessLevel` to be applied. If OR is used, at least one `Condition` in `conditions` must be
+   * satisfied for the `AccessLevel` to be applied. Default behavior is AND.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String combiningFunction;
+
+  /**
+   * Required. A list of requirements for the `AccessLevel` to be granted.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<Condition> conditions;
+
+  /**
+   * How the `conditions` list should be combined to determine if a request is granted this
+   * `AccessLevel`. If AND is used, each `Condition` in `conditions` must be satisfied for the
+   * `AccessLevel` to be applied. If OR is used, at least one `Condition` in `conditions` must be
+   * satisfied for the `AccessLevel` to be applied. Default behavior is AND.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getCombiningFunction() {
+    return combiningFunction;
+  }
+
+  /**
+   * How the `conditions` list should be combined to determine if a request is granted this
+   * `AccessLevel`. If AND is used, each `Condition` in `conditions` must be satisfied for the
+   * `AccessLevel` to be applied. If OR is used, at least one `Condition` in `conditions` must be
+   * satisfied for the `AccessLevel` to be applied. Default behavior is AND.
+   * @param combiningFunction combiningFunction or {@code null} for none
+   */
+  public BasicLevel setCombiningFunction(java.lang.String combiningFunction) {
+    this.combiningFunction = combiningFunction;
+    return this;
+  }
+
+  /**
+   * Required. A list of requirements for the `AccessLevel` to be granted.
+   * @return value or {@code null} for none
+   */
+  public java.util.List<Condition> getConditions() {
+    return conditions;
+  }
+
+  /**
+   * Required. A list of requirements for the `AccessLevel` to be granted.
+   * @param conditions conditions or {@code null} for none
+   */
+  public BasicLevel setConditions(java.util.List<Condition> conditions) {
+    this.conditions = conditions;
+    return this;
+  }
+
+  @Override
+  public BasicLevel set(String fieldName, Object value) {
+    return (BasicLevel) super.set(fieldName, value);
+  }
+
+  @Override
+  public BasicLevel clone() {
+    return (BasicLevel) super.clone();
+  }
+
+}
diff --git a/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/CancelOperationRequest.java b/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/CancelOperationRequest.java
new file mode 100644
index 00000000000..8c5f4c2a21d
--- /dev/null
+++ b/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/CancelOperationRequest.java
@@ -0,0 +1,43 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * The request message for Operations.CancelOperation.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class CancelOperationRequest extends com.google.api.client.json.GenericJson {
+
+  @Override
+  public CancelOperationRequest set(String fieldName, Object value) {
+    return (CancelOperationRequest) super.set(fieldName, value);
+  }
+
+  @Override
+  public CancelOperationRequest clone() {
+    return (CancelOperationRequest) super.clone();
+  }
+
+}
diff --git a/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/Condition.java b/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/Condition.java
new file mode 100644
index 00000000000..dcca9056144
--- /dev/null
+++ b/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/Condition.java
@@ -0,0 +1,202 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * A condition necessary for an `AccessLevel` to be granted. The Condition is an AND over its
+ * fields. So a Condition is true if: 1) the request IP is from one of the listed subnetworks AND 2)
+ * the originating device complies with the listed device policy AND 3) all listed access levels are
+ * granted AND 4) the request was sent at a time allowed by the DateTimeRestriction.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class Condition extends com.google.api.client.json.GenericJson {
+
+  /**
+   * Device specific restrictions, all restrictions must hold for the Condition to be true. If not
+   * specified, all devices are allowed.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private DevicePolicy devicePolicy;
+
+  /**
+   * CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address
+   * block, the specified IP address portion must be properly truncated (i.e. all the host bits must
+   * be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but
+   * "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas
+   * "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets
+   * in order for this Condition to be true. If empty, all IP addresses are allowed.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<java.lang.String> ipSubnetworks;
+
+  /**
+   * The request must be made by one of the provided user or service accounts. Groups are not
+   * supported. Syntax: `user:{emailid}` `serviceAccount:{emailid}` If not specified, a request may
+   * come from any user.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<java.lang.String> members;
+
+  /**
+   * Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty
+   * fields, each field must be false for the Condition overall to be satisfied. Defaults to false.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.Boolean negate;
+
+  /**
+   * A list of other access levels defined in the same `Policy`, referenced by resource name.
+   * Referencing an `AccessLevel` which does not exist is an error. All access levels listed must be
+   * granted for the Condition to be true. Example:
+   * "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<java.lang.String> requiredAccessLevels;
+
+  /**
+   * Device specific restrictions, all restrictions must hold for the Condition to be true. If not
+   * specified, all devices are allowed.
+   * @return value or {@code null} for none
+   */
+  public DevicePolicy getDevicePolicy() {
+    return devicePolicy;
+  }
+
+  /**
+   * Device specific restrictions, all restrictions must hold for the Condition to be true. If not
+   * specified, all devices are allowed.
+   * @param devicePolicy devicePolicy or {@code null} for none
+   */
+  public Condition setDevicePolicy(DevicePolicy devicePolicy) {
+    this.devicePolicy = devicePolicy;
+    return this;
+  }
+
+  /**
+   * CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address
+   * block, the specified IP address portion must be properly truncated (i.e. all the host bits must
+   * be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but
+   * "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas
+   * "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets
+   * in order for this Condition to be true. If empty, all IP addresses are allowed.
+   * @return value or {@code null} for none
+   */
+  public java.util.List<java.lang.String> getIpSubnetworks() {
+    return ipSubnetworks;
+  }
+
+  /**
+   * CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address
+   * block, the specified IP address portion must be properly truncated (i.e. all the host bits must
+   * be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but
+   * "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas
+   * "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets
+   * in order for this Condition to be true. If empty, all IP addresses are allowed.
+   * @param ipSubnetworks ipSubnetworks or {@code null} for none
+   */
+  public Condition setIpSubnetworks(java.util.List<java.lang.String> ipSubnetworks) {
+    this.ipSubnetworks = ipSubnetworks;
+    return this;
+  }
+
+  /**
+   * The request must be made by one of the provided user or service accounts. Groups are not
+   * supported. Syntax: `user:{emailid}` `serviceAccount:{emailid}` If not specified, a request may
+   * come from any user.
+   * @return value or {@code null} for none
+   */
+  public java.util.List<java.lang.String> getMembers() {
+    return members;
+  }
+
+  /**
+   * The request must be made by one of the provided user or service accounts. Groups are not
+   * supported. Syntax: `user:{emailid}` `serviceAccount:{emailid}` If not specified, a request may
+   * come from any user.
+   * @param members members or {@code null} for none
+   */
+  public Condition setMembers(java.util.List<java.lang.String> members) {
+    this.members = members;
+    return this;
+  }
+
+  /**
+   * Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty
+   * fields, each field must be false for the Condition overall to be satisfied. Defaults to false.
+   * @return value or {@code null} for none
+   */
+  public java.lang.Boolean getNegate() {
+    return negate;
+  }
+
+  /**
+   * Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty
+   * fields, each field must be false for the Condition overall to be satisfied. Defaults to false.
+   * @param negate negate or {@code null} for none
+   */
+  public Condition setNegate(java.lang.Boolean negate) {
+    this.negate = negate;
+    return this;
+  }
+
+  /**
+   * A list of other access levels defined in the same `Policy`, referenced by resource name.
+   * Referencing an `AccessLevel` which does not exist is an error. All access levels listed must be
+   * granted for the Condition to be true. Example:
+   * "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`
+   * @return value or {@code null} for none
+   */
+  public java.util.List<java.lang.String> getRequiredAccessLevels() {
+    return requiredAccessLevels;
+  }
+
+  /**
+   * A list of other access levels defined in the same `Policy`, referenced by resource name.
+   * Referencing an `AccessLevel` which does not exist is an error. All access levels listed must be
+   * granted for the Condition to be true. Example:
+   * "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`
+   * @param requiredAccessLevels requiredAccessLevels or {@code null} for none
+   */
+  public Condition setRequiredAccessLevels(java.util.List<java.lang.String> requiredAccessLevels) {
+    this.requiredAccessLevels = requiredAccessLevels;
+    return this;
+  }
+
+  @Override
+  public Condition set(String fieldName, Object value) {
+    return (Condition) super.set(fieldName, value);
+  }
+
+  @Override
+  public Condition clone() {
+    return (Condition) super.clone();
+  }
+
+}
diff --git a/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/DevicePolicy.java b/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/DevicePolicy.java
new file mode 100644
index 00000000000..b1dc97483f0
--- /dev/null
+++ b/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/DevicePolicy.java
@@ -0,0 +1,145 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * `DevicePolicy` specifies device specific restrictions necessary to acquire a given access level.
+ * A `DevicePolicy` specifies requirements for requests from devices to be granted access levels, it
+ * does not do any enforcement on the device. `DevicePolicy` acts as an AND over all specified
+ * fields, and each repeated field is an OR over its elements. Any unset fields are ignored. For
+ * example, if the proto is { os_type : DESKTOP_WINDOWS, os_type : DESKTOP_LINUX, encryption_status:
+ * ENCRYPTED}, then the DevicePolicy will be true for requests originating from encrypted Linux
+ * desktops and encrypted Windows desktops.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class DevicePolicy extends com.google.api.client.json.GenericJson {
+
+  /**
+   * Allowed device management levels, an empty list allows all management levels.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<java.lang.String> allowedDeviceManagementLevels;
+
+  /**
+   * Allowed encryptions statuses, an empty list allows all statuses.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<java.lang.String> allowedEncryptionStatuses;
+
+  /**
+   * Allowed OS versions, an empty list allows all types and all versions.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<OsConstraint> osConstraints;
+
+  /**
+   * Whether or not screenlock is required for the DevicePolicy to be true. Defaults to `false`.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.Boolean requireScreenlock;
+
+  /**
+   * Allowed device management levels, an empty list allows all management levels.
+   * @return value or {@code null} for none
+   */
+  public java.util.List<java.lang.String> getAllowedDeviceManagementLevels() {
+    return allowedDeviceManagementLevels;
+  }
+
+  /**
+   * Allowed device management levels, an empty list allows all management levels.
+   * @param allowedDeviceManagementLevels allowedDeviceManagementLevels or {@code null} for none
+   */
+  public DevicePolicy setAllowedDeviceManagementLevels(java.util.List<java.lang.String> allowedDeviceManagementLevels) {
+    this.allowedDeviceManagementLevels = allowedDeviceManagementLevels;
+    return this;
+  }
+
+  /**
+   * Allowed encryptions statuses, an empty list allows all statuses.
+   * @return value or {@code null} for none
+   */
+  public java.util.List<java.lang.String> getAllowedEncryptionStatuses() {
+    return allowedEncryptionStatuses;
+  }
+
+  /**
+   * Allowed encryptions statuses, an empty list allows all statuses.
+   * @param allowedEncryptionStatuses allowedEncryptionStatuses or {@code null} for none
+   */
+  public DevicePolicy setAllowedEncryptionStatuses(java.util.List<java.lang.String> allowedEncryptionStatuses) {
+    this.allowedEncryptionStatuses = allowedEncryptionStatuses;
+    return this;
+  }
+
+  /**
+   * Allowed OS versions, an empty list allows all types and all versions.
+   * @return value or {@code null} for none
+   */
+  public java.util.List<OsConstraint> getOsConstraints() {
+    return osConstraints;
+  }
+
+  /**
+   * Allowed OS versions, an empty list allows all types and all versions.
+   * @param osConstraints osConstraints or {@code null} for none
+   */
+  public DevicePolicy setOsConstraints(java.util.List<OsConstraint> osConstraints) {
+    this.osConstraints = osConstraints;
+    return this;
+  }
+
+  /**
+   * Whether or not screenlock is required for the DevicePolicy to be true. Defaults to `false`.
+   * @return value or {@code null} for none
+   */
+  public java.lang.Boolean getRequireScreenlock() {
+    return requireScreenlock;
+  }
+
+  /**
+   * Whether or not screenlock is required for the DevicePolicy to be true. Defaults to `false`.
+   * @param requireScreenlock requireScreenlock or {@code null} for none
+   */
+  public DevicePolicy setRequireScreenlock(java.lang.Boolean requireScreenlock) {
+    this.requireScreenlock = requireScreenlock;
+    return this;
+  }
+
+  @Override
+  public DevicePolicy set(String fieldName, Object value) {
+    return (DevicePolicy) super.set(fieldName, value);
+  }
+
+  @Override
+  public DevicePolicy clone() {
+    return (DevicePolicy) super.clone();
+  }
+
+}
diff --git a/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/Empty.java b/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/Empty.java
new file mode 100644
index 00000000000..06e257a53ec
--- /dev/null
+++ b/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/Empty.java
@@ -0,0 +1,49 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * A generic empty message that you can re-use to avoid defining duplicated empty messages in your
+ * APIs. A typical example is to use it as the request or the response type of an API method. For
+ * instance:
+ *
+ *     service Foo {       rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);     }
+ *
+ * The JSON representation for `Empty` is empty JSON object `{}`.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class Empty extends com.google.api.client.json.GenericJson {
+
+  @Override
+  public Empty set(String fieldName, Object value) {
+    return (Empty) super.set(fieldName, value);
+  }
+
+  @Override
+  public Empty clone() {
+    return (Empty) super.clone();
+  }
+
+}
diff --git a/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ListAccessLevelsResponse.java b/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ListAccessLevelsResponse.java
new file mode 100644
index 00000000000..2d1a52a0e16
--- /dev/null
+++ b/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ListAccessLevelsResponse.java
@@ -0,0 +1,100 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * A response to `ListAccessLevelsRequest`.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class ListAccessLevelsResponse extends com.google.api.client.json.GenericJson {
+
+  /**
+   * List of the Access Level instances.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<AccessLevel> accessLevels;
+
+  static {
+    // hack to force ProGuard to consider AccessLevel used, since otherwise it would be stripped out
+    // see https://github.com/google/google-api-java-client/issues/543
+    com.google.api.client.util.Data.nullOf(AccessLevel.class);
+  }
+
+  /**
+   * The pagination token to retrieve the next page of results. If the value is empty, no further
+   * results remain.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String nextPageToken;
+
+  /**
+   * List of the Access Level instances.
+   * @return value or {@code null} for none
+   */
+  public java.util.List<AccessLevel> getAccessLevels() {
+    return accessLevels;
+  }
+
+  /**
+   * List of the Access Level instances.
+   * @param accessLevels accessLevels or {@code null} for none
+   */
+  public ListAccessLevelsResponse setAccessLevels(java.util.List<AccessLevel> accessLevels) {
+    this.accessLevels = accessLevels;
+    return this;
+  }
+
+  /**
+   * The pagination token to retrieve the next page of results. If the value is empty, no further
+   * results remain.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getNextPageToken() {
+    return nextPageToken;
+  }
+
+  /**
+   * The pagination token to retrieve the next page of results. If the value is empty, no further
+   * results remain.
+   * @param nextPageToken nextPageToken or {@code null} for none
+   */
+  public ListAccessLevelsResponse setNextPageToken(java.lang.String nextPageToken) {
+    this.nextPageToken = nextPageToken;
+    return this;
+  }
+
+  @Override
+  public ListAccessLevelsResponse set(String fieldName, Object value) {
+    return (ListAccessLevelsResponse) super.set(fieldName, value);
+  }
+
+  @Override
+  public ListAccessLevelsResponse clone() {
+    return (ListAccessLevelsResponse) super.clone();
+  }
+
+}
diff --git a/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ListAccessPoliciesResponse.java b/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ListAccessPoliciesResponse.java
new file mode 100644
index 00000000000..ef181c0d354
--- /dev/null
+++ b/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ListAccessPoliciesResponse.java
@@ -0,0 +1,100 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * A response to `ListAccessPoliciesRequest`.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class ListAccessPoliciesResponse extends com.google.api.client.json.GenericJson {
+
+  /**
+   * List of the AccessPolicy instances.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<AccessPolicy> accessPolicies;
+
+  static {
+    // hack to force ProGuard to consider AccessPolicy used, since otherwise it would be stripped out
+    // see https://github.com/google/google-api-java-client/issues/543
+    com.google.api.client.util.Data.nullOf(AccessPolicy.class);
+  }
+
+  /**
+   * The pagination token to retrieve the next page of results. If the value is empty, no further
+   * results remain.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String nextPageToken;
+
+  /**
+   * List of the AccessPolicy instances.
+   * @return value or {@code null} for none
+   */
+  public java.util.List<AccessPolicy> getAccessPolicies() {
+    return accessPolicies;
+  }
+
+  /**
+   * List of the AccessPolicy instances.
+   * @param accessPolicies accessPolicies or {@code null} for none
+   */
+  public ListAccessPoliciesResponse setAccessPolicies(java.util.List<AccessPolicy> accessPolicies) {
+    this.accessPolicies = accessPolicies;
+    return this;
+  }
+
+  /**
+   * The pagination token to retrieve the next page of results. If the value is empty, no further
+   * results remain.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getNextPageToken() {
+    return nextPageToken;
+  }
+
+  /**
+   * The pagination token to retrieve the next page of results. If the value is empty, no further
+   * results remain.
+   * @param nextPageToken nextPageToken or {@code null} for none
+   */
+  public ListAccessPoliciesResponse setNextPageToken(java.lang.String nextPageToken) {
+    this.nextPageToken = nextPageToken;
+    return this;
+  }
+
+  @Override
+  public ListAccessPoliciesResponse set(String fieldName, Object value) {
+    return (ListAccessPoliciesResponse) super.set(fieldName, value);
+  }
+
+  @Override
+  public ListAccessPoliciesResponse clone() {
+    return (ListAccessPoliciesResponse) super.clone();
+  }
+
+}
diff --git a/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ListOperationsResponse.java b/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ListOperationsResponse.java
new file mode 100644
index 00000000000..c7d23609cff
--- /dev/null
+++ b/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ListOperationsResponse.java
@@ -0,0 +1,91 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * The response message for Operations.ListOperations.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class ListOperationsResponse extends com.google.api.client.json.GenericJson {
+
+  /**
+   * The standard List next-page token.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String nextPageToken;
+
+  /**
+   * A list of operations that matches the specified filter in the request.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<Operation> operations;
+
+  /**
+   * The standard List next-page token.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getNextPageToken() {
+    return nextPageToken;
+  }
+
+  /**
+   * The standard List next-page token.
+   * @param nextPageToken nextPageToken or {@code null} for none
+   */
+  public ListOperationsResponse setNextPageToken(java.lang.String nextPageToken) {
+    this.nextPageToken = nextPageToken;
+    return this;
+  }
+
+  /**
+   * A list of operations that matches the specified filter in the request.
+   * @return value or {@code null} for none
+   */
+  public java.util.List<Operation> getOperations() {
+    return operations;
+  }
+
+  /**
+   * A list of operations that matches the specified filter in the request.
+   * @param operations operations or {@code null} for none
+   */
+  public ListOperationsResponse setOperations(java.util.List<Operation> operations) {
+    this.operations = operations;
+    return this;
+  }
+
+  @Override
+  public ListOperationsResponse set(String fieldName, Object value) {
+    return (ListOperationsResponse) super.set(fieldName, value);
+  }
+
+  @Override
+  public ListOperationsResponse clone() {
+    return (ListOperationsResponse) super.clone();
+  }
+
+}
diff --git a/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ListServicePerimetersResponse.java b/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ListServicePerimetersResponse.java
new file mode 100644
index 00000000000..9071e1ef6b6
--- /dev/null
+++ b/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ListServicePerimetersResponse.java
@@ -0,0 +1,94 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * A response to `ListServicePerimetersRequest`.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class ListServicePerimetersResponse extends com.google.api.client.json.GenericJson {
+
+  /**
+   * The pagination token to retrieve the next page of results. If the value is empty, no further
+   * results remain.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String nextPageToken;
+
+  /**
+   * List of the Service Perimeter instances.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<ServicePerimeter> servicePerimeters;
+
+  /**
+   * The pagination token to retrieve the next page of results. If the value is empty, no further
+   * results remain.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getNextPageToken() {
+    return nextPageToken;
+  }
+
+  /**
+   * The pagination token to retrieve the next page of results. If the value is empty, no further
+   * results remain.
+   * @param nextPageToken nextPageToken or {@code null} for none
+   */
+  public ListServicePerimetersResponse setNextPageToken(java.lang.String nextPageToken) {
+    this.nextPageToken = nextPageToken;
+    return this;
+  }
+
+  /**
+   * List of the Service Perimeter instances.
+   * @return value or {@code null} for none
+   */
+  public java.util.List<ServicePerimeter> getServicePerimeters() {
+    return servicePerimeters;
+  }
+
+  /**
+   * List of the Service Perimeter instances.
+   * @param servicePerimeters servicePerimeters or {@code null} for none
+   */
+  public ListServicePerimetersResponse setServicePerimeters(java.util.List<ServicePerimeter> servicePerimeters) {
+    this.servicePerimeters = servicePerimeters;
+    return this;
+  }
+
+  @Override
+  public ListServicePerimetersResponse set(String fieldName, Object value) {
+    return (ListServicePerimetersResponse) super.set(fieldName, value);
+  }
+
+  @Override
+  public ListServicePerimetersResponse clone() {
+    return (ListServicePerimetersResponse) super.clone();
+  }
+
+}
diff --git a/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/Operation.java b/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/Operation.java
new file mode 100644
index 00000000000..7dc4533df21
--- /dev/null
+++ b/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/Operation.java
@@ -0,0 +1,196 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * This resource represents a long-running operation that is the result of a network API call.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class Operation extends com.google.api.client.json.GenericJson {
+
+  /**
+   * If the value is `false`, it means the operation is still in progress. If `true`, the operation
+   * is completed, and either `error` or `response` is available.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.Boolean done;
+
+  /**
+   * The error result of the operation in case of failure or cancellation.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private Status error;
+
+  /**
+   * Service-specific metadata associated with the operation.  It typically contains progress
+   * information and common metadata such as create time. Some services might not provide such
+   * metadata.  Any method that returns a long-running operation should document the metadata type,
+   * if any.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.Map<String, java.lang.Object> metadata;
+
+  /**
+   * The server-assigned name, which is only unique within the same service that originally returns
+   * it. If you use the default HTTP mapping, the `name` should have the format of
+   * `operations/some/unique/name`.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String name;
+
+  /**
+   * The normal response of the operation in case of success.  If the original method returns no
+   * data on success, such as `Delete`, the response is `google.protobuf.Empty`.  If the original
+   * method is standard `Get`/`Create`/`Update`, the response should be the resource.  For other
+   * methods, the response should have the type `XxxResponse`, where `Xxx` is the original method
+   * name.  For example, if the original method name is `TakeSnapshot()`, the inferred response type
+   * is `TakeSnapshotResponse`.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.Map<String, java.lang.Object> response;
+
+  /**
+   * If the value is `false`, it means the operation is still in progress. If `true`, the operation
+   * is completed, and either `error` or `response` is available.
+   * @return value or {@code null} for none
+   */
+  public java.lang.Boolean getDone() {
+    return done;
+  }
+
+  /**
+   * If the value is `false`, it means the operation is still in progress. If `true`, the operation
+   * is completed, and either `error` or `response` is available.
+   * @param done done or {@code null} for none
+   */
+  public Operation setDone(java.lang.Boolean done) {
+    this.done = done;
+    return this;
+  }
+
+  /**
+   * The error result of the operation in case of failure or cancellation.
+   * @return value or {@code null} for none
+   */
+  public Status getError() {
+    return error;
+  }
+
+  /**
+   * The error result of the operation in case of failure or cancellation.
+   * @param error error or {@code null} for none
+   */
+  public Operation setError(Status error) {
+    this.error = error;
+    return this;
+  }
+
+  /**
+   * Service-specific metadata associated with the operation.  It typically contains progress
+   * information and common metadata such as create time. Some services might not provide such
+   * metadata.  Any method that returns a long-running operation should document the metadata type,
+   * if any.
+   * @return value or {@code null} for none
+   */
+  public java.util.Map<String, java.lang.Object> getMetadata() {
+    return metadata;
+  }
+
+  /**
+   * Service-specific metadata associated with the operation.  It typically contains progress
+   * information and common metadata such as create time. Some services might not provide such
+   * metadata.  Any method that returns a long-running operation should document the metadata type,
+   * if any.
+   * @param metadata metadata or {@code null} for none
+   */
+  public Operation setMetadata(java.util.Map<String, java.lang.Object> metadata) {
+    this.metadata = metadata;
+    return this;
+  }
+
+  /**
+   * The server-assigned name, which is only unique within the same service that originally returns
+   * it. If you use the default HTTP mapping, the `name` should have the format of
+   * `operations/some/unique/name`.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getName() {
+    return name;
+  }
+
+  /**
+   * The server-assigned name, which is only unique within the same service that originally returns
+   * it. If you use the default HTTP mapping, the `name` should have the format of
+   * `operations/some/unique/name`.
+   * @param name name or {@code null} for none
+   */
+  public Operation setName(java.lang.String name) {
+    this.name = name;
+    return this;
+  }
+
+  /**
+   * The normal response of the operation in case of success.  If the original method returns no
+   * data on success, such as `Delete`, the response is `google.protobuf.Empty`.  If the original
+   * method is standard `Get`/`Create`/`Update`, the response should be the resource.  For other
+   * methods, the response should have the type `XxxResponse`, where `Xxx` is the original method
+   * name.  For example, if the original method name is `TakeSnapshot()`, the inferred response type
+   * is `TakeSnapshotResponse`.
+   * @return value or {@code null} for none
+   */
+  public java.util.Map<String, java.lang.Object> getResponse() {
+    return response;
+  }
+
+  /**
+   * The normal response of the operation in case of success.  If the original method returns no
+   * data on success, such as `Delete`, the response is `google.protobuf.Empty`.  If the original
+   * method is standard `Get`/`Create`/`Update`, the response should be the resource.  For other
+   * methods, the response should have the type `XxxResponse`, where `Xxx` is the original method
+   * name.  For example, if the original method name is `TakeSnapshot()`, the inferred response type
+   * is `TakeSnapshotResponse`.
+   * @param response response or {@code null} for none
+   */
+  public Operation setResponse(java.util.Map<String, java.lang.Object> response) {
+    this.response = response;
+    return this;
+  }
+
+  @Override
+  public Operation set(String fieldName, Object value) {
+    return (Operation) super.set(fieldName, value);
+  }
+
+  @Override
+  public Operation clone() {
+    return (Operation) super.clone();
+  }
+
+}
diff --git a/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/OsConstraint.java b/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/OsConstraint.java
new file mode 100644
index 00000000000..db6ef9f2889
--- /dev/null
+++ b/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/OsConstraint.java
@@ -0,0 +1,94 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * A restriction on the OS type and version of devices making requests.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class OsConstraint extends com.google.api.client.json.GenericJson {
+
+  /**
+   * The minimum allowed OS version. If not set, any version of this OS satisfies the constraint.
+   * Format: `"major.minor.patch"`. Examples: `"10.5.301"`, `"9.2.1"`.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String minimumVersion;
+
+  /**
+   * Required. The allowed OS type.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String osType;
+
+  /**
+   * The minimum allowed OS version. If not set, any version of this OS satisfies the constraint.
+   * Format: `"major.minor.patch"`. Examples: `"10.5.301"`, `"9.2.1"`.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getMinimumVersion() {
+    return minimumVersion;
+  }
+
+  /**
+   * The minimum allowed OS version. If not set, any version of this OS satisfies the constraint.
+   * Format: `"major.minor.patch"`. Examples: `"10.5.301"`, `"9.2.1"`.
+   * @param minimumVersion minimumVersion or {@code null} for none
+   */
+  public OsConstraint setMinimumVersion(java.lang.String minimumVersion) {
+    this.minimumVersion = minimumVersion;
+    return this;
+  }
+
+  /**
+   * Required. The allowed OS type.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getOsType() {
+    return osType;
+  }
+
+  /**
+   * Required. The allowed OS type.
+   * @param osType osType or {@code null} for none
+   */
+  public OsConstraint setOsType(java.lang.String osType) {
+    this.osType = osType;
+    return this;
+  }
+
+  @Override
+  public OsConstraint set(String fieldName, Object value) {
+    return (OsConstraint) super.set(fieldName, value);
+  }
+
+  @Override
+  public OsConstraint clone() {
+    return (OsConstraint) super.clone();
+  }
+
+}
diff --git a/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ServicePerimeter.java b/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ServicePerimeter.java
new file mode 100644
index 00000000000..17c2c7a3a29
--- /dev/null
+++ b/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ServicePerimeter.java
@@ -0,0 +1,235 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * `ServicePerimeter` describes a set of GCP resources which can freely import and export data
+ * amongst themselves, but not export outside of the `ServicePerimeter`. If a request with a source
+ * within this `ServicePerimeter` has a target outside of the `ServicePerimeter`, the request will
+ * be blocked. Otherwise the request is allowed. There are two types of Service Perimeter - Regular
+ * and Bridge. Regular Service Perimeters cannot overlap, a single GCP project can only belong to a
+ * single regular Service Perimeter. Service Perimeter Bridges can contain only GCP projects as
+ * members, a single GCP project may belong to multiple Service Perimeter Bridges.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class ServicePerimeter extends com.google.api.client.json.GenericJson {
+
+  /**
+   * Output only. Time the `ServicePerimeter` was created in UTC.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private String createTime;
+
+  /**
+   * Description of the `ServicePerimeter` and its use. Does not affect behavior.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String description;
+
+  /**
+   * Required. Resource name for the ServicePerimeter.  The `short_name` component must begin with a
+   * letter and only include alphanumeric and '_'. Format:
+   * `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String name;
+
+  /**
+   * Perimeter type indicator. A single project is allowed to be a member of single regular
+   * perimeter, but multiple service perimeter bridges. A project cannot be a included in a
+   * perimeter bridge without being included in regular perimeter. For perimeter bridges, the
+   * restricted service list as well as access level lists must be empty.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String perimeterType;
+
+  /**
+   * Current ServicePerimeter configuration. Specifies sets of resources, restricted services and
+   * access levels that determine perimeter content and boundaries.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private ServicePerimeterConfig status;
+
+  /**
+   * Human readable title. Must be unique within the Policy.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String title;
+
+  /**
+   * Output only. Time the `ServicePerimeter` was updated in UTC.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private String updateTime;
+
+  /**
+   * Output only. Time the `ServicePerimeter` was created in UTC.
+   * @return value or {@code null} for none
+   */
+  public String getCreateTime() {
+    return createTime;
+  }
+
+  /**
+   * Output only. Time the `ServicePerimeter` was created in UTC.
+   * @param createTime createTime or {@code null} for none
+   */
+  public ServicePerimeter setCreateTime(String createTime) {
+    this.createTime = createTime;
+    return this;
+  }
+
+  /**
+   * Description of the `ServicePerimeter` and its use. Does not affect behavior.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getDescription() {
+    return description;
+  }
+
+  /**
+   * Description of the `ServicePerimeter` and its use. Does not affect behavior.
+   * @param description description or {@code null} for none
+   */
+  public ServicePerimeter setDescription(java.lang.String description) {
+    this.description = description;
+    return this;
+  }
+
+  /**
+   * Required. Resource name for the ServicePerimeter.  The `short_name` component must begin with a
+   * letter and only include alphanumeric and '_'. Format:
+   * `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getName() {
+    return name;
+  }
+
+  /**
+   * Required. Resource name for the ServicePerimeter.  The `short_name` component must begin with a
+   * letter and only include alphanumeric and '_'. Format:
+   * `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
+   * @param name name or {@code null} for none
+   */
+  public ServicePerimeter setName(java.lang.String name) {
+    this.name = name;
+    return this;
+  }
+
+  /**
+   * Perimeter type indicator. A single project is allowed to be a member of single regular
+   * perimeter, but multiple service perimeter bridges. A project cannot be a included in a
+   * perimeter bridge without being included in regular perimeter. For perimeter bridges, the
+   * restricted service list as well as access level lists must be empty.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getPerimeterType() {
+    return perimeterType;
+  }
+
+  /**
+   * Perimeter type indicator. A single project is allowed to be a member of single regular
+   * perimeter, but multiple service perimeter bridges. A project cannot be a included in a
+   * perimeter bridge without being included in regular perimeter. For perimeter bridges, the
+   * restricted service list as well as access level lists must be empty.
+   * @param perimeterType perimeterType or {@code null} for none
+   */
+  public ServicePerimeter setPerimeterType(java.lang.String perimeterType) {
+    this.perimeterType = perimeterType;
+    return this;
+  }
+
+  /**
+   * Current ServicePerimeter configuration. Specifies sets of resources, restricted services and
+   * access levels that determine perimeter content and boundaries.
+   * @return value or {@code null} for none
+   */
+  public ServicePerimeterConfig getStatus() {
+    return status;
+  }
+
+  /**
+   * Current ServicePerimeter configuration. Specifies sets of resources, restricted services and
+   * access levels that determine perimeter content and boundaries.
+   * @param status status or {@code null} for none
+   */
+  public ServicePerimeter setStatus(ServicePerimeterConfig status) {
+    this.status = status;
+    return this;
+  }
+
+  /**
+   * Human readable title. Must be unique within the Policy.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getTitle() {
+    return title;
+  }
+
+  /**
+   * Human readable title. Must be unique within the Policy.
+   * @param title title or {@code null} for none
+   */
+  public ServicePerimeter setTitle(java.lang.String title) {
+    this.title = title;
+    return this;
+  }
+
+  /**
+   * Output only. Time the `ServicePerimeter` was updated in UTC.
+   * @return value or {@code null} for none
+   */
+  public String getUpdateTime() {
+    return updateTime;
+  }
+
+  /**
+   * Output only. Time the `ServicePerimeter` was updated in UTC.
+   * @param updateTime updateTime or {@code null} for none
+   */
+  public ServicePerimeter setUpdateTime(String updateTime) {
+    this.updateTime = updateTime;
+    return this;
+  }
+
+  @Override
+  public ServicePerimeter set(String fieldName, Object value) {
+    return (ServicePerimeter) super.set(fieldName, value);
+  }
+
+  @Override
+  public ServicePerimeter clone() {
+    return (ServicePerimeter) super.clone();
+  }
+
+}
diff --git a/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ServicePerimeterConfig.java b/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ServicePerimeterConfig.java
new file mode 100644
index 00000000000..11d6fb42e5d
--- /dev/null
+++ b/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ServicePerimeterConfig.java
@@ -0,0 +1,143 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * `ServicePerimeterConfig` specifies a set of GCP resources that describe specific Service
+ * Perimeter configuration.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class ServicePerimeterConfig extends com.google.api.client.json.GenericJson {
+
+  /**
+   * A list of `AccessLevel` resource names that allow resources within the `ServicePerimeter` to be
+   * accessed from the internet. `AccessLevels` listed must be in the same policy as this
+   * `ServicePerimeter`. Referencing a nonexistent `AccessLevel` is a syntax error. If no
+   * `AccessLevel` names are listed, resources within the perimeter can only be accessed via GCP
+   * calls with request origins within the perimeter. Example:
+   * `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`. For Service Perimeter Bridge, must be
+   * empty.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<java.lang.String> accessLevels;
+
+  /**
+   * A list of GCP resources that are inside of the service perimeter. Currently only projects are
+   * allowed. Format: `projects/{project_number}`
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<java.lang.String> resources;
+
+  /**
+   * GCP services that are subject to the Service Perimeter restrictions. For example, if
+   * `storage.googleapis.com` is specified, access to the storage buckets inside the perimeter must
+   * meet the perimeter's access restrictions.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<java.lang.String> restrictedServices;
+
+  /**
+   * A list of `AccessLevel` resource names that allow resources within the `ServicePerimeter` to be
+   * accessed from the internet. `AccessLevels` listed must be in the same policy as this
+   * `ServicePerimeter`. Referencing a nonexistent `AccessLevel` is a syntax error. If no
+   * `AccessLevel` names are listed, resources within the perimeter can only be accessed via GCP
+   * calls with request origins within the perimeter. Example:
+   * `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`. For Service Perimeter Bridge, must be
+   * empty.
+   * @return value or {@code null} for none
+   */
+  public java.util.List<java.lang.String> getAccessLevels() {
+    return accessLevels;
+  }
+
+  /**
+   * A list of `AccessLevel` resource names that allow resources within the `ServicePerimeter` to be
+   * accessed from the internet. `AccessLevels` listed must be in the same policy as this
+   * `ServicePerimeter`. Referencing a nonexistent `AccessLevel` is a syntax error. If no
+   * `AccessLevel` names are listed, resources within the perimeter can only be accessed via GCP
+   * calls with request origins within the perimeter. Example:
+   * `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`. For Service Perimeter Bridge, must be
+   * empty.
+   * @param accessLevels accessLevels or {@code null} for none
+   */
+  public ServicePerimeterConfig setAccessLevels(java.util.List<java.lang.String> accessLevels) {
+    this.accessLevels = accessLevels;
+    return this;
+  }
+
+  /**
+   * A list of GCP resources that are inside of the service perimeter. Currently only projects are
+   * allowed. Format: `projects/{project_number}`
+   * @return value or {@code null} for none
+   */
+  public java.util.List<java.lang.String> getResources() {
+    return resources;
+  }
+
+  /**
+   * A list of GCP resources that are inside of the service perimeter. Currently only projects are
+   * allowed. Format: `projects/{project_number}`
+   * @param resources resources or {@code null} for none
+   */
+  public ServicePerimeterConfig setResources(java.util.List<java.lang.String> resources) {
+    this.resources = resources;
+    return this;
+  }
+
+  /**
+   * GCP services that are subject to the Service Perimeter restrictions. For example, if
+   * `storage.googleapis.com` is specified, access to the storage buckets inside the perimeter must
+   * meet the perimeter's access restrictions.
+   * @return value or {@code null} for none
+   */
+  public java.util.List<java.lang.String> getRestrictedServices() {
+    return restrictedServices;
+  }
+
+  /**
+   * GCP services that are subject to the Service Perimeter restrictions. For example, if
+   * `storage.googleapis.com` is specified, access to the storage buckets inside the perimeter must
+   * meet the perimeter's access restrictions.
+   * @param restrictedServices restrictedServices or {@code null} for none
+   */
+  public ServicePerimeterConfig setRestrictedServices(java.util.List<java.lang.String> restrictedServices) {
+    this.restrictedServices = restrictedServices;
+    return this;
+  }
+
+  @Override
+  public ServicePerimeterConfig set(String fieldName, Object value) {
+    return (ServicePerimeterConfig) super.set(fieldName, value);
+  }
+
+  @Override
+  public ServicePerimeterConfig clone() {
+    return (ServicePerimeterConfig) super.clone();
+  }
+
+}
diff --git a/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/Status.java b/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/Status.java
new file mode 100644
index 00000000000..c8fddc1b6b2
--- /dev/null
+++ b/clients/1.27.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/Status.java
@@ -0,0 +1,168 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * The `Status` type defines a logical error model that is suitable for different programming
+ * environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc).
+ * The error model is designed to be:
+ *
+ * - Simple to use and understand for most users - Flexible enough to meet unexpected needs
+ *
+ * # Overview
+ *
+ * The `Status` message contains three pieces of data: error code, error message, and error details.
+ * The error code should be an enum value of google.rpc.Code, but it may accept additional error
+ * codes if needed.  The error message should be a developer-facing English message that helps
+ * developers *understand* and *resolve* the error. If a localized user-facing error message is
+ * needed, put the localized message in the error details or localize it in the client. The optional
+ * error details may contain arbitrary information about the error. There is a predefined set of
+ * error detail types in the package `google.rpc` that can be used for common error conditions.
+ *
+ * # Language mapping
+ *
+ * The `Status` message is the logical representation of the error model, but it is not necessarily
+ * the actual wire format. When the `Status` message is exposed in different client libraries and
+ * different wire protocols, it can be mapped differently. For example, it will likely be mapped to
+ * some exceptions in Java, but more likely mapped to some error codes in C.
+ *
+ * # Other uses
+ *
+ * The error model and the `Status` message can be used in a variety of environments, either with or
+ * without APIs, to provide a consistent developer experience across different environments.
+ *
+ * Example uses of this error model include:
+ *
+ * - Partial errors. If a service needs to return partial errors to the client,     it may embed the
+ * `Status` in the normal response to indicate the partial     errors.
+ *
+ * - Workflow errors. A typical workflow has multiple steps. Each step may     have a `Status`
+ * message for error reporting.
+ *
+ * - Batch operations. If a client uses batch request and batch response, the     `Status` message
+ * should be used directly inside batch response, one for     each error sub-response.
+ *
+ * - Asynchronous operations. If an API call embeds asynchronous operation     results in its
+ * response, the status of those operations should be     represented directly using the `Status`
+ * message.
+ *
+ * - Logging. If some API errors are stored in logs, the message `Status` could     be used directly
+ * after any stripping needed for security/privacy reasons.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class Status extends com.google.api.client.json.GenericJson {
+
+  /**
+   * The status code, which should be an enum value of google.rpc.Code.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.Integer code;
+
+  /**
+   * A list of messages that carry the error details.  There is a common set of message types for
+   * APIs to use.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<java.util.Map<String, java.lang.Object>> details;
+
+  /**
+   * A developer-facing error message, which should be in English. Any user-facing error message
+   * should be localized and sent in the google.rpc.Status.details field, or localized by the
+   * client.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String message;
+
+  /**
+   * The status code, which should be an enum value of google.rpc.Code.
+   * @return value or {@code null} for none
+   */
+  public java.lang.Integer getCode() {
+    return code;
+  }
+
+  /**
+   * The status code, which should be an enum value of google.rpc.Code.
+   * @param code code or {@code null} for none
+   */
+  public Status setCode(java.lang.Integer code) {
+    this.code = code;
+    return this;
+  }
+
+  /**
+   * A list of messages that carry the error details.  There is a common set of message types for
+   * APIs to use.
+   * @return value or {@code null} for none
+   */
+  public java.util.List<java.util.Map<String, java.lang.Object>> getDetails() {
+    return details;
+  }
+
+  /**
+   * A list of messages that carry the error details.  There is a common set of message types for
+   * APIs to use.
+   * @param details details or {@code null} for none
+   */
+  public Status setDetails(java.util.List<java.util.Map<String, java.lang.Object>> details) {
+    this.details = details;
+    return this;
+  }
+
+  /**
+   * A developer-facing error message, which should be in English. Any user-facing error message
+   * should be localized and sent in the google.rpc.Status.details field, or localized by the
+   * client.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getMessage() {
+    return message;
+  }
+
+  /**
+   * A developer-facing error message, which should be in English. Any user-facing error message
+   * should be localized and sent in the google.rpc.Status.details field, or localized by the
+   * client.
+   * @param message message or {@code null} for none
+   */
+  public Status setMessage(java.lang.String message) {
+    this.message = message;
+    return this;
+  }
+
+  @Override
+  public Status set(String fieldName, Object value) {
+    return (Status) super.set(fieldName, value);
+  }
+
+  @Override
+  public Status clone() {
+    return (Status) super.clone();
+  }
+
+}
diff --git a/clients/1.27.0/google-api-services-accesscontextmanager/v1/pom.xml b/clients/1.27.0/google-api-services-accesscontextmanager/v1/pom.xml
new file mode 100644
index 00000000000..078e3bd3669
--- /dev/null
+++ b/clients/1.27.0/google-api-services-accesscontextmanager/v1/pom.xml
@@ -0,0 +1,142 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <parent>
+    <groupId>org.sonatype.oss</groupId>
+    <artifactId>oss-parent</artifactId>
+    <version>7</version>
+  </parent>
+
+  <groupId>com.google.apis</groupId>
+  <artifactId>google-api-services-accesscontextmanager</artifactId>
+  <version>v1-rev20190306-1.27.0</version>
+  <name>Access Context Manager API v1-rev20190306-1.27.0</name>
+  <packaging>jar</packaging>
+
+  <inceptionYear>2011</inceptionYear>
+
+  <organization>
+    <name>Google</name>
+    <url>http://www.google.com/</url>
+  </organization>
+
+  <licenses>
+    <license>
+      <name>The Apache Software License, Version 2.0</name>
+      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+      <distribution>repo</distribution>
+    </license>
+  </licenses>
+
+  <distributionManagement>
+    <snapshotRepository>
+      <id>ossrh</id>
+      <url>https://oss.sonatype.org/content/repositories/snapshots</url>
+    </snapshotRepository>
+  </distributionManagement>
+
+  <build>
+    <plugins>
+      <plugin>
+        <artifactId>maven-compiler-plugin</artifactId>
+        <version>3.5.1</version>
+        <configuration>
+          <source>1.6</source>
+          <target>1.6</target>
+        </configuration>
+      </plugin>
+      <plugin>
+        <groupId>org.sonatype.plugins</groupId>
+        <artifactId>nexus-staging-maven-plugin</artifactId>
+        <version>1.6.5</version>
+        <extensions>true</extensions>
+        <configuration>
+          <serverId>ossrh</serverId>
+          <nexusUrl>https://oss.sonatype.org/</nexusUrl>
+          <autoReleaseAfterClose>true</autoReleaseAfterClose>
+        </configuration>
+      </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-source-plugin</artifactId>
+        <version>2.2.1</version>
+      </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-javadoc-plugin</artifactId>
+        <version>2.9.1</version>
+        <executions>
+          <execution>
+            <id>attach-javadocs</id>
+            <goals>
+              <goal>jar</goal>
+            </goals>
+          </execution>
+        </executions>
+        <configuration>
+          <doctitle>Access Context Manager API ${project.version}</doctitle>
+          <windowtitle>Access Context Manager API ${project.version}</windowtitle>
+          <links>
+            <link>http://docs.oracle.com/javase/6/docs/api</link>
+            <link>https://google.github.io/google-http-java-client/releases/1.27.0/javadoc/index.html</link>
+            <link>https://google.github.io/google-oauth-java-client/releases/1.27.0/javadoc/index.html</link>
+            <link>https://google.github.io/google-api-java-client/releases/1.27.0/javadoc/index.html</link>
+          </links>
+        </configuration>
+      </plugin>
+    </plugins>
+    <sourceDirectory>.</sourceDirectory>
+    <resources>
+      <resource>
+        <directory>./resources</directory>
+      </resource>
+    </resources>
+  </build>
+
+  <dependencies>
+    <dependency>
+      <groupId>com.google.api-client</groupId>
+      <artifactId>google-api-client</artifactId>
+      <version>1.27.0</version>
+    </dependency>
+  </dependencies>
+
+  <properties>
+    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+  </properties>
+
+  <profiles>
+    <profile>
+      <id>release-sign-artifacts</id>
+      <activation>
+        <property>
+          <name>performRelease</name>
+          <value>true</value>
+        </property>
+      </activation>
+      <build>
+        <plugins>
+          <plugin>
+            <groupId>org.apache.maven.plugins</groupId>
+            <artifactId>maven-gpg-plugin</artifactId>
+            <version>1.6</version>
+            <executions>
+              <execution>
+                <id>sign-artifacts</id>
+                <phase>verify</phase>
+                <goals>
+                  <goal>sign</goal>
+                </goals>
+                <configuration>
+                  <gpgArguments>
+                    <arg>--pinentry-mode</arg>
+                    <arg>loopback</arg>
+                  </gpgArguments>
+                </configuration>
+              </execution>
+            </executions>
+          </plugin>
+        </plugins>
+      </build>
+    </profile>
+  </profiles>
+</project>
\ No newline at end of file
diff --git a/clients/1.27.0/google-api-services-accesscontextmanager/v1/resources/accesscontextmanager.v1.json b/clients/1.27.0/google-api-services-accesscontextmanager/v1/resources/accesscontextmanager.v1.json
new file mode 100644
index 00000000000..0c17e656588
--- /dev/null
+++ b/clients/1.27.0/google-api-services-accesscontextmanager/v1/resources/accesscontextmanager.v1.json
@@ -0,0 +1,1131 @@
+{
+  "version_module": true,
+  "schemas": {
+    "BasicLevel": {
+      "description": "`BasicLevel` is an `AccessLevel` using a set of recommended features.",
+      "type": "object",
+      "properties": {
+        "conditions": {
+          "description": "Required. A list of requirements for the `AccessLevel` to be granted.",
+          "type": "array",
+          "items": {
+            "$ref": "Condition"
+          }
+        },
+        "combiningFunction": {
+          "description": "How the `conditions` list should be combined to determine if a request is\ngranted this `AccessLevel`. If AND is used, each `Condition` in\n`conditions` must be satisfied for the `AccessLevel` to be applied. If OR\nis used, at least one `Condition` in `conditions` must be satisfied for the\n`AccessLevel` to be applied. Default behavior is AND.",
+          "type": "string",
+          "enumDescriptions": [
+            "All `Conditions` must be true for the `BasicLevel` to be true.",
+            "If at least one `Condition` is true, then the `BasicLevel` is true."
+          ],
+          "enum": [
+            "AND",
+            "OR"
+          ]
+        }
+      },
+      "id": "BasicLevel"
+    },
+    "ListServicePerimetersResponse": {
+      "description": "A response to `ListServicePerimetersRequest`.",
+      "type": "object",
+      "properties": {
+        "servicePerimeters": {
+          "description": "List of the Service Perimeter instances.",
+          "type": "array",
+          "items": {
+            "$ref": "ServicePerimeter"
+          }
+        },
+        "nextPageToken": {
+          "description": "The pagination token to retrieve the next page of results. If the value is\nempty, no further results remain.",
+          "type": "string"
+        }
+      },
+      "id": "ListServicePerimetersResponse"
+    },
+    "ListAccessPoliciesResponse": {
+      "description": "A response to `ListAccessPoliciesRequest`.",
+      "type": "object",
+      "properties": {
+        "accessPolicies": {
+          "description": "List of the AccessPolicy instances.",
+          "type": "array",
+          "items": {
+            "$ref": "AccessPolicy"
+          }
+        },
+        "nextPageToken": {
+          "description": "The pagination token to retrieve the next page of results. If the value is\nempty, no further results remain.",
+          "type": "string"
+        }
+      },
+      "id": "ListAccessPoliciesResponse"
+    },
+    "DevicePolicy": {
+      "description": "`DevicePolicy` specifies device specific restrictions necessary to acquire a\ngiven access level. A `DevicePolicy` specifies requirements for requests from\ndevices to be granted access levels, it does not do any enforcement on the\ndevice. `DevicePolicy` acts as an AND over all specified fields, and each\nrepeated field is an OR over its elements. Any unset fields are ignored. For\nexample, if the proto is { os_type : DESKTOP_WINDOWS, os_type :\nDESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be\ntrue for requests originating from encrypted Linux desktops and encrypted\nWindows desktops.",
+      "type": "object",
+      "properties": {
+        "allowedDeviceManagementLevels": {
+          "description": "Allowed device management levels, an empty list allows all management\nlevels.",
+          "type": "array",
+          "items": {
+            "enum": [
+              "MANAGEMENT_UNSPECIFIED",
+              "NONE",
+              "BASIC",
+              "COMPLETE"
+            ],
+            "type": "string"
+          },
+          "enumDescriptions": [
+            "The device's management level is not specified or not known.",
+            "The device is not managed.",
+            "Basic management is enabled, which is generally limited to monitoring and\nwiping the corporate account.",
+            "Complete device management. This includes more thorough monitoring and the\nability to directly manage the device (such as remote wiping). This can be\nenabled through the Android Enterprise Platform."
+          ]
+        },
+        "osConstraints": {
+          "description": "Allowed OS versions, an empty list allows all types and all versions.",
+          "type": "array",
+          "items": {
+            "$ref": "OsConstraint"
+          }
+        },
+        "allowedEncryptionStatuses": {
+          "description": "Allowed encryptions statuses, an empty list allows all statuses.",
+          "type": "array",
+          "items": {
+            "enum": [
+              "ENCRYPTION_UNSPECIFIED",
+              "ENCRYPTION_UNSUPPORTED",
+              "UNENCRYPTED",
+              "ENCRYPTED"
+            ],
+            "type": "string"
+          },
+          "enumDescriptions": [
+            "The encryption status of the device is not specified or not known.",
+            "The device does not support encryption.",
+            "The device supports encryption, but is currently unencrypted.",
+            "The device is encrypted."
+          ]
+        },
+        "requireScreenlock": {
+          "description": "Whether or not screenlock is required for the DevicePolicy to be true.\nDefaults to `false`.",
+          "type": "boolean"
+        }
+      },
+      "id": "DevicePolicy"
+    },
+    "AccessLevel": {
+      "description": "An `AccessLevel` is a label that can be applied to requests to GCP services,\nalong with a list of requirements necessary for the label to be applied.",
+      "type": "object",
+      "properties": {
+        "createTime": {
+          "description": "Output only. Time the `AccessLevel` was created in UTC.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "updateTime": {
+          "description": "Output only. Time the `AccessLevel` was updated in UTC.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "name": {
+          "description": "Required. Resource name for the Access Level. The `short_name` component\nmust begin with a letter and only include alphanumeric and '_'. Format:\n`accessPolicies/{policy_id}/accessLevels/{short_name}`",
+          "type": "string"
+        },
+        "basic": {
+          "description": "A `BasicLevel` composed of `Conditions`.",
+          "$ref": "BasicLevel"
+        },
+        "title": {
+          "description": "Human readable title. Must be unique within the Policy.",
+          "type": "string"
+        },
+        "description": {
+          "description": "Description of the `AccessLevel` and its use. Does not affect behavior.",
+          "type": "string"
+        }
+      },
+      "id": "AccessLevel"
+    },
+    "CancelOperationRequest": {
+      "description": "The request message for Operations.CancelOperation.",
+      "type": "object",
+      "properties": {},
+      "id": "CancelOperationRequest"
+    },
+    "AccessPolicy": {
+      "description": "`AccessPolicy` is a container for `AccessLevels` (which define the necessary\nattributes to use GCP services) and `ServicePerimeters` (which define regions\nof services able to freely pass data within a perimeter). An access policy is\nglobally visible within an organization, and the restrictions it specifies\napply to all projects within an organization.",
+      "type": "object",
+      "properties": {
+        "parent": {
+          "description": "Required. The parent of this `AccessPolicy` in the Cloud Resource\nHierarchy. Currently immutable once created. Format:\n`organizations/{organization_id}`",
+          "type": "string"
+        },
+        "createTime": {
+          "description": "Output only. Time the `AccessPolicy` was created in UTC.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "title": {
+          "description": "Required. Human readable title. Does not affect behavior.",
+          "type": "string"
+        },
+        "updateTime": {
+          "description": "Output only. Time the `AccessPolicy` was updated in UTC.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "name": {
+          "description": "Output only. Resource name of the `AccessPolicy`. Format:\n`accessPolicies/{policy_id}`",
+          "type": "string"
+        }
+      },
+      "id": "AccessPolicy"
+    },
+    "Operation": {
+      "description": "This resource represents a long-running operation that is the result of a\nnetwork API call.",
+      "type": "object",
+      "properties": {
+        "error": {
+          "description": "The error result of the operation in case of failure or cancellation.",
+          "$ref": "Status"
+        },
+        "metadata": {
+          "description": "Service-specific metadata associated with the operation.  It typically\ncontains progress information and common metadata such as create time.\nSome services might not provide such metadata.  Any method that returns a\nlong-running operation should document the metadata type, if any.",
+          "type": "object",
+          "additionalProperties": {
+            "description": "Properties of the object. Contains field @type with type URL.",
+            "type": "any"
+          }
+        },
+        "done": {
+          "description": "If the value is `false`, it means the operation is still in progress.\nIf `true`, the operation is completed, and either `error` or `response` is\navailable.",
+          "type": "boolean"
+        },
+        "response": {
+          "description": "The normal response of the operation in case of success.  If the original\nmethod returns no data on success, such as `Delete`, the response is\n`google.protobuf.Empty`.  If the original method is standard\n`Get`/`Create`/`Update`, the response should be the resource.  For other\nmethods, the response should have the type `XxxResponse`, where `Xxx`\nis the original method name.  For example, if the original method name\nis `TakeSnapshot()`, the inferred response type is\n`TakeSnapshotResponse`.",
+          "type": "object",
+          "additionalProperties": {
+            "description": "Properties of the object. Contains field @type with type URL.",
+            "type": "any"
+          }
+        },
+        "name": {
+          "description": "The server-assigned name, which is only unique within the same service that\noriginally returns it. If you use the default HTTP mapping, the\n`name` should have the format of `operations/some/unique/name`.",
+          "type": "string"
+        }
+      },
+      "id": "Operation"
+    },
+    "Status": {
+      "description": "The `Status` type defines a logical error model that is suitable for different\nprogramming environments, including REST APIs and RPC APIs. It is used by\n[gRPC](https://github.com/grpc). The error model is designed to be:\n\n- Simple to use and understand for most users\n- Flexible enough to meet unexpected needs\n\n# Overview\n\nThe `Status` message contains three pieces of data: error code, error message,\nand error details. The error code should be an enum value of\ngoogle.rpc.Code, but it may accept additional error codes if needed.  The\nerror message should be a developer-facing English message that helps\ndevelopers *understand* and *resolve* the error. If a localized user-facing\nerror message is needed, put the localized message in the error details or\nlocalize it in the client. The optional error details may contain arbitrary\ninformation about the error. There is a predefined set of error detail types\nin the package `google.rpc` that can be used for common error conditions.\n\n# Language mapping\n\nThe `Status` message is the logical representation of the error model, but it\nis not necessarily the actual wire format. When the `Status` message is\nexposed in different client libraries and different wire protocols, it can be\nmapped differently. For example, it will likely be mapped to some exceptions\nin Java, but more likely mapped to some error codes in C.\n\n# Other uses\n\nThe error model and the `Status` message can be used in a variety of\nenvironments, either with or without APIs, to provide a\nconsistent developer experience across different environments.\n\nExample uses of this error model include:\n\n- Partial errors. If a service needs to return partial errors to the client,\n    it may embed the `Status` in the normal response to indicate the partial\n    errors.\n\n- Workflow errors. A typical workflow has multiple steps. Each step may\n    have a `Status` message for error reporting.\n\n- Batch operations. If a client uses batch request and batch response, the\n    `Status` message should be used directly inside batch response, one for\n    each error sub-response.\n\n- Asynchronous operations. If an API call embeds asynchronous operation\n    results in its response, the status of those operations should be\n    represented directly using the `Status` message.\n\n- Logging. If some API errors are stored in logs, the message `Status` could\n    be used directly after any stripping needed for security/privacy reasons.",
+      "type": "object",
+      "properties": {
+        "code": {
+          "description": "The status code, which should be an enum value of google.rpc.Code.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "message": {
+          "description": "A developer-facing error message, which should be in English. Any\nuser-facing error message should be localized and sent in the\ngoogle.rpc.Status.details field, or localized by the client.",
+          "type": "string"
+        },
+        "details": {
+          "description": "A list of messages that carry the error details.  There is a common set of\nmessage types for APIs to use.",
+          "type": "array",
+          "items": {
+            "additionalProperties": {
+              "description": "Properties of the object. Contains field @type with type URL.",
+              "type": "any"
+            },
+            "type": "object"
+          }
+        }
+      },
+      "id": "Status"
+    },
+    "Empty": {
+      "description": "A generic empty message that you can re-use to avoid defining duplicated\nempty messages in your APIs. A typical example is to use it as the request\nor the response type of an API method. For instance:\n\n    service Foo {\n      rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);\n    }\n\nThe JSON representation for `Empty` is empty JSON object `{}`.",
+      "type": "object",
+      "properties": {},
+      "id": "Empty"
+    },
+    "OsConstraint": {
+      "description": "A restriction on the OS type and version of devices making requests.",
+      "type": "object",
+      "properties": {
+        "minimumVersion": {
+          "description": "The minimum allowed OS version. If not set, any version of this OS\nsatisfies the constraint. Format: `\"major.minor.patch\"`.\nExamples: `\"10.5.301\"`, `\"9.2.1\"`.",
+          "type": "string"
+        },
+        "osType": {
+          "enumDescriptions": [
+            "The operating system of the device is not specified or not known.",
+            "A desktop Mac operating system.",
+            "A desktop Windows operating system.",
+            "A desktop Linux operating system.",
+            "A desktop ChromeOS operating system."
+          ],
+          "enum": [
+            "OS_UNSPECIFIED",
+            "DESKTOP_MAC",
+            "DESKTOP_WINDOWS",
+            "DESKTOP_LINUX",
+            "DESKTOP_CHROME_OS"
+          ],
+          "description": "Required. The allowed OS type.",
+          "type": "string"
+        }
+      },
+      "id": "OsConstraint"
+    },
+    "ServicePerimeter": {
+      "description": "`ServicePerimeter` describes a set of GCP resources which can freely import\nand export data amongst themselves, but not export outside of the\n`ServicePerimeter`. If a request with a source within this `ServicePerimeter`\nhas a target outside of the `ServicePerimeter`, the request will be blocked.\nOtherwise the request is allowed. There are two types of Service Perimeter -\nRegular and Bridge. Regular Service Perimeters cannot overlap, a single GCP\nproject can only belong to a single regular Service Perimeter. Service\nPerimeter Bridges can contain only GCP projects as members, a single GCP\nproject may belong to multiple Service Perimeter Bridges.",
+      "type": "object",
+      "properties": {
+        "perimeterType": {
+          "enumDescriptions": [
+            "Regular Perimeter.",
+            "Perimeter Bridge."
+          ],
+          "enum": [
+            "PERIMETER_TYPE_REGULAR",
+            "PERIMETER_TYPE_BRIDGE"
+          ],
+          "description": "Perimeter type indicator. A single project is\nallowed to be a member of single regular perimeter, but multiple service\nperimeter bridges. A project cannot be a included in a perimeter bridge\nwithout being included in regular perimeter. For perimeter bridges,\nthe restricted service list as well as access level lists must be\nempty.",
+          "type": "string"
+        },
+        "title": {
+          "description": "Human readable title. Must be unique within the Policy.",
+          "type": "string"
+        },
+        "description": {
+          "description": "Description of the `ServicePerimeter` and its use. Does not affect\nbehavior.",
+          "type": "string"
+        },
+        "createTime": {
+          "description": "Output only. Time the `ServicePerimeter` was created in UTC.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "status": {
+          "description": "Current ServicePerimeter configuration. Specifies sets of resources,\nrestricted services and access levels that determine perimeter\ncontent and boundaries.",
+          "$ref": "ServicePerimeterConfig"
+        },
+        "updateTime": {
+          "description": "Output only. Time the `ServicePerimeter` was updated in UTC.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "name": {
+          "description": "Required. Resource name for the ServicePerimeter.  The `short_name`\ncomponent must begin with a letter and only include alphanumeric and '_'.\nFormat: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`",
+          "type": "string"
+        }
+      },
+      "id": "ServicePerimeter"
+    },
+    "Condition": {
+      "description": "A condition necessary for an `AccessLevel` to be granted. The Condition is an\nAND over its fields. So a Condition is true if: 1) the request IP is from one\nof the listed subnetworks AND 2) the originating device complies with the\nlisted device policy AND 3) all listed access levels are granted AND 4) the\nrequest was sent at a time allowed by the DateTimeRestriction.",
+      "type": "object",
+      "properties": {
+        "members": {
+          "description": "The request must be made by one of the provided user or service\naccounts. Groups are not supported.\nSyntax:\n`user:{emailid}`\n`serviceAccount:{emailid}`\nIf not specified, a request may come from any user.",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "ipSubnetworks": {
+          "description": "CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for\na CIDR IP address block, the specified IP address portion must be properly\ntruncated (i.e. all the host bits must be zero) or the input is considered\nmalformed. For example, \"192.0.2.0/24\" is accepted but \"192.0.2.1/24\" is\nnot. Similarly, for IPv6, \"2001:db8::/32\" is accepted whereas\n\"2001:db8::1/32\" is not. The originating IP of a request must be in one of\nthe listed subnets in order for this Condition to be true. If empty, all IP\naddresses are allowed.",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "requiredAccessLevels": {
+          "description": "A list of other access levels defined in the same `Policy`, referenced by\nresource name. Referencing an `AccessLevel` which does not exist is an\nerror. All access levels listed must be granted for the Condition\nto be true. Example:\n\"`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME\"`",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "negate": {
+          "description": "Whether to negate the Condition. If true, the Condition becomes a NAND over\nits non-empty fields, each field must be false for the Condition overall to\nbe satisfied. Defaults to false.",
+          "type": "boolean"
+        },
+        "devicePolicy": {
+          "$ref": "DevicePolicy",
+          "description": "Device specific restrictions, all restrictions must hold for the\nCondition to be true. If not specified, all devices are allowed."
+        }
+      },
+      "id": "Condition"
+    },
+    "ListAccessLevelsResponse": {
+      "description": "A response to `ListAccessLevelsRequest`.",
+      "type": "object",
+      "properties": {
+        "nextPageToken": {
+          "description": "The pagination token to retrieve the next page of results. If the value is\nempty, no further results remain.",
+          "type": "string"
+        },
+        "accessLevels": {
+          "description": "List of the Access Level instances.",
+          "type": "array",
+          "items": {
+            "$ref": "AccessLevel"
+          }
+        }
+      },
+      "id": "ListAccessLevelsResponse"
+    },
+    "ListOperationsResponse": {
+      "description": "The response message for Operations.ListOperations.",
+      "type": "object",
+      "properties": {
+        "operations": {
+          "description": "A list of operations that matches the specified filter in the request.",
+          "type": "array",
+          "items": {
+            "$ref": "Operation"
+          }
+        },
+        "nextPageToken": {
+          "description": "The standard List next-page token.",
+          "type": "string"
+        }
+      },
+      "id": "ListOperationsResponse"
+    },
+    "ServicePerimeterConfig": {
+      "description": "`ServicePerimeterConfig` specifies a set of GCP resources that describe\nspecific Service Perimeter configuration.",
+      "type": "object",
+      "properties": {
+        "resources": {
+          "description": "A list of GCP resources that are inside of the service perimeter.\nCurrently only projects are allowed. Format: `projects/{project_number}`",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "accessLevels": {
+          "description": "A list of `AccessLevel` resource names that allow resources within the\n`ServicePerimeter` to be accessed from the internet. `AccessLevels` listed\nmust be in the same policy as this `ServicePerimeter`. Referencing a\nnonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are\nlisted, resources within the perimeter can only be accessed via GCP calls\nwith request origins within the perimeter. Example:\n`\"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL\"`.\nFor Service Perimeter Bridge, must be empty.",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "restrictedServices": {
+          "description": "GCP services that are subject to the Service Perimeter restrictions. For\nexample, if `storage.googleapis.com` is specified, access to the storage\nbuckets inside the perimeter must meet the perimeter's access restrictions.",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        }
+      },
+      "id": "ServicePerimeterConfig"
+    }
+  },
+  "protocol": "rest",
+  "icons": {
+    "x32": "http://www.google.com/images/icons/product/search-32.gif",
+    "x16": "http://www.google.com/images/icons/product/search-16.gif"
+  },
+  "canonicalName": "Access Context Manager",
+  "auth": {
+    "oauth2": {
+      "scopes": {
+        "https://www.googleapis.com/auth/cloud-platform": {
+          "description": "View and manage your data across Google Cloud Platform services"
+        }
+      }
+    }
+  },
+  "rootUrl": "https://accesscontextmanager.googleapis.com/",
+  "ownerDomain": "google.com",
+  "name": "accesscontextmanager",
+  "batchPath": "batch",
+  "fullyEncodeReservedExpansion": true,
+  "title": "Access Context Manager API",
+  "ownerName": "Google",
+  "resources": {
+    "operations": {
+      "methods": {
+        "list": {
+          "description": "Lists operations that match the specified filter in the request. If the\nserver doesn't support this method, it returns `UNIMPLEMENTED`.\n\nNOTE: the `name` binding allows API services to override the binding\nto use different resource name schemes, such as `users/*/operations`. To\noverride the binding, API services can add a binding such as\n`\"/v1/{name=users/*}/operations\"` to their service configuration.\nFor backwards compatibility, the default name includes the operations\ncollection id, however overriding users must ensure the name binding\nis the parent resource, without the operations collection id.",
+          "response": {
+            "$ref": "ListOperationsResponse"
+          },
+          "parameterOrder": [
+            "name"
+          ],
+          "httpMethod": "GET",
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ],
+          "parameters": {
+            "pageSize": {
+              "location": "query",
+              "description": "The standard list page size.",
+              "format": "int32",
+              "type": "integer"
+            },
+            "filter": {
+              "description": "The standard list filter.",
+              "type": "string",
+              "location": "query"
+            },
+            "name": {
+              "description": "The name of the operation's parent resource.",
+              "required": true,
+              "type": "string",
+              "pattern": "^operations$",
+              "location": "path"
+            },
+            "pageToken": {
+              "location": "query",
+              "description": "The standard list page token.",
+              "type": "string"
+            }
+          },
+          "flatPath": "v1/operations",
+          "path": "v1/{+name}",
+          "id": "accesscontextmanager.operations.list"
+        },
+        "get": {
+          "description": "Gets the latest state of a long-running operation.  Clients can use this\nmethod to poll the operation result at intervals as recommended by the API\nservice.",
+          "httpMethod": "GET",
+          "response": {
+            "$ref": "Operation"
+          },
+          "parameterOrder": [
+            "name"
+          ],
+          "parameters": {
+            "name": {
+              "description": "The name of the operation resource.",
+              "required": true,
+              "type": "string",
+              "pattern": "^operations/.+$",
+              "location": "path"
+            }
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ],
+          "flatPath": "v1/operations/{operationsId}",
+          "id": "accesscontextmanager.operations.get",
+          "path": "v1/{+name}"
+        },
+        "cancel": {
+          "flatPath": "v1/operations/{operationsId}:cancel",
+          "path": "v1/{+name}:cancel",
+          "id": "accesscontextmanager.operations.cancel",
+          "description": "Starts asynchronous cancellation on a long-running operation.  The server\nmakes a best effort to cancel the operation, but success is not\nguaranteed.  If the server doesn't support this method, it returns\n`google.rpc.Code.UNIMPLEMENTED`.  Clients can use\nOperations.GetOperation or\nother methods to check whether the cancellation succeeded or whether the\noperation completed despite cancellation. On successful cancellation,\nthe operation is not deleted; instead, it becomes an operation with\nan Operation.error value with a google.rpc.Status.code of 1,\ncorresponding to `Code.CANCELLED`.",
+          "request": {
+            "$ref": "CancelOperationRequest"
+          },
+          "response": {
+            "$ref": "Empty"
+          },
+          "parameterOrder": [
+            "name"
+          ],
+          "httpMethod": "POST",
+          "parameters": {
+            "name": {
+              "description": "The name of the operation resource to be cancelled.",
+              "required": true,
+              "type": "string",
+              "pattern": "^operations/.+$",
+              "location": "path"
+            }
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ]
+        },
+        "delete": {
+          "response": {
+            "$ref": "Empty"
+          },
+          "parameterOrder": [
+            "name"
+          ],
+          "httpMethod": "DELETE",
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ],
+          "parameters": {
+            "name": {
+              "location": "path",
+              "description": "The name of the operation resource to be deleted.",
+              "required": true,
+              "type": "string",
+              "pattern": "^operations/.+$"
+            }
+          },
+          "flatPath": "v1/operations/{operationsId}",
+          "path": "v1/{+name}",
+          "id": "accesscontextmanager.operations.delete",
+          "description": "Deletes a long-running operation. This method indicates that the client is\nno longer interested in the operation result. It does not cancel the\noperation. If the server doesn't support this method, it returns\n`google.rpc.Code.UNIMPLEMENTED`."
+        }
+      }
+    },
+    "accessPolicies": {
+      "methods": {
+        "list": {
+          "flatPath": "v1/accessPolicies",
+          "id": "accesscontextmanager.accessPolicies.list",
+          "path": "v1/accessPolicies",
+          "description": "List all AccessPolicies under a\ncontainer.",
+          "httpMethod": "GET",
+          "response": {
+            "$ref": "ListAccessPoliciesResponse"
+          },
+          "parameterOrder": [],
+          "parameters": {
+            "pageSize": {
+              "description": "Number of AccessPolicy instances to include in the list. Default 100.",
+              "format": "int32",
+              "type": "integer",
+              "location": "query"
+            },
+            "parent": {
+              "description": "Required. Resource name for the container to list AccessPolicy instances\nfrom.\n\nFormat:\n`organizations/{org_id}`",
+              "type": "string",
+              "location": "query"
+            },
+            "pageToken": {
+              "description": "Next page token for the next batch of AccessPolicy instances. Defaults to\nthe first page of results.",
+              "type": "string",
+              "location": "query"
+            }
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ]
+        },
+        "get": {
+          "flatPath": "v1/accessPolicies/{accessPoliciesId}",
+          "path": "v1/{+name}",
+          "id": "accesscontextmanager.accessPolicies.get",
+          "description": "Get an AccessPolicy by name.",
+          "response": {
+            "$ref": "AccessPolicy"
+          },
+          "parameterOrder": [
+            "name"
+          ],
+          "httpMethod": "GET",
+          "parameters": {
+            "name": {
+              "location": "path",
+              "description": "Required. Resource name for the access policy to get.\n\nFormat `accessPolicies/{policy_id}`",
+              "required": true,
+              "type": "string",
+              "pattern": "^accessPolicies/[^/]+$"
+            }
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ]
+        },
+        "patch": {
+          "description": "Update an AccessPolicy. The\nlongrunning Operation from this RPC will have a successful status once the\nchanges to the AccessPolicy have propagated\nto long-lasting storage. Syntactic and basic semantic errors will be\nreturned in `metadata` as a BadRequest proto.",
+          "request": {
+            "$ref": "AccessPolicy"
+          },
+          "httpMethod": "PATCH",
+          "parameterOrder": [
+            "name"
+          ],
+          "response": {
+            "$ref": "Operation"
+          },
+          "parameters": {
+            "updateMask": {
+              "location": "query",
+              "description": "Required. Mask to control which fields get updated. Must be non-empty.",
+              "format": "google-fieldmask",
+              "type": "string"
+            },
+            "name": {
+              "description": "Output only. Resource name of the `AccessPolicy`. Format:\n`accessPolicies/{policy_id}`",
+              "required": true,
+              "type": "string",
+              "pattern": "^accessPolicies/[^/]+$",
+              "location": "path"
+            }
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ],
+          "flatPath": "v1/accessPolicies/{accessPoliciesId}",
+          "id": "accesscontextmanager.accessPolicies.patch",
+          "path": "v1/{+name}"
+        },
+        "create": {
+          "response": {
+            "$ref": "Operation"
+          },
+          "parameterOrder": [],
+          "httpMethod": "POST",
+          "parameters": {},
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ],
+          "flatPath": "v1/accessPolicies",
+          "path": "v1/accessPolicies",
+          "id": "accesscontextmanager.accessPolicies.create",
+          "description": "Create an `AccessPolicy`. Fails if this organization already has a\n`AccessPolicy`. The longrunning Operation will have a successful status\nonce the `AccessPolicy` has propagated to long-lasting storage.\nSyntactic and basic semantic errors will be returned in `metadata` as a\nBadRequest proto.",
+          "request": {
+            "$ref": "AccessPolicy"
+          }
+        },
+        "delete": {
+          "flatPath": "v1/accessPolicies/{accessPoliciesId}",
+          "path": "v1/{+name}",
+          "id": "accesscontextmanager.accessPolicies.delete",
+          "description": "Delete an AccessPolicy by resource\nname. The longrunning Operation will have a successful status once the\nAccessPolicy\nhas been removed from long-lasting storage.",
+          "response": {
+            "$ref": "Operation"
+          },
+          "parameterOrder": [
+            "name"
+          ],
+          "httpMethod": "DELETE",
+          "parameters": {
+            "name": {
+              "location": "path",
+              "description": "Required. Resource name for the access policy to delete.\n\nFormat `accessPolicies/{policy_id}`",
+              "required": true,
+              "type": "string",
+              "pattern": "^accessPolicies/[^/]+$"
+            }
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ]
+        }
+      },
+      "resources": {
+        "servicePerimeters": {
+          "methods": {
+            "list": {
+              "description": "List all Service Perimeters for an\naccess policy.",
+              "response": {
+                "$ref": "ListServicePerimetersResponse"
+              },
+              "parameterOrder": [
+                "parent"
+              ],
+              "httpMethod": "GET",
+              "parameters": {
+                "pageToken": {
+                  "location": "query",
+                  "description": "Next page token for the next batch of Service Perimeter instances.\nDefaults to the first page of results.",
+                  "type": "string"
+                },
+                "pageSize": {
+                  "location": "query",
+                  "description": "Number of Service Perimeters to include\nin the list. Default 100.",
+                  "format": "int32",
+                  "type": "integer"
+                },
+                "parent": {
+                  "description": "Required. Resource name for the access policy to list Service Perimeters from.\n\nFormat:\n`accessPolicies/{policy_id}`",
+                  "required": true,
+                  "type": "string",
+                  "pattern": "^accessPolicies/[^/]+$",
+                  "location": "path"
+                }
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "flatPath": "v1/accessPolicies/{accessPoliciesId}/servicePerimeters",
+              "path": "v1/{+parent}/servicePerimeters",
+              "id": "accesscontextmanager.accessPolicies.servicePerimeters.list"
+            },
+            "get": {
+              "response": {
+                "$ref": "ServicePerimeter"
+              },
+              "parameterOrder": [
+                "name"
+              ],
+              "httpMethod": "GET",
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "parameters": {
+                "name": {
+                  "description": "Required. Resource name for the Service Perimeter.\n\nFormat:\n`accessPolicies/{policy_id}/servicePerimeters/{service_perimeters_id}`",
+                  "required": true,
+                  "type": "string",
+                  "pattern": "^accessPolicies/[^/]+/servicePerimeters/[^/]+$",
+                  "location": "path"
+                }
+              },
+              "flatPath": "v1/accessPolicies/{accessPoliciesId}/servicePerimeters/{servicePerimetersId}",
+              "path": "v1/{+name}",
+              "id": "accesscontextmanager.accessPolicies.servicePerimeters.get",
+              "description": "Get an Service Perimeter by resource\nname."
+            },
+            "patch": {
+              "response": {
+                "$ref": "Operation"
+              },
+              "parameterOrder": [
+                "name"
+              ],
+              "httpMethod": "PATCH",
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "parameters": {
+                "updateMask": {
+                  "location": "query",
+                  "description": "Required. Mask to control which fields get updated. Must be non-empty.",
+                  "format": "google-fieldmask",
+                  "type": "string"
+                },
+                "name": {
+                  "description": "Required. Resource name for the ServicePerimeter.  The `short_name`\ncomponent must begin with a letter and only include alphanumeric and '_'.\nFormat: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`",
+                  "required": true,
+                  "type": "string",
+                  "pattern": "^accessPolicies/[^/]+/servicePerimeters/[^/]+$",
+                  "location": "path"
+                }
+              },
+              "flatPath": "v1/accessPolicies/{accessPoliciesId}/servicePerimeters/{servicePerimetersId}",
+              "path": "v1/{+name}",
+              "id": "accesscontextmanager.accessPolicies.servicePerimeters.patch",
+              "request": {
+                "$ref": "ServicePerimeter"
+              },
+              "description": "Update an Service Perimeter. The\nlongrunning operation from this RPC will have a successful status once the\nchanges to the Service Perimeter have\npropagated to long-lasting storage. Service Perimeter containing\nerrors will result in an error response for the first error encountered."
+            },
+            "create": {
+              "response": {
+                "$ref": "Operation"
+              },
+              "parameterOrder": [
+                "parent"
+              ],
+              "httpMethod": "POST",
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "parameters": {
+                "parent": {
+                  "location": "path",
+                  "description": "Required. Resource name for the access policy which owns this Service\nPerimeter.\n\nFormat: `accessPolicies/{policy_id}`",
+                  "required": true,
+                  "type": "string",
+                  "pattern": "^accessPolicies/[^/]+$"
+                }
+              },
+              "flatPath": "v1/accessPolicies/{accessPoliciesId}/servicePerimeters",
+              "path": "v1/{+parent}/servicePerimeters",
+              "id": "accesscontextmanager.accessPolicies.servicePerimeters.create",
+              "request": {
+                "$ref": "ServicePerimeter"
+              },
+              "description": "Create an Service Perimeter. The\nlongrunning operation from this RPC will have a successful status once the\nService Perimeter has\npropagated to long-lasting storage. Service Perimeters containing\nerrors will result in an error response for the first error encountered."
+            },
+            "delete": {
+              "description": "Delete an Service Perimeter by resource\nname. The longrunning operation from this RPC will have a successful status\nonce the Service Perimeter has been\nremoved from long-lasting storage.",
+              "response": {
+                "$ref": "Operation"
+              },
+              "parameterOrder": [
+                "name"
+              ],
+              "httpMethod": "DELETE",
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "parameters": {
+                "name": {
+                  "description": "Required. Resource name for the Service Perimeter.\n\nFormat:\n`accessPolicies/{policy_id}/servicePerimeters/{service_perimeter_id}`",
+                  "required": true,
+                  "type": "string",
+                  "pattern": "^accessPolicies/[^/]+/servicePerimeters/[^/]+$",
+                  "location": "path"
+                }
+              },
+              "flatPath": "v1/accessPolicies/{accessPoliciesId}/servicePerimeters/{servicePerimetersId}",
+              "path": "v1/{+name}",
+              "id": "accesscontextmanager.accessPolicies.servicePerimeters.delete"
+            }
+          }
+        },
+        "accessLevels": {
+          "methods": {
+            "list": {
+              "flatPath": "v1/accessPolicies/{accessPoliciesId}/accessLevels",
+              "id": "accesscontextmanager.accessPolicies.accessLevels.list",
+              "path": "v1/{+parent}/accessLevels",
+              "description": "List all Access Levels for an access\npolicy.",
+              "httpMethod": "GET",
+              "response": {
+                "$ref": "ListAccessLevelsResponse"
+              },
+              "parameterOrder": [
+                "parent"
+              ],
+              "parameters": {
+                "pageToken": {
+                  "description": "Next page token for the next batch of Access Level instances.\nDefaults to the first page of results.",
+                  "type": "string",
+                  "location": "query"
+                },
+                "pageSize": {
+                  "location": "query",
+                  "description": "Number of Access Levels to include in\nthe list. Default 100.",
+                  "format": "int32",
+                  "type": "integer"
+                },
+                "accessLevelFormat": {
+                  "location": "query",
+                  "enum": [
+                    "LEVEL_FORMAT_UNSPECIFIED",
+                    "AS_DEFINED",
+                    "CEL"
+                  ],
+                  "description": "Whether to return `BasicLevels` in the Cloud Common Expression language, as\n`CustomLevels`, rather than as `BasicLevels`. Defaults to returning\n`AccessLevels` in the format they were defined.",
+                  "type": "string"
+                },
+                "parent": {
+                  "description": "Required. Resource name for the access policy to list Access Levels from.\n\nFormat:\n`accessPolicies/{policy_id}`",
+                  "required": true,
+                  "type": "string",
+                  "pattern": "^accessPolicies/[^/]+$",
+                  "location": "path"
+                }
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ]
+            },
+            "get": {
+              "description": "Get an Access Level by resource\nname.",
+              "response": {
+                "$ref": "AccessLevel"
+              },
+              "parameterOrder": [
+                "name"
+              ],
+              "httpMethod": "GET",
+              "parameters": {
+                "accessLevelFormat": {
+                  "location": "query",
+                  "enum": [
+                    "LEVEL_FORMAT_UNSPECIFIED",
+                    "AS_DEFINED",
+                    "CEL"
+                  ],
+                  "description": "Whether to return `BasicLevels` in the Cloud Common Expression\nLanguage rather than as `BasicLevels`. Defaults to AS_DEFINED, where\nAccess Levels\nare returned as `BasicLevels` or `CustomLevels` based on how they were\ncreated. If set to CEL, all Access Levels are returned as\n`CustomLevels`. In the CEL case, `BasicLevels` are translated to equivalent\n`CustomLevels`.",
+                  "type": "string"
+                },
+                "name": {
+                  "location": "path",
+                  "description": "Required. Resource name for the Access Level.\n\nFormat:\n`accessPolicies/{policy_id}/accessLevels/{access_level_id}`",
+                  "required": true,
+                  "type": "string",
+                  "pattern": "^accessPolicies/[^/]+/accessLevels/[^/]+$"
+                }
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "flatPath": "v1/accessPolicies/{accessPoliciesId}/accessLevels/{accessLevelsId}",
+              "path": "v1/{+name}",
+              "id": "accesscontextmanager.accessPolicies.accessLevels.get"
+            },
+            "patch": {
+              "request": {
+                "$ref": "AccessLevel"
+              },
+              "description": "Update an Access Level. The longrunning\noperation from this RPC will have a successful status once the changes to\nthe Access Level have propagated\nto long-lasting storage. Access Levels containing\nerrors will result in an error response for the first error encountered.",
+              "response": {
+                "$ref": "Operation"
+              },
+              "parameterOrder": [
+                "name"
+              ],
+              "httpMethod": "PATCH",
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "parameters": {
+                "updateMask": {
+                  "location": "query",
+                  "description": "Required.  Mask to control which fields get updated. Must be non-empty.",
+                  "format": "google-fieldmask",
+                  "type": "string"
+                },
+                "name": {
+                  "location": "path",
+                  "description": "Required. Resource name for the Access Level. The `short_name` component\nmust begin with a letter and only include alphanumeric and '_'. Format:\n`accessPolicies/{policy_id}/accessLevels/{short_name}`",
+                  "required": true,
+                  "type": "string",
+                  "pattern": "^accessPolicies/[^/]+/accessLevels/[^/]+$"
+                }
+              },
+              "flatPath": "v1/accessPolicies/{accessPoliciesId}/accessLevels/{accessLevelsId}",
+              "path": "v1/{+name}",
+              "id": "accesscontextmanager.accessPolicies.accessLevels.patch"
+            },
+            "create": {
+              "request": {
+                "$ref": "AccessLevel"
+              },
+              "description": "Create an Access Level. The longrunning\noperation from this RPC will have a successful status once the Access\nLevel has\npropagated to long-lasting storage. Access Levels containing\nerrors will result in an error response for the first error encountered.",
+              "response": {
+                "$ref": "Operation"
+              },
+              "parameterOrder": [
+                "parent"
+              ],
+              "httpMethod": "POST",
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "parameters": {
+                "parent": {
+                  "location": "path",
+                  "description": "Required. Resource name for the access policy which owns this Access\nLevel.\n\nFormat: `accessPolicies/{policy_id}`",
+                  "required": true,
+                  "type": "string",
+                  "pattern": "^accessPolicies/[^/]+$"
+                }
+              },
+              "flatPath": "v1/accessPolicies/{accessPoliciesId}/accessLevels",
+              "path": "v1/{+parent}/accessLevels",
+              "id": "accesscontextmanager.accessPolicies.accessLevels.create"
+            },
+            "delete": {
+              "description": "Delete an Access Level by resource\nname. The longrunning operation from this RPC will have a successful status\nonce the Access Level has been removed\nfrom long-lasting storage.",
+              "response": {
+                "$ref": "Operation"
+              },
+              "parameterOrder": [
+                "name"
+              ],
+              "httpMethod": "DELETE",
+              "parameters": {
+                "name": {
+                  "location": "path",
+                  "description": "Required. Resource name for the Access Level.\n\nFormat:\n`accessPolicies/{policy_id}/accessLevels/{access_level_id}`",
+                  "required": true,
+                  "type": "string",
+                  "pattern": "^accessPolicies/[^/]+/accessLevels/[^/]+$"
+                }
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "flatPath": "v1/accessPolicies/{accessPoliciesId}/accessLevels/{accessLevelsId}",
+              "path": "v1/{+name}",
+              "id": "accesscontextmanager.accessPolicies.accessLevels.delete"
+            }
+          }
+        }
+      }
+    }
+  },
+  "parameters": {
+    "upload_protocol": {
+      "description": "Upload protocol for media (e.g. \"raw\", \"multipart\").",
+      "type": "string",
+      "location": "query"
+    },
+    "quotaUser": {
+      "location": "query",
+      "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
+      "type": "string"
+    },
+    "prettyPrint": {
+      "description": "Returns response with indentations and line breaks.",
+      "type": "boolean",
+      "default": "true",
+      "location": "query"
+    },
+    "fields": {
+      "location": "query",
+      "description": "Selector specifying which fields to include in a partial response.",
+      "type": "string"
+    },
+    "uploadType": {
+      "description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
+      "type": "string",
+      "location": "query"
+    },
+    "callback": {
+      "location": "query",
+      "description": "JSONP",
+      "type": "string"
+    },
+    "oauth_token": {
+      "description": "OAuth 2.0 token for the current user.",
+      "type": "string",
+      "location": "query"
+    },
+    "$.xgafv": {
+      "enumDescriptions": [
+        "v1 error format",
+        "v2 error format"
+      ],
+      "location": "query",
+      "enum": [
+        "1",
+        "2"
+      ],
+      "description": "V1 error format.",
+      "type": "string"
+    },
+    "alt": {
+      "enum": [
+        "json",
+        "media",
+        "proto"
+      ],
+      "type": "string",
+      "enumDescriptions": [
+        "Responses with Content-Type of application/json",
+        "Media download with context-dependent Content-Type",
+        "Responses with Content-Type of application/x-protobuf"
+      ],
+      "location": "query",
+      "description": "Data format for response.",
+      "default": "json"
+    },
+    "access_token": {
+      "description": "OAuth access token.",
+      "type": "string",
+      "location": "query"
+    },
+    "key": {
+      "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
+      "type": "string",
+      "location": "query"
+    }
+  },
+  "version": "v1",
+  "baseUrl": "https://accesscontextmanager.googleapis.com/",
+  "servicePath": "",
+  "description": "An API for setting attribute based access control to requests to GCP services.",
+  "kind": "discovery#restDescription",
+  "basePath": "",
+  "documentationLink": "https://cloud.google.com/access-context-manager/docs/reference/rest/",
+  "id": "accesscontextmanager:v1",
+  "revision": "20190306",
+  "discoveryVersion": "v1"
+}
diff --git a/clients/1.27.0/google-api-services-accesscontextmanager/v1beta/com/google/api/services/accesscontextmanager/v1beta/model/ServicePerimeterConfig.java b/clients/1.27.0/google-api-services-accesscontextmanager/v1beta/com/google/api/services/accesscontextmanager/v1beta/model/ServicePerimeterConfig.java
index 259e5c2b643..c54d66c23ce 100644
--- a/clients/1.27.0/google-api-services-accesscontextmanager/v1beta/com/google/api/services/accesscontextmanager/v1beta/model/ServicePerimeterConfig.java
+++ b/clients/1.27.0/google-api-services-accesscontextmanager/v1beta/com/google/api/services/accesscontextmanager/v1beta/model/ServicePerimeterConfig.java
@@ -53,32 +53,20 @@ public final class ServicePerimeterConfig extends com.google.api.client.json.Gen
   private java.util.List<java.lang.String> resources;
 
   /**
-   * GCP services that are subject to the Service Perimeter restrictions. May contain a list of
-   * services or a single wildcard "*". For example, if `storage.googleapis.com` is specified,
-   * access to the storage buckets inside the perimeter must meet the perimeter's access
-   * restrictions.
-   *
-   * Wildcard means that unless explicitly specified by "unrestricted_services" list, any service is
-   * treated as restricted. One of the fields "restricted_services", "unrestricted_services" must
-   * contain a wildcard "*", otherwise the Service Perimeter specification is invalid. It also means
-   * that both field being empty is invalid as well. "restricted_services" can be empty if and only
-   * if "unrestricted_services" list contains a "*" wildcard.
+   * GCP services that are subject to the Service Perimeter restrictions. Must contain a list of
+   * services. For example, if `storage.googleapis.com` is specified, access to the storage buckets
+   * inside the perimeter must meet the perimeter's access restrictions.
    * The value may be {@code null}.
    */
   @com.google.api.client.util.Key
   private java.util.List<java.lang.String> restrictedServices;
 
   /**
-   * GCP services that are not subject to the Service Perimeter restrictions. May contain a list of
-   * services or a single wildcard "*". For example, if `logging.googleapis.com` is unrestricted,
-   * users can access logs inside the perimeter as if the perimeter doesn't exist, and it also means
-   * VMs inside the perimeter can access logs outside the perimeter.
+   * GCP services that are not subject to the Service Perimeter restrictions. Deprecated. Must be
+   * set to a single wildcard "*".
    *
    * The wildcard means that unless explicitly specified by "restricted_services" list, any service
-   * is treated as unrestricted. One of the fields "restricted_services", "unrestricted_services"
-   * must contain a wildcard "*", otherwise the Service Perimeter specification is invalid. It also
-   * means that both field being empty is invalid as well. "unrestricted_services" can be empty if
-   * and only if "restricted_services" list contains a "*" wildcard.
+   * is treated as unrestricted.
    * The value may be {@code null}.
    */
   @com.google.api.client.util.Key
@@ -133,16 +121,9 @@ public ServicePerimeterConfig setResources(java.util.List<java.lang.String> reso
   }
 
   /**
-   * GCP services that are subject to the Service Perimeter restrictions. May contain a list of
-   * services or a single wildcard "*". For example, if `storage.googleapis.com` is specified,
-   * access to the storage buckets inside the perimeter must meet the perimeter's access
-   * restrictions.
-   *
-   * Wildcard means that unless explicitly specified by "unrestricted_services" list, any service is
-   * treated as restricted. One of the fields "restricted_services", "unrestricted_services" must
-   * contain a wildcard "*", otherwise the Service Perimeter specification is invalid. It also means
-   * that both field being empty is invalid as well. "restricted_services" can be empty if and only
-   * if "unrestricted_services" list contains a "*" wildcard.
+   * GCP services that are subject to the Service Perimeter restrictions. Must contain a list of
+   * services. For example, if `storage.googleapis.com` is specified, access to the storage buckets
+   * inside the perimeter must meet the perimeter's access restrictions.
    * @return value or {@code null} for none
    */
   public java.util.List<java.lang.String> getRestrictedServices() {
@@ -150,16 +131,9 @@ public java.util.List<java.lang.String> getRestrictedServices() {
   }
 
   /**
-   * GCP services that are subject to the Service Perimeter restrictions. May contain a list of
-   * services or a single wildcard "*". For example, if `storage.googleapis.com` is specified,
-   * access to the storage buckets inside the perimeter must meet the perimeter's access
-   * restrictions.
-   *
-   * Wildcard means that unless explicitly specified by "unrestricted_services" list, any service is
-   * treated as restricted. One of the fields "restricted_services", "unrestricted_services" must
-   * contain a wildcard "*", otherwise the Service Perimeter specification is invalid. It also means
-   * that both field being empty is invalid as well. "restricted_services" can be empty if and only
-   * if "unrestricted_services" list contains a "*" wildcard.
+   * GCP services that are subject to the Service Perimeter restrictions. Must contain a list of
+   * services. For example, if `storage.googleapis.com` is specified, access to the storage buckets
+   * inside the perimeter must meet the perimeter's access restrictions.
    * @param restrictedServices restrictedServices or {@code null} for none
    */
   public ServicePerimeterConfig setRestrictedServices(java.util.List<java.lang.String> restrictedServices) {
@@ -168,16 +142,11 @@ public ServicePerimeterConfig setRestrictedServices(java.util.List<java.lang.Str
   }
 
   /**
-   * GCP services that are not subject to the Service Perimeter restrictions. May contain a list of
-   * services or a single wildcard "*". For example, if `logging.googleapis.com` is unrestricted,
-   * users can access logs inside the perimeter as if the perimeter doesn't exist, and it also means
-   * VMs inside the perimeter can access logs outside the perimeter.
+   * GCP services that are not subject to the Service Perimeter restrictions. Deprecated. Must be
+   * set to a single wildcard "*".
    *
    * The wildcard means that unless explicitly specified by "restricted_services" list, any service
-   * is treated as unrestricted. One of the fields "restricted_services", "unrestricted_services"
-   * must contain a wildcard "*", otherwise the Service Perimeter specification is invalid. It also
-   * means that both field being empty is invalid as well. "unrestricted_services" can be empty if
-   * and only if "restricted_services" list contains a "*" wildcard.
+   * is treated as unrestricted.
    * @return value or {@code null} for none
    */
   public java.util.List<java.lang.String> getUnrestrictedServices() {
@@ -185,16 +154,11 @@ public java.util.List<java.lang.String> getUnrestrictedServices() {
   }
 
   /**
-   * GCP services that are not subject to the Service Perimeter restrictions. May contain a list of
-   * services or a single wildcard "*". For example, if `logging.googleapis.com` is unrestricted,
-   * users can access logs inside the perimeter as if the perimeter doesn't exist, and it also means
-   * VMs inside the perimeter can access logs outside the perimeter.
+   * GCP services that are not subject to the Service Perimeter restrictions. Deprecated. Must be
+   * set to a single wildcard "*".
    *
    * The wildcard means that unless explicitly specified by "restricted_services" list, any service
-   * is treated as unrestricted. One of the fields "restricted_services", "unrestricted_services"
-   * must contain a wildcard "*", otherwise the Service Perimeter specification is invalid. It also
-   * means that both field being empty is invalid as well. "unrestricted_services" can be empty if
-   * and only if "restricted_services" list contains a "*" wildcard.
+   * is treated as unrestricted.
    * @param unrestrictedServices unrestrictedServices or {@code null} for none
    */
   public ServicePerimeterConfig setUnrestrictedServices(java.util.List<java.lang.String> unrestrictedServices) {
diff --git a/clients/1.27.0/google-api-services-accesscontextmanager/v1beta/pom.xml b/clients/1.27.0/google-api-services-accesscontextmanager/v1beta/pom.xml
index 3c673246b60..2c43f48ca85 100644
--- a/clients/1.27.0/google-api-services-accesscontextmanager/v1beta/pom.xml
+++ b/clients/1.27.0/google-api-services-accesscontextmanager/v1beta/pom.xml
@@ -8,8 +8,8 @@
 
   <groupId>com.google.apis</groupId>
   <artifactId>google-api-services-accesscontextmanager</artifactId>
-  <version>v1beta-rev20190204-1.27.0</version>
-  <name>Access Context Manager API v1beta-rev20190204-1.27.0</name>
+  <version>v1beta-rev20190306-1.27.0</version>
+  <name>Access Context Manager API v1beta-rev20190306-1.27.0</name>
   <packaging>jar</packaging>
 
   <inceptionYear>2011</inceptionYear>
diff --git a/clients/1.27.0/google-api-services-accesscontextmanager/v1beta/resources/accesscontextmanager.v1beta.json b/clients/1.27.0/google-api-services-accesscontextmanager/v1beta/resources/accesscontextmanager.v1beta.json
index 3b26d87c832..e77baff584a 100644
--- a/clients/1.27.0/google-api-services-accesscontextmanager/v1beta/resources/accesscontextmanager.v1beta.json
+++ b/clients/1.27.0/google-api-services-accesscontextmanager/v1beta/resources/accesscontextmanager.v1beta.json
@@ -1,616 +1,217 @@
 {
-  "id": "accesscontextmanager:v1beta",
-  "documentationLink": "https://cloud.google.com/access-context-manager/docs/reference/rest/",
-  "revision": "20190204",
-  "discoveryVersion": "v1",
-  "version_module": true,
-  "schemas": {
-    "Status": {
-      "description": "The `Status` type defines a logical error model that is suitable for different\nprogramming environments, including REST APIs and RPC APIs. It is used by\n[gRPC](https://github.com/grpc). The error model is designed to be:\n\n- Simple to use and understand for most users\n- Flexible enough to meet unexpected needs\n\n# Overview\n\nThe `Status` message contains three pieces of data: error code, error message,\nand error details. The error code should be an enum value of\ngoogle.rpc.Code, but it may accept additional error codes if needed.  The\nerror message should be a developer-facing English message that helps\ndevelopers *understand* and *resolve* the error. If a localized user-facing\nerror message is needed, put the localized message in the error details or\nlocalize it in the client. The optional error details may contain arbitrary\ninformation about the error. There is a predefined set of error detail types\nin the package `google.rpc` that can be used for common error conditions.\n\n# Language mapping\n\nThe `Status` message is the logical representation of the error model, but it\nis not necessarily the actual wire format. When the `Status` message is\nexposed in different client libraries and different wire protocols, it can be\nmapped differently. For example, it will likely be mapped to some exceptions\nin Java, but more likely mapped to some error codes in C.\n\n# Other uses\n\nThe error model and the `Status` message can be used in a variety of\nenvironments, either with or without APIs, to provide a\nconsistent developer experience across different environments.\n\nExample uses of this error model include:\n\n- Partial errors. If a service needs to return partial errors to the client,\n    it may embed the `Status` in the normal response to indicate the partial\n    errors.\n\n- Workflow errors. A typical workflow has multiple steps. Each step may\n    have a `Status` message for error reporting.\n\n- Batch operations. If a client uses batch request and batch response, the\n    `Status` message should be used directly inside batch response, one for\n    each error sub-response.\n\n- Asynchronous operations. If an API call embeds asynchronous operation\n    results in its response, the status of those operations should be\n    represented directly using the `Status` message.\n\n- Logging. If some API errors are stored in logs, the message `Status` could\n    be used directly after any stripping needed for security/privacy reasons.",
-      "type": "object",
-      "properties": {
-        "message": {
-          "description": "A developer-facing error message, which should be in English. Any\nuser-facing error message should be localized and sent in the\ngoogle.rpc.Status.details field, or localized by the client.",
-          "type": "string"
-        },
-        "details": {
-          "description": "A list of messages that carry the error details.  There is a common set of\nmessage types for APIs to use.",
-          "type": "array",
-          "items": {
-            "additionalProperties": {
-              "description": "Properties of the object. Contains field @type with type URL.",
-              "type": "any"
-            },
-            "type": "object"
-          }
-        },
-        "code": {
-          "description": "The status code, which should be an enum value of google.rpc.Code.",
-          "format": "int32",
-          "type": "integer"
+  "canonicalName": "Access Context Manager",
+  "auth": {
+    "oauth2": {
+      "scopes": {
+        "https://www.googleapis.com/auth/cloud-platform": {
+          "description": "View and manage your data across Google Cloud Platform services"
         }
-      },
-      "id": "Status"
-    },
-    "OsConstraint": {
-      "description": "A restriction on the OS type and version of devices making requests.",
-      "type": "object",
-      "properties": {
-        "minimumVersion": {
-          "description": "The minimum allowed OS version. If not set, any version of this OS\nsatisfies the constraint. Format: `\"major.minor.patch\"`.\nExamples: `\"10.5.301\"`, `\"9.2.1\"`.",
-          "type": "string"
-        },
-        "osType": {
-          "description": "Required. The allowed OS type.",
-          "type": "string",
-          "enumDescriptions": [
-            "The operating system of the device is not specified or not known.",
-            "A desktop Mac operating system.",
-            "A desktop Windows operating system.",
-            "A desktop Linux operating system.",
-            "A desktop ChromeOS operating system.",
-            "An Android operating system.",
-            "An iOS operating system."
+      }
+    }
+  },
+  "rootUrl": "https://accesscontextmanager.googleapis.com/",
+  "ownerDomain": "google.com",
+  "name": "accesscontextmanager",
+  "batchPath": "batch",
+  "fullyEncodeReservedExpansion": true,
+  "title": "Access Context Manager API",
+  "ownerName": "Google",
+  "resources": {
+    "operations": {
+      "methods": {
+        "get": {
+          "id": "accesscontextmanager.operations.get",
+          "path": "v1beta/{+name}",
+          "description": "Gets the latest state of a long-running operation.  Clients can use this\nmethod to poll the operation result at intervals as recommended by the API\nservice.",
+          "httpMethod": "GET",
+          "parameterOrder": [
+            "name"
           ],
-          "enum": [
-            "OS_UNSPECIFIED",
-            "DESKTOP_MAC",
-            "DESKTOP_WINDOWS",
-            "DESKTOP_LINUX",
-            "DESKTOP_CHROME_OS",
-            "ANDROID",
-            "IOS"
-          ]
+          "response": {
+            "$ref": "Operation"
+          },
+          "parameters": {
+            "name": {
+              "pattern": "^operations/.+$",
+              "location": "path",
+              "description": "The name of the operation resource.",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ],
+          "flatPath": "v1beta/operations/{operationsId}"
         }
-      },
-      "id": "OsConstraint"
+      }
     },
-    "ServicePerimeter": {
-      "description": "`ServicePerimeter` describes a set of GCP resources which can freely import\nand export data amongst themselves, but not export outside of the\n`ServicePerimeter`. If a request with a source within this `ServicePerimeter`\nhas a target outside of the `ServicePerimeter`, the request will be blocked.\nOtherwise the request is allowed. There are two types of Service Perimeter -\nRegular and Bridge. Regular Service Perimeters cannot overlap, a single GCP\nproject can only belong to a single regular Service Perimeter. Service\nPerimeter Bridges can contain only GCP projects as members, a single GCP\nproject may belong to multiple Service Perimeter Bridges.",
-      "type": "object",
-      "properties": {
-        "description": {
-          "description": "Description of the `ServicePerimeter` and its use. Does not affect\nbehavior.",
-          "type": "string"
-        },
-        "createTime": {
-          "description": "Output only. Time the `ServicePerimeter` was created in UTC.",
-          "format": "google-datetime",
-          "type": "string"
-        },
-        "status": {
-          "description": "Current ServicePerimeter configuration. Specifies sets of resources,\nrestricted/unrestricted services and access levels that determine perimeter\ncontent and boundaries.",
-          "$ref": "ServicePerimeterConfig"
+    "accessPolicies": {
+      "methods": {
+        "delete": {
+          "response": {
+            "$ref": "Operation"
+          },
+          "parameterOrder": [
+            "name"
+          ],
+          "httpMethod": "DELETE",
+          "parameters": {
+            "name": {
+              "description": "Required. Resource name for the access policy to delete.\n\nFormat `accessPolicies/{policy_id}`",
+              "required": true,
+              "type": "string",
+              "pattern": "^accessPolicies/[^/]+$",
+              "location": "path"
+            }
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ],
+          "flatPath": "v1beta/accessPolicies/{accessPoliciesId}",
+          "path": "v1beta/{+name}",
+          "id": "accesscontextmanager.accessPolicies.delete",
+          "description": "Delete an AccessPolicy by resource\nname. The longrunning Operation will have a successful status once the\nAccessPolicy\nhas been removed from long-lasting storage."
         },
-        "updateTime": {
-          "description": "Output only. Time the `ServicePerimeter` was updated in UTC.",
-          "format": "google-datetime",
-          "type": "string"
+        "list": {
+          "response": {
+            "$ref": "ListAccessPoliciesResponse"
+          },
+          "parameterOrder": [],
+          "httpMethod": "GET",
+          "parameters": {
+            "pageToken": {
+              "location": "query",
+              "description": "Next page token for the next batch of AccessPolicy instances. Defaults to\nthe first page of results.",
+              "type": "string"
+            },
+            "pageSize": {
+              "description": "Number of AccessPolicy instances to include in the list. Default 100.",
+              "format": "int32",
+              "type": "integer",
+              "location": "query"
+            },
+            "parent": {
+              "description": "Required. Resource name for the container to list AccessPolicy instances\nfrom.\n\nFormat:\n`organizations/{org_id}`",
+              "type": "string",
+              "location": "query"
+            }
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ],
+          "flatPath": "v1beta/accessPolicies",
+          "path": "v1beta/accessPolicies",
+          "id": "accesscontextmanager.accessPolicies.list",
+          "description": "List all AccessPolicies under a\ncontainer."
         },
-        "name": {
-          "description": "Required. Resource name for the ServicePerimeter.  The `short_name`\ncomponent must begin with a letter and only include alphanumeric and '_'.\nFormat: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`",
-          "type": "string"
+        "get": {
+          "response": {
+            "$ref": "AccessPolicy"
+          },
+          "parameterOrder": [
+            "name"
+          ],
+          "httpMethod": "GET",
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ],
+          "parameters": {
+            "name": {
+              "description": "Required. Resource name for the access policy to get.\n\nFormat `accessPolicies/{policy_id}`",
+              "required": true,
+              "type": "string",
+              "pattern": "^accessPolicies/[^/]+$",
+              "location": "path"
+            }
+          },
+          "flatPath": "v1beta/accessPolicies/{accessPoliciesId}",
+          "path": "v1beta/{+name}",
+          "id": "accesscontextmanager.accessPolicies.get",
+          "description": "Get an AccessPolicy by name."
         },
-        "perimeterType": {
-          "enumDescriptions": [
-            "Regular Perimeter.",
-            "Perimeter Bridge."
+        "patch": {
+          "path": "v1beta/{+name}",
+          "id": "accesscontextmanager.accessPolicies.patch",
+          "description": "Update an AccessPolicy. The\nlongrunning Operation from this RPC will have a successful status once the\nchanges to the AccessPolicy have propagated\nto long-lasting storage. Syntactic and basic semantic errors will be\nreturned in `metadata` as a BadRequest proto.",
+          "request": {
+            "$ref": "AccessPolicy"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "parameterOrder": [
+            "name"
           ],
-          "enum": [
-            "PERIMETER_TYPE_REGULAR",
-            "PERIMETER_TYPE_BRIDGE"
+          "httpMethod": "PATCH",
+          "parameters": {
+            "updateMask": {
+              "description": "Required. Mask to control which fields get updated. Must be non-empty.",
+              "format": "google-fieldmask",
+              "type": "string",
+              "location": "query"
+            },
+            "name": {
+              "description": "Output only. Resource name of the `AccessPolicy`. Format:\n`accessPolicies/{policy_id}`",
+              "required": true,
+              "type": "string",
+              "pattern": "^accessPolicies/[^/]+$",
+              "location": "path"
+            }
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
           ],
-          "description": "Perimeter type indicator. A single project is\nallowed to be a member of single regular perimeter, but multiple service\nperimeter bridges. A project cannot be a included in a perimeter bridge\nwithout being included in regular perimeter. For perimeter bridges,\nrestricted/unrestricted service lists as well as access lists must be\nempty.",
-          "type": "string"
+          "flatPath": "v1beta/accessPolicies/{accessPoliciesId}"
         },
-        "title": {
-          "description": "Human readable title. Must be unique within the Policy.",
-          "type": "string"
-        }
-      },
-      "id": "ServicePerimeter"
-    },
-    "ServicePerimeterConfig": {
-      "description": "`ServicePerimeterConfig` specifies a set of GCP resources that describe\nspecific Service Perimeter configuration.",
-      "type": "object",
-      "properties": {
-        "resources": {
-          "description": "A list of GCP resources that are inside of the service perimeter.\nCurrently only projects are allowed. Format: `projects/{project_number}`",
-          "type": "array",
-          "items": {
-            "type": "string"
-          }
-        },
-        "unrestrictedServices": {
-          "description": "GCP services that are not subject to the Service Perimeter restrictions.\nMay contain a list of services or a single wildcard \"*\". For example, if\n`logging.googleapis.com` is unrestricted, users can access logs inside the\nperimeter as if the perimeter doesn't exist, and it also means VMs inside\nthe perimeter can access logs outside the perimeter.\n\nThe wildcard means that unless explicitly specified by\n\"restricted_services\" list, any service is treated as unrestricted. One of\nthe fields \"restricted_services\", \"unrestricted_services\" must contain a\nwildcard \"*\", otherwise the Service Perimeter specification is invalid. It\nalso means that both field being empty is invalid as well.\n\"unrestricted_services\" can be empty if and only if \"restricted_services\"\nlist contains a \"*\" wildcard.",
-          "type": "array",
-          "items": {
-            "type": "string"
-          }
-        },
-        "accessLevels": {
-          "description": "A list of `AccessLevel` resource names that allow resources within the\n`ServicePerimeter` to be accessed from the internet. `AccessLevels` listed\nmust be in the same policy as this `ServicePerimeter`. Referencing a\nnonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are\nlisted, resources within the perimeter can only be accessed via GCP calls\nwith request origins within the perimeter. Example:\n`\"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL\"`.\nFor Service Perimeter Bridge, must be empty.",
-          "type": "array",
-          "items": {
-            "type": "string"
-          }
-        },
-        "restrictedServices": {
-          "description": "GCP services that are subject to the Service Perimeter restrictions. May\ncontain a list of services or a single wildcard \"*\". For example, if\n`storage.googleapis.com` is specified, access to the storage buckets\ninside the perimeter must meet the perimeter's access restrictions.\n\nWildcard means that unless explicitly specified by \"unrestricted_services\"\nlist, any service is treated as restricted. One of the fields\n\"restricted_services\", \"unrestricted_services\" must contain a wildcard \"*\",\notherwise the Service Perimeter specification is invalid. It also means\nthat both field being empty is invalid as well. \"restricted_services\" can\nbe empty if and only if \"unrestricted_services\" list contains a \"*\"\nwildcard.",
-          "type": "array",
-          "items": {
-            "type": "string"
-          }
-        }
-      },
-      "id": "ServicePerimeterConfig"
-    },
-    "ListAccessLevelsResponse": {
-      "description": "A response to `ListAccessLevelsRequest`.",
-      "type": "object",
-      "properties": {
-        "nextPageToken": {
-          "description": "The pagination token to retrieve the next page of results. If the value is\nempty, no further results remain.",
-          "type": "string"
-        },
-        "accessLevels": {
-          "description": "List of the Access Level instances.",
-          "type": "array",
-          "items": {
-            "$ref": "AccessLevel"
-          }
-        }
-      },
-      "id": "ListAccessLevelsResponse"
-    },
-    "Condition": {
-      "description": "A condition necessary for an `AccessLevel` to be granted. The Condition is an\nAND over its fields. So a Condition is true if: 1) the request IP is from one\nof the listed subnetworks AND 2) the originating device complies with the\nlisted device policy AND 3) all listed access levels are granted AND 4) the\nrequest was sent at a time allowed by the DateTimeRestriction.",
-      "type": "object",
-      "properties": {
-        "devicePolicy": {
-          "description": "Device specific restrictions, all restrictions must hold for the\nCondition to be true. If not specified, all devices are allowed.",
-          "$ref": "DevicePolicy"
-        },
-        "members": {
-          "description": "The request must be made by one of the provided user or service\naccounts. Groups are not supported.\nSyntax:\n`user:{emailid}`\n`serviceAccount:{emailid}`\nIf not specified, a request may come from any user.",
-          "type": "array",
-          "items": {
-            "type": "string"
-          }
-        },
-        "ipSubnetworks": {
-          "description": "CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for\na CIDR IP address block, the specified IP address portion must be properly\ntruncated (i.e. all the host bits must be zero) or the input is considered\nmalformed. For example, \"192.0.2.0/24\" is accepted but \"192.0.2.1/24\" is\nnot. Similarly, for IPv6, \"2001:db8::/32\" is accepted whereas\n\"2001:db8::1/32\" is not. The originating IP of a request must be in one of\nthe listed subnets in order for this Condition to be true. If empty, all IP\naddresses are allowed.",
-          "type": "array",
-          "items": {
-            "type": "string"
-          }
-        },
-        "requiredAccessLevels": {
-          "description": "A list of other access levels defined in the same `Policy`, referenced by\nresource name. Referencing an `AccessLevel` which does not exist is an\nerror. All access levels listed must be granted for the Condition\nto be true. Example:\n\"`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME\"`",
-          "type": "array",
-          "items": {
-            "type": "string"
-          }
-        },
-        "negate": {
-          "description": "Whether to negate the Condition. If true, the Condition becomes a NAND over\nits non-empty fields, each field must be false for the Condition overall to\nbe satisfied. Defaults to false.",
-          "type": "boolean"
-        }
-      },
-      "id": "Condition"
-    },
-    "BasicLevel": {
-      "description": "`BasicLevel` is an `AccessLevel` using a set of recommended features.",
-      "type": "object",
-      "properties": {
-        "combiningFunction": {
-          "enumDescriptions": [
-            "All `Conditions` must be true for the `BasicLevel` to be true.",
-            "If at least one `Condition` is true, then the `BasicLevel` is true."
-          ],
-          "enum": [
-            "AND",
-            "OR"
-          ],
-          "description": "How the `conditions` list should be combined to determine if a request is\ngranted this `AccessLevel`. If AND is used, each `Condition` in\n`conditions` must be satisfied for the `AccessLevel` to be applied. If OR\nis used, at least one `Condition` in `conditions` must be satisfied for the\n`AccessLevel` to be applied. Default behavior is AND.",
-          "type": "string"
-        },
-        "conditions": {
-          "description": "Required. A list of requirements for the `AccessLevel` to be granted.",
-          "type": "array",
-          "items": {
-            "$ref": "Condition"
-          }
-        }
-      },
-      "id": "BasicLevel"
-    },
-    "ListAccessPoliciesResponse": {
-      "description": "A response to `ListAccessPoliciesRequest`.",
-      "type": "object",
-      "properties": {
-        "nextPageToken": {
-          "description": "The pagination token to retrieve the next page of results. If the value is\nempty, no further results remain.",
-          "type": "string"
-        },
-        "accessPolicies": {
-          "description": "List of the AccessPolicy instances.",
-          "type": "array",
-          "items": {
-            "$ref": "AccessPolicy"
-          }
-        }
-      },
-      "id": "ListAccessPoliciesResponse"
-    },
-    "ListServicePerimetersResponse": {
-      "description": "A response to `ListServicePerimetersRequest`.",
-      "type": "object",
-      "properties": {
-        "servicePerimeters": {
-          "description": "List of the Service Perimeter instances.",
-          "type": "array",
-          "items": {
-            "$ref": "ServicePerimeter"
-          }
-        },
-        "nextPageToken": {
-          "description": "The pagination token to retrieve the next page of results. If the value is\nempty, no further results remain.",
-          "type": "string"
-        }
-      },
-      "id": "ListServicePerimetersResponse"
-    },
-    "DevicePolicy": {
-      "description": "`DevicePolicy` specifies device specific restrictions necessary to acquire a\ngiven access level. A `DevicePolicy` specifies requirements for requests from\ndevices to be granted access levels, it does not do any enforcement on the\ndevice. `DevicePolicy` acts as an AND over all specified fields, and each\nrepeated field is an OR over its elements. Any unset fields are ignored. For\nexample, if the proto is { os_type : DESKTOP_WINDOWS, os_type :\nDESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be\ntrue for requests originating from encrypted Linux desktops and encrypted\nWindows desktops.",
-      "type": "object",
-      "properties": {
-        "allowedEncryptionStatuses": {
-          "description": "Allowed encryptions statuses, an empty list allows all statuses.",
-          "type": "array",
-          "items": {
-            "enum": [
-              "ENCRYPTION_UNSPECIFIED",
-              "ENCRYPTION_UNSUPPORTED",
-              "UNENCRYPTED",
-              "ENCRYPTED"
-            ],
-            "type": "string"
-          },
-          "enumDescriptions": [
-            "The encryption status of the device is not specified or not known.",
-            "The device does not support encryption.",
-            "The device supports encryption, but is currently unencrypted.",
-            "The device is encrypted."
-          ]
-        },
-        "requireScreenlock": {
-          "description": "Whether or not screenlock is required for the DevicePolicy to be true.\nDefaults to `false`.",
-          "type": "boolean"
-        },
-        "allowedDeviceManagementLevels": {
-          "enumDescriptions": [
-            "The device's management level is not specified or not known.",
-            "The device is not managed.",
-            "Basic management is enabled, which is generally limited to monitoring and\nwiping the corporate account.",
-            "Complete device management. This includes more thorough monitoring and the\nability to directly manage the device (such as remote wiping). This can be\nenabled through the Android Enterprise Platform."
-          ],
-          "description": "Allowed device management levels, an empty list allows all management\nlevels.",
-          "type": "array",
-          "items": {
-            "enum": [
-              "MANAGEMENT_UNSPECIFIED",
-              "NONE",
-              "BASIC",
-              "COMPLETE"
-            ],
-            "type": "string"
-          }
-        },
-        "osConstraints": {
-          "description": "Allowed OS versions, an empty list allows all types and all versions.",
-          "type": "array",
-          "items": {
-            "$ref": "OsConstraint"
-          }
-        }
-      },
-      "id": "DevicePolicy"
-    },
-    "AccessLevel": {
-      "description": "An `AccessLevel` is a label that can be applied to requests to GCP services,\nalong with a list of requirements necessary for the label to be applied.",
-      "type": "object",
-      "properties": {
-        "description": {
-          "description": "Description of the `AccessLevel` and its use. Does not affect behavior.",
-          "type": "string"
-        },
-        "createTime": {
-          "description": "Output only. Time the `AccessLevel` was created in UTC.",
-          "format": "google-datetime",
-          "type": "string"
-        },
-        "updateTime": {
-          "description": "Output only. Time the `AccessLevel` was updated in UTC.",
-          "format": "google-datetime",
-          "type": "string"
-        },
-        "basic": {
-          "description": "A `BasicLevel` composed of `Conditions`.",
-          "$ref": "BasicLevel"
-        },
-        "name": {
-          "description": "Required. Resource name for the Access Level. The `short_name` component\nmust begin with a letter and only include alphanumeric and '_'. Format:\n`accessPolicies/{policy_id}/accessLevels/{short_name}`",
-          "type": "string"
-        },
-        "title": {
-          "description": "Human readable title. Must be unique within the Policy.",
-          "type": "string"
-        }
-      },
-      "id": "AccessLevel"
-    },
-    "AccessPolicy": {
-      "properties": {
-        "parent": {
-          "description": "Required. The parent of this `AccessPolicy` in the Cloud Resource\nHierarchy. Currently immutable once created. Format:\n`organizations/{organization_id}`",
-          "type": "string"
-        },
-        "createTime": {
-          "description": "Output only. Time the `AccessPolicy` was created in UTC.",
-          "format": "google-datetime",
-          "type": "string"
-        },
-        "title": {
-          "description": "Required. Human readable title. Does not affect behavior.",
-          "type": "string"
-        },
-        "updateTime": {
-          "description": "Output only. Time the `AccessPolicy` was updated in UTC.",
-          "format": "google-datetime",
-          "type": "string"
-        },
-        "name": {
-          "description": "Output only. Resource name of the `AccessPolicy`. Format:\n`accessPolicies/{policy_id}`",
-          "type": "string"
-        }
-      },
-      "id": "AccessPolicy",
-      "description": "`AccessPolicy` is a container for `AccessLevels` (which define the necessary\nattributes to use GCP services) and `ServicePerimeters` (which define regions\nof services able to freely pass data within a perimeter). An access policy is\nglobally visible within an organization, and the restrictions it specifies\napply to all projects within an organization.",
-      "type": "object"
-    },
-    "Operation": {
-      "description": "This resource represents a long-running operation that is the result of a\nnetwork API call.",
-      "type": "object",
-      "properties": {
-        "done": {
-          "description": "If the value is `false`, it means the operation is still in progress.\nIf `true`, the operation is completed, and either `error` or `response` is\navailable.",
-          "type": "boolean"
-        },
-        "response": {
-          "additionalProperties": {
-            "description": "Properties of the object. Contains field @type with type URL.",
-            "type": "any"
-          },
-          "description": "The normal response of the operation in case of success.  If the original\nmethod returns no data on success, such as `Delete`, the response is\n`google.protobuf.Empty`.  If the original method is standard\n`Get`/`Create`/`Update`, the response should be the resource.  For other\nmethods, the response should have the type `XxxResponse`, where `Xxx`\nis the original method name.  For example, if the original method name\nis `TakeSnapshot()`, the inferred response type is\n`TakeSnapshotResponse`.",
-          "type": "object"
-        },
-        "name": {
-          "description": "The server-assigned name, which is only unique within the same service that\noriginally returns it. If you use the default HTTP mapping, the\n`name` should have the format of `operations/some/unique/name`.",
-          "type": "string"
-        },
-        "error": {
-          "$ref": "Status",
-          "description": "The error result of the operation in case of failure or cancellation."
-        },
-        "metadata": {
-          "additionalProperties": {
-            "description": "Properties of the object. Contains field @type with type URL.",
-            "type": "any"
-          },
-          "description": "Service-specific metadata associated with the operation.  It typically\ncontains progress information and common metadata such as create time.\nSome services might not provide such metadata.  Any method that returns a\nlong-running operation should document the metadata type, if any.",
-          "type": "object"
-        }
-      },
-      "id": "Operation"
-    }
-  },
-  "icons": {
-    "x16": "http://www.google.com/images/icons/product/search-16.gif",
-    "x32": "http://www.google.com/images/icons/product/search-32.gif"
-  },
-  "protocol": "rest",
-  "canonicalName": "Access Context Manager",
-  "auth": {
-    "oauth2": {
-      "scopes": {
-        "https://www.googleapis.com/auth/cloud-platform": {
-          "description": "View and manage your data across Google Cloud Platform services"
-        }
-      }
-    }
-  },
-  "rootUrl": "https://accesscontextmanager.googleapis.com/",
-  "ownerDomain": "google.com",
-  "name": "accesscontextmanager",
-  "batchPath": "batch",
-  "fullyEncodeReservedExpansion": true,
-  "title": "Access Context Manager API",
-  "ownerName": "Google",
-  "resources": {
-    "operations": {
-      "methods": {
-        "get": {
-          "response": {
-            "$ref": "Operation"
-          },
-          "parameterOrder": [
-            "name"
-          ],
-          "httpMethod": "GET",
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform"
-          ],
-          "parameters": {
-            "name": {
-              "pattern": "^operations/.+$",
-              "location": "path",
-              "description": "The name of the operation resource.",
-              "required": true,
-              "type": "string"
-            }
-          },
-          "flatPath": "v1beta/operations/{operationsId}",
-          "path": "v1beta/{+name}",
-          "id": "accesscontextmanager.operations.get",
-          "description": "Gets the latest state of a long-running operation.  Clients can use this\nmethod to poll the operation result at intervals as recommended by the API\nservice."
-        }
-      }
-    },
-    "accessPolicies": {
-      "methods": {
-        "delete": {
-          "flatPath": "v1beta/accessPolicies/{accessPoliciesId}",
-          "id": "accesscontextmanager.accessPolicies.delete",
-          "path": "v1beta/{+name}",
-          "description": "Delete an AccessPolicy by resource\nname. The longrunning Operation will have a successful status once the\nAccessPolicy\nhas been removed from long-lasting storage.",
-          "httpMethod": "DELETE",
-          "response": {
-            "$ref": "Operation"
-          },
-          "parameterOrder": [
-            "name"
-          ],
-          "parameters": {
-            "name": {
-              "location": "path",
-              "description": "Required. Resource name for the access policy to delete.\n\nFormat `accessPolicies/{policy_id}`",
-              "required": true,
-              "type": "string",
-              "pattern": "^accessPolicies/[^/]+$"
-            }
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform"
-          ]
-        },
-        "list": {
-          "description": "List all AccessPolicies under a\ncontainer.",
-          "response": {
-            "$ref": "ListAccessPoliciesResponse"
-          },
-          "parameterOrder": [],
-          "httpMethod": "GET",
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform"
-          ],
-          "parameters": {
-            "pageSize": {
-              "location": "query",
-              "description": "Number of AccessPolicy instances to include in the list. Default 100.",
-              "format": "int32",
-              "type": "integer"
-            },
-            "parent": {
-              "description": "Required. Resource name for the container to list AccessPolicy instances\nfrom.\n\nFormat:\n`organizations/{org_id}`",
-              "type": "string",
-              "location": "query"
-            },
-            "pageToken": {
-              "description": "Next page token for the next batch of AccessPolicy instances. Defaults to\nthe first page of results.",
-              "type": "string",
-              "location": "query"
-            }
-          },
-          "flatPath": "v1beta/accessPolicies",
-          "path": "v1beta/accessPolicies",
-          "id": "accesscontextmanager.accessPolicies.list"
-        },
-        "get": {
-          "description": "Get an AccessPolicy by name.",
-          "response": {
-            "$ref": "AccessPolicy"
-          },
-          "parameterOrder": [
-            "name"
-          ],
-          "httpMethod": "GET",
-          "parameters": {
-            "name": {
-              "description": "Required. Resource name for the access policy to get.\n\nFormat `accessPolicies/{policy_id}`",
-              "required": true,
-              "type": "string",
-              "pattern": "^accessPolicies/[^/]+$",
-              "location": "path"
-            }
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform"
-          ],
-          "flatPath": "v1beta/accessPolicies/{accessPoliciesId}",
-          "path": "v1beta/{+name}",
-          "id": "accesscontextmanager.accessPolicies.get"
-        },
-        "patch": {
-          "description": "Update an AccessPolicy. The\nlongrunning Operation from this RPC will have a successful status once the\nchanges to the AccessPolicy have propagated\nto long-lasting storage. Syntactic and basic semantic errors will be\nreturned in `metadata` as a BadRequest proto.",
-          "request": {
-            "$ref": "AccessPolicy"
-          },
-          "response": {
-            "$ref": "Operation"
-          },
-          "parameterOrder": [
-            "name"
-          ],
-          "httpMethod": "PATCH",
-          "parameters": {
-            "name": {
-              "description": "Output only. Resource name of the `AccessPolicy`. Format:\n`accessPolicies/{policy_id}`",
-              "required": true,
-              "type": "string",
-              "pattern": "^accessPolicies/[^/]+$",
-              "location": "path"
-            },
-            "updateMask": {
-              "location": "query",
-              "description": "Required. Mask to control which fields get updated. Must be non-empty.",
-              "format": "google-fieldmask",
-              "type": "string"
-            }
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform"
-          ],
-          "flatPath": "v1beta/accessPolicies/{accessPoliciesId}",
-          "path": "v1beta/{+name}",
-          "id": "accesscontextmanager.accessPolicies.patch"
-        },
-        "create": {
-          "request": {
-            "$ref": "AccessPolicy"
-          },
-          "description": "Create an `AccessPolicy`. Fails if this organization already has a\n`AccessPolicy`. The longrunning Operation will have a successful status\nonce the `AccessPolicy` has propagated to long-lasting storage.\nSyntactic and basic semantic errors will be returned in `metadata` as a\nBadRequest proto.",
-          "response": {
-            "$ref": "Operation"
-          },
-          "parameterOrder": [],
-          "httpMethod": "POST",
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform"
-          ],
-          "parameters": {},
-          "flatPath": "v1beta/accessPolicies",
-          "path": "v1beta/accessPolicies",
-          "id": "accesscontextmanager.accessPolicies.create"
+        "create": {
+          "description": "Create an `AccessPolicy`. Fails if this organization already has a\n`AccessPolicy`. The longrunning Operation will have a successful status\nonce the `AccessPolicy` has propagated to long-lasting storage.\nSyntactic and basic semantic errors will be returned in `metadata` as a\nBadRequest proto.",
+          "request": {
+            "$ref": "AccessPolicy"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "parameterOrder": [],
+          "httpMethod": "POST",
+          "parameters": {},
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ],
+          "flatPath": "v1beta/accessPolicies",
+          "path": "v1beta/accessPolicies",
+          "id": "accesscontextmanager.accessPolicies.create"
         }
       },
       "resources": {
         "servicePerimeters": {
           "methods": {
+            "delete": {
+              "path": "v1beta/{+name}",
+              "id": "accesscontextmanager.accessPolicies.servicePerimeters.delete",
+              "description": "Delete an Service Perimeter by resource\nname. The longrunning operation from this RPC will have a successful status\nonce the Service Perimeter has been\nremoved from long-lasting storage.",
+              "response": {
+                "$ref": "Operation"
+              },
+              "parameterOrder": [
+                "name"
+              ],
+              "httpMethod": "DELETE",
+              "parameters": {
+                "name": {
+                  "description": "Required. Resource name for the Service Perimeter.\n\nFormat:\n`accessPolicies/{policy_id}/servicePerimeters/{service_perimeter_id}`",
+                  "required": true,
+                  "type": "string",
+                  "pattern": "^accessPolicies/[^/]+/servicePerimeters/[^/]+$",
+                  "location": "path"
+                }
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/servicePerimeters/{servicePerimetersId}"
+            },
             "list": {
-              "path": "v1beta/{+parent}/servicePerimeters",
-              "id": "accesscontextmanager.accessPolicies.servicePerimeters.list",
-              "description": "List all Service Perimeters for an\naccess policy.",
               "response": {
                 "$ref": "ListServicePerimetersResponse"
               },
@@ -618,16 +219,7 @@
                 "parent"
               ],
               "httpMethod": "GET",
-              "scopes": [
-                "https://www.googleapis.com/auth/cloud-platform"
-              ],
               "parameters": {
-                "pageSize": {
-                  "description": "Number of Service Perimeters to include\nin the list. Default 100.",
-                  "format": "int32",
-                  "type": "integer",
-                  "location": "query"
-                },
                 "parent": {
                   "description": "Required. Resource name for the access policy to list Service Perimeters from.\n\nFormat:\n`accessPolicies/{policy_id}`",
                   "required": true,
@@ -636,14 +228,27 @@
                   "location": "path"
                 },
                 "pageToken": {
-                  "location": "query",
                   "description": "Next page token for the next batch of Service Perimeter instances.\nDefaults to the first page of results.",
-                  "type": "string"
+                  "type": "string",
+                  "location": "query"
+                },
+                "pageSize": {
+                  "description": "Number of Service Perimeters to include\nin the list. Default 100.",
+                  "format": "int32",
+                  "type": "integer",
+                  "location": "query"
                 }
               },
-              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/servicePerimeters"
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/servicePerimeters",
+              "path": "v1beta/{+parent}/servicePerimeters",
+              "id": "accesscontextmanager.accessPolicies.servicePerimeters.list",
+              "description": "List all Service Perimeters for an\naccess policy."
             },
             "get": {
+              "description": "Get an Service Perimeter by resource\nname.",
               "response": {
                 "$ref": "ServicePerimeter"
               },
@@ -651,35 +256,34 @@
                 "name"
               ],
               "httpMethod": "GET",
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
               "parameters": {
                 "name": {
-                  "pattern": "^accessPolicies/[^/]+/servicePerimeters/[^/]+$",
-                  "location": "path",
                   "description": "Required. Resource name for the Service Perimeter.\n\nFormat:\n`accessPolicies/{policy_id}/servicePerimeters/{service_perimeters_id}`",
                   "required": true,
-                  "type": "string"
+                  "type": "string",
+                  "pattern": "^accessPolicies/[^/]+/servicePerimeters/[^/]+$",
+                  "location": "path"
                 }
               },
-              "scopes": [
-                "https://www.googleapis.com/auth/cloud-platform"
-              ],
               "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/servicePerimeters/{servicePerimetersId}",
               "path": "v1beta/{+name}",
-              "id": "accesscontextmanager.accessPolicies.servicePerimeters.get",
-              "description": "Get an Service Perimeter by resource\nname."
+              "id": "accesscontextmanager.accessPolicies.servicePerimeters.get"
             },
             "patch": {
               "description": "Update an Service Perimeter. The\nlongrunning operation from this RPC will have a successful status once the\nchanges to the Service Perimeter have\npropagated to long-lasting storage. Service Perimeter containing\nerrors will result in an error response for the first error encountered.",
               "request": {
                 "$ref": "ServicePerimeter"
               },
-              "httpMethod": "PATCH",
-              "parameterOrder": [
-                "name"
-              ],
               "response": {
                 "$ref": "Operation"
               },
+              "parameterOrder": [
+                "name"
+              ],
+              "httpMethod": "PATCH",
               "parameters": {
                 "updateMask": {
                   "description": "Required. Mask to control which fields get updated. Must be non-empty.",
@@ -688,331 +292,723 @@
                   "location": "query"
                 },
                 "name": {
+                  "description": "Required. Resource name for the ServicePerimeter.  The `short_name`\ncomponent must begin with a letter and only include alphanumeric and '_'.\nFormat: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`",
+                  "required": true,
+                  "type": "string",
                   "pattern": "^accessPolicies/[^/]+/servicePerimeters/[^/]+$",
+                  "location": "path"
+                }
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/servicePerimeters/{servicePerimetersId}",
+              "path": "v1beta/{+name}",
+              "id": "accesscontextmanager.accessPolicies.servicePerimeters.patch"
+            },
+            "create": {
+              "httpMethod": "POST",
+              "parameterOrder": [
+                "parent"
+              ],
+              "response": {
+                "$ref": "Operation"
+              },
+              "parameters": {
+                "parent": {
+                  "description": "Required. Resource name for the access policy which owns this Service\nPerimeter.\n\nFormat: `accessPolicies/{policy_id}`",
+                  "required": true,
+                  "type": "string",
+                  "pattern": "^accessPolicies/[^/]+$",
+                  "location": "path"
+                }
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/servicePerimeters",
+              "id": "accesscontextmanager.accessPolicies.servicePerimeters.create",
+              "path": "v1beta/{+parent}/servicePerimeters",
+              "description": "Create an Service Perimeter. The\nlongrunning operation from this RPC will have a successful status once the\nService Perimeter has\npropagated to long-lasting storage. Service Perimeters containing\nerrors will result in an error response for the first error encountered.",
+              "request": {
+                "$ref": "ServicePerimeter"
+              }
+            }
+          }
+        },
+        "accessLevels": {
+          "methods": {
+            "delete": {
+              "description": "Delete an Access Level by resource\nname. The longrunning operation from this RPC will have a successful status\nonce the Access Level has been removed\nfrom long-lasting storage.",
+              "response": {
+                "$ref": "Operation"
+              },
+              "parameterOrder": [
+                "name"
+              ],
+              "httpMethod": "DELETE",
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "parameters": {
+                "name": {
+                  "pattern": "^accessPolicies/[^/]+/accessLevels/[^/]+$",
                   "location": "path",
-                  "description": "Required. Resource name for the ServicePerimeter.  The `short_name`\ncomponent must begin with a letter and only include alphanumeric and '_'.\nFormat: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`",
+                  "description": "Required. Resource name for the Access Level.\n\nFormat:\n`accessPolicies/{policy_id}/accessLevels/{access_level_id}`",
+                  "required": true,
+                  "type": "string"
+                }
+              },
+              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/accessLevels/{accessLevelsId}",
+              "path": "v1beta/{+name}",
+              "id": "accesscontextmanager.accessPolicies.accessLevels.delete"
+            },
+            "list": {
+              "path": "v1beta/{+parent}/accessLevels",
+              "id": "accesscontextmanager.accessPolicies.accessLevels.list",
+              "description": "List all Access Levels for an access\npolicy.",
+              "response": {
+                "$ref": "ListAccessLevelsResponse"
+              },
+              "parameterOrder": [
+                "parent"
+              ],
+              "httpMethod": "GET",
+              "parameters": {
+                "parent": {
+                  "pattern": "^accessPolicies/[^/]+$",
+                  "location": "path",
+                  "description": "Required. Resource name for the access policy to list Access Levels from.\n\nFormat:\n`accessPolicies/{policy_id}`",
                   "required": true,
                   "type": "string"
+                },
+                "pageToken": {
+                  "location": "query",
+                  "description": "Next page token for the next batch of Access Level instances.\nDefaults to the first page of results.",
+                  "type": "string"
+                },
+                "pageSize": {
+                  "description": "Number of Access Levels to include in\nthe list. Default 100.",
+                  "format": "int32",
+                  "type": "integer",
+                  "location": "query"
+                },
+                "accessLevelFormat": {
+                  "location": "query",
+                  "enum": [
+                    "LEVEL_FORMAT_UNSPECIFIED",
+                    "AS_DEFINED",
+                    "CEL"
+                  ],
+                  "description": "Whether to return `BasicLevels` in the Cloud Common Expression language, as\n`CustomLevels`, rather than as `BasicLevels`. Defaults to returning\n`AccessLevels` in the format they were defined.",
+                  "type": "string"
+                }
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/accessLevels"
+            },
+            "get": {
+              "description": "Get an Access Level by resource\nname.",
+              "response": {
+                "$ref": "AccessLevel"
+              },
+              "parameterOrder": [
+                "name"
+              ],
+              "httpMethod": "GET",
+              "parameters": {
+                "name": {
+                  "description": "Required. Resource name for the Access Level.\n\nFormat:\n`accessPolicies/{policy_id}/accessLevels/{access_level_id}`",
+                  "required": true,
+                  "type": "string",
+                  "pattern": "^accessPolicies/[^/]+/accessLevels/[^/]+$",
+                  "location": "path"
+                },
+                "accessLevelFormat": {
+                  "enum": [
+                    "LEVEL_FORMAT_UNSPECIFIED",
+                    "AS_DEFINED",
+                    "CEL"
+                  ],
+                  "description": "Whether to return `BasicLevels` in the Cloud Common Expression\nLanguage rather than as `BasicLevels`. Defaults to AS_DEFINED, where\nAccess Levels\nare returned as `BasicLevels` or `CustomLevels` based on how they were\ncreated. If set to CEL, all Access Levels are returned as\n`CustomLevels`. In the CEL case, `BasicLevels` are translated to equivalent\n`CustomLevels`.",
+                  "type": "string",
+                  "location": "query"
                 }
               },
               "scopes": [
                 "https://www.googleapis.com/auth/cloud-platform"
               ],
-              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/servicePerimeters/{servicePerimetersId}",
-              "id": "accesscontextmanager.accessPolicies.servicePerimeters.patch",
-              "path": "v1beta/{+name}"
+              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/accessLevels/{accessLevelsId}",
+              "path": "v1beta/{+name}",
+              "id": "accesscontextmanager.accessPolicies.accessLevels.get"
             },
-            "create": {
-              "description": "Create an Service Perimeter. The\nlongrunning operation from this RPC will have a successful status once the\nService Perimeter has\npropagated to long-lasting storage. Service Perimeters containing\nerrors will result in an error response for the first error encountered.",
+            "patch": {
+              "description": "Update an Access Level. The longrunning\noperation from this RPC will have a successful status once the changes to\nthe Access Level have propagated\nto long-lasting storage. Access Levels containing\nerrors will result in an error response for the first error encountered.",
               "request": {
-                "$ref": "ServicePerimeter"
+                "$ref": "AccessLevel"
               },
               "response": {
                 "$ref": "Operation"
               },
               "parameterOrder": [
-                "parent"
+                "name"
               ],
-              "httpMethod": "POST",
+              "httpMethod": "PATCH",
               "parameters": {
-                "parent": {
-                  "description": "Required. Resource name for the access policy which owns this Service\nPerimeter.\n\nFormat: `accessPolicies/{policy_id}`",
+                "name": {
+                  "description": "Required. Resource name for the Access Level. The `short_name` component\nmust begin with a letter and only include alphanumeric and '_'. Format:\n`accessPolicies/{policy_id}/accessLevels/{short_name}`",
                   "required": true,
                   "type": "string",
-                  "pattern": "^accessPolicies/[^/]+$",
+                  "pattern": "^accessPolicies/[^/]+/accessLevels/[^/]+$",
                   "location": "path"
+                },
+                "updateMask": {
+                  "description": "Required.  Mask to control which fields get updated. Must be non-empty.",
+                  "format": "google-fieldmask",
+                  "type": "string",
+                  "location": "query"
                 }
               },
               "scopes": [
                 "https://www.googleapis.com/auth/cloud-platform"
               ],
-              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/servicePerimeters",
-              "path": "v1beta/{+parent}/servicePerimeters",
-              "id": "accesscontextmanager.accessPolicies.servicePerimeters.create"
+              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/accessLevels/{accessLevelsId}",
+              "path": "v1beta/{+name}",
+              "id": "accesscontextmanager.accessPolicies.accessLevels.patch"
             },
-            "delete": {
+            "create": {
+              "path": "v1beta/{+parent}/accessLevels",
+              "id": "accesscontextmanager.accessPolicies.accessLevels.create",
+              "request": {
+                "$ref": "AccessLevel"
+              },
+              "description": "Create an Access Level. The longrunning\noperation from this RPC will have a successful status once the Access\nLevel has\npropagated to long-lasting storage. Access Levels containing\nerrors will result in an error response for the first error encountered.",
               "response": {
                 "$ref": "Operation"
               },
               "parameterOrder": [
-                "name"
+                "parent"
               ],
-              "httpMethod": "DELETE",
+              "httpMethod": "POST",
               "scopes": [
                 "https://www.googleapis.com/auth/cloud-platform"
               ],
               "parameters": {
-                "name": {
-                  "description": "Required. Resource name for the Service Perimeter.\n\nFormat:\n`accessPolicies/{policy_id}/servicePerimeters/{service_perimeter_id}`",
+                "parent": {
+                  "description": "Required. Resource name for the access policy which owns this Access\nLevel.\n\nFormat: `accessPolicies/{policy_id}`",
                   "required": true,
                   "type": "string",
-                  "pattern": "^accessPolicies/[^/]+/servicePerimeters/[^/]+$",
+                  "pattern": "^accessPolicies/[^/]+$",
                   "location": "path"
                 }
               },
-              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/servicePerimeters/{servicePerimetersId}",
-              "path": "v1beta/{+name}",
-              "id": "accesscontextmanager.accessPolicies.servicePerimeters.delete",
-              "description": "Delete an Service Perimeter by resource\nname. The longrunning operation from this RPC will have a successful status\nonce the Service Perimeter has been\nremoved from long-lasting storage."
+              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/accessLevels"
             }
           }
+        }
+      }
+    }
+  },
+  "parameters": {
+    "alt": {
+      "enum": [
+        "json",
+        "media",
+        "proto"
+      ],
+      "type": "string",
+      "enumDescriptions": [
+        "Responses with Content-Type of application/json",
+        "Media download with context-dependent Content-Type",
+        "Responses with Content-Type of application/x-protobuf"
+      ],
+      "location": "query",
+      "description": "Data format for response.",
+      "default": "json"
+    },
+    "key": {
+      "location": "query",
+      "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
+      "type": "string"
+    },
+    "access_token": {
+      "location": "query",
+      "description": "OAuth access token.",
+      "type": "string"
+    },
+    "upload_protocol": {
+      "location": "query",
+      "description": "Upload protocol for media (e.g. \"raw\", \"multipart\").",
+      "type": "string"
+    },
+    "prettyPrint": {
+      "location": "query",
+      "description": "Returns response with indentations and line breaks.",
+      "type": "boolean",
+      "default": "true"
+    },
+    "quotaUser": {
+      "location": "query",
+      "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
+      "type": "string"
+    },
+    "fields": {
+      "location": "query",
+      "description": "Selector specifying which fields to include in a partial response.",
+      "type": "string"
+    },
+    "uploadType": {
+      "location": "query",
+      "description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
+      "type": "string"
+    },
+    "$.xgafv": {
+      "enum": [
+        "1",
+        "2"
+      ],
+      "description": "V1 error format.",
+      "type": "string",
+      "enumDescriptions": [
+        "v1 error format",
+        "v2 error format"
+      ],
+      "location": "query"
+    },
+    "oauth_token": {
+      "description": "OAuth 2.0 token for the current user.",
+      "type": "string",
+      "location": "query"
+    },
+    "callback": {
+      "location": "query",
+      "description": "JSONP",
+      "type": "string"
+    }
+  },
+  "version": "v1beta",
+  "baseUrl": "https://accesscontextmanager.googleapis.com/",
+  "kind": "discovery#restDescription",
+  "description": "An API for setting attribute based access control to requests to GCP services.",
+  "servicePath": "",
+  "basePath": "",
+  "id": "accesscontextmanager:v1beta",
+  "documentationLink": "https://cloud.google.com/access-context-manager/docs/reference/rest/",
+  "revision": "20190306",
+  "discoveryVersion": "v1",
+  "version_module": true,
+  "schemas": {
+    "Status": {
+      "properties": {
+        "message": {
+          "description": "A developer-facing error message, which should be in English. Any\nuser-facing error message should be localized and sent in the\ngoogle.rpc.Status.details field, or localized by the client.",
+          "type": "string"
+        },
+        "details": {
+          "description": "A list of messages that carry the error details.  There is a common set of\nmessage types for APIs to use.",
+          "type": "array",
+          "items": {
+            "additionalProperties": {
+              "description": "Properties of the object. Contains field @type with type URL.",
+              "type": "any"
+            },
+            "type": "object"
+          }
+        },
+        "code": {
+          "description": "The status code, which should be an enum value of google.rpc.Code.",
+          "format": "int32",
+          "type": "integer"
+        }
+      },
+      "id": "Status",
+      "description": "The `Status` type defines a logical error model that is suitable for different\nprogramming environments, including REST APIs and RPC APIs. It is used by\n[gRPC](https://github.com/grpc). The error model is designed to be:\n\n- Simple to use and understand for most users\n- Flexible enough to meet unexpected needs\n\n# Overview\n\nThe `Status` message contains three pieces of data: error code, error message,\nand error details. The error code should be an enum value of\ngoogle.rpc.Code, but it may accept additional error codes if needed.  The\nerror message should be a developer-facing English message that helps\ndevelopers *understand* and *resolve* the error. If a localized user-facing\nerror message is needed, put the localized message in the error details or\nlocalize it in the client. The optional error details may contain arbitrary\ninformation about the error. There is a predefined set of error detail types\nin the package `google.rpc` that can be used for common error conditions.\n\n# Language mapping\n\nThe `Status` message is the logical representation of the error model, but it\nis not necessarily the actual wire format. When the `Status` message is\nexposed in different client libraries and different wire protocols, it can be\nmapped differently. For example, it will likely be mapped to some exceptions\nin Java, but more likely mapped to some error codes in C.\n\n# Other uses\n\nThe error model and the `Status` message can be used in a variety of\nenvironments, either with or without APIs, to provide a\nconsistent developer experience across different environments.\n\nExample uses of this error model include:\n\n- Partial errors. If a service needs to return partial errors to the client,\n    it may embed the `Status` in the normal response to indicate the partial\n    errors.\n\n- Workflow errors. A typical workflow has multiple steps. Each step may\n    have a `Status` message for error reporting.\n\n- Batch operations. If a client uses batch request and batch response, the\n    `Status` message should be used directly inside batch response, one for\n    each error sub-response.\n\n- Asynchronous operations. If an API call embeds asynchronous operation\n    results in its response, the status of those operations should be\n    represented directly using the `Status` message.\n\n- Logging. If some API errors are stored in logs, the message `Status` could\n    be used directly after any stripping needed for security/privacy reasons.",
+      "type": "object"
+    },
+    "OsConstraint": {
+      "description": "A restriction on the OS type and version of devices making requests.",
+      "type": "object",
+      "properties": {
+        "osType": {
+          "enumDescriptions": [
+            "The operating system of the device is not specified or not known.",
+            "A desktop Mac operating system.",
+            "A desktop Windows operating system.",
+            "A desktop Linux operating system.",
+            "A desktop ChromeOS operating system."
+          ],
+          "enum": [
+            "OS_UNSPECIFIED",
+            "DESKTOP_MAC",
+            "DESKTOP_WINDOWS",
+            "DESKTOP_LINUX",
+            "DESKTOP_CHROME_OS"
+          ],
+          "description": "Required. The allowed OS type.",
+          "type": "string"
+        },
+        "minimumVersion": {
+          "description": "The minimum allowed OS version. If not set, any version of this OS\nsatisfies the constraint. Format: `\"major.minor.patch\"`.\nExamples: `\"10.5.301\"`, `\"9.2.1\"`.",
+          "type": "string"
+        }
+      },
+      "id": "OsConstraint"
+    },
+    "ServicePerimeter": {
+      "properties": {
+        "title": {
+          "description": "Human readable title. Must be unique within the Policy.",
+          "type": "string"
+        },
+        "description": {
+          "description": "Description of the `ServicePerimeter` and its use. Does not affect\nbehavior.",
+          "type": "string"
+        },
+        "createTime": {
+          "description": "Output only. Time the `ServicePerimeter` was created in UTC.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "status": {
+          "$ref": "ServicePerimeterConfig",
+          "description": "Current ServicePerimeter configuration. Specifies sets of resources,\nrestricted/unrestricted services and access levels that determine perimeter\ncontent and boundaries."
+        },
+        "updateTime": {
+          "description": "Output only. Time the `ServicePerimeter` was updated in UTC.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "name": {
+          "description": "Required. Resource name for the ServicePerimeter.  The `short_name`\ncomponent must begin with a letter and only include alphanumeric and '_'.\nFormat: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`",
+          "type": "string"
+        },
+        "perimeterType": {
+          "enumDescriptions": [
+            "Regular Perimeter.",
+            "Perimeter Bridge."
+          ],
+          "enum": [
+            "PERIMETER_TYPE_REGULAR",
+            "PERIMETER_TYPE_BRIDGE"
+          ],
+          "description": "Perimeter type indicator. A single project is\nallowed to be a member of single regular perimeter, but multiple service\nperimeter bridges. A project cannot be a included in a perimeter bridge\nwithout being included in regular perimeter. For perimeter bridges,\nrestricted/unrestricted service lists as well as access lists must be\nempty.",
+          "type": "string"
+        }
+      },
+      "id": "ServicePerimeter",
+      "description": "`ServicePerimeter` describes a set of GCP resources which can freely import\nand export data amongst themselves, but not export outside of the\n`ServicePerimeter`. If a request with a source within this `ServicePerimeter`\nhas a target outside of the `ServicePerimeter`, the request will be blocked.\nOtherwise the request is allowed. There are two types of Service Perimeter -\nRegular and Bridge. Regular Service Perimeters cannot overlap, a single GCP\nproject can only belong to a single regular Service Perimeter. Service\nPerimeter Bridges can contain only GCP projects as members, a single GCP\nproject may belong to multiple Service Perimeter Bridges.",
+      "type": "object"
+    },
+    "Condition": {
+      "properties": {
+        "ipSubnetworks": {
+          "description": "CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for\na CIDR IP address block, the specified IP address portion must be properly\ntruncated (i.e. all the host bits must be zero) or the input is considered\nmalformed. For example, \"192.0.2.0/24\" is accepted but \"192.0.2.1/24\" is\nnot. Similarly, for IPv6, \"2001:db8::/32\" is accepted whereas\n\"2001:db8::1/32\" is not. The originating IP of a request must be in one of\nthe listed subnets in order for this Condition to be true. If empty, all IP\naddresses are allowed.",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "requiredAccessLevels": {
+          "description": "A list of other access levels defined in the same `Policy`, referenced by\nresource name. Referencing an `AccessLevel` which does not exist is an\nerror. All access levels listed must be granted for the Condition\nto be true. Example:\n\"`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME\"`",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "negate": {
+          "description": "Whether to negate the Condition. If true, the Condition becomes a NAND over\nits non-empty fields, each field must be false for the Condition overall to\nbe satisfied. Defaults to false.",
+          "type": "boolean"
+        },
+        "devicePolicy": {
+          "description": "Device specific restrictions, all restrictions must hold for the\nCondition to be true. If not specified, all devices are allowed.",
+          "$ref": "DevicePolicy"
+        },
+        "members": {
+          "description": "The request must be made by one of the provided user or service\naccounts. Groups are not supported.\nSyntax:\n`user:{emailid}`\n`serviceAccount:{emailid}`\nIf not specified, a request may come from any user.",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        }
+      },
+      "id": "Condition",
+      "description": "A condition necessary for an `AccessLevel` to be granted. The Condition is an\nAND over its fields. So a Condition is true if: 1) the request IP is from one\nof the listed subnetworks AND 2) the originating device complies with the\nlisted device policy AND 3) all listed access levels are granted AND 4) the\nrequest was sent at a time allowed by the DateTimeRestriction.",
+      "type": "object"
+    },
+    "ListAccessLevelsResponse": {
+      "description": "A response to `ListAccessLevelsRequest`.",
+      "type": "object",
+      "properties": {
+        "nextPageToken": {
+          "description": "The pagination token to retrieve the next page of results. If the value is\nempty, no further results remain.",
+          "type": "string"
         },
         "accessLevels": {
-          "methods": {
-            "delete": {
-              "response": {
-                "$ref": "Operation"
-              },
-              "parameterOrder": [
-                "name"
-              ],
-              "httpMethod": "DELETE",
-              "scopes": [
-                "https://www.googleapis.com/auth/cloud-platform"
-              ],
-              "parameters": {
-                "name": {
-                  "pattern": "^accessPolicies/[^/]+/accessLevels/[^/]+$",
-                  "location": "path",
-                  "description": "Required. Resource name for the Access Level.\n\nFormat:\n`accessPolicies/{policy_id}/accessLevels/{access_level_id}`",
-                  "required": true,
-                  "type": "string"
-                }
-              },
-              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/accessLevels/{accessLevelsId}",
-              "path": "v1beta/{+name}",
-              "id": "accesscontextmanager.accessPolicies.accessLevels.delete",
-              "description": "Delete an Access Level by resource\nname. The longrunning operation from this RPC will have a successful status\nonce the Access Level has been removed\nfrom long-lasting storage."
-            },
-            "list": {
-              "id": "accesscontextmanager.accessPolicies.accessLevels.list",
-              "path": "v1beta/{+parent}/accessLevels",
-              "description": "List all Access Levels for an access\npolicy.",
-              "httpMethod": "GET",
-              "parameterOrder": [
-                "parent"
-              ],
-              "response": {
-                "$ref": "ListAccessLevelsResponse"
-              },
-              "parameters": {
-                "pageSize": {
-                  "description": "Number of Access Levels to include in\nthe list. Default 100.",
-                  "format": "int32",
-                  "type": "integer",
-                  "location": "query"
-                },
-                "accessLevelFormat": {
-                  "location": "query",
-                  "enum": [
-                    "LEVEL_FORMAT_UNSPECIFIED",
-                    "AS_DEFINED",
-                    "CEL"
-                  ],
-                  "description": "Whether to return `BasicLevels` in the Cloud Common Expression language, as\n`CustomLevels`, rather than as `BasicLevels`. Defaults to returning\n`AccessLevels` in the format they were defined.",
-                  "type": "string"
-                },
-                "parent": {
-                  "pattern": "^accessPolicies/[^/]+$",
-                  "location": "path",
-                  "description": "Required. Resource name for the access policy to list Access Levels from.\n\nFormat:\n`accessPolicies/{policy_id}`",
-                  "required": true,
-                  "type": "string"
-                },
-                "pageToken": {
-                  "location": "query",
-                  "description": "Next page token for the next batch of Access Level instances.\nDefaults to the first page of results.",
-                  "type": "string"
-                }
-              },
-              "scopes": [
-                "https://www.googleapis.com/auth/cloud-platform"
-              ],
-              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/accessLevels"
-            },
-            "get": {
-              "description": "Get an Access Level by resource\nname.",
-              "response": {
-                "$ref": "AccessLevel"
-              },
-              "parameterOrder": [
-                "name"
-              ],
-              "httpMethod": "GET",
-              "parameters": {
-                "name": {
-                  "location": "path",
-                  "description": "Required. Resource name for the Access Level.\n\nFormat:\n`accessPolicies/{policy_id}/accessLevels/{access_level_id}`",
-                  "required": true,
-                  "type": "string",
-                  "pattern": "^accessPolicies/[^/]+/accessLevels/[^/]+$"
-                },
-                "accessLevelFormat": {
-                  "location": "query",
-                  "enum": [
-                    "LEVEL_FORMAT_UNSPECIFIED",
-                    "AS_DEFINED",
-                    "CEL"
-                  ],
-                  "description": "Whether to return `BasicLevels` in the Cloud Common Expression\nLanguage rather than as `BasicLevels`. Defaults to AS_DEFINED, where\nAccess Levels\nare returned as `BasicLevels` or `CustomLevels` based on how they were\ncreated. If set to CEL, all Access Levels are returned as\n`CustomLevels`. In the CEL case, `BasicLevels` are translated to equivalent\n`CustomLevels`.",
-                  "type": "string"
-                }
-              },
-              "scopes": [
-                "https://www.googleapis.com/auth/cloud-platform"
-              ],
-              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/accessLevels/{accessLevelsId}",
-              "path": "v1beta/{+name}",
-              "id": "accesscontextmanager.accessPolicies.accessLevels.get"
-            },
-            "patch": {
-              "description": "Update an Access Level. The longrunning\noperation from this RPC will have a successful status once the changes to\nthe Access Level have propagated\nto long-lasting storage. Access Levels containing\nerrors will result in an error response for the first error encountered.",
-              "request": {
-                "$ref": "AccessLevel"
-              },
-              "httpMethod": "PATCH",
-              "parameterOrder": [
-                "name"
-              ],
-              "response": {
-                "$ref": "Operation"
-              },
-              "parameters": {
-                "name": {
-                  "location": "path",
-                  "description": "Required. Resource name for the Access Level. The `short_name` component\nmust begin with a letter and only include alphanumeric and '_'. Format:\n`accessPolicies/{policy_id}/accessLevels/{short_name}`",
-                  "required": true,
-                  "type": "string",
-                  "pattern": "^accessPolicies/[^/]+/accessLevels/[^/]+$"
-                },
-                "updateMask": {
-                  "description": "Required.  Mask to control which fields get updated. Must be non-empty.",
-                  "format": "google-fieldmask",
-                  "type": "string",
-                  "location": "query"
-                }
-              },
-              "scopes": [
-                "https://www.googleapis.com/auth/cloud-platform"
-              ],
-              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/accessLevels/{accessLevelsId}",
-              "id": "accesscontextmanager.accessPolicies.accessLevels.patch",
-              "path": "v1beta/{+name}"
-            },
-            "create": {
-              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/accessLevels",
-              "id": "accesscontextmanager.accessPolicies.accessLevels.create",
-              "path": "v1beta/{+parent}/accessLevels",
-              "description": "Create an Access Level. The longrunning\noperation from this RPC will have a successful status once the Access\nLevel has\npropagated to long-lasting storage. Access Levels containing\nerrors will result in an error response for the first error encountered.",
-              "request": {
-                "$ref": "AccessLevel"
-              },
-              "httpMethod": "POST",
-              "parameterOrder": [
-                "parent"
-              ],
-              "response": {
-                "$ref": "Operation"
-              },
-              "parameters": {
-                "parent": {
-                  "location": "path",
-                  "description": "Required. Resource name for the access policy which owns this Access\nLevel.\n\nFormat: `accessPolicies/{policy_id}`",
-                  "required": true,
-                  "type": "string",
-                  "pattern": "^accessPolicies/[^/]+$"
-                }
-              },
-              "scopes": [
-                "https://www.googleapis.com/auth/cloud-platform"
-              ]
-            }
+          "description": "List of the Access Level instances.",
+          "type": "array",
+          "items": {
+            "$ref": "AccessLevel"
+          }
+        }
+      },
+      "id": "ListAccessLevelsResponse"
+    },
+    "ServicePerimeterConfig": {
+      "description": "`ServicePerimeterConfig` specifies a set of GCP resources that describe\nspecific Service Perimeter configuration.",
+      "type": "object",
+      "properties": {
+        "resources": {
+          "description": "A list of GCP resources that are inside of the service perimeter.\nCurrently only projects are allowed. Format: `projects/{project_number}`",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "unrestrictedServices": {
+          "description": "GCP services that are not subject to the Service Perimeter\nrestrictions. Deprecated. Must be set to a single wildcard \"*\".\n\nThe wildcard means that unless explicitly specified by\n\"restricted_services\" list, any service is treated as unrestricted.",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "accessLevels": {
+          "description": "A list of `AccessLevel` resource names that allow resources within the\n`ServicePerimeter` to be accessed from the internet. `AccessLevels` listed\nmust be in the same policy as this `ServicePerimeter`. Referencing a\nnonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are\nlisted, resources within the perimeter can only be accessed via GCP calls\nwith request origins within the perimeter. Example:\n`\"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL\"`.\nFor Service Perimeter Bridge, must be empty.",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "restrictedServices": {
+          "description": "GCP services that are subject to the Service Perimeter restrictions. Must\ncontain a list of services. For example, if\n`storage.googleapis.com` is specified, access to the storage buckets\ninside the perimeter must meet the perimeter's access restrictions.",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        }
+      },
+      "id": "ServicePerimeterConfig"
+    },
+    "BasicLevel": {
+      "description": "`BasicLevel` is an `AccessLevel` using a set of recommended features.",
+      "type": "object",
+      "properties": {
+        "combiningFunction": {
+          "enum": [
+            "AND",
+            "OR"
+          ],
+          "description": "How the `conditions` list should be combined to determine if a request is\ngranted this `AccessLevel`. If AND is used, each `Condition` in\n`conditions` must be satisfied for the `AccessLevel` to be applied. If OR\nis used, at least one `Condition` in `conditions` must be satisfied for the\n`AccessLevel` to be applied. Default behavior is AND.",
+          "type": "string",
+          "enumDescriptions": [
+            "All `Conditions` must be true for the `BasicLevel` to be true.",
+            "If at least one `Condition` is true, then the `BasicLevel` is true."
+          ]
+        },
+        "conditions": {
+          "description": "Required. A list of requirements for the `AccessLevel` to be granted.",
+          "type": "array",
+          "items": {
+            "$ref": "Condition"
+          }
+        }
+      },
+      "id": "BasicLevel"
+    },
+    "ListServicePerimetersResponse": {
+      "description": "A response to `ListServicePerimetersRequest`.",
+      "type": "object",
+      "properties": {
+        "servicePerimeters": {
+          "description": "List of the Service Perimeter instances.",
+          "type": "array",
+          "items": {
+            "$ref": "ServicePerimeter"
           }
+        },
+        "nextPageToken": {
+          "description": "The pagination token to retrieve the next page of results. If the value is\nempty, no further results remain.",
+          "type": "string"
         }
-      }
-    }
-  },
-  "parameters": {
-    "uploadType": {
-      "description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
-      "type": "string",
-      "location": "query"
-    },
-    "fields": {
-      "location": "query",
-      "description": "Selector specifying which fields to include in a partial response.",
-      "type": "string"
-    },
-    "callback": {
-      "location": "query",
-      "description": "JSONP",
-      "type": "string"
-    },
-    "oauth_token": {
-      "description": "OAuth 2.0 token for the current user.",
-      "type": "string",
-      "location": "query"
-    },
-    "$.xgafv": {
-      "description": "V1 error format.",
-      "type": "string",
-      "enumDescriptions": [
-        "v1 error format",
-        "v2 error format"
-      ],
-      "location": "query",
-      "enum": [
-        "1",
-        "2"
-      ]
-    },
-    "alt": {
-      "enum": [
-        "json",
-        "media",
-        "proto"
-      ],
-      "type": "string",
-      "enumDescriptions": [
-        "Responses with Content-Type of application/json",
-        "Media download with context-dependent Content-Type",
-        "Responses with Content-Type of application/x-protobuf"
-      ],
-      "location": "query",
-      "description": "Data format for response.",
-      "default": "json"
+      },
+      "id": "ListServicePerimetersResponse"
     },
-    "key": {
-      "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
-      "type": "string",
-      "location": "query"
+    "ListAccessPoliciesResponse": {
+      "description": "A response to `ListAccessPoliciesRequest`.",
+      "type": "object",
+      "properties": {
+        "nextPageToken": {
+          "description": "The pagination token to retrieve the next page of results. If the value is\nempty, no further results remain.",
+          "type": "string"
+        },
+        "accessPolicies": {
+          "description": "List of the AccessPolicy instances.",
+          "type": "array",
+          "items": {
+            "$ref": "AccessPolicy"
+          }
+        }
+      },
+      "id": "ListAccessPoliciesResponse"
     },
-    "access_token": {
-      "description": "OAuth access token.",
-      "type": "string",
-      "location": "query"
+    "DevicePolicy": {
+      "description": "`DevicePolicy` specifies device specific restrictions necessary to acquire a\ngiven access level. A `DevicePolicy` specifies requirements for requests from\ndevices to be granted access levels, it does not do any enforcement on the\ndevice. `DevicePolicy` acts as an AND over all specified fields, and each\nrepeated field is an OR over its elements. Any unset fields are ignored. For\nexample, if the proto is { os_type : DESKTOP_WINDOWS, os_type :\nDESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be\ntrue for requests originating from encrypted Linux desktops and encrypted\nWindows desktops.",
+      "type": "object",
+      "properties": {
+        "allowedEncryptionStatuses": {
+          "enumDescriptions": [
+            "The encryption status of the device is not specified or not known.",
+            "The device does not support encryption.",
+            "The device supports encryption, but is currently unencrypted.",
+            "The device is encrypted."
+          ],
+          "description": "Allowed encryptions statuses, an empty list allows all statuses.",
+          "type": "array",
+          "items": {
+            "enum": [
+              "ENCRYPTION_UNSPECIFIED",
+              "ENCRYPTION_UNSUPPORTED",
+              "UNENCRYPTED",
+              "ENCRYPTED"
+            ],
+            "type": "string"
+          }
+        },
+        "requireScreenlock": {
+          "description": "Whether or not screenlock is required for the DevicePolicy to be true.\nDefaults to `false`.",
+          "type": "boolean"
+        },
+        "allowedDeviceManagementLevels": {
+          "description": "Allowed device management levels, an empty list allows all management\nlevels.",
+          "type": "array",
+          "items": {
+            "enum": [
+              "MANAGEMENT_UNSPECIFIED",
+              "NONE",
+              "BASIC",
+              "COMPLETE"
+            ],
+            "type": "string"
+          },
+          "enumDescriptions": [
+            "The device's management level is not specified or not known.",
+            "The device is not managed.",
+            "Basic management is enabled, which is generally limited to monitoring and\nwiping the corporate account.",
+            "Complete device management. This includes more thorough monitoring and the\nability to directly manage the device (such as remote wiping). This can be\nenabled through the Android Enterprise Platform."
+          ]
+        },
+        "osConstraints": {
+          "description": "Allowed OS versions, an empty list allows all types and all versions.",
+          "type": "array",
+          "items": {
+            "$ref": "OsConstraint"
+          }
+        }
+      },
+      "id": "DevicePolicy"
     },
-    "upload_protocol": {
-      "location": "query",
-      "description": "Upload protocol for media (e.g. \"raw\", \"multipart\").",
-      "type": "string"
+    "AccessLevel": {
+      "description": "An `AccessLevel` is a label that can be applied to requests to GCP services,\nalong with a list of requirements necessary for the label to be applied.",
+      "type": "object",
+      "properties": {
+        "description": {
+          "description": "Description of the `AccessLevel` and its use. Does not affect behavior.",
+          "type": "string"
+        },
+        "createTime": {
+          "description": "Output only. Time the `AccessLevel` was created in UTC.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "updateTime": {
+          "description": "Output only. Time the `AccessLevel` was updated in UTC.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "name": {
+          "description": "Required. Resource name for the Access Level. The `short_name` component\nmust begin with a letter and only include alphanumeric and '_'. Format:\n`accessPolicies/{policy_id}/accessLevels/{short_name}`",
+          "type": "string"
+        },
+        "basic": {
+          "$ref": "BasicLevel",
+          "description": "A `BasicLevel` composed of `Conditions`."
+        },
+        "title": {
+          "description": "Human readable title. Must be unique within the Policy.",
+          "type": "string"
+        }
+      },
+      "id": "AccessLevel"
     },
-    "quotaUser": {
-      "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
-      "type": "string",
-      "location": "query"
+    "AccessPolicy": {
+      "description": "`AccessPolicy` is a container for `AccessLevels` (which define the necessary\nattributes to use GCP services) and `ServicePerimeters` (which define regions\nof services able to freely pass data within a perimeter). An access policy is\nglobally visible within an organization, and the restrictions it specifies\napply to all projects within an organization.",
+      "type": "object",
+      "properties": {
+        "updateTime": {
+          "description": "Output only. Time the `AccessPolicy` was updated in UTC.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "name": {
+          "description": "Output only. Resource name of the `AccessPolicy`. Format:\n`accessPolicies/{policy_id}`",
+          "type": "string"
+        },
+        "parent": {
+          "description": "Required. The parent of this `AccessPolicy` in the Cloud Resource\nHierarchy. Currently immutable once created. Format:\n`organizations/{organization_id}`",
+          "type": "string"
+        },
+        "createTime": {
+          "description": "Output only. Time the `AccessPolicy` was created in UTC.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "title": {
+          "description": "Required. Human readable title. Does not affect behavior.",
+          "type": "string"
+        }
+      },
+      "id": "AccessPolicy"
     },
-    "prettyPrint": {
-      "location": "query",
-      "description": "Returns response with indentations and line breaks.",
-      "type": "boolean",
-      "default": "true"
+    "Operation": {
+      "properties": {
+        "response": {
+          "additionalProperties": {
+            "description": "Properties of the object. Contains field @type with type URL.",
+            "type": "any"
+          },
+          "description": "The normal response of the operation in case of success.  If the original\nmethod returns no data on success, such as `Delete`, the response is\n`google.protobuf.Empty`.  If the original method is standard\n`Get`/`Create`/`Update`, the response should be the resource.  For other\nmethods, the response should have the type `XxxResponse`, where `Xxx`\nis the original method name.  For example, if the original method name\nis `TakeSnapshot()`, the inferred response type is\n`TakeSnapshotResponse`.",
+          "type": "object"
+        },
+        "name": {
+          "description": "The server-assigned name, which is only unique within the same service that\noriginally returns it. If you use the default HTTP mapping, the\n`name` should have the format of `operations/some/unique/name`.",
+          "type": "string"
+        },
+        "error": {
+          "description": "The error result of the operation in case of failure or cancellation.",
+          "$ref": "Status"
+        },
+        "metadata": {
+          "additionalProperties": {
+            "description": "Properties of the object. Contains field @type with type URL.",
+            "type": "any"
+          },
+          "description": "Service-specific metadata associated with the operation.  It typically\ncontains progress information and common metadata such as create time.\nSome services might not provide such metadata.  Any method that returns a\nlong-running operation should document the metadata type, if any.",
+          "type": "object"
+        },
+        "done": {
+          "description": "If the value is `false`, it means the operation is still in progress.\nIf `true`, the operation is completed, and either `error` or `response` is\navailable.",
+          "type": "boolean"
+        }
+      },
+      "id": "Operation",
+      "description": "This resource represents a long-running operation that is the result of a\nnetwork API call.",
+      "type": "object"
     }
   },
-  "version": "v1beta",
-  "baseUrl": "https://accesscontextmanager.googleapis.com/",
-  "servicePath": "",
-  "kind": "discovery#restDescription",
-  "description": "An API for setting attribute based access control to requests to GCP services.",
-  "basePath": ""
+  "protocol": "rest",
+  "icons": {
+    "x16": "http://www.google.com/images/icons/product/search-16.gif",
+    "x32": "http://www.google.com/images/icons/product/search-32.gif"
+  }
 }
diff --git a/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/AccessContextManager.java b/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/AccessContextManager.java
new file mode 100644
index 00000000000..aacc4e4468f
--- /dev/null
+++ b/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/AccessContextManager.java
@@ -0,0 +1,3351 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1;
+
+/**
+ * Service definition for AccessContextManager (v1).
+ *
+ * <p>
+ * An API for setting attribute based access control to requests to GCP services.
+ * </p>
+ *
+ * <p>
+ * For more information about this service, see the
+ * <a href="https://cloud.google.com/access-context-manager/docs/reference/rest/" target="_blank">API Documentation</a>
+ * </p>
+ *
+ * <p>
+ * This service uses {@link AccessContextManagerRequestInitializer} to initialize global parameters via its
+ * {@link Builder}.
+ * </p>
+ *
+ * @since 1.3
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public class AccessContextManager extends com.google.api.client.googleapis.services.json.AbstractGoogleJsonClient {
+
+  // Note: Leave this static initializer at the top of the file.
+  static {
+    com.google.api.client.util.Preconditions.checkState(
+        com.google.api.client.googleapis.GoogleUtils.MAJOR_VERSION == 1 &&
+        com.google.api.client.googleapis.GoogleUtils.MINOR_VERSION >= 15,
+        "You are currently running with version %s of google-api-client. " +
+        "You need at least version 1.15 of google-api-client to run version " +
+        "1.28.0 of the Access Context Manager API library.", com.google.api.client.googleapis.GoogleUtils.VERSION);
+  }
+
+  /**
+   * The default encoded root URL of the service. This is determined when the library is generated
+   * and normally should not be changed.
+   *
+   * @since 1.7
+   */
+  public static final String DEFAULT_ROOT_URL = "https://accesscontextmanager.googleapis.com/";
+
+  /**
+   * The default encoded service path of the service. This is determined when the library is
+   * generated and normally should not be changed.
+   *
+   * @since 1.7
+   */
+  public static final String DEFAULT_SERVICE_PATH = "";
+
+  /**
+   * The default encoded batch path of the service. This is determined when the library is
+   * generated and normally should not be changed.
+   *
+   * @since 1.23
+   */
+  public static final String DEFAULT_BATCH_PATH = "batch";
+
+  /**
+   * The default encoded base URL of the service. This is determined when the library is generated
+   * and normally should not be changed.
+   */
+  public static final String DEFAULT_BASE_URL = DEFAULT_ROOT_URL + DEFAULT_SERVICE_PATH;
+
+  /**
+   * Constructor.
+   *
+   * <p>
+   * Use {@link Builder} if you need to specify any of the optional parameters.
+   * </p>
+   *
+   * @param transport HTTP transport, which should normally be:
+   *        <ul>
+   *        <li>Google App Engine:
+   *        {@code com.google.api.client.extensions.appengine.http.UrlFetchTransport}</li>
+   *        <li>Android: {@code newCompatibleTransport} from
+   *        {@code com.google.api.client.extensions.android.http.AndroidHttp}</li>
+   *        <li>Java: {@link com.google.api.client.googleapis.javanet.GoogleNetHttpTransport#newTrustedTransport()}
+   *        </li>
+   *        </ul>
+   * @param jsonFactory JSON factory, which may be:
+   *        <ul>
+   *        <li>Jackson: {@code com.google.api.client.json.jackson2.JacksonFactory}</li>
+   *        <li>Google GSON: {@code com.google.api.client.json.gson.GsonFactory}</li>
+   *        <li>Android Honeycomb or higher:
+   *        {@code com.google.api.client.extensions.android.json.AndroidJsonFactory}</li>
+   *        </ul>
+   * @param httpRequestInitializer HTTP request initializer or {@code null} for none
+   * @since 1.7
+   */
+  public AccessContextManager(com.google.api.client.http.HttpTransport transport, com.google.api.client.json.JsonFactory jsonFactory,
+      com.google.api.client.http.HttpRequestInitializer httpRequestInitializer) {
+    this(new Builder(transport, jsonFactory, httpRequestInitializer));
+  }
+
+  /**
+   * @param builder builder
+   */
+  AccessContextManager(Builder builder) {
+    super(builder);
+  }
+
+  @Override
+  protected void initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest<?> httpClientRequest) throws java.io.IOException {
+    super.initialize(httpClientRequest);
+  }
+
+  /**
+   * An accessor for creating requests from the AccessPolicies collection.
+   *
+   * <p>The typical use is:</p>
+   * <pre>
+   *   {@code AccessContextManager accesscontextmanager = new AccessContextManager(...);}
+   *   {@code AccessContextManager.AccessPolicies.List request = accesscontextmanager.accessPolicies().list(parameters ...)}
+   * </pre>
+   *
+   * @return the resource collection
+   */
+  public AccessPolicies accessPolicies() {
+    return new AccessPolicies();
+  }
+
+  /**
+   * The "accessPolicies" collection of methods.
+   */
+  public class AccessPolicies {
+
+    /**
+     * Create an `AccessPolicy`. Fails if this organization already has a `AccessPolicy`. The
+     * longrunning Operation will have a successful status once the `AccessPolicy` has propagated to
+     * long-lasting storage. Syntactic and basic semantic errors will be returned in `metadata` as a
+     * BadRequest proto.
+     *
+     * Create a request for the method "accessPolicies.create".
+     *
+     * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+     * optional parameters, call the {@link Create#execute()} method to invoke the remote operation.
+     *
+     * @param content the {@link com.google.api.services.accesscontextmanager.v1.model.AccessPolicy}
+     * @return the request
+     */
+    public Create create(com.google.api.services.accesscontextmanager.v1.model.AccessPolicy content) throws java.io.IOException {
+      Create result = new Create(content);
+      initialize(result);
+      return result;
+    }
+
+    public class Create extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.Operation> {
+
+      private static final String REST_PATH = "v1/accessPolicies";
+
+      /**
+       * Create an `AccessPolicy`. Fails if this organization already has a `AccessPolicy`. The
+       * longrunning Operation will have a successful status once the `AccessPolicy` has propagated to
+       * long-lasting storage. Syntactic and basic semantic errors will be returned in `metadata` as a
+       * BadRequest proto.
+       *
+       * Create a request for the method "accessPolicies.create".
+       *
+       * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+       * any optional parameters, call the {@link Create#execute()} method to invoke the remote
+       * operation. <p> {@link
+       * Create#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must
+       * be called to initialize this instance immediately after invoking the constructor. </p>
+       *
+       * @param content the {@link com.google.api.services.accesscontextmanager.v1.model.AccessPolicy}
+       * @since 1.13
+       */
+      protected Create(com.google.api.services.accesscontextmanager.v1.model.AccessPolicy content) {
+        super(AccessContextManager.this, "POST", REST_PATH, content, com.google.api.services.accesscontextmanager.v1.model.Operation.class);
+      }
+
+      @Override
+      public Create set$Xgafv(java.lang.String $Xgafv) {
+        return (Create) super.set$Xgafv($Xgafv);
+      }
+
+      @Override
+      public Create setAccessToken(java.lang.String accessToken) {
+        return (Create) super.setAccessToken(accessToken);
+      }
+
+      @Override
+      public Create setAlt(java.lang.String alt) {
+        return (Create) super.setAlt(alt);
+      }
+
+      @Override
+      public Create setCallback(java.lang.String callback) {
+        return (Create) super.setCallback(callback);
+      }
+
+      @Override
+      public Create setFields(java.lang.String fields) {
+        return (Create) super.setFields(fields);
+      }
+
+      @Override
+      public Create setKey(java.lang.String key) {
+        return (Create) super.setKey(key);
+      }
+
+      @Override
+      public Create setOauthToken(java.lang.String oauthToken) {
+        return (Create) super.setOauthToken(oauthToken);
+      }
+
+      @Override
+      public Create setPrettyPrint(java.lang.Boolean prettyPrint) {
+        return (Create) super.setPrettyPrint(prettyPrint);
+      }
+
+      @Override
+      public Create setQuotaUser(java.lang.String quotaUser) {
+        return (Create) super.setQuotaUser(quotaUser);
+      }
+
+      @Override
+      public Create setUploadType(java.lang.String uploadType) {
+        return (Create) super.setUploadType(uploadType);
+      }
+
+      @Override
+      public Create setUploadProtocol(java.lang.String uploadProtocol) {
+        return (Create) super.setUploadProtocol(uploadProtocol);
+      }
+
+      @Override
+      public Create set(String parameterName, Object value) {
+        return (Create) super.set(parameterName, value);
+      }
+    }
+    /**
+     * Delete an AccessPolicy by resource name. The longrunning Operation will have a successful status
+     * once the AccessPolicy has been removed from long-lasting storage.
+     *
+     * Create a request for the method "accessPolicies.delete".
+     *
+     * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+     * optional parameters, call the {@link Delete#execute()} method to invoke the remote operation.
+     *
+     * @param name Required. Resource name for the access policy to delete.
+    Format `accessPolicies/{policy_id}`
+     * @return the request
+     */
+    public Delete delete(java.lang.String name) throws java.io.IOException {
+      Delete result = new Delete(name);
+      initialize(result);
+      return result;
+    }
+
+    public class Delete extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.Operation> {
+
+      private static final String REST_PATH = "v1/{+name}";
+
+      private final java.util.regex.Pattern NAME_PATTERN =
+          java.util.regex.Pattern.compile("^accessPolicies/[^/]+$");
+
+      /**
+       * Delete an AccessPolicy by resource name. The longrunning Operation will have a successful
+       * status once the AccessPolicy has been removed from long-lasting storage.
+       *
+       * Create a request for the method "accessPolicies.delete".
+       *
+       * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+       * any optional parameters, call the {@link Delete#execute()} method to invoke the remote
+       * operation. <p> {@link
+       * Delete#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must
+       * be called to initialize this instance immediately after invoking the constructor. </p>
+       *
+       * @param name Required. Resource name for the access policy to delete.
+    Format `accessPolicies/{policy_id}`
+       * @since 1.13
+       */
+      protected Delete(java.lang.String name) {
+        super(AccessContextManager.this, "DELETE", REST_PATH, null, com.google.api.services.accesscontextmanager.v1.model.Operation.class);
+        this.name = com.google.api.client.util.Preconditions.checkNotNull(name, "Required parameter name must be specified.");
+        if (!getSuppressPatternChecks()) {
+          com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+              "Parameter name must conform to the pattern " +
+              "^accessPolicies/[^/]+$");
+        }
+      }
+
+      @Override
+      public Delete set$Xgafv(java.lang.String $Xgafv) {
+        return (Delete) super.set$Xgafv($Xgafv);
+      }
+
+      @Override
+      public Delete setAccessToken(java.lang.String accessToken) {
+        return (Delete) super.setAccessToken(accessToken);
+      }
+
+      @Override
+      public Delete setAlt(java.lang.String alt) {
+        return (Delete) super.setAlt(alt);
+      }
+
+      @Override
+      public Delete setCallback(java.lang.String callback) {
+        return (Delete) super.setCallback(callback);
+      }
+
+      @Override
+      public Delete setFields(java.lang.String fields) {
+        return (Delete) super.setFields(fields);
+      }
+
+      @Override
+      public Delete setKey(java.lang.String key) {
+        return (Delete) super.setKey(key);
+      }
+
+      @Override
+      public Delete setOauthToken(java.lang.String oauthToken) {
+        return (Delete) super.setOauthToken(oauthToken);
+      }
+
+      @Override
+      public Delete setPrettyPrint(java.lang.Boolean prettyPrint) {
+        return (Delete) super.setPrettyPrint(prettyPrint);
+      }
+
+      @Override
+      public Delete setQuotaUser(java.lang.String quotaUser) {
+        return (Delete) super.setQuotaUser(quotaUser);
+      }
+
+      @Override
+      public Delete setUploadType(java.lang.String uploadType) {
+        return (Delete) super.setUploadType(uploadType);
+      }
+
+      @Override
+      public Delete setUploadProtocol(java.lang.String uploadProtocol) {
+        return (Delete) super.setUploadProtocol(uploadProtocol);
+      }
+
+      /**
+       * Required. Resource name for the access policy to delete.
+       *
+       * Format `accessPolicies/{policy_id}`
+       */
+      @com.google.api.client.util.Key
+      private java.lang.String name;
+
+      /** Required. Resource name for the access policy to delete.
+
+     Format `accessPolicies/{policy_id}`
+       */
+      public java.lang.String getName() {
+        return name;
+      }
+
+      /**
+       * Required. Resource name for the access policy to delete.
+       *
+       * Format `accessPolicies/{policy_id}`
+       */
+      public Delete setName(java.lang.String name) {
+        if (!getSuppressPatternChecks()) {
+          com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+              "Parameter name must conform to the pattern " +
+              "^accessPolicies/[^/]+$");
+        }
+        this.name = name;
+        return this;
+      }
+
+      @Override
+      public Delete set(String parameterName, Object value) {
+        return (Delete) super.set(parameterName, value);
+      }
+    }
+    /**
+     * Get an AccessPolicy by name.
+     *
+     * Create a request for the method "accessPolicies.get".
+     *
+     * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+     * optional parameters, call the {@link Get#execute()} method to invoke the remote operation.
+     *
+     * @param name Required. Resource name for the access policy to get.
+    Format `accessPolicies/{policy_id}`
+     * @return the request
+     */
+    public Get get(java.lang.String name) throws java.io.IOException {
+      Get result = new Get(name);
+      initialize(result);
+      return result;
+    }
+
+    public class Get extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.AccessPolicy> {
+
+      private static final String REST_PATH = "v1/{+name}";
+
+      private final java.util.regex.Pattern NAME_PATTERN =
+          java.util.regex.Pattern.compile("^accessPolicies/[^/]+$");
+
+      /**
+       * Get an AccessPolicy by name.
+       *
+       * Create a request for the method "accessPolicies.get".
+       *
+       * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+       * any optional parameters, call the {@link Get#execute()} method to invoke the remote operation.
+       * <p> {@link
+       * Get#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must be
+       * called to initialize this instance immediately after invoking the constructor. </p>
+       *
+       * @param name Required. Resource name for the access policy to get.
+    Format `accessPolicies/{policy_id}`
+       * @since 1.13
+       */
+      protected Get(java.lang.String name) {
+        super(AccessContextManager.this, "GET", REST_PATH, null, com.google.api.services.accesscontextmanager.v1.model.AccessPolicy.class);
+        this.name = com.google.api.client.util.Preconditions.checkNotNull(name, "Required parameter name must be specified.");
+        if (!getSuppressPatternChecks()) {
+          com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+              "Parameter name must conform to the pattern " +
+              "^accessPolicies/[^/]+$");
+        }
+      }
+
+      @Override
+      public com.google.api.client.http.HttpResponse executeUsingHead() throws java.io.IOException {
+        return super.executeUsingHead();
+      }
+
+      @Override
+      public com.google.api.client.http.HttpRequest buildHttpRequestUsingHead() throws java.io.IOException {
+        return super.buildHttpRequestUsingHead();
+      }
+
+      @Override
+      public Get set$Xgafv(java.lang.String $Xgafv) {
+        return (Get) super.set$Xgafv($Xgafv);
+      }
+
+      @Override
+      public Get setAccessToken(java.lang.String accessToken) {
+        return (Get) super.setAccessToken(accessToken);
+      }
+
+      @Override
+      public Get setAlt(java.lang.String alt) {
+        return (Get) super.setAlt(alt);
+      }
+
+      @Override
+      public Get setCallback(java.lang.String callback) {
+        return (Get) super.setCallback(callback);
+      }
+
+      @Override
+      public Get setFields(java.lang.String fields) {
+        return (Get) super.setFields(fields);
+      }
+
+      @Override
+      public Get setKey(java.lang.String key) {
+        return (Get) super.setKey(key);
+      }
+
+      @Override
+      public Get setOauthToken(java.lang.String oauthToken) {
+        return (Get) super.setOauthToken(oauthToken);
+      }
+
+      @Override
+      public Get setPrettyPrint(java.lang.Boolean prettyPrint) {
+        return (Get) super.setPrettyPrint(prettyPrint);
+      }
+
+      @Override
+      public Get setQuotaUser(java.lang.String quotaUser) {
+        return (Get) super.setQuotaUser(quotaUser);
+      }
+
+      @Override
+      public Get setUploadType(java.lang.String uploadType) {
+        return (Get) super.setUploadType(uploadType);
+      }
+
+      @Override
+      public Get setUploadProtocol(java.lang.String uploadProtocol) {
+        return (Get) super.setUploadProtocol(uploadProtocol);
+      }
+
+      /**
+       * Required. Resource name for the access policy to get.
+       *
+       * Format `accessPolicies/{policy_id}`
+       */
+      @com.google.api.client.util.Key
+      private java.lang.String name;
+
+      /** Required. Resource name for the access policy to get.
+
+     Format `accessPolicies/{policy_id}`
+       */
+      public java.lang.String getName() {
+        return name;
+      }
+
+      /**
+       * Required. Resource name for the access policy to get.
+       *
+       * Format `accessPolicies/{policy_id}`
+       */
+      public Get setName(java.lang.String name) {
+        if (!getSuppressPatternChecks()) {
+          com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+              "Parameter name must conform to the pattern " +
+              "^accessPolicies/[^/]+$");
+        }
+        this.name = name;
+        return this;
+      }
+
+      @Override
+      public Get set(String parameterName, Object value) {
+        return (Get) super.set(parameterName, value);
+      }
+    }
+    /**
+     * List all AccessPolicies under a container.
+     *
+     * Create a request for the method "accessPolicies.list".
+     *
+     * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+     * optional parameters, call the {@link List#execute()} method to invoke the remote operation.
+     *
+     * @return the request
+     */
+    public List list() throws java.io.IOException {
+      List result = new List();
+      initialize(result);
+      return result;
+    }
+
+    public class List extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.ListAccessPoliciesResponse> {
+
+      private static final String REST_PATH = "v1/accessPolicies";
+
+      /**
+       * List all AccessPolicies under a container.
+       *
+       * Create a request for the method "accessPolicies.list".
+       *
+       * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+       * any optional parameters, call the {@link List#execute()} method to invoke the remote operation.
+       * <p> {@link
+       * List#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must be
+       * called to initialize this instance immediately after invoking the constructor. </p>
+       *
+       * @since 1.13
+       */
+      protected List() {
+        super(AccessContextManager.this, "GET", REST_PATH, null, com.google.api.services.accesscontextmanager.v1.model.ListAccessPoliciesResponse.class);
+      }
+
+      @Override
+      public com.google.api.client.http.HttpResponse executeUsingHead() throws java.io.IOException {
+        return super.executeUsingHead();
+      }
+
+      @Override
+      public com.google.api.client.http.HttpRequest buildHttpRequestUsingHead() throws java.io.IOException {
+        return super.buildHttpRequestUsingHead();
+      }
+
+      @Override
+      public List set$Xgafv(java.lang.String $Xgafv) {
+        return (List) super.set$Xgafv($Xgafv);
+      }
+
+      @Override
+      public List setAccessToken(java.lang.String accessToken) {
+        return (List) super.setAccessToken(accessToken);
+      }
+
+      @Override
+      public List setAlt(java.lang.String alt) {
+        return (List) super.setAlt(alt);
+      }
+
+      @Override
+      public List setCallback(java.lang.String callback) {
+        return (List) super.setCallback(callback);
+      }
+
+      @Override
+      public List setFields(java.lang.String fields) {
+        return (List) super.setFields(fields);
+      }
+
+      @Override
+      public List setKey(java.lang.String key) {
+        return (List) super.setKey(key);
+      }
+
+      @Override
+      public List setOauthToken(java.lang.String oauthToken) {
+        return (List) super.setOauthToken(oauthToken);
+      }
+
+      @Override
+      public List setPrettyPrint(java.lang.Boolean prettyPrint) {
+        return (List) super.setPrettyPrint(prettyPrint);
+      }
+
+      @Override
+      public List setQuotaUser(java.lang.String quotaUser) {
+        return (List) super.setQuotaUser(quotaUser);
+      }
+
+      @Override
+      public List setUploadType(java.lang.String uploadType) {
+        return (List) super.setUploadType(uploadType);
+      }
+
+      @Override
+      public List setUploadProtocol(java.lang.String uploadProtocol) {
+        return (List) super.setUploadProtocol(uploadProtocol);
+      }
+
+      /** Number of AccessPolicy instances to include in the list. Default 100. */
+      @com.google.api.client.util.Key
+      private java.lang.Integer pageSize;
+
+      /** Number of AccessPolicy instances to include in the list. Default 100.
+       */
+      public java.lang.Integer getPageSize() {
+        return pageSize;
+      }
+
+      /** Number of AccessPolicy instances to include in the list. Default 100. */
+      public List setPageSize(java.lang.Integer pageSize) {
+        this.pageSize = pageSize;
+        return this;
+      }
+
+      /**
+       * Next page token for the next batch of AccessPolicy instances. Defaults to the first page of
+       * results.
+       */
+      @com.google.api.client.util.Key
+      private java.lang.String pageToken;
+
+      /** Next page token for the next batch of AccessPolicy instances. Defaults to the first page of
+     results.
+       */
+      public java.lang.String getPageToken() {
+        return pageToken;
+      }
+
+      /**
+       * Next page token for the next batch of AccessPolicy instances. Defaults to the first page of
+       * results.
+       */
+      public List setPageToken(java.lang.String pageToken) {
+        this.pageToken = pageToken;
+        return this;
+      }
+
+      /**
+       * Required. Resource name for the container to list AccessPolicy instances from.
+       *
+       * Format: `organizations/{org_id}`
+       */
+      @com.google.api.client.util.Key
+      private java.lang.String parent;
+
+      /** Required. Resource name for the container to list AccessPolicy instances from.
+
+     Format: `organizations/{org_id}`
+       */
+      public java.lang.String getParent() {
+        return parent;
+      }
+
+      /**
+       * Required. Resource name for the container to list AccessPolicy instances from.
+       *
+       * Format: `organizations/{org_id}`
+       */
+      public List setParent(java.lang.String parent) {
+        this.parent = parent;
+        return this;
+      }
+
+      @Override
+      public List set(String parameterName, Object value) {
+        return (List) super.set(parameterName, value);
+      }
+    }
+    /**
+     * Update an AccessPolicy. The longrunning Operation from this RPC will have a successful status
+     * once the changes to the AccessPolicy have propagated to long-lasting storage. Syntactic and basic
+     * semantic errors will be returned in `metadata` as a BadRequest proto.
+     *
+     * Create a request for the method "accessPolicies.patch".
+     *
+     * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+     * optional parameters, call the {@link Patch#execute()} method to invoke the remote operation.
+     *
+     * @param name Output only. Resource name of the `AccessPolicy`. Format:
+    `accessPolicies/{policy_id}`
+     * @param content the {@link com.google.api.services.accesscontextmanager.v1.model.AccessPolicy}
+     * @return the request
+     */
+    public Patch patch(java.lang.String name, com.google.api.services.accesscontextmanager.v1.model.AccessPolicy content) throws java.io.IOException {
+      Patch result = new Patch(name, content);
+      initialize(result);
+      return result;
+    }
+
+    public class Patch extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.Operation> {
+
+      private static final String REST_PATH = "v1/{+name}";
+
+      private final java.util.regex.Pattern NAME_PATTERN =
+          java.util.regex.Pattern.compile("^accessPolicies/[^/]+$");
+
+      /**
+       * Update an AccessPolicy. The longrunning Operation from this RPC will have a successful status
+       * once the changes to the AccessPolicy have propagated to long-lasting storage. Syntactic and
+       * basic semantic errors will be returned in `metadata` as a BadRequest proto.
+       *
+       * Create a request for the method "accessPolicies.patch".
+       *
+       * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+       * any optional parameters, call the {@link Patch#execute()} method to invoke the remote
+       * operation. <p> {@link
+       * Patch#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must
+       * be called to initialize this instance immediately after invoking the constructor. </p>
+       *
+       * @param name Output only. Resource name of the `AccessPolicy`. Format:
+    `accessPolicies/{policy_id}`
+       * @param content the {@link com.google.api.services.accesscontextmanager.v1.model.AccessPolicy}
+       * @since 1.13
+       */
+      protected Patch(java.lang.String name, com.google.api.services.accesscontextmanager.v1.model.AccessPolicy content) {
+        super(AccessContextManager.this, "PATCH", REST_PATH, content, com.google.api.services.accesscontextmanager.v1.model.Operation.class);
+        this.name = com.google.api.client.util.Preconditions.checkNotNull(name, "Required parameter name must be specified.");
+        if (!getSuppressPatternChecks()) {
+          com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+              "Parameter name must conform to the pattern " +
+              "^accessPolicies/[^/]+$");
+        }
+      }
+
+      @Override
+      public Patch set$Xgafv(java.lang.String $Xgafv) {
+        return (Patch) super.set$Xgafv($Xgafv);
+      }
+
+      @Override
+      public Patch setAccessToken(java.lang.String accessToken) {
+        return (Patch) super.setAccessToken(accessToken);
+      }
+
+      @Override
+      public Patch setAlt(java.lang.String alt) {
+        return (Patch) super.setAlt(alt);
+      }
+
+      @Override
+      public Patch setCallback(java.lang.String callback) {
+        return (Patch) super.setCallback(callback);
+      }
+
+      @Override
+      public Patch setFields(java.lang.String fields) {
+        return (Patch) super.setFields(fields);
+      }
+
+      @Override
+      public Patch setKey(java.lang.String key) {
+        return (Patch) super.setKey(key);
+      }
+
+      @Override
+      public Patch setOauthToken(java.lang.String oauthToken) {
+        return (Patch) super.setOauthToken(oauthToken);
+      }
+
+      @Override
+      public Patch setPrettyPrint(java.lang.Boolean prettyPrint) {
+        return (Patch) super.setPrettyPrint(prettyPrint);
+      }
+
+      @Override
+      public Patch setQuotaUser(java.lang.String quotaUser) {
+        return (Patch) super.setQuotaUser(quotaUser);
+      }
+
+      @Override
+      public Patch setUploadType(java.lang.String uploadType) {
+        return (Patch) super.setUploadType(uploadType);
+      }
+
+      @Override
+      public Patch setUploadProtocol(java.lang.String uploadProtocol) {
+        return (Patch) super.setUploadProtocol(uploadProtocol);
+      }
+
+      /**
+       * Output only. Resource name of the `AccessPolicy`. Format: `accessPolicies/{policy_id}`
+       */
+      @com.google.api.client.util.Key
+      private java.lang.String name;
+
+      /** Output only. Resource name of the `AccessPolicy`. Format: `accessPolicies/{policy_id}`
+       */
+      public java.lang.String getName() {
+        return name;
+      }
+
+      /**
+       * Output only. Resource name of the `AccessPolicy`. Format: `accessPolicies/{policy_id}`
+       */
+      public Patch setName(java.lang.String name) {
+        if (!getSuppressPatternChecks()) {
+          com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+              "Parameter name must conform to the pattern " +
+              "^accessPolicies/[^/]+$");
+        }
+        this.name = name;
+        return this;
+      }
+
+      /** Required. Mask to control which fields get updated. Must be non-empty. */
+      @com.google.api.client.util.Key
+      private String updateMask;
+
+      /** Required. Mask to control which fields get updated. Must be non-empty.
+       */
+      public String getUpdateMask() {
+        return updateMask;
+      }
+
+      /** Required. Mask to control which fields get updated. Must be non-empty. */
+      public Patch setUpdateMask(String updateMask) {
+        this.updateMask = updateMask;
+        return this;
+      }
+
+      @Override
+      public Patch set(String parameterName, Object value) {
+        return (Patch) super.set(parameterName, value);
+      }
+    }
+
+    /**
+     * An accessor for creating requests from the AccessLevels collection.
+     *
+     * <p>The typical use is:</p>
+     * <pre>
+     *   {@code AccessContextManager accesscontextmanager = new AccessContextManager(...);}
+     *   {@code AccessContextManager.AccessLevels.List request = accesscontextmanager.accessLevels().list(parameters ...)}
+     * </pre>
+     *
+     * @return the resource collection
+     */
+    public AccessLevels accessLevels() {
+      return new AccessLevels();
+    }
+
+    /**
+     * The "accessLevels" collection of methods.
+     */
+    public class AccessLevels {
+
+      /**
+       * Create an Access Level. The longrunning operation from this RPC will have a successful status
+       * once the Access Level has propagated to long-lasting storage. Access Levels containing errors
+       * will result in an error response for the first error encountered.
+       *
+       * Create a request for the method "accessLevels.create".
+       *
+       * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+       * optional parameters, call the {@link Create#execute()} method to invoke the remote operation.
+       *
+       * @param parent Required. Resource name for the access policy which owns this Access
+      Level.
+      Format:
+       *        `accessPolicies/{policy_id}`
+       * @param content the {@link com.google.api.services.accesscontextmanager.v1.model.AccessLevel}
+       * @return the request
+       */
+      public Create create(java.lang.String parent, com.google.api.services.accesscontextmanager.v1.model.AccessLevel content) throws java.io.IOException {
+        Create result = new Create(parent, content);
+        initialize(result);
+        return result;
+      }
+
+      public class Create extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.Operation> {
+
+        private static final String REST_PATH = "v1/{+parent}/accessLevels";
+
+        private final java.util.regex.Pattern PARENT_PATTERN =
+            java.util.regex.Pattern.compile("^accessPolicies/[^/]+$");
+
+        /**
+         * Create an Access Level. The longrunning operation from this RPC will have a successful status
+         * once the Access Level has propagated to long-lasting storage. Access Levels containing errors
+         * will result in an error response for the first error encountered.
+         *
+         * Create a request for the method "accessLevels.create".
+         *
+         * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+         * any optional parameters, call the {@link Create#execute()} method to invoke the remote
+         * operation. <p> {@link
+         * Create#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must
+         * be called to initialize this instance immediately after invoking the constructor. </p>
+         *
+         * @param parent Required. Resource name for the access policy which owns this Access
+      Level.
+      Format:
+       *        `accessPolicies/{policy_id}`
+         * @param content the {@link com.google.api.services.accesscontextmanager.v1.model.AccessLevel}
+         * @since 1.13
+         */
+        protected Create(java.lang.String parent, com.google.api.services.accesscontextmanager.v1.model.AccessLevel content) {
+          super(AccessContextManager.this, "POST", REST_PATH, content, com.google.api.services.accesscontextmanager.v1.model.Operation.class);
+          this.parent = com.google.api.client.util.Preconditions.checkNotNull(parent, "Required parameter parent must be specified.");
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(PARENT_PATTERN.matcher(parent).matches(),
+                "Parameter parent must conform to the pattern " +
+                "^accessPolicies/[^/]+$");
+          }
+        }
+
+        @Override
+        public Create set$Xgafv(java.lang.String $Xgafv) {
+          return (Create) super.set$Xgafv($Xgafv);
+        }
+
+        @Override
+        public Create setAccessToken(java.lang.String accessToken) {
+          return (Create) super.setAccessToken(accessToken);
+        }
+
+        @Override
+        public Create setAlt(java.lang.String alt) {
+          return (Create) super.setAlt(alt);
+        }
+
+        @Override
+        public Create setCallback(java.lang.String callback) {
+          return (Create) super.setCallback(callback);
+        }
+
+        @Override
+        public Create setFields(java.lang.String fields) {
+          return (Create) super.setFields(fields);
+        }
+
+        @Override
+        public Create setKey(java.lang.String key) {
+          return (Create) super.setKey(key);
+        }
+
+        @Override
+        public Create setOauthToken(java.lang.String oauthToken) {
+          return (Create) super.setOauthToken(oauthToken);
+        }
+
+        @Override
+        public Create setPrettyPrint(java.lang.Boolean prettyPrint) {
+          return (Create) super.setPrettyPrint(prettyPrint);
+        }
+
+        @Override
+        public Create setQuotaUser(java.lang.String quotaUser) {
+          return (Create) super.setQuotaUser(quotaUser);
+        }
+
+        @Override
+        public Create setUploadType(java.lang.String uploadType) {
+          return (Create) super.setUploadType(uploadType);
+        }
+
+        @Override
+        public Create setUploadProtocol(java.lang.String uploadProtocol) {
+          return (Create) super.setUploadProtocol(uploadProtocol);
+        }
+
+        /**
+         * Required. Resource name for the access policy which owns this Access Level.
+         *
+         * Format: `accessPolicies/{policy_id}`
+         */
+        @com.google.api.client.util.Key
+        private java.lang.String parent;
+
+        /** Required. Resource name for the access policy which owns this Access Level.
+
+       Format: `accessPolicies/{policy_id}`
+         */
+        public java.lang.String getParent() {
+          return parent;
+        }
+
+        /**
+         * Required. Resource name for the access policy which owns this Access Level.
+         *
+         * Format: `accessPolicies/{policy_id}`
+         */
+        public Create setParent(java.lang.String parent) {
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(PARENT_PATTERN.matcher(parent).matches(),
+                "Parameter parent must conform to the pattern " +
+                "^accessPolicies/[^/]+$");
+          }
+          this.parent = parent;
+          return this;
+        }
+
+        @Override
+        public Create set(String parameterName, Object value) {
+          return (Create) super.set(parameterName, value);
+        }
+      }
+      /**
+       * Delete an Access Level by resource name. The longrunning operation from this RPC will have a
+       * successful status once the Access Level has been removed from long-lasting storage.
+       *
+       * Create a request for the method "accessLevels.delete".
+       *
+       * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+       * optional parameters, call the {@link Delete#execute()} method to invoke the remote operation.
+       *
+       * @param name Required. Resource name for the Access Level.
+      Format:
+       *        `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
+       * @return the request
+       */
+      public Delete delete(java.lang.String name) throws java.io.IOException {
+        Delete result = new Delete(name);
+        initialize(result);
+        return result;
+      }
+
+      public class Delete extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.Operation> {
+
+        private static final String REST_PATH = "v1/{+name}";
+
+        private final java.util.regex.Pattern NAME_PATTERN =
+            java.util.regex.Pattern.compile("^accessPolicies/[^/]+/accessLevels/[^/]+$");
+
+        /**
+         * Delete an Access Level by resource name. The longrunning operation from this RPC will have a
+         * successful status once the Access Level has been removed from long-lasting storage.
+         *
+         * Create a request for the method "accessLevels.delete".
+         *
+         * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+         * any optional parameters, call the {@link Delete#execute()} method to invoke the remote
+         * operation. <p> {@link
+         * Delete#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must
+         * be called to initialize this instance immediately after invoking the constructor. </p>
+         *
+         * @param name Required. Resource name for the Access Level.
+      Format:
+       *        `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
+         * @since 1.13
+         */
+        protected Delete(java.lang.String name) {
+          super(AccessContextManager.this, "DELETE", REST_PATH, null, com.google.api.services.accesscontextmanager.v1.model.Operation.class);
+          this.name = com.google.api.client.util.Preconditions.checkNotNull(name, "Required parameter name must be specified.");
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+                "Parameter name must conform to the pattern " +
+                "^accessPolicies/[^/]+/accessLevels/[^/]+$");
+          }
+        }
+
+        @Override
+        public Delete set$Xgafv(java.lang.String $Xgafv) {
+          return (Delete) super.set$Xgafv($Xgafv);
+        }
+
+        @Override
+        public Delete setAccessToken(java.lang.String accessToken) {
+          return (Delete) super.setAccessToken(accessToken);
+        }
+
+        @Override
+        public Delete setAlt(java.lang.String alt) {
+          return (Delete) super.setAlt(alt);
+        }
+
+        @Override
+        public Delete setCallback(java.lang.String callback) {
+          return (Delete) super.setCallback(callback);
+        }
+
+        @Override
+        public Delete setFields(java.lang.String fields) {
+          return (Delete) super.setFields(fields);
+        }
+
+        @Override
+        public Delete setKey(java.lang.String key) {
+          return (Delete) super.setKey(key);
+        }
+
+        @Override
+        public Delete setOauthToken(java.lang.String oauthToken) {
+          return (Delete) super.setOauthToken(oauthToken);
+        }
+
+        @Override
+        public Delete setPrettyPrint(java.lang.Boolean prettyPrint) {
+          return (Delete) super.setPrettyPrint(prettyPrint);
+        }
+
+        @Override
+        public Delete setQuotaUser(java.lang.String quotaUser) {
+          return (Delete) super.setQuotaUser(quotaUser);
+        }
+
+        @Override
+        public Delete setUploadType(java.lang.String uploadType) {
+          return (Delete) super.setUploadType(uploadType);
+        }
+
+        @Override
+        public Delete setUploadProtocol(java.lang.String uploadProtocol) {
+          return (Delete) super.setUploadProtocol(uploadProtocol);
+        }
+
+        /**
+         * Required. Resource name for the Access Level.
+         *
+         * Format: `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
+         */
+        @com.google.api.client.util.Key
+        private java.lang.String name;
+
+        /** Required. Resource name for the Access Level.
+
+       Format: `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
+         */
+        public java.lang.String getName() {
+          return name;
+        }
+
+        /**
+         * Required. Resource name for the Access Level.
+         *
+         * Format: `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
+         */
+        public Delete setName(java.lang.String name) {
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+                "Parameter name must conform to the pattern " +
+                "^accessPolicies/[^/]+/accessLevels/[^/]+$");
+          }
+          this.name = name;
+          return this;
+        }
+
+        @Override
+        public Delete set(String parameterName, Object value) {
+          return (Delete) super.set(parameterName, value);
+        }
+      }
+      /**
+       * Get an Access Level by resource name.
+       *
+       * Create a request for the method "accessLevels.get".
+       *
+       * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+       * optional parameters, call the {@link Get#execute()} method to invoke the remote operation.
+       *
+       * @param name Required. Resource name for the Access Level.
+      Format:
+       *        `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
+       * @return the request
+       */
+      public Get get(java.lang.String name) throws java.io.IOException {
+        Get result = new Get(name);
+        initialize(result);
+        return result;
+      }
+
+      public class Get extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.AccessLevel> {
+
+        private static final String REST_PATH = "v1/{+name}";
+
+        private final java.util.regex.Pattern NAME_PATTERN =
+            java.util.regex.Pattern.compile("^accessPolicies/[^/]+/accessLevels/[^/]+$");
+
+        /**
+         * Get an Access Level by resource name.
+         *
+         * Create a request for the method "accessLevels.get".
+         *
+         * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+         * any optional parameters, call the {@link Get#execute()} method to invoke the remote operation.
+         * <p> {@link
+         * Get#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must be
+         * called to initialize this instance immediately after invoking the constructor. </p>
+         *
+         * @param name Required. Resource name for the Access Level.
+      Format:
+       *        `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
+         * @since 1.13
+         */
+        protected Get(java.lang.String name) {
+          super(AccessContextManager.this, "GET", REST_PATH, null, com.google.api.services.accesscontextmanager.v1.model.AccessLevel.class);
+          this.name = com.google.api.client.util.Preconditions.checkNotNull(name, "Required parameter name must be specified.");
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+                "Parameter name must conform to the pattern " +
+                "^accessPolicies/[^/]+/accessLevels/[^/]+$");
+          }
+        }
+
+        @Override
+        public com.google.api.client.http.HttpResponse executeUsingHead() throws java.io.IOException {
+          return super.executeUsingHead();
+        }
+
+        @Override
+        public com.google.api.client.http.HttpRequest buildHttpRequestUsingHead() throws java.io.IOException {
+          return super.buildHttpRequestUsingHead();
+        }
+
+        @Override
+        public Get set$Xgafv(java.lang.String $Xgafv) {
+          return (Get) super.set$Xgafv($Xgafv);
+        }
+
+        @Override
+        public Get setAccessToken(java.lang.String accessToken) {
+          return (Get) super.setAccessToken(accessToken);
+        }
+
+        @Override
+        public Get setAlt(java.lang.String alt) {
+          return (Get) super.setAlt(alt);
+        }
+
+        @Override
+        public Get setCallback(java.lang.String callback) {
+          return (Get) super.setCallback(callback);
+        }
+
+        @Override
+        public Get setFields(java.lang.String fields) {
+          return (Get) super.setFields(fields);
+        }
+
+        @Override
+        public Get setKey(java.lang.String key) {
+          return (Get) super.setKey(key);
+        }
+
+        @Override
+        public Get setOauthToken(java.lang.String oauthToken) {
+          return (Get) super.setOauthToken(oauthToken);
+        }
+
+        @Override
+        public Get setPrettyPrint(java.lang.Boolean prettyPrint) {
+          return (Get) super.setPrettyPrint(prettyPrint);
+        }
+
+        @Override
+        public Get setQuotaUser(java.lang.String quotaUser) {
+          return (Get) super.setQuotaUser(quotaUser);
+        }
+
+        @Override
+        public Get setUploadType(java.lang.String uploadType) {
+          return (Get) super.setUploadType(uploadType);
+        }
+
+        @Override
+        public Get setUploadProtocol(java.lang.String uploadProtocol) {
+          return (Get) super.setUploadProtocol(uploadProtocol);
+        }
+
+        /**
+         * Required. Resource name for the Access Level.
+         *
+         * Format: `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
+         */
+        @com.google.api.client.util.Key
+        private java.lang.String name;
+
+        /** Required. Resource name for the Access Level.
+
+       Format: `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
+         */
+        public java.lang.String getName() {
+          return name;
+        }
+
+        /**
+         * Required. Resource name for the Access Level.
+         *
+         * Format: `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
+         */
+        public Get setName(java.lang.String name) {
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+                "Parameter name must conform to the pattern " +
+                "^accessPolicies/[^/]+/accessLevels/[^/]+$");
+          }
+          this.name = name;
+          return this;
+        }
+
+        /**
+         * Whether to return `BasicLevels` in the Cloud Common Expression Language rather than as
+         * `BasicLevels`. Defaults to AS_DEFINED, where Access Levels are returned as `BasicLevels`
+         * or `CustomLevels` based on how they were created. If set to CEL, all Access Levels are
+         * returned as `CustomLevels`. In the CEL case, `BasicLevels` are translated to equivalent
+         * `CustomLevels`.
+         */
+        @com.google.api.client.util.Key
+        private java.lang.String accessLevelFormat;
+
+        /** Whether to return `BasicLevels` in the Cloud Common Expression Language rather than as
+       `BasicLevels`. Defaults to AS_DEFINED, where Access Levels are returned as `BasicLevels` or
+       `CustomLevels` based on how they were created. If set to CEL, all Access Levels are returned as
+       `CustomLevels`. In the CEL case, `BasicLevels` are translated to equivalent `CustomLevels`.
+         */
+        public java.lang.String getAccessLevelFormat() {
+          return accessLevelFormat;
+        }
+
+        /**
+         * Whether to return `BasicLevels` in the Cloud Common Expression Language rather than as
+         * `BasicLevels`. Defaults to AS_DEFINED, where Access Levels are returned as `BasicLevels`
+         * or `CustomLevels` based on how they were created. If set to CEL, all Access Levels are
+         * returned as `CustomLevels`. In the CEL case, `BasicLevels` are translated to equivalent
+         * `CustomLevels`.
+         */
+        public Get setAccessLevelFormat(java.lang.String accessLevelFormat) {
+          this.accessLevelFormat = accessLevelFormat;
+          return this;
+        }
+
+        @Override
+        public Get set(String parameterName, Object value) {
+          return (Get) super.set(parameterName, value);
+        }
+      }
+      /**
+       * List all Access Levels for an access policy.
+       *
+       * Create a request for the method "accessLevels.list".
+       *
+       * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+       * optional parameters, call the {@link List#execute()} method to invoke the remote operation.
+       *
+       * @param parent Required. Resource name for the access policy to list Access Levels from.
+      Format:
+       *        `accessPolicies/{policy_id}`
+       * @return the request
+       */
+      public List list(java.lang.String parent) throws java.io.IOException {
+        List result = new List(parent);
+        initialize(result);
+        return result;
+      }
+
+      public class List extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.ListAccessLevelsResponse> {
+
+        private static final String REST_PATH = "v1/{+parent}/accessLevels";
+
+        private final java.util.regex.Pattern PARENT_PATTERN =
+            java.util.regex.Pattern.compile("^accessPolicies/[^/]+$");
+
+        /**
+         * List all Access Levels for an access policy.
+         *
+         * Create a request for the method "accessLevels.list".
+         *
+         * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+         * any optional parameters, call the {@link List#execute()} method to invoke the remote operation.
+         * <p> {@link
+         * List#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must be
+         * called to initialize this instance immediately after invoking the constructor. </p>
+         *
+         * @param parent Required. Resource name for the access policy to list Access Levels from.
+      Format:
+       *        `accessPolicies/{policy_id}`
+         * @since 1.13
+         */
+        protected List(java.lang.String parent) {
+          super(AccessContextManager.this, "GET", REST_PATH, null, com.google.api.services.accesscontextmanager.v1.model.ListAccessLevelsResponse.class);
+          this.parent = com.google.api.client.util.Preconditions.checkNotNull(parent, "Required parameter parent must be specified.");
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(PARENT_PATTERN.matcher(parent).matches(),
+                "Parameter parent must conform to the pattern " +
+                "^accessPolicies/[^/]+$");
+          }
+        }
+
+        @Override
+        public com.google.api.client.http.HttpResponse executeUsingHead() throws java.io.IOException {
+          return super.executeUsingHead();
+        }
+
+        @Override
+        public com.google.api.client.http.HttpRequest buildHttpRequestUsingHead() throws java.io.IOException {
+          return super.buildHttpRequestUsingHead();
+        }
+
+        @Override
+        public List set$Xgafv(java.lang.String $Xgafv) {
+          return (List) super.set$Xgafv($Xgafv);
+        }
+
+        @Override
+        public List setAccessToken(java.lang.String accessToken) {
+          return (List) super.setAccessToken(accessToken);
+        }
+
+        @Override
+        public List setAlt(java.lang.String alt) {
+          return (List) super.setAlt(alt);
+        }
+
+        @Override
+        public List setCallback(java.lang.String callback) {
+          return (List) super.setCallback(callback);
+        }
+
+        @Override
+        public List setFields(java.lang.String fields) {
+          return (List) super.setFields(fields);
+        }
+
+        @Override
+        public List setKey(java.lang.String key) {
+          return (List) super.setKey(key);
+        }
+
+        @Override
+        public List setOauthToken(java.lang.String oauthToken) {
+          return (List) super.setOauthToken(oauthToken);
+        }
+
+        @Override
+        public List setPrettyPrint(java.lang.Boolean prettyPrint) {
+          return (List) super.setPrettyPrint(prettyPrint);
+        }
+
+        @Override
+        public List setQuotaUser(java.lang.String quotaUser) {
+          return (List) super.setQuotaUser(quotaUser);
+        }
+
+        @Override
+        public List setUploadType(java.lang.String uploadType) {
+          return (List) super.setUploadType(uploadType);
+        }
+
+        @Override
+        public List setUploadProtocol(java.lang.String uploadProtocol) {
+          return (List) super.setUploadProtocol(uploadProtocol);
+        }
+
+        /**
+         * Required. Resource name for the access policy to list Access Levels from.
+         *
+         * Format: `accessPolicies/{policy_id}`
+         */
+        @com.google.api.client.util.Key
+        private java.lang.String parent;
+
+        /** Required. Resource name for the access policy to list Access Levels from.
+
+       Format: `accessPolicies/{policy_id}`
+         */
+        public java.lang.String getParent() {
+          return parent;
+        }
+
+        /**
+         * Required. Resource name for the access policy to list Access Levels from.
+         *
+         * Format: `accessPolicies/{policy_id}`
+         */
+        public List setParent(java.lang.String parent) {
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(PARENT_PATTERN.matcher(parent).matches(),
+                "Parameter parent must conform to the pattern " +
+                "^accessPolicies/[^/]+$");
+          }
+          this.parent = parent;
+          return this;
+        }
+
+        /**
+         * Whether to return `BasicLevels` in the Cloud Common Expression language, as
+         * `CustomLevels`, rather than as `BasicLevels`. Defaults to returning `AccessLevels` in the
+         * format they were defined.
+         */
+        @com.google.api.client.util.Key
+        private java.lang.String accessLevelFormat;
+
+        /** Whether to return `BasicLevels` in the Cloud Common Expression language, as `CustomLevels`, rather
+       than as `BasicLevels`. Defaults to returning `AccessLevels` in the format they were defined.
+         */
+        public java.lang.String getAccessLevelFormat() {
+          return accessLevelFormat;
+        }
+
+        /**
+         * Whether to return `BasicLevels` in the Cloud Common Expression language, as
+         * `CustomLevels`, rather than as `BasicLevels`. Defaults to returning `AccessLevels` in the
+         * format they were defined.
+         */
+        public List setAccessLevelFormat(java.lang.String accessLevelFormat) {
+          this.accessLevelFormat = accessLevelFormat;
+          return this;
+        }
+
+        /**
+         * Number of Access Levels to include in the list. Default 100.
+         */
+        @com.google.api.client.util.Key
+        private java.lang.Integer pageSize;
+
+        /** Number of Access Levels to include in the list. Default 100.
+         */
+        public java.lang.Integer getPageSize() {
+          return pageSize;
+        }
+
+        /**
+         * Number of Access Levels to include in the list. Default 100.
+         */
+        public List setPageSize(java.lang.Integer pageSize) {
+          this.pageSize = pageSize;
+          return this;
+        }
+
+        /**
+         * Next page token for the next batch of Access Level instances. Defaults to the first page
+         * of results.
+         */
+        @com.google.api.client.util.Key
+        private java.lang.String pageToken;
+
+        /** Next page token for the next batch of Access Level instances. Defaults to the first page of
+       results.
+         */
+        public java.lang.String getPageToken() {
+          return pageToken;
+        }
+
+        /**
+         * Next page token for the next batch of Access Level instances. Defaults to the first page
+         * of results.
+         */
+        public List setPageToken(java.lang.String pageToken) {
+          this.pageToken = pageToken;
+          return this;
+        }
+
+        @Override
+        public List set(String parameterName, Object value) {
+          return (List) super.set(parameterName, value);
+        }
+      }
+      /**
+       * Update an Access Level. The longrunning operation from this RPC will have a successful status
+       * once the changes to the Access Level have propagated to long-lasting storage. Access Levels
+       * containing errors will result in an error response for the first error encountered.
+       *
+       * Create a request for the method "accessLevels.patch".
+       *
+       * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+       * optional parameters, call the {@link Patch#execute()} method to invoke the remote operation.
+       *
+       * @param name Required. Resource name for the Access Level. The `short_name` component
+      must begin with a letter
+       *        and only include alphanumeric and '_'. Format:
+       *        `accessPolicies/{policy_id}/accessLevels/{short_name}`
+       * @param content the {@link com.google.api.services.accesscontextmanager.v1.model.AccessLevel}
+       * @return the request
+       */
+      public Patch patch(java.lang.String name, com.google.api.services.accesscontextmanager.v1.model.AccessLevel content) throws java.io.IOException {
+        Patch result = new Patch(name, content);
+        initialize(result);
+        return result;
+      }
+
+      public class Patch extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.Operation> {
+
+        private static final String REST_PATH = "v1/{+name}";
+
+        private final java.util.regex.Pattern NAME_PATTERN =
+            java.util.regex.Pattern.compile("^accessPolicies/[^/]+/accessLevels/[^/]+$");
+
+        /**
+         * Update an Access Level. The longrunning operation from this RPC will have a successful status
+         * once the changes to the Access Level have propagated to long-lasting storage. Access Levels
+         * containing errors will result in an error response for the first error encountered.
+         *
+         * Create a request for the method "accessLevels.patch".
+         *
+         * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+         * any optional parameters, call the {@link Patch#execute()} method to invoke the remote
+         * operation. <p> {@link
+         * Patch#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must
+         * be called to initialize this instance immediately after invoking the constructor. </p>
+         *
+         * @param name Required. Resource name for the Access Level. The `short_name` component
+      must begin with a letter
+       *        and only include alphanumeric and '_'. Format:
+       *        `accessPolicies/{policy_id}/accessLevels/{short_name}`
+         * @param content the {@link com.google.api.services.accesscontextmanager.v1.model.AccessLevel}
+         * @since 1.13
+         */
+        protected Patch(java.lang.String name, com.google.api.services.accesscontextmanager.v1.model.AccessLevel content) {
+          super(AccessContextManager.this, "PATCH", REST_PATH, content, com.google.api.services.accesscontextmanager.v1.model.Operation.class);
+          this.name = com.google.api.client.util.Preconditions.checkNotNull(name, "Required parameter name must be specified.");
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+                "Parameter name must conform to the pattern " +
+                "^accessPolicies/[^/]+/accessLevels/[^/]+$");
+          }
+        }
+
+        @Override
+        public Patch set$Xgafv(java.lang.String $Xgafv) {
+          return (Patch) super.set$Xgafv($Xgafv);
+        }
+
+        @Override
+        public Patch setAccessToken(java.lang.String accessToken) {
+          return (Patch) super.setAccessToken(accessToken);
+        }
+
+        @Override
+        public Patch setAlt(java.lang.String alt) {
+          return (Patch) super.setAlt(alt);
+        }
+
+        @Override
+        public Patch setCallback(java.lang.String callback) {
+          return (Patch) super.setCallback(callback);
+        }
+
+        @Override
+        public Patch setFields(java.lang.String fields) {
+          return (Patch) super.setFields(fields);
+        }
+
+        @Override
+        public Patch setKey(java.lang.String key) {
+          return (Patch) super.setKey(key);
+        }
+
+        @Override
+        public Patch setOauthToken(java.lang.String oauthToken) {
+          return (Patch) super.setOauthToken(oauthToken);
+        }
+
+        @Override
+        public Patch setPrettyPrint(java.lang.Boolean prettyPrint) {
+          return (Patch) super.setPrettyPrint(prettyPrint);
+        }
+
+        @Override
+        public Patch setQuotaUser(java.lang.String quotaUser) {
+          return (Patch) super.setQuotaUser(quotaUser);
+        }
+
+        @Override
+        public Patch setUploadType(java.lang.String uploadType) {
+          return (Patch) super.setUploadType(uploadType);
+        }
+
+        @Override
+        public Patch setUploadProtocol(java.lang.String uploadProtocol) {
+          return (Patch) super.setUploadProtocol(uploadProtocol);
+        }
+
+        /**
+         * Required. Resource name for the Access Level. The `short_name` component must begin with
+         * a letter and only include alphanumeric and '_'. Format:
+         * `accessPolicies/{policy_id}/accessLevels/{short_name}`
+         */
+        @com.google.api.client.util.Key
+        private java.lang.String name;
+
+        /** Required. Resource name for the Access Level. The `short_name` component must begin with a letter
+       and only include alphanumeric and '_'. Format:
+       `accessPolicies/{policy_id}/accessLevels/{short_name}`
+         */
+        public java.lang.String getName() {
+          return name;
+        }
+
+        /**
+         * Required. Resource name for the Access Level. The `short_name` component must begin with
+         * a letter and only include alphanumeric and '_'. Format:
+         * `accessPolicies/{policy_id}/accessLevels/{short_name}`
+         */
+        public Patch setName(java.lang.String name) {
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+                "Parameter name must conform to the pattern " +
+                "^accessPolicies/[^/]+/accessLevels/[^/]+$");
+          }
+          this.name = name;
+          return this;
+        }
+
+        /** Required.  Mask to control which fields get updated. Must be non-empty. */
+        @com.google.api.client.util.Key
+        private String updateMask;
+
+        /** Required.  Mask to control which fields get updated. Must be non-empty.
+         */
+        public String getUpdateMask() {
+          return updateMask;
+        }
+
+        /** Required.  Mask to control which fields get updated. Must be non-empty. */
+        public Patch setUpdateMask(String updateMask) {
+          this.updateMask = updateMask;
+          return this;
+        }
+
+        @Override
+        public Patch set(String parameterName, Object value) {
+          return (Patch) super.set(parameterName, value);
+        }
+      }
+
+    }
+    /**
+     * An accessor for creating requests from the ServicePerimeters collection.
+     *
+     * <p>The typical use is:</p>
+     * <pre>
+     *   {@code AccessContextManager accesscontextmanager = new AccessContextManager(...);}
+     *   {@code AccessContextManager.ServicePerimeters.List request = accesscontextmanager.servicePerimeters().list(parameters ...)}
+     * </pre>
+     *
+     * @return the resource collection
+     */
+    public ServicePerimeters servicePerimeters() {
+      return new ServicePerimeters();
+    }
+
+    /**
+     * The "servicePerimeters" collection of methods.
+     */
+    public class ServicePerimeters {
+
+      /**
+       * Create an Service Perimeter. The longrunning operation from this RPC will have a successful
+       * status once the Service Perimeter has propagated to long-lasting storage. Service Perimeters
+       * containing errors will result in an error response for the first error encountered.
+       *
+       * Create a request for the method "servicePerimeters.create".
+       *
+       * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+       * optional parameters, call the {@link Create#execute()} method to invoke the remote operation.
+       *
+       * @param parent Required. Resource name for the access policy which owns this Service
+      Perimeter.
+      Format:
+       *        `accessPolicies/{policy_id}`
+       * @param content the {@link com.google.api.services.accesscontextmanager.v1.model.ServicePerimeter}
+       * @return the request
+       */
+      public Create create(java.lang.String parent, com.google.api.services.accesscontextmanager.v1.model.ServicePerimeter content) throws java.io.IOException {
+        Create result = new Create(parent, content);
+        initialize(result);
+        return result;
+      }
+
+      public class Create extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.Operation> {
+
+        private static final String REST_PATH = "v1/{+parent}/servicePerimeters";
+
+        private final java.util.regex.Pattern PARENT_PATTERN =
+            java.util.regex.Pattern.compile("^accessPolicies/[^/]+$");
+
+        /**
+         * Create an Service Perimeter. The longrunning operation from this RPC will have a successful
+         * status once the Service Perimeter has propagated to long-lasting storage. Service Perimeters
+         * containing errors will result in an error response for the first error encountered.
+         *
+         * Create a request for the method "servicePerimeters.create".
+         *
+         * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+         * any optional parameters, call the {@link Create#execute()} method to invoke the remote
+         * operation. <p> {@link
+         * Create#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must
+         * be called to initialize this instance immediately after invoking the constructor. </p>
+         *
+         * @param parent Required. Resource name for the access policy which owns this Service
+      Perimeter.
+      Format:
+       *        `accessPolicies/{policy_id}`
+         * @param content the {@link com.google.api.services.accesscontextmanager.v1.model.ServicePerimeter}
+         * @since 1.13
+         */
+        protected Create(java.lang.String parent, com.google.api.services.accesscontextmanager.v1.model.ServicePerimeter content) {
+          super(AccessContextManager.this, "POST", REST_PATH, content, com.google.api.services.accesscontextmanager.v1.model.Operation.class);
+          this.parent = com.google.api.client.util.Preconditions.checkNotNull(parent, "Required parameter parent must be specified.");
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(PARENT_PATTERN.matcher(parent).matches(),
+                "Parameter parent must conform to the pattern " +
+                "^accessPolicies/[^/]+$");
+          }
+        }
+
+        @Override
+        public Create set$Xgafv(java.lang.String $Xgafv) {
+          return (Create) super.set$Xgafv($Xgafv);
+        }
+
+        @Override
+        public Create setAccessToken(java.lang.String accessToken) {
+          return (Create) super.setAccessToken(accessToken);
+        }
+
+        @Override
+        public Create setAlt(java.lang.String alt) {
+          return (Create) super.setAlt(alt);
+        }
+
+        @Override
+        public Create setCallback(java.lang.String callback) {
+          return (Create) super.setCallback(callback);
+        }
+
+        @Override
+        public Create setFields(java.lang.String fields) {
+          return (Create) super.setFields(fields);
+        }
+
+        @Override
+        public Create setKey(java.lang.String key) {
+          return (Create) super.setKey(key);
+        }
+
+        @Override
+        public Create setOauthToken(java.lang.String oauthToken) {
+          return (Create) super.setOauthToken(oauthToken);
+        }
+
+        @Override
+        public Create setPrettyPrint(java.lang.Boolean prettyPrint) {
+          return (Create) super.setPrettyPrint(prettyPrint);
+        }
+
+        @Override
+        public Create setQuotaUser(java.lang.String quotaUser) {
+          return (Create) super.setQuotaUser(quotaUser);
+        }
+
+        @Override
+        public Create setUploadType(java.lang.String uploadType) {
+          return (Create) super.setUploadType(uploadType);
+        }
+
+        @Override
+        public Create setUploadProtocol(java.lang.String uploadProtocol) {
+          return (Create) super.setUploadProtocol(uploadProtocol);
+        }
+
+        /**
+         * Required. Resource name for the access policy which owns this Service Perimeter.
+         *
+         * Format: `accessPolicies/{policy_id}`
+         */
+        @com.google.api.client.util.Key
+        private java.lang.String parent;
+
+        /** Required. Resource name for the access policy which owns this Service Perimeter.
+
+       Format: `accessPolicies/{policy_id}`
+         */
+        public java.lang.String getParent() {
+          return parent;
+        }
+
+        /**
+         * Required. Resource name for the access policy which owns this Service Perimeter.
+         *
+         * Format: `accessPolicies/{policy_id}`
+         */
+        public Create setParent(java.lang.String parent) {
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(PARENT_PATTERN.matcher(parent).matches(),
+                "Parameter parent must conform to the pattern " +
+                "^accessPolicies/[^/]+$");
+          }
+          this.parent = parent;
+          return this;
+        }
+
+        @Override
+        public Create set(String parameterName, Object value) {
+          return (Create) super.set(parameterName, value);
+        }
+      }
+      /**
+       * Delete an Service Perimeter by resource name. The longrunning operation from this RPC will have a
+       * successful status once the Service Perimeter has been removed from long-lasting storage.
+       *
+       * Create a request for the method "servicePerimeters.delete".
+       *
+       * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+       * optional parameters, call the {@link Delete#execute()} method to invoke the remote operation.
+       *
+       * @param name Required. Resource name for the Service Perimeter.
+      Format:
+       *        `accessPolicies/{policy_id}/servicePerimeters/{service_perimeter_id}`
+       * @return the request
+       */
+      public Delete delete(java.lang.String name) throws java.io.IOException {
+        Delete result = new Delete(name);
+        initialize(result);
+        return result;
+      }
+
+      public class Delete extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.Operation> {
+
+        private static final String REST_PATH = "v1/{+name}";
+
+        private final java.util.regex.Pattern NAME_PATTERN =
+            java.util.regex.Pattern.compile("^accessPolicies/[^/]+/servicePerimeters/[^/]+$");
+
+        /**
+         * Delete an Service Perimeter by resource name. The longrunning operation from this RPC will have
+         * a successful status once the Service Perimeter has been removed from long-lasting storage.
+         *
+         * Create a request for the method "servicePerimeters.delete".
+         *
+         * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+         * any optional parameters, call the {@link Delete#execute()} method to invoke the remote
+         * operation. <p> {@link
+         * Delete#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must
+         * be called to initialize this instance immediately after invoking the constructor. </p>
+         *
+         * @param name Required. Resource name for the Service Perimeter.
+      Format:
+       *        `accessPolicies/{policy_id}/servicePerimeters/{service_perimeter_id}`
+         * @since 1.13
+         */
+        protected Delete(java.lang.String name) {
+          super(AccessContextManager.this, "DELETE", REST_PATH, null, com.google.api.services.accesscontextmanager.v1.model.Operation.class);
+          this.name = com.google.api.client.util.Preconditions.checkNotNull(name, "Required parameter name must be specified.");
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+                "Parameter name must conform to the pattern " +
+                "^accessPolicies/[^/]+/servicePerimeters/[^/]+$");
+          }
+        }
+
+        @Override
+        public Delete set$Xgafv(java.lang.String $Xgafv) {
+          return (Delete) super.set$Xgafv($Xgafv);
+        }
+
+        @Override
+        public Delete setAccessToken(java.lang.String accessToken) {
+          return (Delete) super.setAccessToken(accessToken);
+        }
+
+        @Override
+        public Delete setAlt(java.lang.String alt) {
+          return (Delete) super.setAlt(alt);
+        }
+
+        @Override
+        public Delete setCallback(java.lang.String callback) {
+          return (Delete) super.setCallback(callback);
+        }
+
+        @Override
+        public Delete setFields(java.lang.String fields) {
+          return (Delete) super.setFields(fields);
+        }
+
+        @Override
+        public Delete setKey(java.lang.String key) {
+          return (Delete) super.setKey(key);
+        }
+
+        @Override
+        public Delete setOauthToken(java.lang.String oauthToken) {
+          return (Delete) super.setOauthToken(oauthToken);
+        }
+
+        @Override
+        public Delete setPrettyPrint(java.lang.Boolean prettyPrint) {
+          return (Delete) super.setPrettyPrint(prettyPrint);
+        }
+
+        @Override
+        public Delete setQuotaUser(java.lang.String quotaUser) {
+          return (Delete) super.setQuotaUser(quotaUser);
+        }
+
+        @Override
+        public Delete setUploadType(java.lang.String uploadType) {
+          return (Delete) super.setUploadType(uploadType);
+        }
+
+        @Override
+        public Delete setUploadProtocol(java.lang.String uploadProtocol) {
+          return (Delete) super.setUploadProtocol(uploadProtocol);
+        }
+
+        /**
+         * Required. Resource name for the Service Perimeter.
+         *
+         * Format: `accessPolicies/{policy_id}/servicePerimeters/{service_perimeter_id}`
+         */
+        @com.google.api.client.util.Key
+        private java.lang.String name;
+
+        /** Required. Resource name for the Service Perimeter.
+
+       Format: `accessPolicies/{policy_id}/servicePerimeters/{service_perimeter_id}`
+         */
+        public java.lang.String getName() {
+          return name;
+        }
+
+        /**
+         * Required. Resource name for the Service Perimeter.
+         *
+         * Format: `accessPolicies/{policy_id}/servicePerimeters/{service_perimeter_id}`
+         */
+        public Delete setName(java.lang.String name) {
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+                "Parameter name must conform to the pattern " +
+                "^accessPolicies/[^/]+/servicePerimeters/[^/]+$");
+          }
+          this.name = name;
+          return this;
+        }
+
+        @Override
+        public Delete set(String parameterName, Object value) {
+          return (Delete) super.set(parameterName, value);
+        }
+      }
+      /**
+       * Get an Service Perimeter by resource name.
+       *
+       * Create a request for the method "servicePerimeters.get".
+       *
+       * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+       * optional parameters, call the {@link Get#execute()} method to invoke the remote operation.
+       *
+       * @param name Required. Resource name for the Service Perimeter.
+      Format:
+       *        `accessPolicies/{policy_id}/servicePerimeters/{service_perimeters_id}`
+       * @return the request
+       */
+      public Get get(java.lang.String name) throws java.io.IOException {
+        Get result = new Get(name);
+        initialize(result);
+        return result;
+      }
+
+      public class Get extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.ServicePerimeter> {
+
+        private static final String REST_PATH = "v1/{+name}";
+
+        private final java.util.regex.Pattern NAME_PATTERN =
+            java.util.regex.Pattern.compile("^accessPolicies/[^/]+/servicePerimeters/[^/]+$");
+
+        /**
+         * Get an Service Perimeter by resource name.
+         *
+         * Create a request for the method "servicePerimeters.get".
+         *
+         * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+         * any optional parameters, call the {@link Get#execute()} method to invoke the remote operation.
+         * <p> {@link
+         * Get#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must be
+         * called to initialize this instance immediately after invoking the constructor. </p>
+         *
+         * @param name Required. Resource name for the Service Perimeter.
+      Format:
+       *        `accessPolicies/{policy_id}/servicePerimeters/{service_perimeters_id}`
+         * @since 1.13
+         */
+        protected Get(java.lang.String name) {
+          super(AccessContextManager.this, "GET", REST_PATH, null, com.google.api.services.accesscontextmanager.v1.model.ServicePerimeter.class);
+          this.name = com.google.api.client.util.Preconditions.checkNotNull(name, "Required parameter name must be specified.");
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+                "Parameter name must conform to the pattern " +
+                "^accessPolicies/[^/]+/servicePerimeters/[^/]+$");
+          }
+        }
+
+        @Override
+        public com.google.api.client.http.HttpResponse executeUsingHead() throws java.io.IOException {
+          return super.executeUsingHead();
+        }
+
+        @Override
+        public com.google.api.client.http.HttpRequest buildHttpRequestUsingHead() throws java.io.IOException {
+          return super.buildHttpRequestUsingHead();
+        }
+
+        @Override
+        public Get set$Xgafv(java.lang.String $Xgafv) {
+          return (Get) super.set$Xgafv($Xgafv);
+        }
+
+        @Override
+        public Get setAccessToken(java.lang.String accessToken) {
+          return (Get) super.setAccessToken(accessToken);
+        }
+
+        @Override
+        public Get setAlt(java.lang.String alt) {
+          return (Get) super.setAlt(alt);
+        }
+
+        @Override
+        public Get setCallback(java.lang.String callback) {
+          return (Get) super.setCallback(callback);
+        }
+
+        @Override
+        public Get setFields(java.lang.String fields) {
+          return (Get) super.setFields(fields);
+        }
+
+        @Override
+        public Get setKey(java.lang.String key) {
+          return (Get) super.setKey(key);
+        }
+
+        @Override
+        public Get setOauthToken(java.lang.String oauthToken) {
+          return (Get) super.setOauthToken(oauthToken);
+        }
+
+        @Override
+        public Get setPrettyPrint(java.lang.Boolean prettyPrint) {
+          return (Get) super.setPrettyPrint(prettyPrint);
+        }
+
+        @Override
+        public Get setQuotaUser(java.lang.String quotaUser) {
+          return (Get) super.setQuotaUser(quotaUser);
+        }
+
+        @Override
+        public Get setUploadType(java.lang.String uploadType) {
+          return (Get) super.setUploadType(uploadType);
+        }
+
+        @Override
+        public Get setUploadProtocol(java.lang.String uploadProtocol) {
+          return (Get) super.setUploadProtocol(uploadProtocol);
+        }
+
+        /**
+         * Required. Resource name for the Service Perimeter.
+         *
+         * Format: `accessPolicies/{policy_id}/servicePerimeters/{service_perimeters_id}`
+         */
+        @com.google.api.client.util.Key
+        private java.lang.String name;
+
+        /** Required. Resource name for the Service Perimeter.
+
+       Format: `accessPolicies/{policy_id}/servicePerimeters/{service_perimeters_id}`
+         */
+        public java.lang.String getName() {
+          return name;
+        }
+
+        /**
+         * Required. Resource name for the Service Perimeter.
+         *
+         * Format: `accessPolicies/{policy_id}/servicePerimeters/{service_perimeters_id}`
+         */
+        public Get setName(java.lang.String name) {
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+                "Parameter name must conform to the pattern " +
+                "^accessPolicies/[^/]+/servicePerimeters/[^/]+$");
+          }
+          this.name = name;
+          return this;
+        }
+
+        @Override
+        public Get set(String parameterName, Object value) {
+          return (Get) super.set(parameterName, value);
+        }
+      }
+      /**
+       * List all Service Perimeters for an access policy.
+       *
+       * Create a request for the method "servicePerimeters.list".
+       *
+       * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+       * optional parameters, call the {@link List#execute()} method to invoke the remote operation.
+       *
+       * @param parent Required. Resource name for the access policy to list Service Perimeters from.
+      Format:
+       *        `accessPolicies/{policy_id}`
+       * @return the request
+       */
+      public List list(java.lang.String parent) throws java.io.IOException {
+        List result = new List(parent);
+        initialize(result);
+        return result;
+      }
+
+      public class List extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.ListServicePerimetersResponse> {
+
+        private static final String REST_PATH = "v1/{+parent}/servicePerimeters";
+
+        private final java.util.regex.Pattern PARENT_PATTERN =
+            java.util.regex.Pattern.compile("^accessPolicies/[^/]+$");
+
+        /**
+         * List all Service Perimeters for an access policy.
+         *
+         * Create a request for the method "servicePerimeters.list".
+         *
+         * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+         * any optional parameters, call the {@link List#execute()} method to invoke the remote operation.
+         * <p> {@link
+         * List#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must be
+         * called to initialize this instance immediately after invoking the constructor. </p>
+         *
+         * @param parent Required. Resource name for the access policy to list Service Perimeters from.
+      Format:
+       *        `accessPolicies/{policy_id}`
+         * @since 1.13
+         */
+        protected List(java.lang.String parent) {
+          super(AccessContextManager.this, "GET", REST_PATH, null, com.google.api.services.accesscontextmanager.v1.model.ListServicePerimetersResponse.class);
+          this.parent = com.google.api.client.util.Preconditions.checkNotNull(parent, "Required parameter parent must be specified.");
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(PARENT_PATTERN.matcher(parent).matches(),
+                "Parameter parent must conform to the pattern " +
+                "^accessPolicies/[^/]+$");
+          }
+        }
+
+        @Override
+        public com.google.api.client.http.HttpResponse executeUsingHead() throws java.io.IOException {
+          return super.executeUsingHead();
+        }
+
+        @Override
+        public com.google.api.client.http.HttpRequest buildHttpRequestUsingHead() throws java.io.IOException {
+          return super.buildHttpRequestUsingHead();
+        }
+
+        @Override
+        public List set$Xgafv(java.lang.String $Xgafv) {
+          return (List) super.set$Xgafv($Xgafv);
+        }
+
+        @Override
+        public List setAccessToken(java.lang.String accessToken) {
+          return (List) super.setAccessToken(accessToken);
+        }
+
+        @Override
+        public List setAlt(java.lang.String alt) {
+          return (List) super.setAlt(alt);
+        }
+
+        @Override
+        public List setCallback(java.lang.String callback) {
+          return (List) super.setCallback(callback);
+        }
+
+        @Override
+        public List setFields(java.lang.String fields) {
+          return (List) super.setFields(fields);
+        }
+
+        @Override
+        public List setKey(java.lang.String key) {
+          return (List) super.setKey(key);
+        }
+
+        @Override
+        public List setOauthToken(java.lang.String oauthToken) {
+          return (List) super.setOauthToken(oauthToken);
+        }
+
+        @Override
+        public List setPrettyPrint(java.lang.Boolean prettyPrint) {
+          return (List) super.setPrettyPrint(prettyPrint);
+        }
+
+        @Override
+        public List setQuotaUser(java.lang.String quotaUser) {
+          return (List) super.setQuotaUser(quotaUser);
+        }
+
+        @Override
+        public List setUploadType(java.lang.String uploadType) {
+          return (List) super.setUploadType(uploadType);
+        }
+
+        @Override
+        public List setUploadProtocol(java.lang.String uploadProtocol) {
+          return (List) super.setUploadProtocol(uploadProtocol);
+        }
+
+        /**
+         * Required. Resource name for the access policy to list Service Perimeters from.
+         *
+         * Format: `accessPolicies/{policy_id}`
+         */
+        @com.google.api.client.util.Key
+        private java.lang.String parent;
+
+        /** Required. Resource name for the access policy to list Service Perimeters from.
+
+       Format: `accessPolicies/{policy_id}`
+         */
+        public java.lang.String getParent() {
+          return parent;
+        }
+
+        /**
+         * Required. Resource name for the access policy to list Service Perimeters from.
+         *
+         * Format: `accessPolicies/{policy_id}`
+         */
+        public List setParent(java.lang.String parent) {
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(PARENT_PATTERN.matcher(parent).matches(),
+                "Parameter parent must conform to the pattern " +
+                "^accessPolicies/[^/]+$");
+          }
+          this.parent = parent;
+          return this;
+        }
+
+        /**
+         * Number of Service Perimeters to include in the list. Default 100.
+         */
+        @com.google.api.client.util.Key
+        private java.lang.Integer pageSize;
+
+        /** Number of Service Perimeters to include in the list. Default 100.
+         */
+        public java.lang.Integer getPageSize() {
+          return pageSize;
+        }
+
+        /**
+         * Number of Service Perimeters to include in the list. Default 100.
+         */
+        public List setPageSize(java.lang.Integer pageSize) {
+          this.pageSize = pageSize;
+          return this;
+        }
+
+        /**
+         * Next page token for the next batch of Service Perimeter instances. Defaults to the first
+         * page of results.
+         */
+        @com.google.api.client.util.Key
+        private java.lang.String pageToken;
+
+        /** Next page token for the next batch of Service Perimeter instances. Defaults to the first page of
+       results.
+         */
+        public java.lang.String getPageToken() {
+          return pageToken;
+        }
+
+        /**
+         * Next page token for the next batch of Service Perimeter instances. Defaults to the first
+         * page of results.
+         */
+        public List setPageToken(java.lang.String pageToken) {
+          this.pageToken = pageToken;
+          return this;
+        }
+
+        @Override
+        public List set(String parameterName, Object value) {
+          return (List) super.set(parameterName, value);
+        }
+      }
+      /**
+       * Update an Service Perimeter. The longrunning operation from this RPC will have a successful
+       * status once the changes to the Service Perimeter have propagated to long-lasting storage. Service
+       * Perimeter containing errors will result in an error response for the first error encountered.
+       *
+       * Create a request for the method "servicePerimeters.patch".
+       *
+       * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+       * optional parameters, call the {@link Patch#execute()} method to invoke the remote operation.
+       *
+       * @param name Required. Resource name for the ServicePerimeter.  The `short_name`
+      component must begin with a
+       *        letter and only include alphanumeric and '_'.
+      Format:
+       *        `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
+       * @param content the {@link com.google.api.services.accesscontextmanager.v1.model.ServicePerimeter}
+       * @return the request
+       */
+      public Patch patch(java.lang.String name, com.google.api.services.accesscontextmanager.v1.model.ServicePerimeter content) throws java.io.IOException {
+        Patch result = new Patch(name, content);
+        initialize(result);
+        return result;
+      }
+
+      public class Patch extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.Operation> {
+
+        private static final String REST_PATH = "v1/{+name}";
+
+        private final java.util.regex.Pattern NAME_PATTERN =
+            java.util.regex.Pattern.compile("^accessPolicies/[^/]+/servicePerimeters/[^/]+$");
+
+        /**
+         * Update an Service Perimeter. The longrunning operation from this RPC will have a successful
+         * status once the changes to the Service Perimeter have propagated to long-lasting storage.
+         * Service Perimeter containing errors will result in an error response for the first error
+         * encountered.
+         *
+         * Create a request for the method "servicePerimeters.patch".
+         *
+         * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+         * any optional parameters, call the {@link Patch#execute()} method to invoke the remote
+         * operation. <p> {@link
+         * Patch#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must
+         * be called to initialize this instance immediately after invoking the constructor. </p>
+         *
+         * @param name Required. Resource name for the ServicePerimeter.  The `short_name`
+      component must begin with a
+       *        letter and only include alphanumeric and '_'.
+      Format:
+       *        `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
+         * @param content the {@link com.google.api.services.accesscontextmanager.v1.model.ServicePerimeter}
+         * @since 1.13
+         */
+        protected Patch(java.lang.String name, com.google.api.services.accesscontextmanager.v1.model.ServicePerimeter content) {
+          super(AccessContextManager.this, "PATCH", REST_PATH, content, com.google.api.services.accesscontextmanager.v1.model.Operation.class);
+          this.name = com.google.api.client.util.Preconditions.checkNotNull(name, "Required parameter name must be specified.");
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+                "Parameter name must conform to the pattern " +
+                "^accessPolicies/[^/]+/servicePerimeters/[^/]+$");
+          }
+        }
+
+        @Override
+        public Patch set$Xgafv(java.lang.String $Xgafv) {
+          return (Patch) super.set$Xgafv($Xgafv);
+        }
+
+        @Override
+        public Patch setAccessToken(java.lang.String accessToken) {
+          return (Patch) super.setAccessToken(accessToken);
+        }
+
+        @Override
+        public Patch setAlt(java.lang.String alt) {
+          return (Patch) super.setAlt(alt);
+        }
+
+        @Override
+        public Patch setCallback(java.lang.String callback) {
+          return (Patch) super.setCallback(callback);
+        }
+
+        @Override
+        public Patch setFields(java.lang.String fields) {
+          return (Patch) super.setFields(fields);
+        }
+
+        @Override
+        public Patch setKey(java.lang.String key) {
+          return (Patch) super.setKey(key);
+        }
+
+        @Override
+        public Patch setOauthToken(java.lang.String oauthToken) {
+          return (Patch) super.setOauthToken(oauthToken);
+        }
+
+        @Override
+        public Patch setPrettyPrint(java.lang.Boolean prettyPrint) {
+          return (Patch) super.setPrettyPrint(prettyPrint);
+        }
+
+        @Override
+        public Patch setQuotaUser(java.lang.String quotaUser) {
+          return (Patch) super.setQuotaUser(quotaUser);
+        }
+
+        @Override
+        public Patch setUploadType(java.lang.String uploadType) {
+          return (Patch) super.setUploadType(uploadType);
+        }
+
+        @Override
+        public Patch setUploadProtocol(java.lang.String uploadProtocol) {
+          return (Patch) super.setUploadProtocol(uploadProtocol);
+        }
+
+        /**
+         * Required. Resource name for the ServicePerimeter.  The `short_name` component must begin
+         * with a letter and only include alphanumeric and '_'. Format:
+         * `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
+         */
+        @com.google.api.client.util.Key
+        private java.lang.String name;
+
+        /** Required. Resource name for the ServicePerimeter.  The `short_name` component must begin with a
+       letter and only include alphanumeric and '_'. Format:
+       `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
+         */
+        public java.lang.String getName() {
+          return name;
+        }
+
+        /**
+         * Required. Resource name for the ServicePerimeter.  The `short_name` component must begin
+         * with a letter and only include alphanumeric and '_'. Format:
+         * `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
+         */
+        public Patch setName(java.lang.String name) {
+          if (!getSuppressPatternChecks()) {
+            com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+                "Parameter name must conform to the pattern " +
+                "^accessPolicies/[^/]+/servicePerimeters/[^/]+$");
+          }
+          this.name = name;
+          return this;
+        }
+
+        /** Required. Mask to control which fields get updated. Must be non-empty. */
+        @com.google.api.client.util.Key
+        private String updateMask;
+
+        /** Required. Mask to control which fields get updated. Must be non-empty.
+         */
+        public String getUpdateMask() {
+          return updateMask;
+        }
+
+        /** Required. Mask to control which fields get updated. Must be non-empty. */
+        public Patch setUpdateMask(String updateMask) {
+          this.updateMask = updateMask;
+          return this;
+        }
+
+        @Override
+        public Patch set(String parameterName, Object value) {
+          return (Patch) super.set(parameterName, value);
+        }
+      }
+
+    }
+  }
+
+  /**
+   * An accessor for creating requests from the Operations collection.
+   *
+   * <p>The typical use is:</p>
+   * <pre>
+   *   {@code AccessContextManager accesscontextmanager = new AccessContextManager(...);}
+   *   {@code AccessContextManager.Operations.List request = accesscontextmanager.operations().list(parameters ...)}
+   * </pre>
+   *
+   * @return the resource collection
+   */
+  public Operations operations() {
+    return new Operations();
+  }
+
+  /**
+   * The "operations" collection of methods.
+   */
+  public class Operations {
+
+    /**
+     * Starts asynchronous cancellation on a long-running operation.  The server makes a best effort to
+     * cancel the operation, but success is not guaranteed.  If the server doesn't support this method,
+     * it returns `google.rpc.Code.UNIMPLEMENTED`.  Clients can use Operations.GetOperation or other
+     * methods to check whether the cancellation succeeded or whether the operation completed despite
+     * cancellation. On successful cancellation, the operation is not deleted; instead, it becomes an
+     * operation with an Operation.error value with a google.rpc.Status.code of 1, corresponding to
+     * `Code.CANCELLED`.
+     *
+     * Create a request for the method "operations.cancel".
+     *
+     * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+     * optional parameters, call the {@link Cancel#execute()} method to invoke the remote operation.
+     *
+     * @param name The name of the operation resource to be cancelled.
+     * @param content the {@link com.google.api.services.accesscontextmanager.v1.model.CancelOperationRequest}
+     * @return the request
+     */
+    public Cancel cancel(java.lang.String name, com.google.api.services.accesscontextmanager.v1.model.CancelOperationRequest content) throws java.io.IOException {
+      Cancel result = new Cancel(name, content);
+      initialize(result);
+      return result;
+    }
+
+    public class Cancel extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.Empty> {
+
+      private static final String REST_PATH = "v1/{+name}:cancel";
+
+      private final java.util.regex.Pattern NAME_PATTERN =
+          java.util.regex.Pattern.compile("^operations/.+$");
+
+      /**
+       * Starts asynchronous cancellation on a long-running operation.  The server makes a best effort
+       * to cancel the operation, but success is not guaranteed.  If the server doesn't support this
+       * method, it returns `google.rpc.Code.UNIMPLEMENTED`.  Clients can use Operations.GetOperation or
+       * other methods to check whether the cancellation succeeded or whether the operation completed
+       * despite cancellation. On successful cancellation, the operation is not deleted; instead, it
+       * becomes an operation with an Operation.error value with a google.rpc.Status.code of 1,
+       * corresponding to `Code.CANCELLED`.
+       *
+       * Create a request for the method "operations.cancel".
+       *
+       * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+       * any optional parameters, call the {@link Cancel#execute()} method to invoke the remote
+       * operation. <p> {@link
+       * Cancel#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must
+       * be called to initialize this instance immediately after invoking the constructor. </p>
+       *
+       * @param name The name of the operation resource to be cancelled.
+       * @param content the {@link com.google.api.services.accesscontextmanager.v1.model.CancelOperationRequest}
+       * @since 1.13
+       */
+      protected Cancel(java.lang.String name, com.google.api.services.accesscontextmanager.v1.model.CancelOperationRequest content) {
+        super(AccessContextManager.this, "POST", REST_PATH, content, com.google.api.services.accesscontextmanager.v1.model.Empty.class);
+        this.name = com.google.api.client.util.Preconditions.checkNotNull(name, "Required parameter name must be specified.");
+        if (!getSuppressPatternChecks()) {
+          com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+              "Parameter name must conform to the pattern " +
+              "^operations/.+$");
+        }
+      }
+
+      @Override
+      public Cancel set$Xgafv(java.lang.String $Xgafv) {
+        return (Cancel) super.set$Xgafv($Xgafv);
+      }
+
+      @Override
+      public Cancel setAccessToken(java.lang.String accessToken) {
+        return (Cancel) super.setAccessToken(accessToken);
+      }
+
+      @Override
+      public Cancel setAlt(java.lang.String alt) {
+        return (Cancel) super.setAlt(alt);
+      }
+
+      @Override
+      public Cancel setCallback(java.lang.String callback) {
+        return (Cancel) super.setCallback(callback);
+      }
+
+      @Override
+      public Cancel setFields(java.lang.String fields) {
+        return (Cancel) super.setFields(fields);
+      }
+
+      @Override
+      public Cancel setKey(java.lang.String key) {
+        return (Cancel) super.setKey(key);
+      }
+
+      @Override
+      public Cancel setOauthToken(java.lang.String oauthToken) {
+        return (Cancel) super.setOauthToken(oauthToken);
+      }
+
+      @Override
+      public Cancel setPrettyPrint(java.lang.Boolean prettyPrint) {
+        return (Cancel) super.setPrettyPrint(prettyPrint);
+      }
+
+      @Override
+      public Cancel setQuotaUser(java.lang.String quotaUser) {
+        return (Cancel) super.setQuotaUser(quotaUser);
+      }
+
+      @Override
+      public Cancel setUploadType(java.lang.String uploadType) {
+        return (Cancel) super.setUploadType(uploadType);
+      }
+
+      @Override
+      public Cancel setUploadProtocol(java.lang.String uploadProtocol) {
+        return (Cancel) super.setUploadProtocol(uploadProtocol);
+      }
+
+      /** The name of the operation resource to be cancelled. */
+      @com.google.api.client.util.Key
+      private java.lang.String name;
+
+      /** The name of the operation resource to be cancelled.
+       */
+      public java.lang.String getName() {
+        return name;
+      }
+
+      /** The name of the operation resource to be cancelled. */
+      public Cancel setName(java.lang.String name) {
+        if (!getSuppressPatternChecks()) {
+          com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+              "Parameter name must conform to the pattern " +
+              "^operations/.+$");
+        }
+        this.name = name;
+        return this;
+      }
+
+      @Override
+      public Cancel set(String parameterName, Object value) {
+        return (Cancel) super.set(parameterName, value);
+      }
+    }
+    /**
+     * Deletes a long-running operation. This method indicates that the client is no longer interested
+     * in the operation result. It does not cancel the operation. If the server doesn't support this
+     * method, it returns `google.rpc.Code.UNIMPLEMENTED`.
+     *
+     * Create a request for the method "operations.delete".
+     *
+     * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+     * optional parameters, call the {@link Delete#execute()} method to invoke the remote operation.
+     *
+     * @param name The name of the operation resource to be deleted.
+     * @return the request
+     */
+    public Delete delete(java.lang.String name) throws java.io.IOException {
+      Delete result = new Delete(name);
+      initialize(result);
+      return result;
+    }
+
+    public class Delete extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.Empty> {
+
+      private static final String REST_PATH = "v1/{+name}";
+
+      private final java.util.regex.Pattern NAME_PATTERN =
+          java.util.regex.Pattern.compile("^operations/.+$");
+
+      /**
+       * Deletes a long-running operation. This method indicates that the client is no longer interested
+       * in the operation result. It does not cancel the operation. If the server doesn't support this
+       * method, it returns `google.rpc.Code.UNIMPLEMENTED`.
+       *
+       * Create a request for the method "operations.delete".
+       *
+       * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+       * any optional parameters, call the {@link Delete#execute()} method to invoke the remote
+       * operation. <p> {@link
+       * Delete#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must
+       * be called to initialize this instance immediately after invoking the constructor. </p>
+       *
+       * @param name The name of the operation resource to be deleted.
+       * @since 1.13
+       */
+      protected Delete(java.lang.String name) {
+        super(AccessContextManager.this, "DELETE", REST_PATH, null, com.google.api.services.accesscontextmanager.v1.model.Empty.class);
+        this.name = com.google.api.client.util.Preconditions.checkNotNull(name, "Required parameter name must be specified.");
+        if (!getSuppressPatternChecks()) {
+          com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+              "Parameter name must conform to the pattern " +
+              "^operations/.+$");
+        }
+      }
+
+      @Override
+      public Delete set$Xgafv(java.lang.String $Xgafv) {
+        return (Delete) super.set$Xgafv($Xgafv);
+      }
+
+      @Override
+      public Delete setAccessToken(java.lang.String accessToken) {
+        return (Delete) super.setAccessToken(accessToken);
+      }
+
+      @Override
+      public Delete setAlt(java.lang.String alt) {
+        return (Delete) super.setAlt(alt);
+      }
+
+      @Override
+      public Delete setCallback(java.lang.String callback) {
+        return (Delete) super.setCallback(callback);
+      }
+
+      @Override
+      public Delete setFields(java.lang.String fields) {
+        return (Delete) super.setFields(fields);
+      }
+
+      @Override
+      public Delete setKey(java.lang.String key) {
+        return (Delete) super.setKey(key);
+      }
+
+      @Override
+      public Delete setOauthToken(java.lang.String oauthToken) {
+        return (Delete) super.setOauthToken(oauthToken);
+      }
+
+      @Override
+      public Delete setPrettyPrint(java.lang.Boolean prettyPrint) {
+        return (Delete) super.setPrettyPrint(prettyPrint);
+      }
+
+      @Override
+      public Delete setQuotaUser(java.lang.String quotaUser) {
+        return (Delete) super.setQuotaUser(quotaUser);
+      }
+
+      @Override
+      public Delete setUploadType(java.lang.String uploadType) {
+        return (Delete) super.setUploadType(uploadType);
+      }
+
+      @Override
+      public Delete setUploadProtocol(java.lang.String uploadProtocol) {
+        return (Delete) super.setUploadProtocol(uploadProtocol);
+      }
+
+      /** The name of the operation resource to be deleted. */
+      @com.google.api.client.util.Key
+      private java.lang.String name;
+
+      /** The name of the operation resource to be deleted.
+       */
+      public java.lang.String getName() {
+        return name;
+      }
+
+      /** The name of the operation resource to be deleted. */
+      public Delete setName(java.lang.String name) {
+        if (!getSuppressPatternChecks()) {
+          com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+              "Parameter name must conform to the pattern " +
+              "^operations/.+$");
+        }
+        this.name = name;
+        return this;
+      }
+
+      @Override
+      public Delete set(String parameterName, Object value) {
+        return (Delete) super.set(parameterName, value);
+      }
+    }
+    /**
+     * Gets the latest state of a long-running operation.  Clients can use this method to poll the
+     * operation result at intervals as recommended by the API service.
+     *
+     * Create a request for the method "operations.get".
+     *
+     * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+     * optional parameters, call the {@link Get#execute()} method to invoke the remote operation.
+     *
+     * @param name The name of the operation resource.
+     * @return the request
+     */
+    public Get get(java.lang.String name) throws java.io.IOException {
+      Get result = new Get(name);
+      initialize(result);
+      return result;
+    }
+
+    public class Get extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.Operation> {
+
+      private static final String REST_PATH = "v1/{+name}";
+
+      private final java.util.regex.Pattern NAME_PATTERN =
+          java.util.regex.Pattern.compile("^operations/.+$");
+
+      /**
+       * Gets the latest state of a long-running operation.  Clients can use this method to poll the
+       * operation result at intervals as recommended by the API service.
+       *
+       * Create a request for the method "operations.get".
+       *
+       * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+       * any optional parameters, call the {@link Get#execute()} method to invoke the remote operation.
+       * <p> {@link
+       * Get#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must be
+       * called to initialize this instance immediately after invoking the constructor. </p>
+       *
+       * @param name The name of the operation resource.
+       * @since 1.13
+       */
+      protected Get(java.lang.String name) {
+        super(AccessContextManager.this, "GET", REST_PATH, null, com.google.api.services.accesscontextmanager.v1.model.Operation.class);
+        this.name = com.google.api.client.util.Preconditions.checkNotNull(name, "Required parameter name must be specified.");
+        if (!getSuppressPatternChecks()) {
+          com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+              "Parameter name must conform to the pattern " +
+              "^operations/.+$");
+        }
+      }
+
+      @Override
+      public com.google.api.client.http.HttpResponse executeUsingHead() throws java.io.IOException {
+        return super.executeUsingHead();
+      }
+
+      @Override
+      public com.google.api.client.http.HttpRequest buildHttpRequestUsingHead() throws java.io.IOException {
+        return super.buildHttpRequestUsingHead();
+      }
+
+      @Override
+      public Get set$Xgafv(java.lang.String $Xgafv) {
+        return (Get) super.set$Xgafv($Xgafv);
+      }
+
+      @Override
+      public Get setAccessToken(java.lang.String accessToken) {
+        return (Get) super.setAccessToken(accessToken);
+      }
+
+      @Override
+      public Get setAlt(java.lang.String alt) {
+        return (Get) super.setAlt(alt);
+      }
+
+      @Override
+      public Get setCallback(java.lang.String callback) {
+        return (Get) super.setCallback(callback);
+      }
+
+      @Override
+      public Get setFields(java.lang.String fields) {
+        return (Get) super.setFields(fields);
+      }
+
+      @Override
+      public Get setKey(java.lang.String key) {
+        return (Get) super.setKey(key);
+      }
+
+      @Override
+      public Get setOauthToken(java.lang.String oauthToken) {
+        return (Get) super.setOauthToken(oauthToken);
+      }
+
+      @Override
+      public Get setPrettyPrint(java.lang.Boolean prettyPrint) {
+        return (Get) super.setPrettyPrint(prettyPrint);
+      }
+
+      @Override
+      public Get setQuotaUser(java.lang.String quotaUser) {
+        return (Get) super.setQuotaUser(quotaUser);
+      }
+
+      @Override
+      public Get setUploadType(java.lang.String uploadType) {
+        return (Get) super.setUploadType(uploadType);
+      }
+
+      @Override
+      public Get setUploadProtocol(java.lang.String uploadProtocol) {
+        return (Get) super.setUploadProtocol(uploadProtocol);
+      }
+
+      /** The name of the operation resource. */
+      @com.google.api.client.util.Key
+      private java.lang.String name;
+
+      /** The name of the operation resource.
+       */
+      public java.lang.String getName() {
+        return name;
+      }
+
+      /** The name of the operation resource. */
+      public Get setName(java.lang.String name) {
+        if (!getSuppressPatternChecks()) {
+          com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+              "Parameter name must conform to the pattern " +
+              "^operations/.+$");
+        }
+        this.name = name;
+        return this;
+      }
+
+      @Override
+      public Get set(String parameterName, Object value) {
+        return (Get) super.set(parameterName, value);
+      }
+    }
+    /**
+     * Lists operations that match the specified filter in the request. If the server doesn't support
+     * this method, it returns `UNIMPLEMENTED`.
+     *
+     * NOTE: the `name` binding allows API services to override the binding to use different resource
+     * name schemes, such as `users/operations`. To override the binding, API services can add a binding
+     * such as `"/v1/{name=users}/operations"` to their service configuration. For backwards
+     * compatibility, the default name includes the operations collection id, however overriding users
+     * must ensure the name binding is the parent resource, without the operations collection id.
+     *
+     * Create a request for the method "operations.list".
+     *
+     * This request holds the parameters needed by the accesscontextmanager server.  After setting any
+     * optional parameters, call the {@link List#execute()} method to invoke the remote operation.
+     *
+     * @param name The name of the operation's parent resource.
+     * @return the request
+     */
+    public List list(java.lang.String name) throws java.io.IOException {
+      List result = new List(name);
+      initialize(result);
+      return result;
+    }
+
+    public class List extends AccessContextManagerRequest<com.google.api.services.accesscontextmanager.v1.model.ListOperationsResponse> {
+
+      private static final String REST_PATH = "v1/{+name}";
+
+      private final java.util.regex.Pattern NAME_PATTERN =
+          java.util.regex.Pattern.compile("^operations$");
+
+      /**
+       * Lists operations that match the specified filter in the request. If the server doesn't support
+       * this method, it returns `UNIMPLEMENTED`.
+       *
+       * NOTE: the `name` binding allows API services to override the binding to use different resource
+       * name schemes, such as `users/operations`. To override the binding, API services can add a
+       * binding such as `"/v1/{name=users}/operations"` to their service configuration. For backwards
+       * compatibility, the default name includes the operations collection id, however overriding users
+       * must ensure the name binding is the parent resource, without the operations collection id.
+       *
+       * Create a request for the method "operations.list".
+       *
+       * This request holds the parameters needed by the the accesscontextmanager server.  After setting
+       * any optional parameters, call the {@link List#execute()} method to invoke the remote operation.
+       * <p> {@link
+       * List#initialize(com.google.api.client.googleapis.services.AbstractGoogleClientRequest)} must be
+       * called to initialize this instance immediately after invoking the constructor. </p>
+       *
+       * @param name The name of the operation's parent resource.
+       * @since 1.13
+       */
+      protected List(java.lang.String name) {
+        super(AccessContextManager.this, "GET", REST_PATH, null, com.google.api.services.accesscontextmanager.v1.model.ListOperationsResponse.class);
+        this.name = com.google.api.client.util.Preconditions.checkNotNull(name, "Required parameter name must be specified.");
+        if (!getSuppressPatternChecks()) {
+          com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+              "Parameter name must conform to the pattern " +
+              "^operations$");
+        }
+      }
+
+      @Override
+      public com.google.api.client.http.HttpResponse executeUsingHead() throws java.io.IOException {
+        return super.executeUsingHead();
+      }
+
+      @Override
+      public com.google.api.client.http.HttpRequest buildHttpRequestUsingHead() throws java.io.IOException {
+        return super.buildHttpRequestUsingHead();
+      }
+
+      @Override
+      public List set$Xgafv(java.lang.String $Xgafv) {
+        return (List) super.set$Xgafv($Xgafv);
+      }
+
+      @Override
+      public List setAccessToken(java.lang.String accessToken) {
+        return (List) super.setAccessToken(accessToken);
+      }
+
+      @Override
+      public List setAlt(java.lang.String alt) {
+        return (List) super.setAlt(alt);
+      }
+
+      @Override
+      public List setCallback(java.lang.String callback) {
+        return (List) super.setCallback(callback);
+      }
+
+      @Override
+      public List setFields(java.lang.String fields) {
+        return (List) super.setFields(fields);
+      }
+
+      @Override
+      public List setKey(java.lang.String key) {
+        return (List) super.setKey(key);
+      }
+
+      @Override
+      public List setOauthToken(java.lang.String oauthToken) {
+        return (List) super.setOauthToken(oauthToken);
+      }
+
+      @Override
+      public List setPrettyPrint(java.lang.Boolean prettyPrint) {
+        return (List) super.setPrettyPrint(prettyPrint);
+      }
+
+      @Override
+      public List setQuotaUser(java.lang.String quotaUser) {
+        return (List) super.setQuotaUser(quotaUser);
+      }
+
+      @Override
+      public List setUploadType(java.lang.String uploadType) {
+        return (List) super.setUploadType(uploadType);
+      }
+
+      @Override
+      public List setUploadProtocol(java.lang.String uploadProtocol) {
+        return (List) super.setUploadProtocol(uploadProtocol);
+      }
+
+      /** The name of the operation's parent resource. */
+      @com.google.api.client.util.Key
+      private java.lang.String name;
+
+      /** The name of the operation's parent resource.
+       */
+      public java.lang.String getName() {
+        return name;
+      }
+
+      /** The name of the operation's parent resource. */
+      public List setName(java.lang.String name) {
+        if (!getSuppressPatternChecks()) {
+          com.google.api.client.util.Preconditions.checkArgument(NAME_PATTERN.matcher(name).matches(),
+              "Parameter name must conform to the pattern " +
+              "^operations$");
+        }
+        this.name = name;
+        return this;
+      }
+
+      /** The standard list filter. */
+      @com.google.api.client.util.Key
+      private java.lang.String filter;
+
+      /** The standard list filter.
+       */
+      public java.lang.String getFilter() {
+        return filter;
+      }
+
+      /** The standard list filter. */
+      public List setFilter(java.lang.String filter) {
+        this.filter = filter;
+        return this;
+      }
+
+      /** The standard list page size. */
+      @com.google.api.client.util.Key
+      private java.lang.Integer pageSize;
+
+      /** The standard list page size.
+       */
+      public java.lang.Integer getPageSize() {
+        return pageSize;
+      }
+
+      /** The standard list page size. */
+      public List setPageSize(java.lang.Integer pageSize) {
+        this.pageSize = pageSize;
+        return this;
+      }
+
+      /** The standard list page token. */
+      @com.google.api.client.util.Key
+      private java.lang.String pageToken;
+
+      /** The standard list page token.
+       */
+      public java.lang.String getPageToken() {
+        return pageToken;
+      }
+
+      /** The standard list page token. */
+      public List setPageToken(java.lang.String pageToken) {
+        this.pageToken = pageToken;
+        return this;
+      }
+
+      @Override
+      public List set(String parameterName, Object value) {
+        return (List) super.set(parameterName, value);
+      }
+    }
+
+  }
+
+  /**
+   * Builder for {@link AccessContextManager}.
+   *
+   * <p>
+   * Implementation is not thread-safe.
+   * </p>
+   *
+   * @since 1.3.0
+   */
+  public static final class Builder extends com.google.api.client.googleapis.services.json.AbstractGoogleJsonClient.Builder {
+
+    /**
+     * Returns an instance of a new builder.
+     *
+     * @param transport HTTP transport, which should normally be:
+     *        <ul>
+     *        <li>Google App Engine:
+     *        {@code com.google.api.client.extensions.appengine.http.UrlFetchTransport}</li>
+     *        <li>Android: {@code newCompatibleTransport} from
+     *        {@code com.google.api.client.extensions.android.http.AndroidHttp}</li>
+     *        <li>Java: {@link com.google.api.client.googleapis.javanet.GoogleNetHttpTransport#newTrustedTransport()}
+     *        </li>
+     *        </ul>
+     * @param jsonFactory JSON factory, which may be:
+     *        <ul>
+     *        <li>Jackson: {@code com.google.api.client.json.jackson2.JacksonFactory}</li>
+     *        <li>Google GSON: {@code com.google.api.client.json.gson.GsonFactory}</li>
+     *        <li>Android Honeycomb or higher:
+     *        {@code com.google.api.client.extensions.android.json.AndroidJsonFactory}</li>
+     *        </ul>
+     * @param httpRequestInitializer HTTP request initializer or {@code null} for none
+     * @since 1.7
+     */
+    public Builder(com.google.api.client.http.HttpTransport transport, com.google.api.client.json.JsonFactory jsonFactory,
+        com.google.api.client.http.HttpRequestInitializer httpRequestInitializer) {
+      super(
+          transport,
+          jsonFactory,
+          DEFAULT_ROOT_URL,
+          DEFAULT_SERVICE_PATH,
+          httpRequestInitializer,
+          false);
+      setBatchPath(DEFAULT_BATCH_PATH);
+    }
+
+    /** Builds a new instance of {@link AccessContextManager}. */
+    @Override
+    public AccessContextManager build() {
+      return new AccessContextManager(this);
+    }
+
+    @Override
+    public Builder setRootUrl(String rootUrl) {
+      return (Builder) super.setRootUrl(rootUrl);
+    }
+
+    @Override
+    public Builder setServicePath(String servicePath) {
+      return (Builder) super.setServicePath(servicePath);
+    }
+
+    @Override
+    public Builder setBatchPath(String batchPath) {
+      return (Builder) super.setBatchPath(batchPath);
+    }
+
+    @Override
+    public Builder setHttpRequestInitializer(com.google.api.client.http.HttpRequestInitializer httpRequestInitializer) {
+      return (Builder) super.setHttpRequestInitializer(httpRequestInitializer);
+    }
+
+    @Override
+    public Builder setApplicationName(String applicationName) {
+      return (Builder) super.setApplicationName(applicationName);
+    }
+
+    @Override
+    public Builder setSuppressPatternChecks(boolean suppressPatternChecks) {
+      return (Builder) super.setSuppressPatternChecks(suppressPatternChecks);
+    }
+
+    @Override
+    public Builder setSuppressRequiredParameterChecks(boolean suppressRequiredParameterChecks) {
+      return (Builder) super.setSuppressRequiredParameterChecks(suppressRequiredParameterChecks);
+    }
+
+    @Override
+    public Builder setSuppressAllChecks(boolean suppressAllChecks) {
+      return (Builder) super.setSuppressAllChecks(suppressAllChecks);
+    }
+
+    /**
+     * Set the {@link AccessContextManagerRequestInitializer}.
+     *
+     * @since 1.12
+     */
+    public Builder setAccessContextManagerRequestInitializer(
+        AccessContextManagerRequestInitializer accesscontextmanagerRequestInitializer) {
+      return (Builder) super.setGoogleClientRequestInitializer(accesscontextmanagerRequestInitializer);
+    }
+
+    @Override
+    public Builder setGoogleClientRequestInitializer(
+        com.google.api.client.googleapis.services.GoogleClientRequestInitializer googleClientRequestInitializer) {
+      return (Builder) super.setGoogleClientRequestInitializer(googleClientRequestInitializer);
+    }
+  }
+}
diff --git a/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/AccessContextManagerRequest.java b/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/AccessContextManagerRequest.java
new file mode 100644
index 00000000000..bd9642ba468
--- /dev/null
+++ b/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/AccessContextManagerRequest.java
@@ -0,0 +1,267 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1;
+
+/**
+ * AccessContextManager request.
+ *
+ * @since 1.3
+ */
+@SuppressWarnings("javadoc")
+public abstract class AccessContextManagerRequest<T> extends com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest<T> {
+
+  /**
+   * @param client Google client
+   * @param method HTTP Method
+   * @param uriTemplate URI template for the path relative to the base URL. If it starts with a "/"
+   *        the base path from the base URL will be stripped out. The URI template can also be a
+   *        full URL. URI template expansion is done using
+   *        {@link com.google.api.client.http.UriTemplate#expand(String, String, Object, boolean)}
+   * @param content A POJO that can be serialized into JSON or {@code null} for none
+   * @param responseClass response class to parse into
+   */
+  public AccessContextManagerRequest(
+      AccessContextManager client, String method, String uriTemplate, Object content, Class<T> responseClass) {
+    super(
+        client,
+        method,
+        uriTemplate,
+        content,
+        responseClass);
+  }
+
+  /** V1 error format. */
+  @com.google.api.client.util.Key("$.xgafv")
+  private java.lang.String $Xgafv;
+
+  /**
+   * V1 error format.
+   */
+  public java.lang.String get$Xgafv() {
+    return $Xgafv;
+  }
+
+  /** V1 error format. */
+  public AccessContextManagerRequest<T> set$Xgafv(java.lang.String $Xgafv) {
+    this.$Xgafv = $Xgafv;
+    return this;
+  }
+
+  /** OAuth access token. */
+  @com.google.api.client.util.Key("access_token")
+  private java.lang.String accessToken;
+
+  /**
+   * OAuth access token.
+   */
+  public java.lang.String getAccessToken() {
+    return accessToken;
+  }
+
+  /** OAuth access token. */
+  public AccessContextManagerRequest<T> setAccessToken(java.lang.String accessToken) {
+    this.accessToken = accessToken;
+    return this;
+  }
+
+  /** Data format for response. */
+  @com.google.api.client.util.Key
+  private java.lang.String alt;
+
+  /**
+   * Data format for response. [default: json]
+   */
+  public java.lang.String getAlt() {
+    return alt;
+  }
+
+  /** Data format for response. */
+  public AccessContextManagerRequest<T> setAlt(java.lang.String alt) {
+    this.alt = alt;
+    return this;
+  }
+
+  /** JSONP */
+  @com.google.api.client.util.Key
+  private java.lang.String callback;
+
+  /**
+   * JSONP
+   */
+  public java.lang.String getCallback() {
+    return callback;
+  }
+
+  /** JSONP */
+  public AccessContextManagerRequest<T> setCallback(java.lang.String callback) {
+    this.callback = callback;
+    return this;
+  }
+
+  /** Selector specifying which fields to include in a partial response. */
+  @com.google.api.client.util.Key
+  private java.lang.String fields;
+
+  /**
+   * Selector specifying which fields to include in a partial response.
+   */
+  public java.lang.String getFields() {
+    return fields;
+  }
+
+  /** Selector specifying which fields to include in a partial response. */
+  public AccessContextManagerRequest<T> setFields(java.lang.String fields) {
+    this.fields = fields;
+    return this;
+  }
+
+  /**
+   * API key. Your API key identifies your project and provides you with API access, quota, and
+   * reports. Required unless you provide an OAuth 2.0 token.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String key;
+
+  /**
+   * API key. Your API key identifies your project and provides you with API access, quota, and
+   * reports. Required unless you provide an OAuth 2.0 token.
+   */
+  public java.lang.String getKey() {
+    return key;
+  }
+
+  /**
+   * API key. Your API key identifies your project and provides you with API access, quota, and
+   * reports. Required unless you provide an OAuth 2.0 token.
+   */
+  public AccessContextManagerRequest<T> setKey(java.lang.String key) {
+    this.key = key;
+    return this;
+  }
+
+  /** OAuth 2.0 token for the current user. */
+  @com.google.api.client.util.Key("oauth_token")
+  private java.lang.String oauthToken;
+
+  /**
+   * OAuth 2.0 token for the current user.
+   */
+  public java.lang.String getOauthToken() {
+    return oauthToken;
+  }
+
+  /** OAuth 2.0 token for the current user. */
+  public AccessContextManagerRequest<T> setOauthToken(java.lang.String oauthToken) {
+    this.oauthToken = oauthToken;
+    return this;
+  }
+
+  /** Returns response with indentations and line breaks. */
+  @com.google.api.client.util.Key
+  private java.lang.Boolean prettyPrint;
+
+  /**
+   * Returns response with indentations and line breaks. [default: true]
+   */
+  public java.lang.Boolean getPrettyPrint() {
+    return prettyPrint;
+  }
+
+  /** Returns response with indentations and line breaks. */
+  public AccessContextManagerRequest<T> setPrettyPrint(java.lang.Boolean prettyPrint) {
+    this.prettyPrint = prettyPrint;
+    return this;
+  }
+
+  /**
+   * Available to use for quota purposes for server-side applications. Can be any arbitrary string
+   * assigned to a user, but should not exceed 40 characters.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String quotaUser;
+
+  /**
+   * Available to use for quota purposes for server-side applications. Can be any arbitrary string
+   * assigned to a user, but should not exceed 40 characters.
+   */
+  public java.lang.String getQuotaUser() {
+    return quotaUser;
+  }
+
+  /**
+   * Available to use for quota purposes for server-side applications. Can be any arbitrary string
+   * assigned to a user, but should not exceed 40 characters.
+   */
+  public AccessContextManagerRequest<T> setQuotaUser(java.lang.String quotaUser) {
+    this.quotaUser = quotaUser;
+    return this;
+  }
+
+  /** Legacy upload protocol for media (e.g. "media", "multipart"). */
+  @com.google.api.client.util.Key
+  private java.lang.String uploadType;
+
+  /**
+   * Legacy upload protocol for media (e.g. "media", "multipart").
+   */
+  public java.lang.String getUploadType() {
+    return uploadType;
+  }
+
+  /** Legacy upload protocol for media (e.g. "media", "multipart"). */
+  public AccessContextManagerRequest<T> setUploadType(java.lang.String uploadType) {
+    this.uploadType = uploadType;
+    return this;
+  }
+
+  /** Upload protocol for media (e.g. "raw", "multipart"). */
+  @com.google.api.client.util.Key("upload_protocol")
+  private java.lang.String uploadProtocol;
+
+  /**
+   * Upload protocol for media (e.g. "raw", "multipart").
+   */
+  public java.lang.String getUploadProtocol() {
+    return uploadProtocol;
+  }
+
+  /** Upload protocol for media (e.g. "raw", "multipart"). */
+  public AccessContextManagerRequest<T> setUploadProtocol(java.lang.String uploadProtocol) {
+    this.uploadProtocol = uploadProtocol;
+    return this;
+  }
+
+  @Override
+  public final AccessContextManager getAbstractGoogleClient() {
+    return (AccessContextManager) super.getAbstractGoogleClient();
+  }
+
+  @Override
+  public AccessContextManagerRequest<T> setDisableGZipContent(boolean disableGZipContent) {
+    return (AccessContextManagerRequest<T>) super.setDisableGZipContent(disableGZipContent);
+  }
+
+  @Override
+  public AccessContextManagerRequest<T> setRequestHeaders(com.google.api.client.http.HttpHeaders headers) {
+    return (AccessContextManagerRequest<T>) super.setRequestHeaders(headers);
+  }
+
+  @Override
+  public AccessContextManagerRequest<T> set(String parameterName, Object value) {
+    return (AccessContextManagerRequest<T>) super.set(parameterName, value);
+  }
+}
diff --git a/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/AccessContextManagerRequestInitializer.java b/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/AccessContextManagerRequestInitializer.java
new file mode 100644
index 00000000000..72585d9e6e6
--- /dev/null
+++ b/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/AccessContextManagerRequestInitializer.java
@@ -0,0 +1,119 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1;
+
+/**
+ * AccessContextManager request initializer for setting properties like key and userIp.
+ *
+ * <p>
+ * The simplest usage is to use it to set the key parameter:
+ * </p>
+ *
+ * <pre>
+  public static final GoogleClientRequestInitializer KEY_INITIALIZER =
+      new AccessContextManagerRequestInitializer(KEY);
+ * </pre>
+ *
+ * <p>
+ * There is also a constructor to set both the key and userIp parameters:
+ * </p>
+ *
+ * <pre>
+  public static final GoogleClientRequestInitializer INITIALIZER =
+      new AccessContextManagerRequestInitializer(KEY, USER_IP);
+ * </pre>
+ *
+ * <p>
+ * If you want to implement custom logic, extend it like this:
+ * </p>
+ *
+ * <pre>
+  public static class MyRequestInitializer extends AccessContextManagerRequestInitializer {
+
+    {@literal @}Override
+    public void initializeAccessContextManagerRequest(AccessContextManagerRequest{@literal <}?{@literal >} request)
+        throws IOException {
+      // custom logic
+    }
+  }
+ * </pre>
+ *
+ * <p>
+ * Finally, to set the key and userIp parameters and insert custom logic, extend it like this:
+ * </p>
+ *
+ * <pre>
+  public static class MyRequestInitializer2 extends AccessContextManagerRequestInitializer {
+
+    public MyKeyRequestInitializer() {
+      super(KEY, USER_IP);
+    }
+
+    {@literal @}Override
+    public void initializeAccessContextManagerRequest(AccessContextManagerRequest{@literal <}?{@literal >} request)
+        throws IOException {
+      // custom logic
+    }
+  }
+ * </pre>
+ *
+ * <p>
+ * Subclasses should be thread-safe.
+ * </p>
+ *
+ * @since 1.12
+ */
+public class AccessContextManagerRequestInitializer extends com.google.api.client.googleapis.services.json.CommonGoogleJsonClientRequestInitializer {
+
+  public AccessContextManagerRequestInitializer() {
+    super();
+  }
+
+  /**
+   * @param key API key or {@code null} to leave it unchanged
+   */
+  public AccessContextManagerRequestInitializer(String key) {
+    super(key);
+  }
+
+  /**
+   * @param key API key or {@code null} to leave it unchanged
+   * @param userIp user IP or {@code null} to leave it unchanged
+   */
+  public AccessContextManagerRequestInitializer(String key, String userIp) {
+    super(key, userIp);
+  }
+
+  @Override
+  public final void initializeJsonRequest(com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest<?> request) throws java.io.IOException {
+    super.initializeJsonRequest(request);
+    initializeAccessContextManagerRequest((AccessContextManagerRequest<?>) request);
+  }
+
+  /**
+   * Initializes AccessContextManager request.
+   *
+   * <p>
+   * Default implementation does nothing. Called from
+   * {@link #initializeJsonRequest(com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest)}.
+   * </p>
+   *
+   * @throws java.io.IOException I/O exception
+   */
+  protected void initializeAccessContextManagerRequest(AccessContextManagerRequest<?> request) throws java.io.IOException {
+  }
+}
diff --git a/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/AccessContextManagerScopes.java b/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/AccessContextManagerScopes.java
new file mode 100644
index 00000000000..a24cc91248f
--- /dev/null
+++ b/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/AccessContextManagerScopes.java
@@ -0,0 +1,42 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1;
+
+/**
+ * Available OAuth 2.0 scopes for use with the Access Context Manager API.
+ *
+ * @since 1.4
+ */
+public class AccessContextManagerScopes {
+
+  /** View and manage your data across Google Cloud Platform services. */
+  public static final String CLOUD_PLATFORM = "https://www.googleapis.com/auth/cloud-platform";
+
+  /**
+   * Returns an unmodifiable set that contains all scopes declared by this class.
+   *
+   * @since 1.16
+   */
+  public static java.util.Set<String> all() {
+    java.util.Set<String> set = new java.util.HashSet<String>();
+    set.add(CLOUD_PLATFORM);
+    return java.util.Collections.unmodifiableSet(set);
+  }
+
+  private AccessContextManagerScopes() {
+  }
+}
diff --git a/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/AccessLevel.java b/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/AccessLevel.java
new file mode 100644
index 00000000000..e114803aaef
--- /dev/null
+++ b/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/AccessLevel.java
@@ -0,0 +1,194 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * An `AccessLevel` is a label that can be applied to requests to GCP services, along with a list of
+ * requirements necessary for the label to be applied.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class AccessLevel extends com.google.api.client.json.GenericJson {
+
+  /**
+   * A `BasicLevel` composed of `Conditions`.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private BasicLevel basic;
+
+  /**
+   * Output only. Time the `AccessLevel` was created in UTC.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private String createTime;
+
+  /**
+   * Description of the `AccessLevel` and its use. Does not affect behavior.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String description;
+
+  /**
+   * Required. Resource name for the Access Level. The `short_name` component must begin with a
+   * letter and only include alphanumeric and '_'. Format:
+   * `accessPolicies/{policy_id}/accessLevels/{short_name}`
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String name;
+
+  /**
+   * Human readable title. Must be unique within the Policy.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String title;
+
+  /**
+   * Output only. Time the `AccessLevel` was updated in UTC.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private String updateTime;
+
+  /**
+   * A `BasicLevel` composed of `Conditions`.
+   * @return value or {@code null} for none
+   */
+  public BasicLevel getBasic() {
+    return basic;
+  }
+
+  /**
+   * A `BasicLevel` composed of `Conditions`.
+   * @param basic basic or {@code null} for none
+   */
+  public AccessLevel setBasic(BasicLevel basic) {
+    this.basic = basic;
+    return this;
+  }
+
+  /**
+   * Output only. Time the `AccessLevel` was created in UTC.
+   * @return value or {@code null} for none
+   */
+  public String getCreateTime() {
+    return createTime;
+  }
+
+  /**
+   * Output only. Time the `AccessLevel` was created in UTC.
+   * @param createTime createTime or {@code null} for none
+   */
+  public AccessLevel setCreateTime(String createTime) {
+    this.createTime = createTime;
+    return this;
+  }
+
+  /**
+   * Description of the `AccessLevel` and its use. Does not affect behavior.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getDescription() {
+    return description;
+  }
+
+  /**
+   * Description of the `AccessLevel` and its use. Does not affect behavior.
+   * @param description description or {@code null} for none
+   */
+  public AccessLevel setDescription(java.lang.String description) {
+    this.description = description;
+    return this;
+  }
+
+  /**
+   * Required. Resource name for the Access Level. The `short_name` component must begin with a
+   * letter and only include alphanumeric and '_'. Format:
+   * `accessPolicies/{policy_id}/accessLevels/{short_name}`
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getName() {
+    return name;
+  }
+
+  /**
+   * Required. Resource name for the Access Level. The `short_name` component must begin with a
+   * letter and only include alphanumeric and '_'. Format:
+   * `accessPolicies/{policy_id}/accessLevels/{short_name}`
+   * @param name name or {@code null} for none
+   */
+  public AccessLevel setName(java.lang.String name) {
+    this.name = name;
+    return this;
+  }
+
+  /**
+   * Human readable title. Must be unique within the Policy.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getTitle() {
+    return title;
+  }
+
+  /**
+   * Human readable title. Must be unique within the Policy.
+   * @param title title or {@code null} for none
+   */
+  public AccessLevel setTitle(java.lang.String title) {
+    this.title = title;
+    return this;
+  }
+
+  /**
+   * Output only. Time the `AccessLevel` was updated in UTC.
+   * @return value or {@code null} for none
+   */
+  public String getUpdateTime() {
+    return updateTime;
+  }
+
+  /**
+   * Output only. Time the `AccessLevel` was updated in UTC.
+   * @param updateTime updateTime or {@code null} for none
+   */
+  public AccessLevel setUpdateTime(String updateTime) {
+    this.updateTime = updateTime;
+    return this;
+  }
+
+  @Override
+  public AccessLevel set(String fieldName, Object value) {
+    return (AccessLevel) super.set(fieldName, value);
+  }
+
+  @Override
+  public AccessLevel clone() {
+    return (AccessLevel) super.clone();
+  }
+
+}
diff --git a/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/AccessPolicy.java b/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/AccessPolicy.java
new file mode 100644
index 00000000000..6efa50a0759
--- /dev/null
+++ b/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/AccessPolicy.java
@@ -0,0 +1,169 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * `AccessPolicy` is a container for `AccessLevels` (which define the necessary attributes to use
+ * GCP services) and `ServicePerimeters` (which define regions of services able to freely pass data
+ * within a perimeter). An access policy is globally visible within an organization, and the
+ * restrictions it specifies apply to all projects within an organization.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class AccessPolicy extends com.google.api.client.json.GenericJson {
+
+  /**
+   * Output only. Time the `AccessPolicy` was created in UTC.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private String createTime;
+
+  /**
+   * Output only. Resource name of the `AccessPolicy`. Format: `accessPolicies/{policy_id}`
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String name;
+
+  /**
+   * Required. The parent of this `AccessPolicy` in the Cloud Resource Hierarchy. Currently
+   * immutable once created. Format: `organizations/{organization_id}`
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String parent;
+
+  /**
+   * Required. Human readable title. Does not affect behavior.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String title;
+
+  /**
+   * Output only. Time the `AccessPolicy` was updated in UTC.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private String updateTime;
+
+  /**
+   * Output only. Time the `AccessPolicy` was created in UTC.
+   * @return value or {@code null} for none
+   */
+  public String getCreateTime() {
+    return createTime;
+  }
+
+  /**
+   * Output only. Time the `AccessPolicy` was created in UTC.
+   * @param createTime createTime or {@code null} for none
+   */
+  public AccessPolicy setCreateTime(String createTime) {
+    this.createTime = createTime;
+    return this;
+  }
+
+  /**
+   * Output only. Resource name of the `AccessPolicy`. Format: `accessPolicies/{policy_id}`
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getName() {
+    return name;
+  }
+
+  /**
+   * Output only. Resource name of the `AccessPolicy`. Format: `accessPolicies/{policy_id}`
+   * @param name name or {@code null} for none
+   */
+  public AccessPolicy setName(java.lang.String name) {
+    this.name = name;
+    return this;
+  }
+
+  /**
+   * Required. The parent of this `AccessPolicy` in the Cloud Resource Hierarchy. Currently
+   * immutable once created. Format: `organizations/{organization_id}`
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getParent() {
+    return parent;
+  }
+
+  /**
+   * Required. The parent of this `AccessPolicy` in the Cloud Resource Hierarchy. Currently
+   * immutable once created. Format: `organizations/{organization_id}`
+   * @param parent parent or {@code null} for none
+   */
+  public AccessPolicy setParent(java.lang.String parent) {
+    this.parent = parent;
+    return this;
+  }
+
+  /**
+   * Required. Human readable title. Does not affect behavior.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getTitle() {
+    return title;
+  }
+
+  /**
+   * Required. Human readable title. Does not affect behavior.
+   * @param title title or {@code null} for none
+   */
+  public AccessPolicy setTitle(java.lang.String title) {
+    this.title = title;
+    return this;
+  }
+
+  /**
+   * Output only. Time the `AccessPolicy` was updated in UTC.
+   * @return value or {@code null} for none
+   */
+  public String getUpdateTime() {
+    return updateTime;
+  }
+
+  /**
+   * Output only. Time the `AccessPolicy` was updated in UTC.
+   * @param updateTime updateTime or {@code null} for none
+   */
+  public AccessPolicy setUpdateTime(String updateTime) {
+    this.updateTime = updateTime;
+    return this;
+  }
+
+  @Override
+  public AccessPolicy set(String fieldName, Object value) {
+    return (AccessPolicy) super.set(fieldName, value);
+  }
+
+  @Override
+  public AccessPolicy clone() {
+    return (AccessPolicy) super.clone();
+  }
+
+}
diff --git a/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/BasicLevel.java b/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/BasicLevel.java
new file mode 100644
index 00000000000..061db767856
--- /dev/null
+++ b/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/BasicLevel.java
@@ -0,0 +1,100 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * `BasicLevel` is an `AccessLevel` using a set of recommended features.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class BasicLevel extends com.google.api.client.json.GenericJson {
+
+  /**
+   * How the `conditions` list should be combined to determine if a request is granted this
+   * `AccessLevel`. If AND is used, each `Condition` in `conditions` must be satisfied for the
+   * `AccessLevel` to be applied. If OR is used, at least one `Condition` in `conditions` must be
+   * satisfied for the `AccessLevel` to be applied. Default behavior is AND.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String combiningFunction;
+
+  /**
+   * Required. A list of requirements for the `AccessLevel` to be granted.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<Condition> conditions;
+
+  /**
+   * How the `conditions` list should be combined to determine if a request is granted this
+   * `AccessLevel`. If AND is used, each `Condition` in `conditions` must be satisfied for the
+   * `AccessLevel` to be applied. If OR is used, at least one `Condition` in `conditions` must be
+   * satisfied for the `AccessLevel` to be applied. Default behavior is AND.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getCombiningFunction() {
+    return combiningFunction;
+  }
+
+  /**
+   * How the `conditions` list should be combined to determine if a request is granted this
+   * `AccessLevel`. If AND is used, each `Condition` in `conditions` must be satisfied for the
+   * `AccessLevel` to be applied. If OR is used, at least one `Condition` in `conditions` must be
+   * satisfied for the `AccessLevel` to be applied. Default behavior is AND.
+   * @param combiningFunction combiningFunction or {@code null} for none
+   */
+  public BasicLevel setCombiningFunction(java.lang.String combiningFunction) {
+    this.combiningFunction = combiningFunction;
+    return this;
+  }
+
+  /**
+   * Required. A list of requirements for the `AccessLevel` to be granted.
+   * @return value or {@code null} for none
+   */
+  public java.util.List<Condition> getConditions() {
+    return conditions;
+  }
+
+  /**
+   * Required. A list of requirements for the `AccessLevel` to be granted.
+   * @param conditions conditions or {@code null} for none
+   */
+  public BasicLevel setConditions(java.util.List<Condition> conditions) {
+    this.conditions = conditions;
+    return this;
+  }
+
+  @Override
+  public BasicLevel set(String fieldName, Object value) {
+    return (BasicLevel) super.set(fieldName, value);
+  }
+
+  @Override
+  public BasicLevel clone() {
+    return (BasicLevel) super.clone();
+  }
+
+}
diff --git a/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/CancelOperationRequest.java b/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/CancelOperationRequest.java
new file mode 100644
index 00000000000..8c5f4c2a21d
--- /dev/null
+++ b/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/CancelOperationRequest.java
@@ -0,0 +1,43 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * The request message for Operations.CancelOperation.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class CancelOperationRequest extends com.google.api.client.json.GenericJson {
+
+  @Override
+  public CancelOperationRequest set(String fieldName, Object value) {
+    return (CancelOperationRequest) super.set(fieldName, value);
+  }
+
+  @Override
+  public CancelOperationRequest clone() {
+    return (CancelOperationRequest) super.clone();
+  }
+
+}
diff --git a/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/Condition.java b/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/Condition.java
new file mode 100644
index 00000000000..dcca9056144
--- /dev/null
+++ b/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/Condition.java
@@ -0,0 +1,202 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * A condition necessary for an `AccessLevel` to be granted. The Condition is an AND over its
+ * fields. So a Condition is true if: 1) the request IP is from one of the listed subnetworks AND 2)
+ * the originating device complies with the listed device policy AND 3) all listed access levels are
+ * granted AND 4) the request was sent at a time allowed by the DateTimeRestriction.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class Condition extends com.google.api.client.json.GenericJson {
+
+  /**
+   * Device specific restrictions, all restrictions must hold for the Condition to be true. If not
+   * specified, all devices are allowed.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private DevicePolicy devicePolicy;
+
+  /**
+   * CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address
+   * block, the specified IP address portion must be properly truncated (i.e. all the host bits must
+   * be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but
+   * "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas
+   * "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets
+   * in order for this Condition to be true. If empty, all IP addresses are allowed.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<java.lang.String> ipSubnetworks;
+
+  /**
+   * The request must be made by one of the provided user or service accounts. Groups are not
+   * supported. Syntax: `user:{emailid}` `serviceAccount:{emailid}` If not specified, a request may
+   * come from any user.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<java.lang.String> members;
+
+  /**
+   * Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty
+   * fields, each field must be false for the Condition overall to be satisfied. Defaults to false.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.Boolean negate;
+
+  /**
+   * A list of other access levels defined in the same `Policy`, referenced by resource name.
+   * Referencing an `AccessLevel` which does not exist is an error. All access levels listed must be
+   * granted for the Condition to be true. Example:
+   * "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<java.lang.String> requiredAccessLevels;
+
+  /**
+   * Device specific restrictions, all restrictions must hold for the Condition to be true. If not
+   * specified, all devices are allowed.
+   * @return value or {@code null} for none
+   */
+  public DevicePolicy getDevicePolicy() {
+    return devicePolicy;
+  }
+
+  /**
+   * Device specific restrictions, all restrictions must hold for the Condition to be true. If not
+   * specified, all devices are allowed.
+   * @param devicePolicy devicePolicy or {@code null} for none
+   */
+  public Condition setDevicePolicy(DevicePolicy devicePolicy) {
+    this.devicePolicy = devicePolicy;
+    return this;
+  }
+
+  /**
+   * CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address
+   * block, the specified IP address portion must be properly truncated (i.e. all the host bits must
+   * be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but
+   * "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas
+   * "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets
+   * in order for this Condition to be true. If empty, all IP addresses are allowed.
+   * @return value or {@code null} for none
+   */
+  public java.util.List<java.lang.String> getIpSubnetworks() {
+    return ipSubnetworks;
+  }
+
+  /**
+   * CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address
+   * block, the specified IP address portion must be properly truncated (i.e. all the host bits must
+   * be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but
+   * "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas
+   * "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets
+   * in order for this Condition to be true. If empty, all IP addresses are allowed.
+   * @param ipSubnetworks ipSubnetworks or {@code null} for none
+   */
+  public Condition setIpSubnetworks(java.util.List<java.lang.String> ipSubnetworks) {
+    this.ipSubnetworks = ipSubnetworks;
+    return this;
+  }
+
+  /**
+   * The request must be made by one of the provided user or service accounts. Groups are not
+   * supported. Syntax: `user:{emailid}` `serviceAccount:{emailid}` If not specified, a request may
+   * come from any user.
+   * @return value or {@code null} for none
+   */
+  public java.util.List<java.lang.String> getMembers() {
+    return members;
+  }
+
+  /**
+   * The request must be made by one of the provided user or service accounts. Groups are not
+   * supported. Syntax: `user:{emailid}` `serviceAccount:{emailid}` If not specified, a request may
+   * come from any user.
+   * @param members members or {@code null} for none
+   */
+  public Condition setMembers(java.util.List<java.lang.String> members) {
+    this.members = members;
+    return this;
+  }
+
+  /**
+   * Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty
+   * fields, each field must be false for the Condition overall to be satisfied. Defaults to false.
+   * @return value or {@code null} for none
+   */
+  public java.lang.Boolean getNegate() {
+    return negate;
+  }
+
+  /**
+   * Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty
+   * fields, each field must be false for the Condition overall to be satisfied. Defaults to false.
+   * @param negate negate or {@code null} for none
+   */
+  public Condition setNegate(java.lang.Boolean negate) {
+    this.negate = negate;
+    return this;
+  }
+
+  /**
+   * A list of other access levels defined in the same `Policy`, referenced by resource name.
+   * Referencing an `AccessLevel` which does not exist is an error. All access levels listed must be
+   * granted for the Condition to be true. Example:
+   * "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`
+   * @return value or {@code null} for none
+   */
+  public java.util.List<java.lang.String> getRequiredAccessLevels() {
+    return requiredAccessLevels;
+  }
+
+  /**
+   * A list of other access levels defined in the same `Policy`, referenced by resource name.
+   * Referencing an `AccessLevel` which does not exist is an error. All access levels listed must be
+   * granted for the Condition to be true. Example:
+   * "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`
+   * @param requiredAccessLevels requiredAccessLevels or {@code null} for none
+   */
+  public Condition setRequiredAccessLevels(java.util.List<java.lang.String> requiredAccessLevels) {
+    this.requiredAccessLevels = requiredAccessLevels;
+    return this;
+  }
+
+  @Override
+  public Condition set(String fieldName, Object value) {
+    return (Condition) super.set(fieldName, value);
+  }
+
+  @Override
+  public Condition clone() {
+    return (Condition) super.clone();
+  }
+
+}
diff --git a/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/DevicePolicy.java b/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/DevicePolicy.java
new file mode 100644
index 00000000000..b1dc97483f0
--- /dev/null
+++ b/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/DevicePolicy.java
@@ -0,0 +1,145 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * `DevicePolicy` specifies device specific restrictions necessary to acquire a given access level.
+ * A `DevicePolicy` specifies requirements for requests from devices to be granted access levels, it
+ * does not do any enforcement on the device. `DevicePolicy` acts as an AND over all specified
+ * fields, and each repeated field is an OR over its elements. Any unset fields are ignored. For
+ * example, if the proto is { os_type : DESKTOP_WINDOWS, os_type : DESKTOP_LINUX, encryption_status:
+ * ENCRYPTED}, then the DevicePolicy will be true for requests originating from encrypted Linux
+ * desktops and encrypted Windows desktops.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class DevicePolicy extends com.google.api.client.json.GenericJson {
+
+  /**
+   * Allowed device management levels, an empty list allows all management levels.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<java.lang.String> allowedDeviceManagementLevels;
+
+  /**
+   * Allowed encryptions statuses, an empty list allows all statuses.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<java.lang.String> allowedEncryptionStatuses;
+
+  /**
+   * Allowed OS versions, an empty list allows all types and all versions.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<OsConstraint> osConstraints;
+
+  /**
+   * Whether or not screenlock is required for the DevicePolicy to be true. Defaults to `false`.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.Boolean requireScreenlock;
+
+  /**
+   * Allowed device management levels, an empty list allows all management levels.
+   * @return value or {@code null} for none
+   */
+  public java.util.List<java.lang.String> getAllowedDeviceManagementLevels() {
+    return allowedDeviceManagementLevels;
+  }
+
+  /**
+   * Allowed device management levels, an empty list allows all management levels.
+   * @param allowedDeviceManagementLevels allowedDeviceManagementLevels or {@code null} for none
+   */
+  public DevicePolicy setAllowedDeviceManagementLevels(java.util.List<java.lang.String> allowedDeviceManagementLevels) {
+    this.allowedDeviceManagementLevels = allowedDeviceManagementLevels;
+    return this;
+  }
+
+  /**
+   * Allowed encryptions statuses, an empty list allows all statuses.
+   * @return value or {@code null} for none
+   */
+  public java.util.List<java.lang.String> getAllowedEncryptionStatuses() {
+    return allowedEncryptionStatuses;
+  }
+
+  /**
+   * Allowed encryptions statuses, an empty list allows all statuses.
+   * @param allowedEncryptionStatuses allowedEncryptionStatuses or {@code null} for none
+   */
+  public DevicePolicy setAllowedEncryptionStatuses(java.util.List<java.lang.String> allowedEncryptionStatuses) {
+    this.allowedEncryptionStatuses = allowedEncryptionStatuses;
+    return this;
+  }
+
+  /**
+   * Allowed OS versions, an empty list allows all types and all versions.
+   * @return value or {@code null} for none
+   */
+  public java.util.List<OsConstraint> getOsConstraints() {
+    return osConstraints;
+  }
+
+  /**
+   * Allowed OS versions, an empty list allows all types and all versions.
+   * @param osConstraints osConstraints or {@code null} for none
+   */
+  public DevicePolicy setOsConstraints(java.util.List<OsConstraint> osConstraints) {
+    this.osConstraints = osConstraints;
+    return this;
+  }
+
+  /**
+   * Whether or not screenlock is required for the DevicePolicy to be true. Defaults to `false`.
+   * @return value or {@code null} for none
+   */
+  public java.lang.Boolean getRequireScreenlock() {
+    return requireScreenlock;
+  }
+
+  /**
+   * Whether or not screenlock is required for the DevicePolicy to be true. Defaults to `false`.
+   * @param requireScreenlock requireScreenlock or {@code null} for none
+   */
+  public DevicePolicy setRequireScreenlock(java.lang.Boolean requireScreenlock) {
+    this.requireScreenlock = requireScreenlock;
+    return this;
+  }
+
+  @Override
+  public DevicePolicy set(String fieldName, Object value) {
+    return (DevicePolicy) super.set(fieldName, value);
+  }
+
+  @Override
+  public DevicePolicy clone() {
+    return (DevicePolicy) super.clone();
+  }
+
+}
diff --git a/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/Empty.java b/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/Empty.java
new file mode 100644
index 00000000000..06e257a53ec
--- /dev/null
+++ b/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/Empty.java
@@ -0,0 +1,49 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * A generic empty message that you can re-use to avoid defining duplicated empty messages in your
+ * APIs. A typical example is to use it as the request or the response type of an API method. For
+ * instance:
+ *
+ *     service Foo {       rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);     }
+ *
+ * The JSON representation for `Empty` is empty JSON object `{}`.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class Empty extends com.google.api.client.json.GenericJson {
+
+  @Override
+  public Empty set(String fieldName, Object value) {
+    return (Empty) super.set(fieldName, value);
+  }
+
+  @Override
+  public Empty clone() {
+    return (Empty) super.clone();
+  }
+
+}
diff --git a/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ListAccessLevelsResponse.java b/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ListAccessLevelsResponse.java
new file mode 100644
index 00000000000..2d1a52a0e16
--- /dev/null
+++ b/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ListAccessLevelsResponse.java
@@ -0,0 +1,100 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * A response to `ListAccessLevelsRequest`.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class ListAccessLevelsResponse extends com.google.api.client.json.GenericJson {
+
+  /**
+   * List of the Access Level instances.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<AccessLevel> accessLevels;
+
+  static {
+    // hack to force ProGuard to consider AccessLevel used, since otherwise it would be stripped out
+    // see https://github.com/google/google-api-java-client/issues/543
+    com.google.api.client.util.Data.nullOf(AccessLevel.class);
+  }
+
+  /**
+   * The pagination token to retrieve the next page of results. If the value is empty, no further
+   * results remain.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String nextPageToken;
+
+  /**
+   * List of the Access Level instances.
+   * @return value or {@code null} for none
+   */
+  public java.util.List<AccessLevel> getAccessLevels() {
+    return accessLevels;
+  }
+
+  /**
+   * List of the Access Level instances.
+   * @param accessLevels accessLevels or {@code null} for none
+   */
+  public ListAccessLevelsResponse setAccessLevels(java.util.List<AccessLevel> accessLevels) {
+    this.accessLevels = accessLevels;
+    return this;
+  }
+
+  /**
+   * The pagination token to retrieve the next page of results. If the value is empty, no further
+   * results remain.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getNextPageToken() {
+    return nextPageToken;
+  }
+
+  /**
+   * The pagination token to retrieve the next page of results. If the value is empty, no further
+   * results remain.
+   * @param nextPageToken nextPageToken or {@code null} for none
+   */
+  public ListAccessLevelsResponse setNextPageToken(java.lang.String nextPageToken) {
+    this.nextPageToken = nextPageToken;
+    return this;
+  }
+
+  @Override
+  public ListAccessLevelsResponse set(String fieldName, Object value) {
+    return (ListAccessLevelsResponse) super.set(fieldName, value);
+  }
+
+  @Override
+  public ListAccessLevelsResponse clone() {
+    return (ListAccessLevelsResponse) super.clone();
+  }
+
+}
diff --git a/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ListAccessPoliciesResponse.java b/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ListAccessPoliciesResponse.java
new file mode 100644
index 00000000000..ef181c0d354
--- /dev/null
+++ b/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ListAccessPoliciesResponse.java
@@ -0,0 +1,100 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * A response to `ListAccessPoliciesRequest`.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class ListAccessPoliciesResponse extends com.google.api.client.json.GenericJson {
+
+  /**
+   * List of the AccessPolicy instances.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<AccessPolicy> accessPolicies;
+
+  static {
+    // hack to force ProGuard to consider AccessPolicy used, since otherwise it would be stripped out
+    // see https://github.com/google/google-api-java-client/issues/543
+    com.google.api.client.util.Data.nullOf(AccessPolicy.class);
+  }
+
+  /**
+   * The pagination token to retrieve the next page of results. If the value is empty, no further
+   * results remain.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String nextPageToken;
+
+  /**
+   * List of the AccessPolicy instances.
+   * @return value or {@code null} for none
+   */
+  public java.util.List<AccessPolicy> getAccessPolicies() {
+    return accessPolicies;
+  }
+
+  /**
+   * List of the AccessPolicy instances.
+   * @param accessPolicies accessPolicies or {@code null} for none
+   */
+  public ListAccessPoliciesResponse setAccessPolicies(java.util.List<AccessPolicy> accessPolicies) {
+    this.accessPolicies = accessPolicies;
+    return this;
+  }
+
+  /**
+   * The pagination token to retrieve the next page of results. If the value is empty, no further
+   * results remain.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getNextPageToken() {
+    return nextPageToken;
+  }
+
+  /**
+   * The pagination token to retrieve the next page of results. If the value is empty, no further
+   * results remain.
+   * @param nextPageToken nextPageToken or {@code null} for none
+   */
+  public ListAccessPoliciesResponse setNextPageToken(java.lang.String nextPageToken) {
+    this.nextPageToken = nextPageToken;
+    return this;
+  }
+
+  @Override
+  public ListAccessPoliciesResponse set(String fieldName, Object value) {
+    return (ListAccessPoliciesResponse) super.set(fieldName, value);
+  }
+
+  @Override
+  public ListAccessPoliciesResponse clone() {
+    return (ListAccessPoliciesResponse) super.clone();
+  }
+
+}
diff --git a/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ListOperationsResponse.java b/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ListOperationsResponse.java
new file mode 100644
index 00000000000..c7d23609cff
--- /dev/null
+++ b/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ListOperationsResponse.java
@@ -0,0 +1,91 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * The response message for Operations.ListOperations.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class ListOperationsResponse extends com.google.api.client.json.GenericJson {
+
+  /**
+   * The standard List next-page token.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String nextPageToken;
+
+  /**
+   * A list of operations that matches the specified filter in the request.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<Operation> operations;
+
+  /**
+   * The standard List next-page token.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getNextPageToken() {
+    return nextPageToken;
+  }
+
+  /**
+   * The standard List next-page token.
+   * @param nextPageToken nextPageToken or {@code null} for none
+   */
+  public ListOperationsResponse setNextPageToken(java.lang.String nextPageToken) {
+    this.nextPageToken = nextPageToken;
+    return this;
+  }
+
+  /**
+   * A list of operations that matches the specified filter in the request.
+   * @return value or {@code null} for none
+   */
+  public java.util.List<Operation> getOperations() {
+    return operations;
+  }
+
+  /**
+   * A list of operations that matches the specified filter in the request.
+   * @param operations operations or {@code null} for none
+   */
+  public ListOperationsResponse setOperations(java.util.List<Operation> operations) {
+    this.operations = operations;
+    return this;
+  }
+
+  @Override
+  public ListOperationsResponse set(String fieldName, Object value) {
+    return (ListOperationsResponse) super.set(fieldName, value);
+  }
+
+  @Override
+  public ListOperationsResponse clone() {
+    return (ListOperationsResponse) super.clone();
+  }
+
+}
diff --git a/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ListServicePerimetersResponse.java b/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ListServicePerimetersResponse.java
new file mode 100644
index 00000000000..9071e1ef6b6
--- /dev/null
+++ b/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ListServicePerimetersResponse.java
@@ -0,0 +1,94 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * A response to `ListServicePerimetersRequest`.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class ListServicePerimetersResponse extends com.google.api.client.json.GenericJson {
+
+  /**
+   * The pagination token to retrieve the next page of results. If the value is empty, no further
+   * results remain.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String nextPageToken;
+
+  /**
+   * List of the Service Perimeter instances.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<ServicePerimeter> servicePerimeters;
+
+  /**
+   * The pagination token to retrieve the next page of results. If the value is empty, no further
+   * results remain.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getNextPageToken() {
+    return nextPageToken;
+  }
+
+  /**
+   * The pagination token to retrieve the next page of results. If the value is empty, no further
+   * results remain.
+   * @param nextPageToken nextPageToken or {@code null} for none
+   */
+  public ListServicePerimetersResponse setNextPageToken(java.lang.String nextPageToken) {
+    this.nextPageToken = nextPageToken;
+    return this;
+  }
+
+  /**
+   * List of the Service Perimeter instances.
+   * @return value or {@code null} for none
+   */
+  public java.util.List<ServicePerimeter> getServicePerimeters() {
+    return servicePerimeters;
+  }
+
+  /**
+   * List of the Service Perimeter instances.
+   * @param servicePerimeters servicePerimeters or {@code null} for none
+   */
+  public ListServicePerimetersResponse setServicePerimeters(java.util.List<ServicePerimeter> servicePerimeters) {
+    this.servicePerimeters = servicePerimeters;
+    return this;
+  }
+
+  @Override
+  public ListServicePerimetersResponse set(String fieldName, Object value) {
+    return (ListServicePerimetersResponse) super.set(fieldName, value);
+  }
+
+  @Override
+  public ListServicePerimetersResponse clone() {
+    return (ListServicePerimetersResponse) super.clone();
+  }
+
+}
diff --git a/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/Operation.java b/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/Operation.java
new file mode 100644
index 00000000000..7dc4533df21
--- /dev/null
+++ b/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/Operation.java
@@ -0,0 +1,196 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * This resource represents a long-running operation that is the result of a network API call.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class Operation extends com.google.api.client.json.GenericJson {
+
+  /**
+   * If the value is `false`, it means the operation is still in progress. If `true`, the operation
+   * is completed, and either `error` or `response` is available.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.Boolean done;
+
+  /**
+   * The error result of the operation in case of failure or cancellation.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private Status error;
+
+  /**
+   * Service-specific metadata associated with the operation.  It typically contains progress
+   * information and common metadata such as create time. Some services might not provide such
+   * metadata.  Any method that returns a long-running operation should document the metadata type,
+   * if any.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.Map<String, java.lang.Object> metadata;
+
+  /**
+   * The server-assigned name, which is only unique within the same service that originally returns
+   * it. If you use the default HTTP mapping, the `name` should have the format of
+   * `operations/some/unique/name`.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String name;
+
+  /**
+   * The normal response of the operation in case of success.  If the original method returns no
+   * data on success, such as `Delete`, the response is `google.protobuf.Empty`.  If the original
+   * method is standard `Get`/`Create`/`Update`, the response should be the resource.  For other
+   * methods, the response should have the type `XxxResponse`, where `Xxx` is the original method
+   * name.  For example, if the original method name is `TakeSnapshot()`, the inferred response type
+   * is `TakeSnapshotResponse`.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.Map<String, java.lang.Object> response;
+
+  /**
+   * If the value is `false`, it means the operation is still in progress. If `true`, the operation
+   * is completed, and either `error` or `response` is available.
+   * @return value or {@code null} for none
+   */
+  public java.lang.Boolean getDone() {
+    return done;
+  }
+
+  /**
+   * If the value is `false`, it means the operation is still in progress. If `true`, the operation
+   * is completed, and either `error` or `response` is available.
+   * @param done done or {@code null} for none
+   */
+  public Operation setDone(java.lang.Boolean done) {
+    this.done = done;
+    return this;
+  }
+
+  /**
+   * The error result of the operation in case of failure or cancellation.
+   * @return value or {@code null} for none
+   */
+  public Status getError() {
+    return error;
+  }
+
+  /**
+   * The error result of the operation in case of failure or cancellation.
+   * @param error error or {@code null} for none
+   */
+  public Operation setError(Status error) {
+    this.error = error;
+    return this;
+  }
+
+  /**
+   * Service-specific metadata associated with the operation.  It typically contains progress
+   * information and common metadata such as create time. Some services might not provide such
+   * metadata.  Any method that returns a long-running operation should document the metadata type,
+   * if any.
+   * @return value or {@code null} for none
+   */
+  public java.util.Map<String, java.lang.Object> getMetadata() {
+    return metadata;
+  }
+
+  /**
+   * Service-specific metadata associated with the operation.  It typically contains progress
+   * information and common metadata such as create time. Some services might not provide such
+   * metadata.  Any method that returns a long-running operation should document the metadata type,
+   * if any.
+   * @param metadata metadata or {@code null} for none
+   */
+  public Operation setMetadata(java.util.Map<String, java.lang.Object> metadata) {
+    this.metadata = metadata;
+    return this;
+  }
+
+  /**
+   * The server-assigned name, which is only unique within the same service that originally returns
+   * it. If you use the default HTTP mapping, the `name` should have the format of
+   * `operations/some/unique/name`.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getName() {
+    return name;
+  }
+
+  /**
+   * The server-assigned name, which is only unique within the same service that originally returns
+   * it. If you use the default HTTP mapping, the `name` should have the format of
+   * `operations/some/unique/name`.
+   * @param name name or {@code null} for none
+   */
+  public Operation setName(java.lang.String name) {
+    this.name = name;
+    return this;
+  }
+
+  /**
+   * The normal response of the operation in case of success.  If the original method returns no
+   * data on success, such as `Delete`, the response is `google.protobuf.Empty`.  If the original
+   * method is standard `Get`/`Create`/`Update`, the response should be the resource.  For other
+   * methods, the response should have the type `XxxResponse`, where `Xxx` is the original method
+   * name.  For example, if the original method name is `TakeSnapshot()`, the inferred response type
+   * is `TakeSnapshotResponse`.
+   * @return value or {@code null} for none
+   */
+  public java.util.Map<String, java.lang.Object> getResponse() {
+    return response;
+  }
+
+  /**
+   * The normal response of the operation in case of success.  If the original method returns no
+   * data on success, such as `Delete`, the response is `google.protobuf.Empty`.  If the original
+   * method is standard `Get`/`Create`/`Update`, the response should be the resource.  For other
+   * methods, the response should have the type `XxxResponse`, where `Xxx` is the original method
+   * name.  For example, if the original method name is `TakeSnapshot()`, the inferred response type
+   * is `TakeSnapshotResponse`.
+   * @param response response or {@code null} for none
+   */
+  public Operation setResponse(java.util.Map<String, java.lang.Object> response) {
+    this.response = response;
+    return this;
+  }
+
+  @Override
+  public Operation set(String fieldName, Object value) {
+    return (Operation) super.set(fieldName, value);
+  }
+
+  @Override
+  public Operation clone() {
+    return (Operation) super.clone();
+  }
+
+}
diff --git a/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/OsConstraint.java b/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/OsConstraint.java
new file mode 100644
index 00000000000..db6ef9f2889
--- /dev/null
+++ b/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/OsConstraint.java
@@ -0,0 +1,94 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * A restriction on the OS type and version of devices making requests.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class OsConstraint extends com.google.api.client.json.GenericJson {
+
+  /**
+   * The minimum allowed OS version. If not set, any version of this OS satisfies the constraint.
+   * Format: `"major.minor.patch"`. Examples: `"10.5.301"`, `"9.2.1"`.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String minimumVersion;
+
+  /**
+   * Required. The allowed OS type.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String osType;
+
+  /**
+   * The minimum allowed OS version. If not set, any version of this OS satisfies the constraint.
+   * Format: `"major.minor.patch"`. Examples: `"10.5.301"`, `"9.2.1"`.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getMinimumVersion() {
+    return minimumVersion;
+  }
+
+  /**
+   * The minimum allowed OS version. If not set, any version of this OS satisfies the constraint.
+   * Format: `"major.minor.patch"`. Examples: `"10.5.301"`, `"9.2.1"`.
+   * @param minimumVersion minimumVersion or {@code null} for none
+   */
+  public OsConstraint setMinimumVersion(java.lang.String minimumVersion) {
+    this.minimumVersion = minimumVersion;
+    return this;
+  }
+
+  /**
+   * Required. The allowed OS type.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getOsType() {
+    return osType;
+  }
+
+  /**
+   * Required. The allowed OS type.
+   * @param osType osType or {@code null} for none
+   */
+  public OsConstraint setOsType(java.lang.String osType) {
+    this.osType = osType;
+    return this;
+  }
+
+  @Override
+  public OsConstraint set(String fieldName, Object value) {
+    return (OsConstraint) super.set(fieldName, value);
+  }
+
+  @Override
+  public OsConstraint clone() {
+    return (OsConstraint) super.clone();
+  }
+
+}
diff --git a/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ServicePerimeter.java b/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ServicePerimeter.java
new file mode 100644
index 00000000000..17c2c7a3a29
--- /dev/null
+++ b/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ServicePerimeter.java
@@ -0,0 +1,235 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * `ServicePerimeter` describes a set of GCP resources which can freely import and export data
+ * amongst themselves, but not export outside of the `ServicePerimeter`. If a request with a source
+ * within this `ServicePerimeter` has a target outside of the `ServicePerimeter`, the request will
+ * be blocked. Otherwise the request is allowed. There are two types of Service Perimeter - Regular
+ * and Bridge. Regular Service Perimeters cannot overlap, a single GCP project can only belong to a
+ * single regular Service Perimeter. Service Perimeter Bridges can contain only GCP projects as
+ * members, a single GCP project may belong to multiple Service Perimeter Bridges.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class ServicePerimeter extends com.google.api.client.json.GenericJson {
+
+  /**
+   * Output only. Time the `ServicePerimeter` was created in UTC.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private String createTime;
+
+  /**
+   * Description of the `ServicePerimeter` and its use. Does not affect behavior.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String description;
+
+  /**
+   * Required. Resource name for the ServicePerimeter.  The `short_name` component must begin with a
+   * letter and only include alphanumeric and '_'. Format:
+   * `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String name;
+
+  /**
+   * Perimeter type indicator. A single project is allowed to be a member of single regular
+   * perimeter, but multiple service perimeter bridges. A project cannot be a included in a
+   * perimeter bridge without being included in regular perimeter. For perimeter bridges, the
+   * restricted service list as well as access level lists must be empty.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String perimeterType;
+
+  /**
+   * Current ServicePerimeter configuration. Specifies sets of resources, restricted services and
+   * access levels that determine perimeter content and boundaries.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private ServicePerimeterConfig status;
+
+  /**
+   * Human readable title. Must be unique within the Policy.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String title;
+
+  /**
+   * Output only. Time the `ServicePerimeter` was updated in UTC.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private String updateTime;
+
+  /**
+   * Output only. Time the `ServicePerimeter` was created in UTC.
+   * @return value or {@code null} for none
+   */
+  public String getCreateTime() {
+    return createTime;
+  }
+
+  /**
+   * Output only. Time the `ServicePerimeter` was created in UTC.
+   * @param createTime createTime or {@code null} for none
+   */
+  public ServicePerimeter setCreateTime(String createTime) {
+    this.createTime = createTime;
+    return this;
+  }
+
+  /**
+   * Description of the `ServicePerimeter` and its use. Does not affect behavior.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getDescription() {
+    return description;
+  }
+
+  /**
+   * Description of the `ServicePerimeter` and its use. Does not affect behavior.
+   * @param description description or {@code null} for none
+   */
+  public ServicePerimeter setDescription(java.lang.String description) {
+    this.description = description;
+    return this;
+  }
+
+  /**
+   * Required. Resource name for the ServicePerimeter.  The `short_name` component must begin with a
+   * letter and only include alphanumeric and '_'. Format:
+   * `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getName() {
+    return name;
+  }
+
+  /**
+   * Required. Resource name for the ServicePerimeter.  The `short_name` component must begin with a
+   * letter and only include alphanumeric and '_'. Format:
+   * `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
+   * @param name name or {@code null} for none
+   */
+  public ServicePerimeter setName(java.lang.String name) {
+    this.name = name;
+    return this;
+  }
+
+  /**
+   * Perimeter type indicator. A single project is allowed to be a member of single regular
+   * perimeter, but multiple service perimeter bridges. A project cannot be a included in a
+   * perimeter bridge without being included in regular perimeter. For perimeter bridges, the
+   * restricted service list as well as access level lists must be empty.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getPerimeterType() {
+    return perimeterType;
+  }
+
+  /**
+   * Perimeter type indicator. A single project is allowed to be a member of single regular
+   * perimeter, but multiple service perimeter bridges. A project cannot be a included in a
+   * perimeter bridge without being included in regular perimeter. For perimeter bridges, the
+   * restricted service list as well as access level lists must be empty.
+   * @param perimeterType perimeterType or {@code null} for none
+   */
+  public ServicePerimeter setPerimeterType(java.lang.String perimeterType) {
+    this.perimeterType = perimeterType;
+    return this;
+  }
+
+  /**
+   * Current ServicePerimeter configuration. Specifies sets of resources, restricted services and
+   * access levels that determine perimeter content and boundaries.
+   * @return value or {@code null} for none
+   */
+  public ServicePerimeterConfig getStatus() {
+    return status;
+  }
+
+  /**
+   * Current ServicePerimeter configuration. Specifies sets of resources, restricted services and
+   * access levels that determine perimeter content and boundaries.
+   * @param status status or {@code null} for none
+   */
+  public ServicePerimeter setStatus(ServicePerimeterConfig status) {
+    this.status = status;
+    return this;
+  }
+
+  /**
+   * Human readable title. Must be unique within the Policy.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getTitle() {
+    return title;
+  }
+
+  /**
+   * Human readable title. Must be unique within the Policy.
+   * @param title title or {@code null} for none
+   */
+  public ServicePerimeter setTitle(java.lang.String title) {
+    this.title = title;
+    return this;
+  }
+
+  /**
+   * Output only. Time the `ServicePerimeter` was updated in UTC.
+   * @return value or {@code null} for none
+   */
+  public String getUpdateTime() {
+    return updateTime;
+  }
+
+  /**
+   * Output only. Time the `ServicePerimeter` was updated in UTC.
+   * @param updateTime updateTime or {@code null} for none
+   */
+  public ServicePerimeter setUpdateTime(String updateTime) {
+    this.updateTime = updateTime;
+    return this;
+  }
+
+  @Override
+  public ServicePerimeter set(String fieldName, Object value) {
+    return (ServicePerimeter) super.set(fieldName, value);
+  }
+
+  @Override
+  public ServicePerimeter clone() {
+    return (ServicePerimeter) super.clone();
+  }
+
+}
diff --git a/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ServicePerimeterConfig.java b/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ServicePerimeterConfig.java
new file mode 100644
index 00000000000..11d6fb42e5d
--- /dev/null
+++ b/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/ServicePerimeterConfig.java
@@ -0,0 +1,143 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * `ServicePerimeterConfig` specifies a set of GCP resources that describe specific Service
+ * Perimeter configuration.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class ServicePerimeterConfig extends com.google.api.client.json.GenericJson {
+
+  /**
+   * A list of `AccessLevel` resource names that allow resources within the `ServicePerimeter` to be
+   * accessed from the internet. `AccessLevels` listed must be in the same policy as this
+   * `ServicePerimeter`. Referencing a nonexistent `AccessLevel` is a syntax error. If no
+   * `AccessLevel` names are listed, resources within the perimeter can only be accessed via GCP
+   * calls with request origins within the perimeter. Example:
+   * `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`. For Service Perimeter Bridge, must be
+   * empty.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<java.lang.String> accessLevels;
+
+  /**
+   * A list of GCP resources that are inside of the service perimeter. Currently only projects are
+   * allowed. Format: `projects/{project_number}`
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<java.lang.String> resources;
+
+  /**
+   * GCP services that are subject to the Service Perimeter restrictions. For example, if
+   * `storage.googleapis.com` is specified, access to the storage buckets inside the perimeter must
+   * meet the perimeter's access restrictions.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<java.lang.String> restrictedServices;
+
+  /**
+   * A list of `AccessLevel` resource names that allow resources within the `ServicePerimeter` to be
+   * accessed from the internet. `AccessLevels` listed must be in the same policy as this
+   * `ServicePerimeter`. Referencing a nonexistent `AccessLevel` is a syntax error. If no
+   * `AccessLevel` names are listed, resources within the perimeter can only be accessed via GCP
+   * calls with request origins within the perimeter. Example:
+   * `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`. For Service Perimeter Bridge, must be
+   * empty.
+   * @return value or {@code null} for none
+   */
+  public java.util.List<java.lang.String> getAccessLevels() {
+    return accessLevels;
+  }
+
+  /**
+   * A list of `AccessLevel` resource names that allow resources within the `ServicePerimeter` to be
+   * accessed from the internet. `AccessLevels` listed must be in the same policy as this
+   * `ServicePerimeter`. Referencing a nonexistent `AccessLevel` is a syntax error. If no
+   * `AccessLevel` names are listed, resources within the perimeter can only be accessed via GCP
+   * calls with request origins within the perimeter. Example:
+   * `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`. For Service Perimeter Bridge, must be
+   * empty.
+   * @param accessLevels accessLevels or {@code null} for none
+   */
+  public ServicePerimeterConfig setAccessLevels(java.util.List<java.lang.String> accessLevels) {
+    this.accessLevels = accessLevels;
+    return this;
+  }
+
+  /**
+   * A list of GCP resources that are inside of the service perimeter. Currently only projects are
+   * allowed. Format: `projects/{project_number}`
+   * @return value or {@code null} for none
+   */
+  public java.util.List<java.lang.String> getResources() {
+    return resources;
+  }
+
+  /**
+   * A list of GCP resources that are inside of the service perimeter. Currently only projects are
+   * allowed. Format: `projects/{project_number}`
+   * @param resources resources or {@code null} for none
+   */
+  public ServicePerimeterConfig setResources(java.util.List<java.lang.String> resources) {
+    this.resources = resources;
+    return this;
+  }
+
+  /**
+   * GCP services that are subject to the Service Perimeter restrictions. For example, if
+   * `storage.googleapis.com` is specified, access to the storage buckets inside the perimeter must
+   * meet the perimeter's access restrictions.
+   * @return value or {@code null} for none
+   */
+  public java.util.List<java.lang.String> getRestrictedServices() {
+    return restrictedServices;
+  }
+
+  /**
+   * GCP services that are subject to the Service Perimeter restrictions. For example, if
+   * `storage.googleapis.com` is specified, access to the storage buckets inside the perimeter must
+   * meet the perimeter's access restrictions.
+   * @param restrictedServices restrictedServices or {@code null} for none
+   */
+  public ServicePerimeterConfig setRestrictedServices(java.util.List<java.lang.String> restrictedServices) {
+    this.restrictedServices = restrictedServices;
+    return this;
+  }
+
+  @Override
+  public ServicePerimeterConfig set(String fieldName, Object value) {
+    return (ServicePerimeterConfig) super.set(fieldName, value);
+  }
+
+  @Override
+  public ServicePerimeterConfig clone() {
+    return (ServicePerimeterConfig) super.clone();
+  }
+
+}
diff --git a/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/Status.java b/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/Status.java
new file mode 100644
index 00000000000..c8fddc1b6b2
--- /dev/null
+++ b/clients/1.28.0/google-api-services-accesscontextmanager/v1/com/google/api/services/accesscontextmanager/v1/model/Status.java
@@ -0,0 +1,168 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/*
+ * This code was generated by https://github.com/googleapis/google-api-java-client-services/
+ * Modify at your own risk.
+ */
+
+package com.google.api.services.accesscontextmanager.v1.model;
+
+/**
+ * The `Status` type defines a logical error model that is suitable for different programming
+ * environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc).
+ * The error model is designed to be:
+ *
+ * - Simple to use and understand for most users - Flexible enough to meet unexpected needs
+ *
+ * # Overview
+ *
+ * The `Status` message contains three pieces of data: error code, error message, and error details.
+ * The error code should be an enum value of google.rpc.Code, but it may accept additional error
+ * codes if needed.  The error message should be a developer-facing English message that helps
+ * developers *understand* and *resolve* the error. If a localized user-facing error message is
+ * needed, put the localized message in the error details or localize it in the client. The optional
+ * error details may contain arbitrary information about the error. There is a predefined set of
+ * error detail types in the package `google.rpc` that can be used for common error conditions.
+ *
+ * # Language mapping
+ *
+ * The `Status` message is the logical representation of the error model, but it is not necessarily
+ * the actual wire format. When the `Status` message is exposed in different client libraries and
+ * different wire protocols, it can be mapped differently. For example, it will likely be mapped to
+ * some exceptions in Java, but more likely mapped to some error codes in C.
+ *
+ * # Other uses
+ *
+ * The error model and the `Status` message can be used in a variety of environments, either with or
+ * without APIs, to provide a consistent developer experience across different environments.
+ *
+ * Example uses of this error model include:
+ *
+ * - Partial errors. If a service needs to return partial errors to the client,     it may embed the
+ * `Status` in the normal response to indicate the partial     errors.
+ *
+ * - Workflow errors. A typical workflow has multiple steps. Each step may     have a `Status`
+ * message for error reporting.
+ *
+ * - Batch operations. If a client uses batch request and batch response, the     `Status` message
+ * should be used directly inside batch response, one for     each error sub-response.
+ *
+ * - Asynchronous operations. If an API call embeds asynchronous operation     results in its
+ * response, the status of those operations should be     represented directly using the `Status`
+ * message.
+ *
+ * - Logging. If some API errors are stored in logs, the message `Status` could     be used directly
+ * after any stripping needed for security/privacy reasons.
+ *
+ * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
+ * transmitted over HTTP when working with the Access Context Manager API. For a detailed
+ * explanation see:
+ * <a href="https://developers.google.com/api-client-library/java/google-http-java-client/json">https://developers.google.com/api-client-library/java/google-http-java-client/json</a>
+ * </p>
+ *
+ * @author Google, Inc.
+ */
+@SuppressWarnings("javadoc")
+public final class Status extends com.google.api.client.json.GenericJson {
+
+  /**
+   * The status code, which should be an enum value of google.rpc.Code.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.Integer code;
+
+  /**
+   * A list of messages that carry the error details.  There is a common set of message types for
+   * APIs to use.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.util.List<java.util.Map<String, java.lang.Object>> details;
+
+  /**
+   * A developer-facing error message, which should be in English. Any user-facing error message
+   * should be localized and sent in the google.rpc.Status.details field, or localized by the
+   * client.
+   * The value may be {@code null}.
+   */
+  @com.google.api.client.util.Key
+  private java.lang.String message;
+
+  /**
+   * The status code, which should be an enum value of google.rpc.Code.
+   * @return value or {@code null} for none
+   */
+  public java.lang.Integer getCode() {
+    return code;
+  }
+
+  /**
+   * The status code, which should be an enum value of google.rpc.Code.
+   * @param code code or {@code null} for none
+   */
+  public Status setCode(java.lang.Integer code) {
+    this.code = code;
+    return this;
+  }
+
+  /**
+   * A list of messages that carry the error details.  There is a common set of message types for
+   * APIs to use.
+   * @return value or {@code null} for none
+   */
+  public java.util.List<java.util.Map<String, java.lang.Object>> getDetails() {
+    return details;
+  }
+
+  /**
+   * A list of messages that carry the error details.  There is a common set of message types for
+   * APIs to use.
+   * @param details details or {@code null} for none
+   */
+  public Status setDetails(java.util.List<java.util.Map<String, java.lang.Object>> details) {
+    this.details = details;
+    return this;
+  }
+
+  /**
+   * A developer-facing error message, which should be in English. Any user-facing error message
+   * should be localized and sent in the google.rpc.Status.details field, or localized by the
+   * client.
+   * @return value or {@code null} for none
+   */
+  public java.lang.String getMessage() {
+    return message;
+  }
+
+  /**
+   * A developer-facing error message, which should be in English. Any user-facing error message
+   * should be localized and sent in the google.rpc.Status.details field, or localized by the
+   * client.
+   * @param message message or {@code null} for none
+   */
+  public Status setMessage(java.lang.String message) {
+    this.message = message;
+    return this;
+  }
+
+  @Override
+  public Status set(String fieldName, Object value) {
+    return (Status) super.set(fieldName, value);
+  }
+
+  @Override
+  public Status clone() {
+    return (Status) super.clone();
+  }
+
+}
diff --git a/clients/1.28.0/google-api-services-accesscontextmanager/v1/pom.xml b/clients/1.28.0/google-api-services-accesscontextmanager/v1/pom.xml
new file mode 100644
index 00000000000..a3346e00f20
--- /dev/null
+++ b/clients/1.28.0/google-api-services-accesscontextmanager/v1/pom.xml
@@ -0,0 +1,142 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <parent>
+    <groupId>org.sonatype.oss</groupId>
+    <artifactId>oss-parent</artifactId>
+    <version>7</version>
+  </parent>
+
+  <groupId>com.google.apis</groupId>
+  <artifactId>google-api-services-accesscontextmanager</artifactId>
+  <version>v1-rev20190306-1.28.0</version>
+  <name>Access Context Manager API v1-rev20190306-1.28.0</name>
+  <packaging>jar</packaging>
+
+  <inceptionYear>2011</inceptionYear>
+
+  <organization>
+    <name>Google</name>
+    <url>http://www.google.com/</url>
+  </organization>
+
+  <licenses>
+    <license>
+      <name>The Apache Software License, Version 2.0</name>
+      <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+      <distribution>repo</distribution>
+    </license>
+  </licenses>
+
+  <distributionManagement>
+    <snapshotRepository>
+      <id>ossrh</id>
+      <url>https://oss.sonatype.org/content/repositories/snapshots</url>
+    </snapshotRepository>
+  </distributionManagement>
+
+  <build>
+    <plugins>
+      <plugin>
+        <artifactId>maven-compiler-plugin</artifactId>
+        <version>3.5.1</version>
+        <configuration>
+          <source>1.7</source>
+          <target>1.7</target>
+        </configuration>
+      </plugin>
+      <plugin>
+        <groupId>org.sonatype.plugins</groupId>
+        <artifactId>nexus-staging-maven-plugin</artifactId>
+        <version>1.6.5</version>
+        <extensions>true</extensions>
+        <configuration>
+          <serverId>ossrh</serverId>
+          <nexusUrl>https://oss.sonatype.org/</nexusUrl>
+          <autoReleaseAfterClose>true</autoReleaseAfterClose>
+        </configuration>
+      </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-source-plugin</artifactId>
+        <version>2.2.1</version>
+      </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-javadoc-plugin</artifactId>
+        <version>2.9.1</version>
+        <executions>
+          <execution>
+            <id>attach-javadocs</id>
+            <goals>
+              <goal>jar</goal>
+            </goals>
+          </execution>
+        </executions>
+        <configuration>
+          <doctitle>Access Context Manager API ${project.version}</doctitle>
+          <windowtitle>Access Context Manager API ${project.version}</windowtitle>
+          <links>
+            <link>http://docs.oracle.com/javase/6/docs/api</link>
+            <link>https://google.github.io/google-http-java-client/releases/1.28.0/javadoc/index.html</link>
+            <link>https://google.github.io/google-oauth-java-client/releases/1.28.0/javadoc/index.html</link>
+            <link>https://google.github.io/google-api-java-client/releases/1.28.0/javadoc/index.html</link>
+          </links>
+        </configuration>
+      </plugin>
+    </plugins>
+    <sourceDirectory>.</sourceDirectory>
+    <resources>
+      <resource>
+        <directory>./resources</directory>
+      </resource>
+    </resources>
+  </build>
+
+  <dependencies>
+    <dependency>
+      <groupId>com.google.api-client</groupId>
+      <artifactId>google-api-client</artifactId>
+      <version>1.28.0</version>
+    </dependency>
+  </dependencies>
+
+  <properties>
+    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+  </properties>
+
+  <profiles>
+    <profile>
+      <id>release-sign-artifacts</id>
+      <activation>
+        <property>
+          <name>performRelease</name>
+          <value>true</value>
+        </property>
+      </activation>
+      <build>
+        <plugins>
+          <plugin>
+            <groupId>org.apache.maven.plugins</groupId>
+            <artifactId>maven-gpg-plugin</artifactId>
+            <version>1.6</version>
+            <executions>
+              <execution>
+                <id>sign-artifacts</id>
+                <phase>verify</phase>
+                <goals>
+                  <goal>sign</goal>
+                </goals>
+                <configuration>
+                  <gpgArguments>
+                    <arg>--pinentry-mode</arg>
+                    <arg>loopback</arg>
+                  </gpgArguments>
+                </configuration>
+              </execution>
+            </executions>
+          </plugin>
+        </plugins>
+      </build>
+    </profile>
+  </profiles>
+</project>
\ No newline at end of file
diff --git a/clients/1.28.0/google-api-services-accesscontextmanager/v1/resources/accesscontextmanager.v1.json b/clients/1.28.0/google-api-services-accesscontextmanager/v1/resources/accesscontextmanager.v1.json
new file mode 100644
index 00000000000..0c17e656588
--- /dev/null
+++ b/clients/1.28.0/google-api-services-accesscontextmanager/v1/resources/accesscontextmanager.v1.json
@@ -0,0 +1,1131 @@
+{
+  "version_module": true,
+  "schemas": {
+    "BasicLevel": {
+      "description": "`BasicLevel` is an `AccessLevel` using a set of recommended features.",
+      "type": "object",
+      "properties": {
+        "conditions": {
+          "description": "Required. A list of requirements for the `AccessLevel` to be granted.",
+          "type": "array",
+          "items": {
+            "$ref": "Condition"
+          }
+        },
+        "combiningFunction": {
+          "description": "How the `conditions` list should be combined to determine if a request is\ngranted this `AccessLevel`. If AND is used, each `Condition` in\n`conditions` must be satisfied for the `AccessLevel` to be applied. If OR\nis used, at least one `Condition` in `conditions` must be satisfied for the\n`AccessLevel` to be applied. Default behavior is AND.",
+          "type": "string",
+          "enumDescriptions": [
+            "All `Conditions` must be true for the `BasicLevel` to be true.",
+            "If at least one `Condition` is true, then the `BasicLevel` is true."
+          ],
+          "enum": [
+            "AND",
+            "OR"
+          ]
+        }
+      },
+      "id": "BasicLevel"
+    },
+    "ListServicePerimetersResponse": {
+      "description": "A response to `ListServicePerimetersRequest`.",
+      "type": "object",
+      "properties": {
+        "servicePerimeters": {
+          "description": "List of the Service Perimeter instances.",
+          "type": "array",
+          "items": {
+            "$ref": "ServicePerimeter"
+          }
+        },
+        "nextPageToken": {
+          "description": "The pagination token to retrieve the next page of results. If the value is\nempty, no further results remain.",
+          "type": "string"
+        }
+      },
+      "id": "ListServicePerimetersResponse"
+    },
+    "ListAccessPoliciesResponse": {
+      "description": "A response to `ListAccessPoliciesRequest`.",
+      "type": "object",
+      "properties": {
+        "accessPolicies": {
+          "description": "List of the AccessPolicy instances.",
+          "type": "array",
+          "items": {
+            "$ref": "AccessPolicy"
+          }
+        },
+        "nextPageToken": {
+          "description": "The pagination token to retrieve the next page of results. If the value is\nempty, no further results remain.",
+          "type": "string"
+        }
+      },
+      "id": "ListAccessPoliciesResponse"
+    },
+    "DevicePolicy": {
+      "description": "`DevicePolicy` specifies device specific restrictions necessary to acquire a\ngiven access level. A `DevicePolicy` specifies requirements for requests from\ndevices to be granted access levels, it does not do any enforcement on the\ndevice. `DevicePolicy` acts as an AND over all specified fields, and each\nrepeated field is an OR over its elements. Any unset fields are ignored. For\nexample, if the proto is { os_type : DESKTOP_WINDOWS, os_type :\nDESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be\ntrue for requests originating from encrypted Linux desktops and encrypted\nWindows desktops.",
+      "type": "object",
+      "properties": {
+        "allowedDeviceManagementLevels": {
+          "description": "Allowed device management levels, an empty list allows all management\nlevels.",
+          "type": "array",
+          "items": {
+            "enum": [
+              "MANAGEMENT_UNSPECIFIED",
+              "NONE",
+              "BASIC",
+              "COMPLETE"
+            ],
+            "type": "string"
+          },
+          "enumDescriptions": [
+            "The device's management level is not specified or not known.",
+            "The device is not managed.",
+            "Basic management is enabled, which is generally limited to monitoring and\nwiping the corporate account.",
+            "Complete device management. This includes more thorough monitoring and the\nability to directly manage the device (such as remote wiping). This can be\nenabled through the Android Enterprise Platform."
+          ]
+        },
+        "osConstraints": {
+          "description": "Allowed OS versions, an empty list allows all types and all versions.",
+          "type": "array",
+          "items": {
+            "$ref": "OsConstraint"
+          }
+        },
+        "allowedEncryptionStatuses": {
+          "description": "Allowed encryptions statuses, an empty list allows all statuses.",
+          "type": "array",
+          "items": {
+            "enum": [
+              "ENCRYPTION_UNSPECIFIED",
+              "ENCRYPTION_UNSUPPORTED",
+              "UNENCRYPTED",
+              "ENCRYPTED"
+            ],
+            "type": "string"
+          },
+          "enumDescriptions": [
+            "The encryption status of the device is not specified or not known.",
+            "The device does not support encryption.",
+            "The device supports encryption, but is currently unencrypted.",
+            "The device is encrypted."
+          ]
+        },
+        "requireScreenlock": {
+          "description": "Whether or not screenlock is required for the DevicePolicy to be true.\nDefaults to `false`.",
+          "type": "boolean"
+        }
+      },
+      "id": "DevicePolicy"
+    },
+    "AccessLevel": {
+      "description": "An `AccessLevel` is a label that can be applied to requests to GCP services,\nalong with a list of requirements necessary for the label to be applied.",
+      "type": "object",
+      "properties": {
+        "createTime": {
+          "description": "Output only. Time the `AccessLevel` was created in UTC.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "updateTime": {
+          "description": "Output only. Time the `AccessLevel` was updated in UTC.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "name": {
+          "description": "Required. Resource name for the Access Level. The `short_name` component\nmust begin with a letter and only include alphanumeric and '_'. Format:\n`accessPolicies/{policy_id}/accessLevels/{short_name}`",
+          "type": "string"
+        },
+        "basic": {
+          "description": "A `BasicLevel` composed of `Conditions`.",
+          "$ref": "BasicLevel"
+        },
+        "title": {
+          "description": "Human readable title. Must be unique within the Policy.",
+          "type": "string"
+        },
+        "description": {
+          "description": "Description of the `AccessLevel` and its use. Does not affect behavior.",
+          "type": "string"
+        }
+      },
+      "id": "AccessLevel"
+    },
+    "CancelOperationRequest": {
+      "description": "The request message for Operations.CancelOperation.",
+      "type": "object",
+      "properties": {},
+      "id": "CancelOperationRequest"
+    },
+    "AccessPolicy": {
+      "description": "`AccessPolicy` is a container for `AccessLevels` (which define the necessary\nattributes to use GCP services) and `ServicePerimeters` (which define regions\nof services able to freely pass data within a perimeter). An access policy is\nglobally visible within an organization, and the restrictions it specifies\napply to all projects within an organization.",
+      "type": "object",
+      "properties": {
+        "parent": {
+          "description": "Required. The parent of this `AccessPolicy` in the Cloud Resource\nHierarchy. Currently immutable once created. Format:\n`organizations/{organization_id}`",
+          "type": "string"
+        },
+        "createTime": {
+          "description": "Output only. Time the `AccessPolicy` was created in UTC.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "title": {
+          "description": "Required. Human readable title. Does not affect behavior.",
+          "type": "string"
+        },
+        "updateTime": {
+          "description": "Output only. Time the `AccessPolicy` was updated in UTC.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "name": {
+          "description": "Output only. Resource name of the `AccessPolicy`. Format:\n`accessPolicies/{policy_id}`",
+          "type": "string"
+        }
+      },
+      "id": "AccessPolicy"
+    },
+    "Operation": {
+      "description": "This resource represents a long-running operation that is the result of a\nnetwork API call.",
+      "type": "object",
+      "properties": {
+        "error": {
+          "description": "The error result of the operation in case of failure or cancellation.",
+          "$ref": "Status"
+        },
+        "metadata": {
+          "description": "Service-specific metadata associated with the operation.  It typically\ncontains progress information and common metadata such as create time.\nSome services might not provide such metadata.  Any method that returns a\nlong-running operation should document the metadata type, if any.",
+          "type": "object",
+          "additionalProperties": {
+            "description": "Properties of the object. Contains field @type with type URL.",
+            "type": "any"
+          }
+        },
+        "done": {
+          "description": "If the value is `false`, it means the operation is still in progress.\nIf `true`, the operation is completed, and either `error` or `response` is\navailable.",
+          "type": "boolean"
+        },
+        "response": {
+          "description": "The normal response of the operation in case of success.  If the original\nmethod returns no data on success, such as `Delete`, the response is\n`google.protobuf.Empty`.  If the original method is standard\n`Get`/`Create`/`Update`, the response should be the resource.  For other\nmethods, the response should have the type `XxxResponse`, where `Xxx`\nis the original method name.  For example, if the original method name\nis `TakeSnapshot()`, the inferred response type is\n`TakeSnapshotResponse`.",
+          "type": "object",
+          "additionalProperties": {
+            "description": "Properties of the object. Contains field @type with type URL.",
+            "type": "any"
+          }
+        },
+        "name": {
+          "description": "The server-assigned name, which is only unique within the same service that\noriginally returns it. If you use the default HTTP mapping, the\n`name` should have the format of `operations/some/unique/name`.",
+          "type": "string"
+        }
+      },
+      "id": "Operation"
+    },
+    "Status": {
+      "description": "The `Status` type defines a logical error model that is suitable for different\nprogramming environments, including REST APIs and RPC APIs. It is used by\n[gRPC](https://github.com/grpc). The error model is designed to be:\n\n- Simple to use and understand for most users\n- Flexible enough to meet unexpected needs\n\n# Overview\n\nThe `Status` message contains three pieces of data: error code, error message,\nand error details. The error code should be an enum value of\ngoogle.rpc.Code, but it may accept additional error codes if needed.  The\nerror message should be a developer-facing English message that helps\ndevelopers *understand* and *resolve* the error. If a localized user-facing\nerror message is needed, put the localized message in the error details or\nlocalize it in the client. The optional error details may contain arbitrary\ninformation about the error. There is a predefined set of error detail types\nin the package `google.rpc` that can be used for common error conditions.\n\n# Language mapping\n\nThe `Status` message is the logical representation of the error model, but it\nis not necessarily the actual wire format. When the `Status` message is\nexposed in different client libraries and different wire protocols, it can be\nmapped differently. For example, it will likely be mapped to some exceptions\nin Java, but more likely mapped to some error codes in C.\n\n# Other uses\n\nThe error model and the `Status` message can be used in a variety of\nenvironments, either with or without APIs, to provide a\nconsistent developer experience across different environments.\n\nExample uses of this error model include:\n\n- Partial errors. If a service needs to return partial errors to the client,\n    it may embed the `Status` in the normal response to indicate the partial\n    errors.\n\n- Workflow errors. A typical workflow has multiple steps. Each step may\n    have a `Status` message for error reporting.\n\n- Batch operations. If a client uses batch request and batch response, the\n    `Status` message should be used directly inside batch response, one for\n    each error sub-response.\n\n- Asynchronous operations. If an API call embeds asynchronous operation\n    results in its response, the status of those operations should be\n    represented directly using the `Status` message.\n\n- Logging. If some API errors are stored in logs, the message `Status` could\n    be used directly after any stripping needed for security/privacy reasons.",
+      "type": "object",
+      "properties": {
+        "code": {
+          "description": "The status code, which should be an enum value of google.rpc.Code.",
+          "format": "int32",
+          "type": "integer"
+        },
+        "message": {
+          "description": "A developer-facing error message, which should be in English. Any\nuser-facing error message should be localized and sent in the\ngoogle.rpc.Status.details field, or localized by the client.",
+          "type": "string"
+        },
+        "details": {
+          "description": "A list of messages that carry the error details.  There is a common set of\nmessage types for APIs to use.",
+          "type": "array",
+          "items": {
+            "additionalProperties": {
+              "description": "Properties of the object. Contains field @type with type URL.",
+              "type": "any"
+            },
+            "type": "object"
+          }
+        }
+      },
+      "id": "Status"
+    },
+    "Empty": {
+      "description": "A generic empty message that you can re-use to avoid defining duplicated\nempty messages in your APIs. A typical example is to use it as the request\nor the response type of an API method. For instance:\n\n    service Foo {\n      rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);\n    }\n\nThe JSON representation for `Empty` is empty JSON object `{}`.",
+      "type": "object",
+      "properties": {},
+      "id": "Empty"
+    },
+    "OsConstraint": {
+      "description": "A restriction on the OS type and version of devices making requests.",
+      "type": "object",
+      "properties": {
+        "minimumVersion": {
+          "description": "The minimum allowed OS version. If not set, any version of this OS\nsatisfies the constraint. Format: `\"major.minor.patch\"`.\nExamples: `\"10.5.301\"`, `\"9.2.1\"`.",
+          "type": "string"
+        },
+        "osType": {
+          "enumDescriptions": [
+            "The operating system of the device is not specified or not known.",
+            "A desktop Mac operating system.",
+            "A desktop Windows operating system.",
+            "A desktop Linux operating system.",
+            "A desktop ChromeOS operating system."
+          ],
+          "enum": [
+            "OS_UNSPECIFIED",
+            "DESKTOP_MAC",
+            "DESKTOP_WINDOWS",
+            "DESKTOP_LINUX",
+            "DESKTOP_CHROME_OS"
+          ],
+          "description": "Required. The allowed OS type.",
+          "type": "string"
+        }
+      },
+      "id": "OsConstraint"
+    },
+    "ServicePerimeter": {
+      "description": "`ServicePerimeter` describes a set of GCP resources which can freely import\nand export data amongst themselves, but not export outside of the\n`ServicePerimeter`. If a request with a source within this `ServicePerimeter`\nhas a target outside of the `ServicePerimeter`, the request will be blocked.\nOtherwise the request is allowed. There are two types of Service Perimeter -\nRegular and Bridge. Regular Service Perimeters cannot overlap, a single GCP\nproject can only belong to a single regular Service Perimeter. Service\nPerimeter Bridges can contain only GCP projects as members, a single GCP\nproject may belong to multiple Service Perimeter Bridges.",
+      "type": "object",
+      "properties": {
+        "perimeterType": {
+          "enumDescriptions": [
+            "Regular Perimeter.",
+            "Perimeter Bridge."
+          ],
+          "enum": [
+            "PERIMETER_TYPE_REGULAR",
+            "PERIMETER_TYPE_BRIDGE"
+          ],
+          "description": "Perimeter type indicator. A single project is\nallowed to be a member of single regular perimeter, but multiple service\nperimeter bridges. A project cannot be a included in a perimeter bridge\nwithout being included in regular perimeter. For perimeter bridges,\nthe restricted service list as well as access level lists must be\nempty.",
+          "type": "string"
+        },
+        "title": {
+          "description": "Human readable title. Must be unique within the Policy.",
+          "type": "string"
+        },
+        "description": {
+          "description": "Description of the `ServicePerimeter` and its use. Does not affect\nbehavior.",
+          "type": "string"
+        },
+        "createTime": {
+          "description": "Output only. Time the `ServicePerimeter` was created in UTC.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "status": {
+          "description": "Current ServicePerimeter configuration. Specifies sets of resources,\nrestricted services and access levels that determine perimeter\ncontent and boundaries.",
+          "$ref": "ServicePerimeterConfig"
+        },
+        "updateTime": {
+          "description": "Output only. Time the `ServicePerimeter` was updated in UTC.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "name": {
+          "description": "Required. Resource name for the ServicePerimeter.  The `short_name`\ncomponent must begin with a letter and only include alphanumeric and '_'.\nFormat: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`",
+          "type": "string"
+        }
+      },
+      "id": "ServicePerimeter"
+    },
+    "Condition": {
+      "description": "A condition necessary for an `AccessLevel` to be granted. The Condition is an\nAND over its fields. So a Condition is true if: 1) the request IP is from one\nof the listed subnetworks AND 2) the originating device complies with the\nlisted device policy AND 3) all listed access levels are granted AND 4) the\nrequest was sent at a time allowed by the DateTimeRestriction.",
+      "type": "object",
+      "properties": {
+        "members": {
+          "description": "The request must be made by one of the provided user or service\naccounts. Groups are not supported.\nSyntax:\n`user:{emailid}`\n`serviceAccount:{emailid}`\nIf not specified, a request may come from any user.",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "ipSubnetworks": {
+          "description": "CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for\na CIDR IP address block, the specified IP address portion must be properly\ntruncated (i.e. all the host bits must be zero) or the input is considered\nmalformed. For example, \"192.0.2.0/24\" is accepted but \"192.0.2.1/24\" is\nnot. Similarly, for IPv6, \"2001:db8::/32\" is accepted whereas\n\"2001:db8::1/32\" is not. The originating IP of a request must be in one of\nthe listed subnets in order for this Condition to be true. If empty, all IP\naddresses are allowed.",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "requiredAccessLevels": {
+          "description": "A list of other access levels defined in the same `Policy`, referenced by\nresource name. Referencing an `AccessLevel` which does not exist is an\nerror. All access levels listed must be granted for the Condition\nto be true. Example:\n\"`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME\"`",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "negate": {
+          "description": "Whether to negate the Condition. If true, the Condition becomes a NAND over\nits non-empty fields, each field must be false for the Condition overall to\nbe satisfied. Defaults to false.",
+          "type": "boolean"
+        },
+        "devicePolicy": {
+          "$ref": "DevicePolicy",
+          "description": "Device specific restrictions, all restrictions must hold for the\nCondition to be true. If not specified, all devices are allowed."
+        }
+      },
+      "id": "Condition"
+    },
+    "ListAccessLevelsResponse": {
+      "description": "A response to `ListAccessLevelsRequest`.",
+      "type": "object",
+      "properties": {
+        "nextPageToken": {
+          "description": "The pagination token to retrieve the next page of results. If the value is\nempty, no further results remain.",
+          "type": "string"
+        },
+        "accessLevels": {
+          "description": "List of the Access Level instances.",
+          "type": "array",
+          "items": {
+            "$ref": "AccessLevel"
+          }
+        }
+      },
+      "id": "ListAccessLevelsResponse"
+    },
+    "ListOperationsResponse": {
+      "description": "The response message for Operations.ListOperations.",
+      "type": "object",
+      "properties": {
+        "operations": {
+          "description": "A list of operations that matches the specified filter in the request.",
+          "type": "array",
+          "items": {
+            "$ref": "Operation"
+          }
+        },
+        "nextPageToken": {
+          "description": "The standard List next-page token.",
+          "type": "string"
+        }
+      },
+      "id": "ListOperationsResponse"
+    },
+    "ServicePerimeterConfig": {
+      "description": "`ServicePerimeterConfig` specifies a set of GCP resources that describe\nspecific Service Perimeter configuration.",
+      "type": "object",
+      "properties": {
+        "resources": {
+          "description": "A list of GCP resources that are inside of the service perimeter.\nCurrently only projects are allowed. Format: `projects/{project_number}`",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "accessLevels": {
+          "description": "A list of `AccessLevel` resource names that allow resources within the\n`ServicePerimeter` to be accessed from the internet. `AccessLevels` listed\nmust be in the same policy as this `ServicePerimeter`. Referencing a\nnonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are\nlisted, resources within the perimeter can only be accessed via GCP calls\nwith request origins within the perimeter. Example:\n`\"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL\"`.\nFor Service Perimeter Bridge, must be empty.",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "restrictedServices": {
+          "description": "GCP services that are subject to the Service Perimeter restrictions. For\nexample, if `storage.googleapis.com` is specified, access to the storage\nbuckets inside the perimeter must meet the perimeter's access restrictions.",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        }
+      },
+      "id": "ServicePerimeterConfig"
+    }
+  },
+  "protocol": "rest",
+  "icons": {
+    "x32": "http://www.google.com/images/icons/product/search-32.gif",
+    "x16": "http://www.google.com/images/icons/product/search-16.gif"
+  },
+  "canonicalName": "Access Context Manager",
+  "auth": {
+    "oauth2": {
+      "scopes": {
+        "https://www.googleapis.com/auth/cloud-platform": {
+          "description": "View and manage your data across Google Cloud Platform services"
+        }
+      }
+    }
+  },
+  "rootUrl": "https://accesscontextmanager.googleapis.com/",
+  "ownerDomain": "google.com",
+  "name": "accesscontextmanager",
+  "batchPath": "batch",
+  "fullyEncodeReservedExpansion": true,
+  "title": "Access Context Manager API",
+  "ownerName": "Google",
+  "resources": {
+    "operations": {
+      "methods": {
+        "list": {
+          "description": "Lists operations that match the specified filter in the request. If the\nserver doesn't support this method, it returns `UNIMPLEMENTED`.\n\nNOTE: the `name` binding allows API services to override the binding\nto use different resource name schemes, such as `users/*/operations`. To\noverride the binding, API services can add a binding such as\n`\"/v1/{name=users/*}/operations\"` to their service configuration.\nFor backwards compatibility, the default name includes the operations\ncollection id, however overriding users must ensure the name binding\nis the parent resource, without the operations collection id.",
+          "response": {
+            "$ref": "ListOperationsResponse"
+          },
+          "parameterOrder": [
+            "name"
+          ],
+          "httpMethod": "GET",
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ],
+          "parameters": {
+            "pageSize": {
+              "location": "query",
+              "description": "The standard list page size.",
+              "format": "int32",
+              "type": "integer"
+            },
+            "filter": {
+              "description": "The standard list filter.",
+              "type": "string",
+              "location": "query"
+            },
+            "name": {
+              "description": "The name of the operation's parent resource.",
+              "required": true,
+              "type": "string",
+              "pattern": "^operations$",
+              "location": "path"
+            },
+            "pageToken": {
+              "location": "query",
+              "description": "The standard list page token.",
+              "type": "string"
+            }
+          },
+          "flatPath": "v1/operations",
+          "path": "v1/{+name}",
+          "id": "accesscontextmanager.operations.list"
+        },
+        "get": {
+          "description": "Gets the latest state of a long-running operation.  Clients can use this\nmethod to poll the operation result at intervals as recommended by the API\nservice.",
+          "httpMethod": "GET",
+          "response": {
+            "$ref": "Operation"
+          },
+          "parameterOrder": [
+            "name"
+          ],
+          "parameters": {
+            "name": {
+              "description": "The name of the operation resource.",
+              "required": true,
+              "type": "string",
+              "pattern": "^operations/.+$",
+              "location": "path"
+            }
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ],
+          "flatPath": "v1/operations/{operationsId}",
+          "id": "accesscontextmanager.operations.get",
+          "path": "v1/{+name}"
+        },
+        "cancel": {
+          "flatPath": "v1/operations/{operationsId}:cancel",
+          "path": "v1/{+name}:cancel",
+          "id": "accesscontextmanager.operations.cancel",
+          "description": "Starts asynchronous cancellation on a long-running operation.  The server\nmakes a best effort to cancel the operation, but success is not\nguaranteed.  If the server doesn't support this method, it returns\n`google.rpc.Code.UNIMPLEMENTED`.  Clients can use\nOperations.GetOperation or\nother methods to check whether the cancellation succeeded or whether the\noperation completed despite cancellation. On successful cancellation,\nthe operation is not deleted; instead, it becomes an operation with\nan Operation.error value with a google.rpc.Status.code of 1,\ncorresponding to `Code.CANCELLED`.",
+          "request": {
+            "$ref": "CancelOperationRequest"
+          },
+          "response": {
+            "$ref": "Empty"
+          },
+          "parameterOrder": [
+            "name"
+          ],
+          "httpMethod": "POST",
+          "parameters": {
+            "name": {
+              "description": "The name of the operation resource to be cancelled.",
+              "required": true,
+              "type": "string",
+              "pattern": "^operations/.+$",
+              "location": "path"
+            }
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ]
+        },
+        "delete": {
+          "response": {
+            "$ref": "Empty"
+          },
+          "parameterOrder": [
+            "name"
+          ],
+          "httpMethod": "DELETE",
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ],
+          "parameters": {
+            "name": {
+              "location": "path",
+              "description": "The name of the operation resource to be deleted.",
+              "required": true,
+              "type": "string",
+              "pattern": "^operations/.+$"
+            }
+          },
+          "flatPath": "v1/operations/{operationsId}",
+          "path": "v1/{+name}",
+          "id": "accesscontextmanager.operations.delete",
+          "description": "Deletes a long-running operation. This method indicates that the client is\nno longer interested in the operation result. It does not cancel the\noperation. If the server doesn't support this method, it returns\n`google.rpc.Code.UNIMPLEMENTED`."
+        }
+      }
+    },
+    "accessPolicies": {
+      "methods": {
+        "list": {
+          "flatPath": "v1/accessPolicies",
+          "id": "accesscontextmanager.accessPolicies.list",
+          "path": "v1/accessPolicies",
+          "description": "List all AccessPolicies under a\ncontainer.",
+          "httpMethod": "GET",
+          "response": {
+            "$ref": "ListAccessPoliciesResponse"
+          },
+          "parameterOrder": [],
+          "parameters": {
+            "pageSize": {
+              "description": "Number of AccessPolicy instances to include in the list. Default 100.",
+              "format": "int32",
+              "type": "integer",
+              "location": "query"
+            },
+            "parent": {
+              "description": "Required. Resource name for the container to list AccessPolicy instances\nfrom.\n\nFormat:\n`organizations/{org_id}`",
+              "type": "string",
+              "location": "query"
+            },
+            "pageToken": {
+              "description": "Next page token for the next batch of AccessPolicy instances. Defaults to\nthe first page of results.",
+              "type": "string",
+              "location": "query"
+            }
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ]
+        },
+        "get": {
+          "flatPath": "v1/accessPolicies/{accessPoliciesId}",
+          "path": "v1/{+name}",
+          "id": "accesscontextmanager.accessPolicies.get",
+          "description": "Get an AccessPolicy by name.",
+          "response": {
+            "$ref": "AccessPolicy"
+          },
+          "parameterOrder": [
+            "name"
+          ],
+          "httpMethod": "GET",
+          "parameters": {
+            "name": {
+              "location": "path",
+              "description": "Required. Resource name for the access policy to get.\n\nFormat `accessPolicies/{policy_id}`",
+              "required": true,
+              "type": "string",
+              "pattern": "^accessPolicies/[^/]+$"
+            }
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ]
+        },
+        "patch": {
+          "description": "Update an AccessPolicy. The\nlongrunning Operation from this RPC will have a successful status once the\nchanges to the AccessPolicy have propagated\nto long-lasting storage. Syntactic and basic semantic errors will be\nreturned in `metadata` as a BadRequest proto.",
+          "request": {
+            "$ref": "AccessPolicy"
+          },
+          "httpMethod": "PATCH",
+          "parameterOrder": [
+            "name"
+          ],
+          "response": {
+            "$ref": "Operation"
+          },
+          "parameters": {
+            "updateMask": {
+              "location": "query",
+              "description": "Required. Mask to control which fields get updated. Must be non-empty.",
+              "format": "google-fieldmask",
+              "type": "string"
+            },
+            "name": {
+              "description": "Output only. Resource name of the `AccessPolicy`. Format:\n`accessPolicies/{policy_id}`",
+              "required": true,
+              "type": "string",
+              "pattern": "^accessPolicies/[^/]+$",
+              "location": "path"
+            }
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ],
+          "flatPath": "v1/accessPolicies/{accessPoliciesId}",
+          "id": "accesscontextmanager.accessPolicies.patch",
+          "path": "v1/{+name}"
+        },
+        "create": {
+          "response": {
+            "$ref": "Operation"
+          },
+          "parameterOrder": [],
+          "httpMethod": "POST",
+          "parameters": {},
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ],
+          "flatPath": "v1/accessPolicies",
+          "path": "v1/accessPolicies",
+          "id": "accesscontextmanager.accessPolicies.create",
+          "description": "Create an `AccessPolicy`. Fails if this organization already has a\n`AccessPolicy`. The longrunning Operation will have a successful status\nonce the `AccessPolicy` has propagated to long-lasting storage.\nSyntactic and basic semantic errors will be returned in `metadata` as a\nBadRequest proto.",
+          "request": {
+            "$ref": "AccessPolicy"
+          }
+        },
+        "delete": {
+          "flatPath": "v1/accessPolicies/{accessPoliciesId}",
+          "path": "v1/{+name}",
+          "id": "accesscontextmanager.accessPolicies.delete",
+          "description": "Delete an AccessPolicy by resource\nname. The longrunning Operation will have a successful status once the\nAccessPolicy\nhas been removed from long-lasting storage.",
+          "response": {
+            "$ref": "Operation"
+          },
+          "parameterOrder": [
+            "name"
+          ],
+          "httpMethod": "DELETE",
+          "parameters": {
+            "name": {
+              "location": "path",
+              "description": "Required. Resource name for the access policy to delete.\n\nFormat `accessPolicies/{policy_id}`",
+              "required": true,
+              "type": "string",
+              "pattern": "^accessPolicies/[^/]+$"
+            }
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ]
+        }
+      },
+      "resources": {
+        "servicePerimeters": {
+          "methods": {
+            "list": {
+              "description": "List all Service Perimeters for an\naccess policy.",
+              "response": {
+                "$ref": "ListServicePerimetersResponse"
+              },
+              "parameterOrder": [
+                "parent"
+              ],
+              "httpMethod": "GET",
+              "parameters": {
+                "pageToken": {
+                  "location": "query",
+                  "description": "Next page token for the next batch of Service Perimeter instances.\nDefaults to the first page of results.",
+                  "type": "string"
+                },
+                "pageSize": {
+                  "location": "query",
+                  "description": "Number of Service Perimeters to include\nin the list. Default 100.",
+                  "format": "int32",
+                  "type": "integer"
+                },
+                "parent": {
+                  "description": "Required. Resource name for the access policy to list Service Perimeters from.\n\nFormat:\n`accessPolicies/{policy_id}`",
+                  "required": true,
+                  "type": "string",
+                  "pattern": "^accessPolicies/[^/]+$",
+                  "location": "path"
+                }
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "flatPath": "v1/accessPolicies/{accessPoliciesId}/servicePerimeters",
+              "path": "v1/{+parent}/servicePerimeters",
+              "id": "accesscontextmanager.accessPolicies.servicePerimeters.list"
+            },
+            "get": {
+              "response": {
+                "$ref": "ServicePerimeter"
+              },
+              "parameterOrder": [
+                "name"
+              ],
+              "httpMethod": "GET",
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "parameters": {
+                "name": {
+                  "description": "Required. Resource name for the Service Perimeter.\n\nFormat:\n`accessPolicies/{policy_id}/servicePerimeters/{service_perimeters_id}`",
+                  "required": true,
+                  "type": "string",
+                  "pattern": "^accessPolicies/[^/]+/servicePerimeters/[^/]+$",
+                  "location": "path"
+                }
+              },
+              "flatPath": "v1/accessPolicies/{accessPoliciesId}/servicePerimeters/{servicePerimetersId}",
+              "path": "v1/{+name}",
+              "id": "accesscontextmanager.accessPolicies.servicePerimeters.get",
+              "description": "Get an Service Perimeter by resource\nname."
+            },
+            "patch": {
+              "response": {
+                "$ref": "Operation"
+              },
+              "parameterOrder": [
+                "name"
+              ],
+              "httpMethod": "PATCH",
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "parameters": {
+                "updateMask": {
+                  "location": "query",
+                  "description": "Required. Mask to control which fields get updated. Must be non-empty.",
+                  "format": "google-fieldmask",
+                  "type": "string"
+                },
+                "name": {
+                  "description": "Required. Resource name for the ServicePerimeter.  The `short_name`\ncomponent must begin with a letter and only include alphanumeric and '_'.\nFormat: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`",
+                  "required": true,
+                  "type": "string",
+                  "pattern": "^accessPolicies/[^/]+/servicePerimeters/[^/]+$",
+                  "location": "path"
+                }
+              },
+              "flatPath": "v1/accessPolicies/{accessPoliciesId}/servicePerimeters/{servicePerimetersId}",
+              "path": "v1/{+name}",
+              "id": "accesscontextmanager.accessPolicies.servicePerimeters.patch",
+              "request": {
+                "$ref": "ServicePerimeter"
+              },
+              "description": "Update an Service Perimeter. The\nlongrunning operation from this RPC will have a successful status once the\nchanges to the Service Perimeter have\npropagated to long-lasting storage. Service Perimeter containing\nerrors will result in an error response for the first error encountered."
+            },
+            "create": {
+              "response": {
+                "$ref": "Operation"
+              },
+              "parameterOrder": [
+                "parent"
+              ],
+              "httpMethod": "POST",
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "parameters": {
+                "parent": {
+                  "location": "path",
+                  "description": "Required. Resource name for the access policy which owns this Service\nPerimeter.\n\nFormat: `accessPolicies/{policy_id}`",
+                  "required": true,
+                  "type": "string",
+                  "pattern": "^accessPolicies/[^/]+$"
+                }
+              },
+              "flatPath": "v1/accessPolicies/{accessPoliciesId}/servicePerimeters",
+              "path": "v1/{+parent}/servicePerimeters",
+              "id": "accesscontextmanager.accessPolicies.servicePerimeters.create",
+              "request": {
+                "$ref": "ServicePerimeter"
+              },
+              "description": "Create an Service Perimeter. The\nlongrunning operation from this RPC will have a successful status once the\nService Perimeter has\npropagated to long-lasting storage. Service Perimeters containing\nerrors will result in an error response for the first error encountered."
+            },
+            "delete": {
+              "description": "Delete an Service Perimeter by resource\nname. The longrunning operation from this RPC will have a successful status\nonce the Service Perimeter has been\nremoved from long-lasting storage.",
+              "response": {
+                "$ref": "Operation"
+              },
+              "parameterOrder": [
+                "name"
+              ],
+              "httpMethod": "DELETE",
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "parameters": {
+                "name": {
+                  "description": "Required. Resource name for the Service Perimeter.\n\nFormat:\n`accessPolicies/{policy_id}/servicePerimeters/{service_perimeter_id}`",
+                  "required": true,
+                  "type": "string",
+                  "pattern": "^accessPolicies/[^/]+/servicePerimeters/[^/]+$",
+                  "location": "path"
+                }
+              },
+              "flatPath": "v1/accessPolicies/{accessPoliciesId}/servicePerimeters/{servicePerimetersId}",
+              "path": "v1/{+name}",
+              "id": "accesscontextmanager.accessPolicies.servicePerimeters.delete"
+            }
+          }
+        },
+        "accessLevels": {
+          "methods": {
+            "list": {
+              "flatPath": "v1/accessPolicies/{accessPoliciesId}/accessLevels",
+              "id": "accesscontextmanager.accessPolicies.accessLevels.list",
+              "path": "v1/{+parent}/accessLevels",
+              "description": "List all Access Levels for an access\npolicy.",
+              "httpMethod": "GET",
+              "response": {
+                "$ref": "ListAccessLevelsResponse"
+              },
+              "parameterOrder": [
+                "parent"
+              ],
+              "parameters": {
+                "pageToken": {
+                  "description": "Next page token for the next batch of Access Level instances.\nDefaults to the first page of results.",
+                  "type": "string",
+                  "location": "query"
+                },
+                "pageSize": {
+                  "location": "query",
+                  "description": "Number of Access Levels to include in\nthe list. Default 100.",
+                  "format": "int32",
+                  "type": "integer"
+                },
+                "accessLevelFormat": {
+                  "location": "query",
+                  "enum": [
+                    "LEVEL_FORMAT_UNSPECIFIED",
+                    "AS_DEFINED",
+                    "CEL"
+                  ],
+                  "description": "Whether to return `BasicLevels` in the Cloud Common Expression language, as\n`CustomLevels`, rather than as `BasicLevels`. Defaults to returning\n`AccessLevels` in the format they were defined.",
+                  "type": "string"
+                },
+                "parent": {
+                  "description": "Required. Resource name for the access policy to list Access Levels from.\n\nFormat:\n`accessPolicies/{policy_id}`",
+                  "required": true,
+                  "type": "string",
+                  "pattern": "^accessPolicies/[^/]+$",
+                  "location": "path"
+                }
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ]
+            },
+            "get": {
+              "description": "Get an Access Level by resource\nname.",
+              "response": {
+                "$ref": "AccessLevel"
+              },
+              "parameterOrder": [
+                "name"
+              ],
+              "httpMethod": "GET",
+              "parameters": {
+                "accessLevelFormat": {
+                  "location": "query",
+                  "enum": [
+                    "LEVEL_FORMAT_UNSPECIFIED",
+                    "AS_DEFINED",
+                    "CEL"
+                  ],
+                  "description": "Whether to return `BasicLevels` in the Cloud Common Expression\nLanguage rather than as `BasicLevels`. Defaults to AS_DEFINED, where\nAccess Levels\nare returned as `BasicLevels` or `CustomLevels` based on how they were\ncreated. If set to CEL, all Access Levels are returned as\n`CustomLevels`. In the CEL case, `BasicLevels` are translated to equivalent\n`CustomLevels`.",
+                  "type": "string"
+                },
+                "name": {
+                  "location": "path",
+                  "description": "Required. Resource name for the Access Level.\n\nFormat:\n`accessPolicies/{policy_id}/accessLevels/{access_level_id}`",
+                  "required": true,
+                  "type": "string",
+                  "pattern": "^accessPolicies/[^/]+/accessLevels/[^/]+$"
+                }
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "flatPath": "v1/accessPolicies/{accessPoliciesId}/accessLevels/{accessLevelsId}",
+              "path": "v1/{+name}",
+              "id": "accesscontextmanager.accessPolicies.accessLevels.get"
+            },
+            "patch": {
+              "request": {
+                "$ref": "AccessLevel"
+              },
+              "description": "Update an Access Level. The longrunning\noperation from this RPC will have a successful status once the changes to\nthe Access Level have propagated\nto long-lasting storage. Access Levels containing\nerrors will result in an error response for the first error encountered.",
+              "response": {
+                "$ref": "Operation"
+              },
+              "parameterOrder": [
+                "name"
+              ],
+              "httpMethod": "PATCH",
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "parameters": {
+                "updateMask": {
+                  "location": "query",
+                  "description": "Required.  Mask to control which fields get updated. Must be non-empty.",
+                  "format": "google-fieldmask",
+                  "type": "string"
+                },
+                "name": {
+                  "location": "path",
+                  "description": "Required. Resource name for the Access Level. The `short_name` component\nmust begin with a letter and only include alphanumeric and '_'. Format:\n`accessPolicies/{policy_id}/accessLevels/{short_name}`",
+                  "required": true,
+                  "type": "string",
+                  "pattern": "^accessPolicies/[^/]+/accessLevels/[^/]+$"
+                }
+              },
+              "flatPath": "v1/accessPolicies/{accessPoliciesId}/accessLevels/{accessLevelsId}",
+              "path": "v1/{+name}",
+              "id": "accesscontextmanager.accessPolicies.accessLevels.patch"
+            },
+            "create": {
+              "request": {
+                "$ref": "AccessLevel"
+              },
+              "description": "Create an Access Level. The longrunning\noperation from this RPC will have a successful status once the Access\nLevel has\npropagated to long-lasting storage. Access Levels containing\nerrors will result in an error response for the first error encountered.",
+              "response": {
+                "$ref": "Operation"
+              },
+              "parameterOrder": [
+                "parent"
+              ],
+              "httpMethod": "POST",
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "parameters": {
+                "parent": {
+                  "location": "path",
+                  "description": "Required. Resource name for the access policy which owns this Access\nLevel.\n\nFormat: `accessPolicies/{policy_id}`",
+                  "required": true,
+                  "type": "string",
+                  "pattern": "^accessPolicies/[^/]+$"
+                }
+              },
+              "flatPath": "v1/accessPolicies/{accessPoliciesId}/accessLevels",
+              "path": "v1/{+parent}/accessLevels",
+              "id": "accesscontextmanager.accessPolicies.accessLevels.create"
+            },
+            "delete": {
+              "description": "Delete an Access Level by resource\nname. The longrunning operation from this RPC will have a successful status\nonce the Access Level has been removed\nfrom long-lasting storage.",
+              "response": {
+                "$ref": "Operation"
+              },
+              "parameterOrder": [
+                "name"
+              ],
+              "httpMethod": "DELETE",
+              "parameters": {
+                "name": {
+                  "location": "path",
+                  "description": "Required. Resource name for the Access Level.\n\nFormat:\n`accessPolicies/{policy_id}/accessLevels/{access_level_id}`",
+                  "required": true,
+                  "type": "string",
+                  "pattern": "^accessPolicies/[^/]+/accessLevels/[^/]+$"
+                }
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "flatPath": "v1/accessPolicies/{accessPoliciesId}/accessLevels/{accessLevelsId}",
+              "path": "v1/{+name}",
+              "id": "accesscontextmanager.accessPolicies.accessLevels.delete"
+            }
+          }
+        }
+      }
+    }
+  },
+  "parameters": {
+    "upload_protocol": {
+      "description": "Upload protocol for media (e.g. \"raw\", \"multipart\").",
+      "type": "string",
+      "location": "query"
+    },
+    "quotaUser": {
+      "location": "query",
+      "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
+      "type": "string"
+    },
+    "prettyPrint": {
+      "description": "Returns response with indentations and line breaks.",
+      "type": "boolean",
+      "default": "true",
+      "location": "query"
+    },
+    "fields": {
+      "location": "query",
+      "description": "Selector specifying which fields to include in a partial response.",
+      "type": "string"
+    },
+    "uploadType": {
+      "description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
+      "type": "string",
+      "location": "query"
+    },
+    "callback": {
+      "location": "query",
+      "description": "JSONP",
+      "type": "string"
+    },
+    "oauth_token": {
+      "description": "OAuth 2.0 token for the current user.",
+      "type": "string",
+      "location": "query"
+    },
+    "$.xgafv": {
+      "enumDescriptions": [
+        "v1 error format",
+        "v2 error format"
+      ],
+      "location": "query",
+      "enum": [
+        "1",
+        "2"
+      ],
+      "description": "V1 error format.",
+      "type": "string"
+    },
+    "alt": {
+      "enum": [
+        "json",
+        "media",
+        "proto"
+      ],
+      "type": "string",
+      "enumDescriptions": [
+        "Responses with Content-Type of application/json",
+        "Media download with context-dependent Content-Type",
+        "Responses with Content-Type of application/x-protobuf"
+      ],
+      "location": "query",
+      "description": "Data format for response.",
+      "default": "json"
+    },
+    "access_token": {
+      "description": "OAuth access token.",
+      "type": "string",
+      "location": "query"
+    },
+    "key": {
+      "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
+      "type": "string",
+      "location": "query"
+    }
+  },
+  "version": "v1",
+  "baseUrl": "https://accesscontextmanager.googleapis.com/",
+  "servicePath": "",
+  "description": "An API for setting attribute based access control to requests to GCP services.",
+  "kind": "discovery#restDescription",
+  "basePath": "",
+  "documentationLink": "https://cloud.google.com/access-context-manager/docs/reference/rest/",
+  "id": "accesscontextmanager:v1",
+  "revision": "20190306",
+  "discoveryVersion": "v1"
+}
diff --git a/clients/1.28.0/google-api-services-accesscontextmanager/v1beta/com/google/api/services/accesscontextmanager/v1beta/model/ServicePerimeterConfig.java b/clients/1.28.0/google-api-services-accesscontextmanager/v1beta/com/google/api/services/accesscontextmanager/v1beta/model/ServicePerimeterConfig.java
index 259e5c2b643..c54d66c23ce 100644
--- a/clients/1.28.0/google-api-services-accesscontextmanager/v1beta/com/google/api/services/accesscontextmanager/v1beta/model/ServicePerimeterConfig.java
+++ b/clients/1.28.0/google-api-services-accesscontextmanager/v1beta/com/google/api/services/accesscontextmanager/v1beta/model/ServicePerimeterConfig.java
@@ -53,32 +53,20 @@ public final class ServicePerimeterConfig extends com.google.api.client.json.Gen
   private java.util.List<java.lang.String> resources;
 
   /**
-   * GCP services that are subject to the Service Perimeter restrictions. May contain a list of
-   * services or a single wildcard "*". For example, if `storage.googleapis.com` is specified,
-   * access to the storage buckets inside the perimeter must meet the perimeter's access
-   * restrictions.
-   *
-   * Wildcard means that unless explicitly specified by "unrestricted_services" list, any service is
-   * treated as restricted. One of the fields "restricted_services", "unrestricted_services" must
-   * contain a wildcard "*", otherwise the Service Perimeter specification is invalid. It also means
-   * that both field being empty is invalid as well. "restricted_services" can be empty if and only
-   * if "unrestricted_services" list contains a "*" wildcard.
+   * GCP services that are subject to the Service Perimeter restrictions. Must contain a list of
+   * services. For example, if `storage.googleapis.com` is specified, access to the storage buckets
+   * inside the perimeter must meet the perimeter's access restrictions.
    * The value may be {@code null}.
    */
   @com.google.api.client.util.Key
   private java.util.List<java.lang.String> restrictedServices;
 
   /**
-   * GCP services that are not subject to the Service Perimeter restrictions. May contain a list of
-   * services or a single wildcard "*". For example, if `logging.googleapis.com` is unrestricted,
-   * users can access logs inside the perimeter as if the perimeter doesn't exist, and it also means
-   * VMs inside the perimeter can access logs outside the perimeter.
+   * GCP services that are not subject to the Service Perimeter restrictions. Deprecated. Must be
+   * set to a single wildcard "*".
    *
    * The wildcard means that unless explicitly specified by "restricted_services" list, any service
-   * is treated as unrestricted. One of the fields "restricted_services", "unrestricted_services"
-   * must contain a wildcard "*", otherwise the Service Perimeter specification is invalid. It also
-   * means that both field being empty is invalid as well. "unrestricted_services" can be empty if
-   * and only if "restricted_services" list contains a "*" wildcard.
+   * is treated as unrestricted.
    * The value may be {@code null}.
    */
   @com.google.api.client.util.Key
@@ -133,16 +121,9 @@ public ServicePerimeterConfig setResources(java.util.List<java.lang.String> reso
   }
 
   /**
-   * GCP services that are subject to the Service Perimeter restrictions. May contain a list of
-   * services or a single wildcard "*". For example, if `storage.googleapis.com` is specified,
-   * access to the storage buckets inside the perimeter must meet the perimeter's access
-   * restrictions.
-   *
-   * Wildcard means that unless explicitly specified by "unrestricted_services" list, any service is
-   * treated as restricted. One of the fields "restricted_services", "unrestricted_services" must
-   * contain a wildcard "*", otherwise the Service Perimeter specification is invalid. It also means
-   * that both field being empty is invalid as well. "restricted_services" can be empty if and only
-   * if "unrestricted_services" list contains a "*" wildcard.
+   * GCP services that are subject to the Service Perimeter restrictions. Must contain a list of
+   * services. For example, if `storage.googleapis.com` is specified, access to the storage buckets
+   * inside the perimeter must meet the perimeter's access restrictions.
    * @return value or {@code null} for none
    */
   public java.util.List<java.lang.String> getRestrictedServices() {
@@ -150,16 +131,9 @@ public java.util.List<java.lang.String> getRestrictedServices() {
   }
 
   /**
-   * GCP services that are subject to the Service Perimeter restrictions. May contain a list of
-   * services or a single wildcard "*". For example, if `storage.googleapis.com` is specified,
-   * access to the storage buckets inside the perimeter must meet the perimeter's access
-   * restrictions.
-   *
-   * Wildcard means that unless explicitly specified by "unrestricted_services" list, any service is
-   * treated as restricted. One of the fields "restricted_services", "unrestricted_services" must
-   * contain a wildcard "*", otherwise the Service Perimeter specification is invalid. It also means
-   * that both field being empty is invalid as well. "restricted_services" can be empty if and only
-   * if "unrestricted_services" list contains a "*" wildcard.
+   * GCP services that are subject to the Service Perimeter restrictions. Must contain a list of
+   * services. For example, if `storage.googleapis.com` is specified, access to the storage buckets
+   * inside the perimeter must meet the perimeter's access restrictions.
    * @param restrictedServices restrictedServices or {@code null} for none
    */
   public ServicePerimeterConfig setRestrictedServices(java.util.List<java.lang.String> restrictedServices) {
@@ -168,16 +142,11 @@ public ServicePerimeterConfig setRestrictedServices(java.util.List<java.lang.Str
   }
 
   /**
-   * GCP services that are not subject to the Service Perimeter restrictions. May contain a list of
-   * services or a single wildcard "*". For example, if `logging.googleapis.com` is unrestricted,
-   * users can access logs inside the perimeter as if the perimeter doesn't exist, and it also means
-   * VMs inside the perimeter can access logs outside the perimeter.
+   * GCP services that are not subject to the Service Perimeter restrictions. Deprecated. Must be
+   * set to a single wildcard "*".
    *
    * The wildcard means that unless explicitly specified by "restricted_services" list, any service
-   * is treated as unrestricted. One of the fields "restricted_services", "unrestricted_services"
-   * must contain a wildcard "*", otherwise the Service Perimeter specification is invalid. It also
-   * means that both field being empty is invalid as well. "unrestricted_services" can be empty if
-   * and only if "restricted_services" list contains a "*" wildcard.
+   * is treated as unrestricted.
    * @return value or {@code null} for none
    */
   public java.util.List<java.lang.String> getUnrestrictedServices() {
@@ -185,16 +154,11 @@ public java.util.List<java.lang.String> getUnrestrictedServices() {
   }
 
   /**
-   * GCP services that are not subject to the Service Perimeter restrictions. May contain a list of
-   * services or a single wildcard "*". For example, if `logging.googleapis.com` is unrestricted,
-   * users can access logs inside the perimeter as if the perimeter doesn't exist, and it also means
-   * VMs inside the perimeter can access logs outside the perimeter.
+   * GCP services that are not subject to the Service Perimeter restrictions. Deprecated. Must be
+   * set to a single wildcard "*".
    *
    * The wildcard means that unless explicitly specified by "restricted_services" list, any service
-   * is treated as unrestricted. One of the fields "restricted_services", "unrestricted_services"
-   * must contain a wildcard "*", otherwise the Service Perimeter specification is invalid. It also
-   * means that both field being empty is invalid as well. "unrestricted_services" can be empty if
-   * and only if "restricted_services" list contains a "*" wildcard.
+   * is treated as unrestricted.
    * @param unrestrictedServices unrestrictedServices or {@code null} for none
    */
   public ServicePerimeterConfig setUnrestrictedServices(java.util.List<java.lang.String> unrestrictedServices) {
diff --git a/clients/1.28.0/google-api-services-accesscontextmanager/v1beta/pom.xml b/clients/1.28.0/google-api-services-accesscontextmanager/v1beta/pom.xml
index 0c50b4c53e1..c35451459af 100644
--- a/clients/1.28.0/google-api-services-accesscontextmanager/v1beta/pom.xml
+++ b/clients/1.28.0/google-api-services-accesscontextmanager/v1beta/pom.xml
@@ -8,8 +8,8 @@
 
   <groupId>com.google.apis</groupId>
   <artifactId>google-api-services-accesscontextmanager</artifactId>
-  <version>v1beta-rev20190204-1.28.0</version>
-  <name>Access Context Manager API v1beta-rev20190204-1.28.0</name>
+  <version>v1beta-rev20190306-1.28.0</version>
+  <name>Access Context Manager API v1beta-rev20190306-1.28.0</name>
   <packaging>jar</packaging>
 
   <inceptionYear>2011</inceptionYear>
diff --git a/clients/1.28.0/google-api-services-accesscontextmanager/v1beta/resources/accesscontextmanager.v1beta.json b/clients/1.28.0/google-api-services-accesscontextmanager/v1beta/resources/accesscontextmanager.v1beta.json
index 3b26d87c832..e77baff584a 100644
--- a/clients/1.28.0/google-api-services-accesscontextmanager/v1beta/resources/accesscontextmanager.v1beta.json
+++ b/clients/1.28.0/google-api-services-accesscontextmanager/v1beta/resources/accesscontextmanager.v1beta.json
@@ -1,616 +1,217 @@
 {
-  "id": "accesscontextmanager:v1beta",
-  "documentationLink": "https://cloud.google.com/access-context-manager/docs/reference/rest/",
-  "revision": "20190204",
-  "discoveryVersion": "v1",
-  "version_module": true,
-  "schemas": {
-    "Status": {
-      "description": "The `Status` type defines a logical error model that is suitable for different\nprogramming environments, including REST APIs and RPC APIs. It is used by\n[gRPC](https://github.com/grpc). The error model is designed to be:\n\n- Simple to use and understand for most users\n- Flexible enough to meet unexpected needs\n\n# Overview\n\nThe `Status` message contains three pieces of data: error code, error message,\nand error details. The error code should be an enum value of\ngoogle.rpc.Code, but it may accept additional error codes if needed.  The\nerror message should be a developer-facing English message that helps\ndevelopers *understand* and *resolve* the error. If a localized user-facing\nerror message is needed, put the localized message in the error details or\nlocalize it in the client. The optional error details may contain arbitrary\ninformation about the error. There is a predefined set of error detail types\nin the package `google.rpc` that can be used for common error conditions.\n\n# Language mapping\n\nThe `Status` message is the logical representation of the error model, but it\nis not necessarily the actual wire format. When the `Status` message is\nexposed in different client libraries and different wire protocols, it can be\nmapped differently. For example, it will likely be mapped to some exceptions\nin Java, but more likely mapped to some error codes in C.\n\n# Other uses\n\nThe error model and the `Status` message can be used in a variety of\nenvironments, either with or without APIs, to provide a\nconsistent developer experience across different environments.\n\nExample uses of this error model include:\n\n- Partial errors. If a service needs to return partial errors to the client,\n    it may embed the `Status` in the normal response to indicate the partial\n    errors.\n\n- Workflow errors. A typical workflow has multiple steps. Each step may\n    have a `Status` message for error reporting.\n\n- Batch operations. If a client uses batch request and batch response, the\n    `Status` message should be used directly inside batch response, one for\n    each error sub-response.\n\n- Asynchronous operations. If an API call embeds asynchronous operation\n    results in its response, the status of those operations should be\n    represented directly using the `Status` message.\n\n- Logging. If some API errors are stored in logs, the message `Status` could\n    be used directly after any stripping needed for security/privacy reasons.",
-      "type": "object",
-      "properties": {
-        "message": {
-          "description": "A developer-facing error message, which should be in English. Any\nuser-facing error message should be localized and sent in the\ngoogle.rpc.Status.details field, or localized by the client.",
-          "type": "string"
-        },
-        "details": {
-          "description": "A list of messages that carry the error details.  There is a common set of\nmessage types for APIs to use.",
-          "type": "array",
-          "items": {
-            "additionalProperties": {
-              "description": "Properties of the object. Contains field @type with type URL.",
-              "type": "any"
-            },
-            "type": "object"
-          }
-        },
-        "code": {
-          "description": "The status code, which should be an enum value of google.rpc.Code.",
-          "format": "int32",
-          "type": "integer"
+  "canonicalName": "Access Context Manager",
+  "auth": {
+    "oauth2": {
+      "scopes": {
+        "https://www.googleapis.com/auth/cloud-platform": {
+          "description": "View and manage your data across Google Cloud Platform services"
         }
-      },
-      "id": "Status"
-    },
-    "OsConstraint": {
-      "description": "A restriction on the OS type and version of devices making requests.",
-      "type": "object",
-      "properties": {
-        "minimumVersion": {
-          "description": "The minimum allowed OS version. If not set, any version of this OS\nsatisfies the constraint. Format: `\"major.minor.patch\"`.\nExamples: `\"10.5.301\"`, `\"9.2.1\"`.",
-          "type": "string"
-        },
-        "osType": {
-          "description": "Required. The allowed OS type.",
-          "type": "string",
-          "enumDescriptions": [
-            "The operating system of the device is not specified or not known.",
-            "A desktop Mac operating system.",
-            "A desktop Windows operating system.",
-            "A desktop Linux operating system.",
-            "A desktop ChromeOS operating system.",
-            "An Android operating system.",
-            "An iOS operating system."
+      }
+    }
+  },
+  "rootUrl": "https://accesscontextmanager.googleapis.com/",
+  "ownerDomain": "google.com",
+  "name": "accesscontextmanager",
+  "batchPath": "batch",
+  "fullyEncodeReservedExpansion": true,
+  "title": "Access Context Manager API",
+  "ownerName": "Google",
+  "resources": {
+    "operations": {
+      "methods": {
+        "get": {
+          "id": "accesscontextmanager.operations.get",
+          "path": "v1beta/{+name}",
+          "description": "Gets the latest state of a long-running operation.  Clients can use this\nmethod to poll the operation result at intervals as recommended by the API\nservice.",
+          "httpMethod": "GET",
+          "parameterOrder": [
+            "name"
           ],
-          "enum": [
-            "OS_UNSPECIFIED",
-            "DESKTOP_MAC",
-            "DESKTOP_WINDOWS",
-            "DESKTOP_LINUX",
-            "DESKTOP_CHROME_OS",
-            "ANDROID",
-            "IOS"
-          ]
+          "response": {
+            "$ref": "Operation"
+          },
+          "parameters": {
+            "name": {
+              "pattern": "^operations/.+$",
+              "location": "path",
+              "description": "The name of the operation resource.",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ],
+          "flatPath": "v1beta/operations/{operationsId}"
         }
-      },
-      "id": "OsConstraint"
+      }
     },
-    "ServicePerimeter": {
-      "description": "`ServicePerimeter` describes a set of GCP resources which can freely import\nand export data amongst themselves, but not export outside of the\n`ServicePerimeter`. If a request with a source within this `ServicePerimeter`\nhas a target outside of the `ServicePerimeter`, the request will be blocked.\nOtherwise the request is allowed. There are two types of Service Perimeter -\nRegular and Bridge. Regular Service Perimeters cannot overlap, a single GCP\nproject can only belong to a single regular Service Perimeter. Service\nPerimeter Bridges can contain only GCP projects as members, a single GCP\nproject may belong to multiple Service Perimeter Bridges.",
-      "type": "object",
-      "properties": {
-        "description": {
-          "description": "Description of the `ServicePerimeter` and its use. Does not affect\nbehavior.",
-          "type": "string"
-        },
-        "createTime": {
-          "description": "Output only. Time the `ServicePerimeter` was created in UTC.",
-          "format": "google-datetime",
-          "type": "string"
-        },
-        "status": {
-          "description": "Current ServicePerimeter configuration. Specifies sets of resources,\nrestricted/unrestricted services and access levels that determine perimeter\ncontent and boundaries.",
-          "$ref": "ServicePerimeterConfig"
+    "accessPolicies": {
+      "methods": {
+        "delete": {
+          "response": {
+            "$ref": "Operation"
+          },
+          "parameterOrder": [
+            "name"
+          ],
+          "httpMethod": "DELETE",
+          "parameters": {
+            "name": {
+              "description": "Required. Resource name for the access policy to delete.\n\nFormat `accessPolicies/{policy_id}`",
+              "required": true,
+              "type": "string",
+              "pattern": "^accessPolicies/[^/]+$",
+              "location": "path"
+            }
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ],
+          "flatPath": "v1beta/accessPolicies/{accessPoliciesId}",
+          "path": "v1beta/{+name}",
+          "id": "accesscontextmanager.accessPolicies.delete",
+          "description": "Delete an AccessPolicy by resource\nname. The longrunning Operation will have a successful status once the\nAccessPolicy\nhas been removed from long-lasting storage."
         },
-        "updateTime": {
-          "description": "Output only. Time the `ServicePerimeter` was updated in UTC.",
-          "format": "google-datetime",
-          "type": "string"
+        "list": {
+          "response": {
+            "$ref": "ListAccessPoliciesResponse"
+          },
+          "parameterOrder": [],
+          "httpMethod": "GET",
+          "parameters": {
+            "pageToken": {
+              "location": "query",
+              "description": "Next page token for the next batch of AccessPolicy instances. Defaults to\nthe first page of results.",
+              "type": "string"
+            },
+            "pageSize": {
+              "description": "Number of AccessPolicy instances to include in the list. Default 100.",
+              "format": "int32",
+              "type": "integer",
+              "location": "query"
+            },
+            "parent": {
+              "description": "Required. Resource name for the container to list AccessPolicy instances\nfrom.\n\nFormat:\n`organizations/{org_id}`",
+              "type": "string",
+              "location": "query"
+            }
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ],
+          "flatPath": "v1beta/accessPolicies",
+          "path": "v1beta/accessPolicies",
+          "id": "accesscontextmanager.accessPolicies.list",
+          "description": "List all AccessPolicies under a\ncontainer."
         },
-        "name": {
-          "description": "Required. Resource name for the ServicePerimeter.  The `short_name`\ncomponent must begin with a letter and only include alphanumeric and '_'.\nFormat: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`",
-          "type": "string"
+        "get": {
+          "response": {
+            "$ref": "AccessPolicy"
+          },
+          "parameterOrder": [
+            "name"
+          ],
+          "httpMethod": "GET",
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ],
+          "parameters": {
+            "name": {
+              "description": "Required. Resource name for the access policy to get.\n\nFormat `accessPolicies/{policy_id}`",
+              "required": true,
+              "type": "string",
+              "pattern": "^accessPolicies/[^/]+$",
+              "location": "path"
+            }
+          },
+          "flatPath": "v1beta/accessPolicies/{accessPoliciesId}",
+          "path": "v1beta/{+name}",
+          "id": "accesscontextmanager.accessPolicies.get",
+          "description": "Get an AccessPolicy by name."
         },
-        "perimeterType": {
-          "enumDescriptions": [
-            "Regular Perimeter.",
-            "Perimeter Bridge."
+        "patch": {
+          "path": "v1beta/{+name}",
+          "id": "accesscontextmanager.accessPolicies.patch",
+          "description": "Update an AccessPolicy. The\nlongrunning Operation from this RPC will have a successful status once the\nchanges to the AccessPolicy have propagated\nto long-lasting storage. Syntactic and basic semantic errors will be\nreturned in `metadata` as a BadRequest proto.",
+          "request": {
+            "$ref": "AccessPolicy"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "parameterOrder": [
+            "name"
           ],
-          "enum": [
-            "PERIMETER_TYPE_REGULAR",
-            "PERIMETER_TYPE_BRIDGE"
+          "httpMethod": "PATCH",
+          "parameters": {
+            "updateMask": {
+              "description": "Required. Mask to control which fields get updated. Must be non-empty.",
+              "format": "google-fieldmask",
+              "type": "string",
+              "location": "query"
+            },
+            "name": {
+              "description": "Output only. Resource name of the `AccessPolicy`. Format:\n`accessPolicies/{policy_id}`",
+              "required": true,
+              "type": "string",
+              "pattern": "^accessPolicies/[^/]+$",
+              "location": "path"
+            }
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
           ],
-          "description": "Perimeter type indicator. A single project is\nallowed to be a member of single regular perimeter, but multiple service\nperimeter bridges. A project cannot be a included in a perimeter bridge\nwithout being included in regular perimeter. For perimeter bridges,\nrestricted/unrestricted service lists as well as access lists must be\nempty.",
-          "type": "string"
+          "flatPath": "v1beta/accessPolicies/{accessPoliciesId}"
         },
-        "title": {
-          "description": "Human readable title. Must be unique within the Policy.",
-          "type": "string"
-        }
-      },
-      "id": "ServicePerimeter"
-    },
-    "ServicePerimeterConfig": {
-      "description": "`ServicePerimeterConfig` specifies a set of GCP resources that describe\nspecific Service Perimeter configuration.",
-      "type": "object",
-      "properties": {
-        "resources": {
-          "description": "A list of GCP resources that are inside of the service perimeter.\nCurrently only projects are allowed. Format: `projects/{project_number}`",
-          "type": "array",
-          "items": {
-            "type": "string"
-          }
-        },
-        "unrestrictedServices": {
-          "description": "GCP services that are not subject to the Service Perimeter restrictions.\nMay contain a list of services or a single wildcard \"*\". For example, if\n`logging.googleapis.com` is unrestricted, users can access logs inside the\nperimeter as if the perimeter doesn't exist, and it also means VMs inside\nthe perimeter can access logs outside the perimeter.\n\nThe wildcard means that unless explicitly specified by\n\"restricted_services\" list, any service is treated as unrestricted. One of\nthe fields \"restricted_services\", \"unrestricted_services\" must contain a\nwildcard \"*\", otherwise the Service Perimeter specification is invalid. It\nalso means that both field being empty is invalid as well.\n\"unrestricted_services\" can be empty if and only if \"restricted_services\"\nlist contains a \"*\" wildcard.",
-          "type": "array",
-          "items": {
-            "type": "string"
-          }
-        },
-        "accessLevels": {
-          "description": "A list of `AccessLevel` resource names that allow resources within the\n`ServicePerimeter` to be accessed from the internet. `AccessLevels` listed\nmust be in the same policy as this `ServicePerimeter`. Referencing a\nnonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are\nlisted, resources within the perimeter can only be accessed via GCP calls\nwith request origins within the perimeter. Example:\n`\"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL\"`.\nFor Service Perimeter Bridge, must be empty.",
-          "type": "array",
-          "items": {
-            "type": "string"
-          }
-        },
-        "restrictedServices": {
-          "description": "GCP services that are subject to the Service Perimeter restrictions. May\ncontain a list of services or a single wildcard \"*\". For example, if\n`storage.googleapis.com` is specified, access to the storage buckets\ninside the perimeter must meet the perimeter's access restrictions.\n\nWildcard means that unless explicitly specified by \"unrestricted_services\"\nlist, any service is treated as restricted. One of the fields\n\"restricted_services\", \"unrestricted_services\" must contain a wildcard \"*\",\notherwise the Service Perimeter specification is invalid. It also means\nthat both field being empty is invalid as well. \"restricted_services\" can\nbe empty if and only if \"unrestricted_services\" list contains a \"*\"\nwildcard.",
-          "type": "array",
-          "items": {
-            "type": "string"
-          }
-        }
-      },
-      "id": "ServicePerimeterConfig"
-    },
-    "ListAccessLevelsResponse": {
-      "description": "A response to `ListAccessLevelsRequest`.",
-      "type": "object",
-      "properties": {
-        "nextPageToken": {
-          "description": "The pagination token to retrieve the next page of results. If the value is\nempty, no further results remain.",
-          "type": "string"
-        },
-        "accessLevels": {
-          "description": "List of the Access Level instances.",
-          "type": "array",
-          "items": {
-            "$ref": "AccessLevel"
-          }
-        }
-      },
-      "id": "ListAccessLevelsResponse"
-    },
-    "Condition": {
-      "description": "A condition necessary for an `AccessLevel` to be granted. The Condition is an\nAND over its fields. So a Condition is true if: 1) the request IP is from one\nof the listed subnetworks AND 2) the originating device complies with the\nlisted device policy AND 3) all listed access levels are granted AND 4) the\nrequest was sent at a time allowed by the DateTimeRestriction.",
-      "type": "object",
-      "properties": {
-        "devicePolicy": {
-          "description": "Device specific restrictions, all restrictions must hold for the\nCondition to be true. If not specified, all devices are allowed.",
-          "$ref": "DevicePolicy"
-        },
-        "members": {
-          "description": "The request must be made by one of the provided user or service\naccounts. Groups are not supported.\nSyntax:\n`user:{emailid}`\n`serviceAccount:{emailid}`\nIf not specified, a request may come from any user.",
-          "type": "array",
-          "items": {
-            "type": "string"
-          }
-        },
-        "ipSubnetworks": {
-          "description": "CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for\na CIDR IP address block, the specified IP address portion must be properly\ntruncated (i.e. all the host bits must be zero) or the input is considered\nmalformed. For example, \"192.0.2.0/24\" is accepted but \"192.0.2.1/24\" is\nnot. Similarly, for IPv6, \"2001:db8::/32\" is accepted whereas\n\"2001:db8::1/32\" is not. The originating IP of a request must be in one of\nthe listed subnets in order for this Condition to be true. If empty, all IP\naddresses are allowed.",
-          "type": "array",
-          "items": {
-            "type": "string"
-          }
-        },
-        "requiredAccessLevels": {
-          "description": "A list of other access levels defined in the same `Policy`, referenced by\nresource name. Referencing an `AccessLevel` which does not exist is an\nerror. All access levels listed must be granted for the Condition\nto be true. Example:\n\"`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME\"`",
-          "type": "array",
-          "items": {
-            "type": "string"
-          }
-        },
-        "negate": {
-          "description": "Whether to negate the Condition. If true, the Condition becomes a NAND over\nits non-empty fields, each field must be false for the Condition overall to\nbe satisfied. Defaults to false.",
-          "type": "boolean"
-        }
-      },
-      "id": "Condition"
-    },
-    "BasicLevel": {
-      "description": "`BasicLevel` is an `AccessLevel` using a set of recommended features.",
-      "type": "object",
-      "properties": {
-        "combiningFunction": {
-          "enumDescriptions": [
-            "All `Conditions` must be true for the `BasicLevel` to be true.",
-            "If at least one `Condition` is true, then the `BasicLevel` is true."
-          ],
-          "enum": [
-            "AND",
-            "OR"
-          ],
-          "description": "How the `conditions` list should be combined to determine if a request is\ngranted this `AccessLevel`. If AND is used, each `Condition` in\n`conditions` must be satisfied for the `AccessLevel` to be applied. If OR\nis used, at least one `Condition` in `conditions` must be satisfied for the\n`AccessLevel` to be applied. Default behavior is AND.",
-          "type": "string"
-        },
-        "conditions": {
-          "description": "Required. A list of requirements for the `AccessLevel` to be granted.",
-          "type": "array",
-          "items": {
-            "$ref": "Condition"
-          }
-        }
-      },
-      "id": "BasicLevel"
-    },
-    "ListAccessPoliciesResponse": {
-      "description": "A response to `ListAccessPoliciesRequest`.",
-      "type": "object",
-      "properties": {
-        "nextPageToken": {
-          "description": "The pagination token to retrieve the next page of results. If the value is\nempty, no further results remain.",
-          "type": "string"
-        },
-        "accessPolicies": {
-          "description": "List of the AccessPolicy instances.",
-          "type": "array",
-          "items": {
-            "$ref": "AccessPolicy"
-          }
-        }
-      },
-      "id": "ListAccessPoliciesResponse"
-    },
-    "ListServicePerimetersResponse": {
-      "description": "A response to `ListServicePerimetersRequest`.",
-      "type": "object",
-      "properties": {
-        "servicePerimeters": {
-          "description": "List of the Service Perimeter instances.",
-          "type": "array",
-          "items": {
-            "$ref": "ServicePerimeter"
-          }
-        },
-        "nextPageToken": {
-          "description": "The pagination token to retrieve the next page of results. If the value is\nempty, no further results remain.",
-          "type": "string"
-        }
-      },
-      "id": "ListServicePerimetersResponse"
-    },
-    "DevicePolicy": {
-      "description": "`DevicePolicy` specifies device specific restrictions necessary to acquire a\ngiven access level. A `DevicePolicy` specifies requirements for requests from\ndevices to be granted access levels, it does not do any enforcement on the\ndevice. `DevicePolicy` acts as an AND over all specified fields, and each\nrepeated field is an OR over its elements. Any unset fields are ignored. For\nexample, if the proto is { os_type : DESKTOP_WINDOWS, os_type :\nDESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be\ntrue for requests originating from encrypted Linux desktops and encrypted\nWindows desktops.",
-      "type": "object",
-      "properties": {
-        "allowedEncryptionStatuses": {
-          "description": "Allowed encryptions statuses, an empty list allows all statuses.",
-          "type": "array",
-          "items": {
-            "enum": [
-              "ENCRYPTION_UNSPECIFIED",
-              "ENCRYPTION_UNSUPPORTED",
-              "UNENCRYPTED",
-              "ENCRYPTED"
-            ],
-            "type": "string"
-          },
-          "enumDescriptions": [
-            "The encryption status of the device is not specified or not known.",
-            "The device does not support encryption.",
-            "The device supports encryption, but is currently unencrypted.",
-            "The device is encrypted."
-          ]
-        },
-        "requireScreenlock": {
-          "description": "Whether or not screenlock is required for the DevicePolicy to be true.\nDefaults to `false`.",
-          "type": "boolean"
-        },
-        "allowedDeviceManagementLevels": {
-          "enumDescriptions": [
-            "The device's management level is not specified or not known.",
-            "The device is not managed.",
-            "Basic management is enabled, which is generally limited to monitoring and\nwiping the corporate account.",
-            "Complete device management. This includes more thorough monitoring and the\nability to directly manage the device (such as remote wiping). This can be\nenabled through the Android Enterprise Platform."
-          ],
-          "description": "Allowed device management levels, an empty list allows all management\nlevels.",
-          "type": "array",
-          "items": {
-            "enum": [
-              "MANAGEMENT_UNSPECIFIED",
-              "NONE",
-              "BASIC",
-              "COMPLETE"
-            ],
-            "type": "string"
-          }
-        },
-        "osConstraints": {
-          "description": "Allowed OS versions, an empty list allows all types and all versions.",
-          "type": "array",
-          "items": {
-            "$ref": "OsConstraint"
-          }
-        }
-      },
-      "id": "DevicePolicy"
-    },
-    "AccessLevel": {
-      "description": "An `AccessLevel` is a label that can be applied to requests to GCP services,\nalong with a list of requirements necessary for the label to be applied.",
-      "type": "object",
-      "properties": {
-        "description": {
-          "description": "Description of the `AccessLevel` and its use. Does not affect behavior.",
-          "type": "string"
-        },
-        "createTime": {
-          "description": "Output only. Time the `AccessLevel` was created in UTC.",
-          "format": "google-datetime",
-          "type": "string"
-        },
-        "updateTime": {
-          "description": "Output only. Time the `AccessLevel` was updated in UTC.",
-          "format": "google-datetime",
-          "type": "string"
-        },
-        "basic": {
-          "description": "A `BasicLevel` composed of `Conditions`.",
-          "$ref": "BasicLevel"
-        },
-        "name": {
-          "description": "Required. Resource name for the Access Level. The `short_name` component\nmust begin with a letter and only include alphanumeric and '_'. Format:\n`accessPolicies/{policy_id}/accessLevels/{short_name}`",
-          "type": "string"
-        },
-        "title": {
-          "description": "Human readable title. Must be unique within the Policy.",
-          "type": "string"
-        }
-      },
-      "id": "AccessLevel"
-    },
-    "AccessPolicy": {
-      "properties": {
-        "parent": {
-          "description": "Required. The parent of this `AccessPolicy` in the Cloud Resource\nHierarchy. Currently immutable once created. Format:\n`organizations/{organization_id}`",
-          "type": "string"
-        },
-        "createTime": {
-          "description": "Output only. Time the `AccessPolicy` was created in UTC.",
-          "format": "google-datetime",
-          "type": "string"
-        },
-        "title": {
-          "description": "Required. Human readable title. Does not affect behavior.",
-          "type": "string"
-        },
-        "updateTime": {
-          "description": "Output only. Time the `AccessPolicy` was updated in UTC.",
-          "format": "google-datetime",
-          "type": "string"
-        },
-        "name": {
-          "description": "Output only. Resource name of the `AccessPolicy`. Format:\n`accessPolicies/{policy_id}`",
-          "type": "string"
-        }
-      },
-      "id": "AccessPolicy",
-      "description": "`AccessPolicy` is a container for `AccessLevels` (which define the necessary\nattributes to use GCP services) and `ServicePerimeters` (which define regions\nof services able to freely pass data within a perimeter). An access policy is\nglobally visible within an organization, and the restrictions it specifies\napply to all projects within an organization.",
-      "type": "object"
-    },
-    "Operation": {
-      "description": "This resource represents a long-running operation that is the result of a\nnetwork API call.",
-      "type": "object",
-      "properties": {
-        "done": {
-          "description": "If the value is `false`, it means the operation is still in progress.\nIf `true`, the operation is completed, and either `error` or `response` is\navailable.",
-          "type": "boolean"
-        },
-        "response": {
-          "additionalProperties": {
-            "description": "Properties of the object. Contains field @type with type URL.",
-            "type": "any"
-          },
-          "description": "The normal response of the operation in case of success.  If the original\nmethod returns no data on success, such as `Delete`, the response is\n`google.protobuf.Empty`.  If the original method is standard\n`Get`/`Create`/`Update`, the response should be the resource.  For other\nmethods, the response should have the type `XxxResponse`, where `Xxx`\nis the original method name.  For example, if the original method name\nis `TakeSnapshot()`, the inferred response type is\n`TakeSnapshotResponse`.",
-          "type": "object"
-        },
-        "name": {
-          "description": "The server-assigned name, which is only unique within the same service that\noriginally returns it. If you use the default HTTP mapping, the\n`name` should have the format of `operations/some/unique/name`.",
-          "type": "string"
-        },
-        "error": {
-          "$ref": "Status",
-          "description": "The error result of the operation in case of failure or cancellation."
-        },
-        "metadata": {
-          "additionalProperties": {
-            "description": "Properties of the object. Contains field @type with type URL.",
-            "type": "any"
-          },
-          "description": "Service-specific metadata associated with the operation.  It typically\ncontains progress information and common metadata such as create time.\nSome services might not provide such metadata.  Any method that returns a\nlong-running operation should document the metadata type, if any.",
-          "type": "object"
-        }
-      },
-      "id": "Operation"
-    }
-  },
-  "icons": {
-    "x16": "http://www.google.com/images/icons/product/search-16.gif",
-    "x32": "http://www.google.com/images/icons/product/search-32.gif"
-  },
-  "protocol": "rest",
-  "canonicalName": "Access Context Manager",
-  "auth": {
-    "oauth2": {
-      "scopes": {
-        "https://www.googleapis.com/auth/cloud-platform": {
-          "description": "View and manage your data across Google Cloud Platform services"
-        }
-      }
-    }
-  },
-  "rootUrl": "https://accesscontextmanager.googleapis.com/",
-  "ownerDomain": "google.com",
-  "name": "accesscontextmanager",
-  "batchPath": "batch",
-  "fullyEncodeReservedExpansion": true,
-  "title": "Access Context Manager API",
-  "ownerName": "Google",
-  "resources": {
-    "operations": {
-      "methods": {
-        "get": {
-          "response": {
-            "$ref": "Operation"
-          },
-          "parameterOrder": [
-            "name"
-          ],
-          "httpMethod": "GET",
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform"
-          ],
-          "parameters": {
-            "name": {
-              "pattern": "^operations/.+$",
-              "location": "path",
-              "description": "The name of the operation resource.",
-              "required": true,
-              "type": "string"
-            }
-          },
-          "flatPath": "v1beta/operations/{operationsId}",
-          "path": "v1beta/{+name}",
-          "id": "accesscontextmanager.operations.get",
-          "description": "Gets the latest state of a long-running operation.  Clients can use this\nmethod to poll the operation result at intervals as recommended by the API\nservice."
-        }
-      }
-    },
-    "accessPolicies": {
-      "methods": {
-        "delete": {
-          "flatPath": "v1beta/accessPolicies/{accessPoliciesId}",
-          "id": "accesscontextmanager.accessPolicies.delete",
-          "path": "v1beta/{+name}",
-          "description": "Delete an AccessPolicy by resource\nname. The longrunning Operation will have a successful status once the\nAccessPolicy\nhas been removed from long-lasting storage.",
-          "httpMethod": "DELETE",
-          "response": {
-            "$ref": "Operation"
-          },
-          "parameterOrder": [
-            "name"
-          ],
-          "parameters": {
-            "name": {
-              "location": "path",
-              "description": "Required. Resource name for the access policy to delete.\n\nFormat `accessPolicies/{policy_id}`",
-              "required": true,
-              "type": "string",
-              "pattern": "^accessPolicies/[^/]+$"
-            }
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform"
-          ]
-        },
-        "list": {
-          "description": "List all AccessPolicies under a\ncontainer.",
-          "response": {
-            "$ref": "ListAccessPoliciesResponse"
-          },
-          "parameterOrder": [],
-          "httpMethod": "GET",
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform"
-          ],
-          "parameters": {
-            "pageSize": {
-              "location": "query",
-              "description": "Number of AccessPolicy instances to include in the list. Default 100.",
-              "format": "int32",
-              "type": "integer"
-            },
-            "parent": {
-              "description": "Required. Resource name for the container to list AccessPolicy instances\nfrom.\n\nFormat:\n`organizations/{org_id}`",
-              "type": "string",
-              "location": "query"
-            },
-            "pageToken": {
-              "description": "Next page token for the next batch of AccessPolicy instances. Defaults to\nthe first page of results.",
-              "type": "string",
-              "location": "query"
-            }
-          },
-          "flatPath": "v1beta/accessPolicies",
-          "path": "v1beta/accessPolicies",
-          "id": "accesscontextmanager.accessPolicies.list"
-        },
-        "get": {
-          "description": "Get an AccessPolicy by name.",
-          "response": {
-            "$ref": "AccessPolicy"
-          },
-          "parameterOrder": [
-            "name"
-          ],
-          "httpMethod": "GET",
-          "parameters": {
-            "name": {
-              "description": "Required. Resource name for the access policy to get.\n\nFormat `accessPolicies/{policy_id}`",
-              "required": true,
-              "type": "string",
-              "pattern": "^accessPolicies/[^/]+$",
-              "location": "path"
-            }
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform"
-          ],
-          "flatPath": "v1beta/accessPolicies/{accessPoliciesId}",
-          "path": "v1beta/{+name}",
-          "id": "accesscontextmanager.accessPolicies.get"
-        },
-        "patch": {
-          "description": "Update an AccessPolicy. The\nlongrunning Operation from this RPC will have a successful status once the\nchanges to the AccessPolicy have propagated\nto long-lasting storage. Syntactic and basic semantic errors will be\nreturned in `metadata` as a BadRequest proto.",
-          "request": {
-            "$ref": "AccessPolicy"
-          },
-          "response": {
-            "$ref": "Operation"
-          },
-          "parameterOrder": [
-            "name"
-          ],
-          "httpMethod": "PATCH",
-          "parameters": {
-            "name": {
-              "description": "Output only. Resource name of the `AccessPolicy`. Format:\n`accessPolicies/{policy_id}`",
-              "required": true,
-              "type": "string",
-              "pattern": "^accessPolicies/[^/]+$",
-              "location": "path"
-            },
-            "updateMask": {
-              "location": "query",
-              "description": "Required. Mask to control which fields get updated. Must be non-empty.",
-              "format": "google-fieldmask",
-              "type": "string"
-            }
-          },
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform"
-          ],
-          "flatPath": "v1beta/accessPolicies/{accessPoliciesId}",
-          "path": "v1beta/{+name}",
-          "id": "accesscontextmanager.accessPolicies.patch"
-        },
-        "create": {
-          "request": {
-            "$ref": "AccessPolicy"
-          },
-          "description": "Create an `AccessPolicy`. Fails if this organization already has a\n`AccessPolicy`. The longrunning Operation will have a successful status\nonce the `AccessPolicy` has propagated to long-lasting storage.\nSyntactic and basic semantic errors will be returned in `metadata` as a\nBadRequest proto.",
-          "response": {
-            "$ref": "Operation"
-          },
-          "parameterOrder": [],
-          "httpMethod": "POST",
-          "scopes": [
-            "https://www.googleapis.com/auth/cloud-platform"
-          ],
-          "parameters": {},
-          "flatPath": "v1beta/accessPolicies",
-          "path": "v1beta/accessPolicies",
-          "id": "accesscontextmanager.accessPolicies.create"
+        "create": {
+          "description": "Create an `AccessPolicy`. Fails if this organization already has a\n`AccessPolicy`. The longrunning Operation will have a successful status\nonce the `AccessPolicy` has propagated to long-lasting storage.\nSyntactic and basic semantic errors will be returned in `metadata` as a\nBadRequest proto.",
+          "request": {
+            "$ref": "AccessPolicy"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "parameterOrder": [],
+          "httpMethod": "POST",
+          "parameters": {},
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-platform"
+          ],
+          "flatPath": "v1beta/accessPolicies",
+          "path": "v1beta/accessPolicies",
+          "id": "accesscontextmanager.accessPolicies.create"
         }
       },
       "resources": {
         "servicePerimeters": {
           "methods": {
+            "delete": {
+              "path": "v1beta/{+name}",
+              "id": "accesscontextmanager.accessPolicies.servicePerimeters.delete",
+              "description": "Delete an Service Perimeter by resource\nname. The longrunning operation from this RPC will have a successful status\nonce the Service Perimeter has been\nremoved from long-lasting storage.",
+              "response": {
+                "$ref": "Operation"
+              },
+              "parameterOrder": [
+                "name"
+              ],
+              "httpMethod": "DELETE",
+              "parameters": {
+                "name": {
+                  "description": "Required. Resource name for the Service Perimeter.\n\nFormat:\n`accessPolicies/{policy_id}/servicePerimeters/{service_perimeter_id}`",
+                  "required": true,
+                  "type": "string",
+                  "pattern": "^accessPolicies/[^/]+/servicePerimeters/[^/]+$",
+                  "location": "path"
+                }
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/servicePerimeters/{servicePerimetersId}"
+            },
             "list": {
-              "path": "v1beta/{+parent}/servicePerimeters",
-              "id": "accesscontextmanager.accessPolicies.servicePerimeters.list",
-              "description": "List all Service Perimeters for an\naccess policy.",
               "response": {
                 "$ref": "ListServicePerimetersResponse"
               },
@@ -618,16 +219,7 @@
                 "parent"
               ],
               "httpMethod": "GET",
-              "scopes": [
-                "https://www.googleapis.com/auth/cloud-platform"
-              ],
               "parameters": {
-                "pageSize": {
-                  "description": "Number of Service Perimeters to include\nin the list. Default 100.",
-                  "format": "int32",
-                  "type": "integer",
-                  "location": "query"
-                },
                 "parent": {
                   "description": "Required. Resource name for the access policy to list Service Perimeters from.\n\nFormat:\n`accessPolicies/{policy_id}`",
                   "required": true,
@@ -636,14 +228,27 @@
                   "location": "path"
                 },
                 "pageToken": {
-                  "location": "query",
                   "description": "Next page token for the next batch of Service Perimeter instances.\nDefaults to the first page of results.",
-                  "type": "string"
+                  "type": "string",
+                  "location": "query"
+                },
+                "pageSize": {
+                  "description": "Number of Service Perimeters to include\nin the list. Default 100.",
+                  "format": "int32",
+                  "type": "integer",
+                  "location": "query"
                 }
               },
-              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/servicePerimeters"
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/servicePerimeters",
+              "path": "v1beta/{+parent}/servicePerimeters",
+              "id": "accesscontextmanager.accessPolicies.servicePerimeters.list",
+              "description": "List all Service Perimeters for an\naccess policy."
             },
             "get": {
+              "description": "Get an Service Perimeter by resource\nname.",
               "response": {
                 "$ref": "ServicePerimeter"
               },
@@ -651,35 +256,34 @@
                 "name"
               ],
               "httpMethod": "GET",
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
               "parameters": {
                 "name": {
-                  "pattern": "^accessPolicies/[^/]+/servicePerimeters/[^/]+$",
-                  "location": "path",
                   "description": "Required. Resource name for the Service Perimeter.\n\nFormat:\n`accessPolicies/{policy_id}/servicePerimeters/{service_perimeters_id}`",
                   "required": true,
-                  "type": "string"
+                  "type": "string",
+                  "pattern": "^accessPolicies/[^/]+/servicePerimeters/[^/]+$",
+                  "location": "path"
                 }
               },
-              "scopes": [
-                "https://www.googleapis.com/auth/cloud-platform"
-              ],
               "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/servicePerimeters/{servicePerimetersId}",
               "path": "v1beta/{+name}",
-              "id": "accesscontextmanager.accessPolicies.servicePerimeters.get",
-              "description": "Get an Service Perimeter by resource\nname."
+              "id": "accesscontextmanager.accessPolicies.servicePerimeters.get"
             },
             "patch": {
               "description": "Update an Service Perimeter. The\nlongrunning operation from this RPC will have a successful status once the\nchanges to the Service Perimeter have\npropagated to long-lasting storage. Service Perimeter containing\nerrors will result in an error response for the first error encountered.",
               "request": {
                 "$ref": "ServicePerimeter"
               },
-              "httpMethod": "PATCH",
-              "parameterOrder": [
-                "name"
-              ],
               "response": {
                 "$ref": "Operation"
               },
+              "parameterOrder": [
+                "name"
+              ],
+              "httpMethod": "PATCH",
               "parameters": {
                 "updateMask": {
                   "description": "Required. Mask to control which fields get updated. Must be non-empty.",
@@ -688,331 +292,723 @@
                   "location": "query"
                 },
                 "name": {
+                  "description": "Required. Resource name for the ServicePerimeter.  The `short_name`\ncomponent must begin with a letter and only include alphanumeric and '_'.\nFormat: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`",
+                  "required": true,
+                  "type": "string",
                   "pattern": "^accessPolicies/[^/]+/servicePerimeters/[^/]+$",
+                  "location": "path"
+                }
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/servicePerimeters/{servicePerimetersId}",
+              "path": "v1beta/{+name}",
+              "id": "accesscontextmanager.accessPolicies.servicePerimeters.patch"
+            },
+            "create": {
+              "httpMethod": "POST",
+              "parameterOrder": [
+                "parent"
+              ],
+              "response": {
+                "$ref": "Operation"
+              },
+              "parameters": {
+                "parent": {
+                  "description": "Required. Resource name for the access policy which owns this Service\nPerimeter.\n\nFormat: `accessPolicies/{policy_id}`",
+                  "required": true,
+                  "type": "string",
+                  "pattern": "^accessPolicies/[^/]+$",
+                  "location": "path"
+                }
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/servicePerimeters",
+              "id": "accesscontextmanager.accessPolicies.servicePerimeters.create",
+              "path": "v1beta/{+parent}/servicePerimeters",
+              "description": "Create an Service Perimeter. The\nlongrunning operation from this RPC will have a successful status once the\nService Perimeter has\npropagated to long-lasting storage. Service Perimeters containing\nerrors will result in an error response for the first error encountered.",
+              "request": {
+                "$ref": "ServicePerimeter"
+              }
+            }
+          }
+        },
+        "accessLevels": {
+          "methods": {
+            "delete": {
+              "description": "Delete an Access Level by resource\nname. The longrunning operation from this RPC will have a successful status\nonce the Access Level has been removed\nfrom long-lasting storage.",
+              "response": {
+                "$ref": "Operation"
+              },
+              "parameterOrder": [
+                "name"
+              ],
+              "httpMethod": "DELETE",
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "parameters": {
+                "name": {
+                  "pattern": "^accessPolicies/[^/]+/accessLevels/[^/]+$",
                   "location": "path",
-                  "description": "Required. Resource name for the ServicePerimeter.  The `short_name`\ncomponent must begin with a letter and only include alphanumeric and '_'.\nFormat: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`",
+                  "description": "Required. Resource name for the Access Level.\n\nFormat:\n`accessPolicies/{policy_id}/accessLevels/{access_level_id}`",
+                  "required": true,
+                  "type": "string"
+                }
+              },
+              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/accessLevels/{accessLevelsId}",
+              "path": "v1beta/{+name}",
+              "id": "accesscontextmanager.accessPolicies.accessLevels.delete"
+            },
+            "list": {
+              "path": "v1beta/{+parent}/accessLevels",
+              "id": "accesscontextmanager.accessPolicies.accessLevels.list",
+              "description": "List all Access Levels for an access\npolicy.",
+              "response": {
+                "$ref": "ListAccessLevelsResponse"
+              },
+              "parameterOrder": [
+                "parent"
+              ],
+              "httpMethod": "GET",
+              "parameters": {
+                "parent": {
+                  "pattern": "^accessPolicies/[^/]+$",
+                  "location": "path",
+                  "description": "Required. Resource name for the access policy to list Access Levels from.\n\nFormat:\n`accessPolicies/{policy_id}`",
                   "required": true,
                   "type": "string"
+                },
+                "pageToken": {
+                  "location": "query",
+                  "description": "Next page token for the next batch of Access Level instances.\nDefaults to the first page of results.",
+                  "type": "string"
+                },
+                "pageSize": {
+                  "description": "Number of Access Levels to include in\nthe list. Default 100.",
+                  "format": "int32",
+                  "type": "integer",
+                  "location": "query"
+                },
+                "accessLevelFormat": {
+                  "location": "query",
+                  "enum": [
+                    "LEVEL_FORMAT_UNSPECIFIED",
+                    "AS_DEFINED",
+                    "CEL"
+                  ],
+                  "description": "Whether to return `BasicLevels` in the Cloud Common Expression language, as\n`CustomLevels`, rather than as `BasicLevels`. Defaults to returning\n`AccessLevels` in the format they were defined.",
+                  "type": "string"
+                }
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform"
+              ],
+              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/accessLevels"
+            },
+            "get": {
+              "description": "Get an Access Level by resource\nname.",
+              "response": {
+                "$ref": "AccessLevel"
+              },
+              "parameterOrder": [
+                "name"
+              ],
+              "httpMethod": "GET",
+              "parameters": {
+                "name": {
+                  "description": "Required. Resource name for the Access Level.\n\nFormat:\n`accessPolicies/{policy_id}/accessLevels/{access_level_id}`",
+                  "required": true,
+                  "type": "string",
+                  "pattern": "^accessPolicies/[^/]+/accessLevels/[^/]+$",
+                  "location": "path"
+                },
+                "accessLevelFormat": {
+                  "enum": [
+                    "LEVEL_FORMAT_UNSPECIFIED",
+                    "AS_DEFINED",
+                    "CEL"
+                  ],
+                  "description": "Whether to return `BasicLevels` in the Cloud Common Expression\nLanguage rather than as `BasicLevels`. Defaults to AS_DEFINED, where\nAccess Levels\nare returned as `BasicLevels` or `CustomLevels` based on how they were\ncreated. If set to CEL, all Access Levels are returned as\n`CustomLevels`. In the CEL case, `BasicLevels` are translated to equivalent\n`CustomLevels`.",
+                  "type": "string",
+                  "location": "query"
                 }
               },
               "scopes": [
                 "https://www.googleapis.com/auth/cloud-platform"
               ],
-              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/servicePerimeters/{servicePerimetersId}",
-              "id": "accesscontextmanager.accessPolicies.servicePerimeters.patch",
-              "path": "v1beta/{+name}"
+              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/accessLevels/{accessLevelsId}",
+              "path": "v1beta/{+name}",
+              "id": "accesscontextmanager.accessPolicies.accessLevels.get"
             },
-            "create": {
-              "description": "Create an Service Perimeter. The\nlongrunning operation from this RPC will have a successful status once the\nService Perimeter has\npropagated to long-lasting storage. Service Perimeters containing\nerrors will result in an error response for the first error encountered.",
+            "patch": {
+              "description": "Update an Access Level. The longrunning\noperation from this RPC will have a successful status once the changes to\nthe Access Level have propagated\nto long-lasting storage. Access Levels containing\nerrors will result in an error response for the first error encountered.",
               "request": {
-                "$ref": "ServicePerimeter"
+                "$ref": "AccessLevel"
               },
               "response": {
                 "$ref": "Operation"
               },
               "parameterOrder": [
-                "parent"
+                "name"
               ],
-              "httpMethod": "POST",
+              "httpMethod": "PATCH",
               "parameters": {
-                "parent": {
-                  "description": "Required. Resource name for the access policy which owns this Service\nPerimeter.\n\nFormat: `accessPolicies/{policy_id}`",
+                "name": {
+                  "description": "Required. Resource name for the Access Level. The `short_name` component\nmust begin with a letter and only include alphanumeric and '_'. Format:\n`accessPolicies/{policy_id}/accessLevels/{short_name}`",
                   "required": true,
                   "type": "string",
-                  "pattern": "^accessPolicies/[^/]+$",
+                  "pattern": "^accessPolicies/[^/]+/accessLevels/[^/]+$",
                   "location": "path"
+                },
+                "updateMask": {
+                  "description": "Required.  Mask to control which fields get updated. Must be non-empty.",
+                  "format": "google-fieldmask",
+                  "type": "string",
+                  "location": "query"
                 }
               },
               "scopes": [
                 "https://www.googleapis.com/auth/cloud-platform"
               ],
-              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/servicePerimeters",
-              "path": "v1beta/{+parent}/servicePerimeters",
-              "id": "accesscontextmanager.accessPolicies.servicePerimeters.create"
+              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/accessLevels/{accessLevelsId}",
+              "path": "v1beta/{+name}",
+              "id": "accesscontextmanager.accessPolicies.accessLevels.patch"
             },
-            "delete": {
+            "create": {
+              "path": "v1beta/{+parent}/accessLevels",
+              "id": "accesscontextmanager.accessPolicies.accessLevels.create",
+              "request": {
+                "$ref": "AccessLevel"
+              },
+              "description": "Create an Access Level. The longrunning\noperation from this RPC will have a successful status once the Access\nLevel has\npropagated to long-lasting storage. Access Levels containing\nerrors will result in an error response for the first error encountered.",
               "response": {
                 "$ref": "Operation"
               },
               "parameterOrder": [
-                "name"
+                "parent"
               ],
-              "httpMethod": "DELETE",
+              "httpMethod": "POST",
               "scopes": [
                 "https://www.googleapis.com/auth/cloud-platform"
               ],
               "parameters": {
-                "name": {
-                  "description": "Required. Resource name for the Service Perimeter.\n\nFormat:\n`accessPolicies/{policy_id}/servicePerimeters/{service_perimeter_id}`",
+                "parent": {
+                  "description": "Required. Resource name for the access policy which owns this Access\nLevel.\n\nFormat: `accessPolicies/{policy_id}`",
                   "required": true,
                   "type": "string",
-                  "pattern": "^accessPolicies/[^/]+/servicePerimeters/[^/]+$",
+                  "pattern": "^accessPolicies/[^/]+$",
                   "location": "path"
                 }
               },
-              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/servicePerimeters/{servicePerimetersId}",
-              "path": "v1beta/{+name}",
-              "id": "accesscontextmanager.accessPolicies.servicePerimeters.delete",
-              "description": "Delete an Service Perimeter by resource\nname. The longrunning operation from this RPC will have a successful status\nonce the Service Perimeter has been\nremoved from long-lasting storage."
+              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/accessLevels"
             }
           }
+        }
+      }
+    }
+  },
+  "parameters": {
+    "alt": {
+      "enum": [
+        "json",
+        "media",
+        "proto"
+      ],
+      "type": "string",
+      "enumDescriptions": [
+        "Responses with Content-Type of application/json",
+        "Media download with context-dependent Content-Type",
+        "Responses with Content-Type of application/x-protobuf"
+      ],
+      "location": "query",
+      "description": "Data format for response.",
+      "default": "json"
+    },
+    "key": {
+      "location": "query",
+      "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
+      "type": "string"
+    },
+    "access_token": {
+      "location": "query",
+      "description": "OAuth access token.",
+      "type": "string"
+    },
+    "upload_protocol": {
+      "location": "query",
+      "description": "Upload protocol for media (e.g. \"raw\", \"multipart\").",
+      "type": "string"
+    },
+    "prettyPrint": {
+      "location": "query",
+      "description": "Returns response with indentations and line breaks.",
+      "type": "boolean",
+      "default": "true"
+    },
+    "quotaUser": {
+      "location": "query",
+      "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
+      "type": "string"
+    },
+    "fields": {
+      "location": "query",
+      "description": "Selector specifying which fields to include in a partial response.",
+      "type": "string"
+    },
+    "uploadType": {
+      "location": "query",
+      "description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
+      "type": "string"
+    },
+    "$.xgafv": {
+      "enum": [
+        "1",
+        "2"
+      ],
+      "description": "V1 error format.",
+      "type": "string",
+      "enumDescriptions": [
+        "v1 error format",
+        "v2 error format"
+      ],
+      "location": "query"
+    },
+    "oauth_token": {
+      "description": "OAuth 2.0 token for the current user.",
+      "type": "string",
+      "location": "query"
+    },
+    "callback": {
+      "location": "query",
+      "description": "JSONP",
+      "type": "string"
+    }
+  },
+  "version": "v1beta",
+  "baseUrl": "https://accesscontextmanager.googleapis.com/",
+  "kind": "discovery#restDescription",
+  "description": "An API for setting attribute based access control to requests to GCP services.",
+  "servicePath": "",
+  "basePath": "",
+  "id": "accesscontextmanager:v1beta",
+  "documentationLink": "https://cloud.google.com/access-context-manager/docs/reference/rest/",
+  "revision": "20190306",
+  "discoveryVersion": "v1",
+  "version_module": true,
+  "schemas": {
+    "Status": {
+      "properties": {
+        "message": {
+          "description": "A developer-facing error message, which should be in English. Any\nuser-facing error message should be localized and sent in the\ngoogle.rpc.Status.details field, or localized by the client.",
+          "type": "string"
+        },
+        "details": {
+          "description": "A list of messages that carry the error details.  There is a common set of\nmessage types for APIs to use.",
+          "type": "array",
+          "items": {
+            "additionalProperties": {
+              "description": "Properties of the object. Contains field @type with type URL.",
+              "type": "any"
+            },
+            "type": "object"
+          }
+        },
+        "code": {
+          "description": "The status code, which should be an enum value of google.rpc.Code.",
+          "format": "int32",
+          "type": "integer"
+        }
+      },
+      "id": "Status",
+      "description": "The `Status` type defines a logical error model that is suitable for different\nprogramming environments, including REST APIs and RPC APIs. It is used by\n[gRPC](https://github.com/grpc). The error model is designed to be:\n\n- Simple to use and understand for most users\n- Flexible enough to meet unexpected needs\n\n# Overview\n\nThe `Status` message contains three pieces of data: error code, error message,\nand error details. The error code should be an enum value of\ngoogle.rpc.Code, but it may accept additional error codes if needed.  The\nerror message should be a developer-facing English message that helps\ndevelopers *understand* and *resolve* the error. If a localized user-facing\nerror message is needed, put the localized message in the error details or\nlocalize it in the client. The optional error details may contain arbitrary\ninformation about the error. There is a predefined set of error detail types\nin the package `google.rpc` that can be used for common error conditions.\n\n# Language mapping\n\nThe `Status` message is the logical representation of the error model, but it\nis not necessarily the actual wire format. When the `Status` message is\nexposed in different client libraries and different wire protocols, it can be\nmapped differently. For example, it will likely be mapped to some exceptions\nin Java, but more likely mapped to some error codes in C.\n\n# Other uses\n\nThe error model and the `Status` message can be used in a variety of\nenvironments, either with or without APIs, to provide a\nconsistent developer experience across different environments.\n\nExample uses of this error model include:\n\n- Partial errors. If a service needs to return partial errors to the client,\n    it may embed the `Status` in the normal response to indicate the partial\n    errors.\n\n- Workflow errors. A typical workflow has multiple steps. Each step may\n    have a `Status` message for error reporting.\n\n- Batch operations. If a client uses batch request and batch response, the\n    `Status` message should be used directly inside batch response, one for\n    each error sub-response.\n\n- Asynchronous operations. If an API call embeds asynchronous operation\n    results in its response, the status of those operations should be\n    represented directly using the `Status` message.\n\n- Logging. If some API errors are stored in logs, the message `Status` could\n    be used directly after any stripping needed for security/privacy reasons.",
+      "type": "object"
+    },
+    "OsConstraint": {
+      "description": "A restriction on the OS type and version of devices making requests.",
+      "type": "object",
+      "properties": {
+        "osType": {
+          "enumDescriptions": [
+            "The operating system of the device is not specified or not known.",
+            "A desktop Mac operating system.",
+            "A desktop Windows operating system.",
+            "A desktop Linux operating system.",
+            "A desktop ChromeOS operating system."
+          ],
+          "enum": [
+            "OS_UNSPECIFIED",
+            "DESKTOP_MAC",
+            "DESKTOP_WINDOWS",
+            "DESKTOP_LINUX",
+            "DESKTOP_CHROME_OS"
+          ],
+          "description": "Required. The allowed OS type.",
+          "type": "string"
+        },
+        "minimumVersion": {
+          "description": "The minimum allowed OS version. If not set, any version of this OS\nsatisfies the constraint. Format: `\"major.minor.patch\"`.\nExamples: `\"10.5.301\"`, `\"9.2.1\"`.",
+          "type": "string"
+        }
+      },
+      "id": "OsConstraint"
+    },
+    "ServicePerimeter": {
+      "properties": {
+        "title": {
+          "description": "Human readable title. Must be unique within the Policy.",
+          "type": "string"
+        },
+        "description": {
+          "description": "Description of the `ServicePerimeter` and its use. Does not affect\nbehavior.",
+          "type": "string"
+        },
+        "createTime": {
+          "description": "Output only. Time the `ServicePerimeter` was created in UTC.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "status": {
+          "$ref": "ServicePerimeterConfig",
+          "description": "Current ServicePerimeter configuration. Specifies sets of resources,\nrestricted/unrestricted services and access levels that determine perimeter\ncontent and boundaries."
+        },
+        "updateTime": {
+          "description": "Output only. Time the `ServicePerimeter` was updated in UTC.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "name": {
+          "description": "Required. Resource name for the ServicePerimeter.  The `short_name`\ncomponent must begin with a letter and only include alphanumeric and '_'.\nFormat: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`",
+          "type": "string"
+        },
+        "perimeterType": {
+          "enumDescriptions": [
+            "Regular Perimeter.",
+            "Perimeter Bridge."
+          ],
+          "enum": [
+            "PERIMETER_TYPE_REGULAR",
+            "PERIMETER_TYPE_BRIDGE"
+          ],
+          "description": "Perimeter type indicator. A single project is\nallowed to be a member of single regular perimeter, but multiple service\nperimeter bridges. A project cannot be a included in a perimeter bridge\nwithout being included in regular perimeter. For perimeter bridges,\nrestricted/unrestricted service lists as well as access lists must be\nempty.",
+          "type": "string"
+        }
+      },
+      "id": "ServicePerimeter",
+      "description": "`ServicePerimeter` describes a set of GCP resources which can freely import\nand export data amongst themselves, but not export outside of the\n`ServicePerimeter`. If a request with a source within this `ServicePerimeter`\nhas a target outside of the `ServicePerimeter`, the request will be blocked.\nOtherwise the request is allowed. There are two types of Service Perimeter -\nRegular and Bridge. Regular Service Perimeters cannot overlap, a single GCP\nproject can only belong to a single regular Service Perimeter. Service\nPerimeter Bridges can contain only GCP projects as members, a single GCP\nproject may belong to multiple Service Perimeter Bridges.",
+      "type": "object"
+    },
+    "Condition": {
+      "properties": {
+        "ipSubnetworks": {
+          "description": "CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for\na CIDR IP address block, the specified IP address portion must be properly\ntruncated (i.e. all the host bits must be zero) or the input is considered\nmalformed. For example, \"192.0.2.0/24\" is accepted but \"192.0.2.1/24\" is\nnot. Similarly, for IPv6, \"2001:db8::/32\" is accepted whereas\n\"2001:db8::1/32\" is not. The originating IP of a request must be in one of\nthe listed subnets in order for this Condition to be true. If empty, all IP\naddresses are allowed.",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "requiredAccessLevels": {
+          "description": "A list of other access levels defined in the same `Policy`, referenced by\nresource name. Referencing an `AccessLevel` which does not exist is an\nerror. All access levels listed must be granted for the Condition\nto be true. Example:\n\"`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME\"`",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "negate": {
+          "description": "Whether to negate the Condition. If true, the Condition becomes a NAND over\nits non-empty fields, each field must be false for the Condition overall to\nbe satisfied. Defaults to false.",
+          "type": "boolean"
+        },
+        "devicePolicy": {
+          "description": "Device specific restrictions, all restrictions must hold for the\nCondition to be true. If not specified, all devices are allowed.",
+          "$ref": "DevicePolicy"
+        },
+        "members": {
+          "description": "The request must be made by one of the provided user or service\naccounts. Groups are not supported.\nSyntax:\n`user:{emailid}`\n`serviceAccount:{emailid}`\nIf not specified, a request may come from any user.",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        }
+      },
+      "id": "Condition",
+      "description": "A condition necessary for an `AccessLevel` to be granted. The Condition is an\nAND over its fields. So a Condition is true if: 1) the request IP is from one\nof the listed subnetworks AND 2) the originating device complies with the\nlisted device policy AND 3) all listed access levels are granted AND 4) the\nrequest was sent at a time allowed by the DateTimeRestriction.",
+      "type": "object"
+    },
+    "ListAccessLevelsResponse": {
+      "description": "A response to `ListAccessLevelsRequest`.",
+      "type": "object",
+      "properties": {
+        "nextPageToken": {
+          "description": "The pagination token to retrieve the next page of results. If the value is\nempty, no further results remain.",
+          "type": "string"
         },
         "accessLevels": {
-          "methods": {
-            "delete": {
-              "response": {
-                "$ref": "Operation"
-              },
-              "parameterOrder": [
-                "name"
-              ],
-              "httpMethod": "DELETE",
-              "scopes": [
-                "https://www.googleapis.com/auth/cloud-platform"
-              ],
-              "parameters": {
-                "name": {
-                  "pattern": "^accessPolicies/[^/]+/accessLevels/[^/]+$",
-                  "location": "path",
-                  "description": "Required. Resource name for the Access Level.\n\nFormat:\n`accessPolicies/{policy_id}/accessLevels/{access_level_id}`",
-                  "required": true,
-                  "type": "string"
-                }
-              },
-              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/accessLevels/{accessLevelsId}",
-              "path": "v1beta/{+name}",
-              "id": "accesscontextmanager.accessPolicies.accessLevels.delete",
-              "description": "Delete an Access Level by resource\nname. The longrunning operation from this RPC will have a successful status\nonce the Access Level has been removed\nfrom long-lasting storage."
-            },
-            "list": {
-              "id": "accesscontextmanager.accessPolicies.accessLevels.list",
-              "path": "v1beta/{+parent}/accessLevels",
-              "description": "List all Access Levels for an access\npolicy.",
-              "httpMethod": "GET",
-              "parameterOrder": [
-                "parent"
-              ],
-              "response": {
-                "$ref": "ListAccessLevelsResponse"
-              },
-              "parameters": {
-                "pageSize": {
-                  "description": "Number of Access Levels to include in\nthe list. Default 100.",
-                  "format": "int32",
-                  "type": "integer",
-                  "location": "query"
-                },
-                "accessLevelFormat": {
-                  "location": "query",
-                  "enum": [
-                    "LEVEL_FORMAT_UNSPECIFIED",
-                    "AS_DEFINED",
-                    "CEL"
-                  ],
-                  "description": "Whether to return `BasicLevels` in the Cloud Common Expression language, as\n`CustomLevels`, rather than as `BasicLevels`. Defaults to returning\n`AccessLevels` in the format they were defined.",
-                  "type": "string"
-                },
-                "parent": {
-                  "pattern": "^accessPolicies/[^/]+$",
-                  "location": "path",
-                  "description": "Required. Resource name for the access policy to list Access Levels from.\n\nFormat:\n`accessPolicies/{policy_id}`",
-                  "required": true,
-                  "type": "string"
-                },
-                "pageToken": {
-                  "location": "query",
-                  "description": "Next page token for the next batch of Access Level instances.\nDefaults to the first page of results.",
-                  "type": "string"
-                }
-              },
-              "scopes": [
-                "https://www.googleapis.com/auth/cloud-platform"
-              ],
-              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/accessLevels"
-            },
-            "get": {
-              "description": "Get an Access Level by resource\nname.",
-              "response": {
-                "$ref": "AccessLevel"
-              },
-              "parameterOrder": [
-                "name"
-              ],
-              "httpMethod": "GET",
-              "parameters": {
-                "name": {
-                  "location": "path",
-                  "description": "Required. Resource name for the Access Level.\n\nFormat:\n`accessPolicies/{policy_id}/accessLevels/{access_level_id}`",
-                  "required": true,
-                  "type": "string",
-                  "pattern": "^accessPolicies/[^/]+/accessLevels/[^/]+$"
-                },
-                "accessLevelFormat": {
-                  "location": "query",
-                  "enum": [
-                    "LEVEL_FORMAT_UNSPECIFIED",
-                    "AS_DEFINED",
-                    "CEL"
-                  ],
-                  "description": "Whether to return `BasicLevels` in the Cloud Common Expression\nLanguage rather than as `BasicLevels`. Defaults to AS_DEFINED, where\nAccess Levels\nare returned as `BasicLevels` or `CustomLevels` based on how they were\ncreated. If set to CEL, all Access Levels are returned as\n`CustomLevels`. In the CEL case, `BasicLevels` are translated to equivalent\n`CustomLevels`.",
-                  "type": "string"
-                }
-              },
-              "scopes": [
-                "https://www.googleapis.com/auth/cloud-platform"
-              ],
-              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/accessLevels/{accessLevelsId}",
-              "path": "v1beta/{+name}",
-              "id": "accesscontextmanager.accessPolicies.accessLevels.get"
-            },
-            "patch": {
-              "description": "Update an Access Level. The longrunning\noperation from this RPC will have a successful status once the changes to\nthe Access Level have propagated\nto long-lasting storage. Access Levels containing\nerrors will result in an error response for the first error encountered.",
-              "request": {
-                "$ref": "AccessLevel"
-              },
-              "httpMethod": "PATCH",
-              "parameterOrder": [
-                "name"
-              ],
-              "response": {
-                "$ref": "Operation"
-              },
-              "parameters": {
-                "name": {
-                  "location": "path",
-                  "description": "Required. Resource name for the Access Level. The `short_name` component\nmust begin with a letter and only include alphanumeric and '_'. Format:\n`accessPolicies/{policy_id}/accessLevels/{short_name}`",
-                  "required": true,
-                  "type": "string",
-                  "pattern": "^accessPolicies/[^/]+/accessLevels/[^/]+$"
-                },
-                "updateMask": {
-                  "description": "Required.  Mask to control which fields get updated. Must be non-empty.",
-                  "format": "google-fieldmask",
-                  "type": "string",
-                  "location": "query"
-                }
-              },
-              "scopes": [
-                "https://www.googleapis.com/auth/cloud-platform"
-              ],
-              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/accessLevels/{accessLevelsId}",
-              "id": "accesscontextmanager.accessPolicies.accessLevels.patch",
-              "path": "v1beta/{+name}"
-            },
-            "create": {
-              "flatPath": "v1beta/accessPolicies/{accessPoliciesId}/accessLevels",
-              "id": "accesscontextmanager.accessPolicies.accessLevels.create",
-              "path": "v1beta/{+parent}/accessLevels",
-              "description": "Create an Access Level. The longrunning\noperation from this RPC will have a successful status once the Access\nLevel has\npropagated to long-lasting storage. Access Levels containing\nerrors will result in an error response for the first error encountered.",
-              "request": {
-                "$ref": "AccessLevel"
-              },
-              "httpMethod": "POST",
-              "parameterOrder": [
-                "parent"
-              ],
-              "response": {
-                "$ref": "Operation"
-              },
-              "parameters": {
-                "parent": {
-                  "location": "path",
-                  "description": "Required. Resource name for the access policy which owns this Access\nLevel.\n\nFormat: `accessPolicies/{policy_id}`",
-                  "required": true,
-                  "type": "string",
-                  "pattern": "^accessPolicies/[^/]+$"
-                }
-              },
-              "scopes": [
-                "https://www.googleapis.com/auth/cloud-platform"
-              ]
-            }
+          "description": "List of the Access Level instances.",
+          "type": "array",
+          "items": {
+            "$ref": "AccessLevel"
+          }
+        }
+      },
+      "id": "ListAccessLevelsResponse"
+    },
+    "ServicePerimeterConfig": {
+      "description": "`ServicePerimeterConfig` specifies a set of GCP resources that describe\nspecific Service Perimeter configuration.",
+      "type": "object",
+      "properties": {
+        "resources": {
+          "description": "A list of GCP resources that are inside of the service perimeter.\nCurrently only projects are allowed. Format: `projects/{project_number}`",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "unrestrictedServices": {
+          "description": "GCP services that are not subject to the Service Perimeter\nrestrictions. Deprecated. Must be set to a single wildcard \"*\".\n\nThe wildcard means that unless explicitly specified by\n\"restricted_services\" list, any service is treated as unrestricted.",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "accessLevels": {
+          "description": "A list of `AccessLevel` resource names that allow resources within the\n`ServicePerimeter` to be accessed from the internet. `AccessLevels` listed\nmust be in the same policy as this `ServicePerimeter`. Referencing a\nnonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are\nlisted, resources within the perimeter can only be accessed via GCP calls\nwith request origins within the perimeter. Example:\n`\"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL\"`.\nFor Service Perimeter Bridge, must be empty.",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "restrictedServices": {
+          "description": "GCP services that are subject to the Service Perimeter restrictions. Must\ncontain a list of services. For example, if\n`storage.googleapis.com` is specified, access to the storage buckets\ninside the perimeter must meet the perimeter's access restrictions.",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        }
+      },
+      "id": "ServicePerimeterConfig"
+    },
+    "BasicLevel": {
+      "description": "`BasicLevel` is an `AccessLevel` using a set of recommended features.",
+      "type": "object",
+      "properties": {
+        "combiningFunction": {
+          "enum": [
+            "AND",
+            "OR"
+          ],
+          "description": "How the `conditions` list should be combined to determine if a request is\ngranted this `AccessLevel`. If AND is used, each `Condition` in\n`conditions` must be satisfied for the `AccessLevel` to be applied. If OR\nis used, at least one `Condition` in `conditions` must be satisfied for the\n`AccessLevel` to be applied. Default behavior is AND.",
+          "type": "string",
+          "enumDescriptions": [
+            "All `Conditions` must be true for the `BasicLevel` to be true.",
+            "If at least one `Condition` is true, then the `BasicLevel` is true."
+          ]
+        },
+        "conditions": {
+          "description": "Required. A list of requirements for the `AccessLevel` to be granted.",
+          "type": "array",
+          "items": {
+            "$ref": "Condition"
+          }
+        }
+      },
+      "id": "BasicLevel"
+    },
+    "ListServicePerimetersResponse": {
+      "description": "A response to `ListServicePerimetersRequest`.",
+      "type": "object",
+      "properties": {
+        "servicePerimeters": {
+          "description": "List of the Service Perimeter instances.",
+          "type": "array",
+          "items": {
+            "$ref": "ServicePerimeter"
           }
+        },
+        "nextPageToken": {
+          "description": "The pagination token to retrieve the next page of results. If the value is\nempty, no further results remain.",
+          "type": "string"
         }
-      }
-    }
-  },
-  "parameters": {
-    "uploadType": {
-      "description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
-      "type": "string",
-      "location": "query"
-    },
-    "fields": {
-      "location": "query",
-      "description": "Selector specifying which fields to include in a partial response.",
-      "type": "string"
-    },
-    "callback": {
-      "location": "query",
-      "description": "JSONP",
-      "type": "string"
-    },
-    "oauth_token": {
-      "description": "OAuth 2.0 token for the current user.",
-      "type": "string",
-      "location": "query"
-    },
-    "$.xgafv": {
-      "description": "V1 error format.",
-      "type": "string",
-      "enumDescriptions": [
-        "v1 error format",
-        "v2 error format"
-      ],
-      "location": "query",
-      "enum": [
-        "1",
-        "2"
-      ]
-    },
-    "alt": {
-      "enum": [
-        "json",
-        "media",
-        "proto"
-      ],
-      "type": "string",
-      "enumDescriptions": [
-        "Responses with Content-Type of application/json",
-        "Media download with context-dependent Content-Type",
-        "Responses with Content-Type of application/x-protobuf"
-      ],
-      "location": "query",
-      "description": "Data format for response.",
-      "default": "json"
+      },
+      "id": "ListServicePerimetersResponse"
     },
-    "key": {
-      "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
-      "type": "string",
-      "location": "query"
+    "ListAccessPoliciesResponse": {
+      "description": "A response to `ListAccessPoliciesRequest`.",
+      "type": "object",
+      "properties": {
+        "nextPageToken": {
+          "description": "The pagination token to retrieve the next page of results. If the value is\nempty, no further results remain.",
+          "type": "string"
+        },
+        "accessPolicies": {
+          "description": "List of the AccessPolicy instances.",
+          "type": "array",
+          "items": {
+            "$ref": "AccessPolicy"
+          }
+        }
+      },
+      "id": "ListAccessPoliciesResponse"
     },
-    "access_token": {
-      "description": "OAuth access token.",
-      "type": "string",
-      "location": "query"
+    "DevicePolicy": {
+      "description": "`DevicePolicy` specifies device specific restrictions necessary to acquire a\ngiven access level. A `DevicePolicy` specifies requirements for requests from\ndevices to be granted access levels, it does not do any enforcement on the\ndevice. `DevicePolicy` acts as an AND over all specified fields, and each\nrepeated field is an OR over its elements. Any unset fields are ignored. For\nexample, if the proto is { os_type : DESKTOP_WINDOWS, os_type :\nDESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be\ntrue for requests originating from encrypted Linux desktops and encrypted\nWindows desktops.",
+      "type": "object",
+      "properties": {
+        "allowedEncryptionStatuses": {
+          "enumDescriptions": [
+            "The encryption status of the device is not specified or not known.",
+            "The device does not support encryption.",
+            "The device supports encryption, but is currently unencrypted.",
+            "The device is encrypted."
+          ],
+          "description": "Allowed encryptions statuses, an empty list allows all statuses.",
+          "type": "array",
+          "items": {
+            "enum": [
+              "ENCRYPTION_UNSPECIFIED",
+              "ENCRYPTION_UNSUPPORTED",
+              "UNENCRYPTED",
+              "ENCRYPTED"
+            ],
+            "type": "string"
+          }
+        },
+        "requireScreenlock": {
+          "description": "Whether or not screenlock is required for the DevicePolicy to be true.\nDefaults to `false`.",
+          "type": "boolean"
+        },
+        "allowedDeviceManagementLevels": {
+          "description": "Allowed device management levels, an empty list allows all management\nlevels.",
+          "type": "array",
+          "items": {
+            "enum": [
+              "MANAGEMENT_UNSPECIFIED",
+              "NONE",
+              "BASIC",
+              "COMPLETE"
+            ],
+            "type": "string"
+          },
+          "enumDescriptions": [
+            "The device's management level is not specified or not known.",
+            "The device is not managed.",
+            "Basic management is enabled, which is generally limited to monitoring and\nwiping the corporate account.",
+            "Complete device management. This includes more thorough monitoring and the\nability to directly manage the device (such as remote wiping). This can be\nenabled through the Android Enterprise Platform."
+          ]
+        },
+        "osConstraints": {
+          "description": "Allowed OS versions, an empty list allows all types and all versions.",
+          "type": "array",
+          "items": {
+            "$ref": "OsConstraint"
+          }
+        }
+      },
+      "id": "DevicePolicy"
     },
-    "upload_protocol": {
-      "location": "query",
-      "description": "Upload protocol for media (e.g. \"raw\", \"multipart\").",
-      "type": "string"
+    "AccessLevel": {
+      "description": "An `AccessLevel` is a label that can be applied to requests to GCP services,\nalong with a list of requirements necessary for the label to be applied.",
+      "type": "object",
+      "properties": {
+        "description": {
+          "description": "Description of the `AccessLevel` and its use. Does not affect behavior.",
+          "type": "string"
+        },
+        "createTime": {
+          "description": "Output only. Time the `AccessLevel` was created in UTC.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "updateTime": {
+          "description": "Output only. Time the `AccessLevel` was updated in UTC.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "name": {
+          "description": "Required. Resource name for the Access Level. The `short_name` component\nmust begin with a letter and only include alphanumeric and '_'. Format:\n`accessPolicies/{policy_id}/accessLevels/{short_name}`",
+          "type": "string"
+        },
+        "basic": {
+          "$ref": "BasicLevel",
+          "description": "A `BasicLevel` composed of `Conditions`."
+        },
+        "title": {
+          "description": "Human readable title. Must be unique within the Policy.",
+          "type": "string"
+        }
+      },
+      "id": "AccessLevel"
     },
-    "quotaUser": {
-      "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
-      "type": "string",
-      "location": "query"
+    "AccessPolicy": {
+      "description": "`AccessPolicy` is a container for `AccessLevels` (which define the necessary\nattributes to use GCP services) and `ServicePerimeters` (which define regions\nof services able to freely pass data within a perimeter). An access policy is\nglobally visible within an organization, and the restrictions it specifies\napply to all projects within an organization.",
+      "type": "object",
+      "properties": {
+        "updateTime": {
+          "description": "Output only. Time the `AccessPolicy` was updated in UTC.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "name": {
+          "description": "Output only. Resource name of the `AccessPolicy`. Format:\n`accessPolicies/{policy_id}`",
+          "type": "string"
+        },
+        "parent": {
+          "description": "Required. The parent of this `AccessPolicy` in the Cloud Resource\nHierarchy. Currently immutable once created. Format:\n`organizations/{organization_id}`",
+          "type": "string"
+        },
+        "createTime": {
+          "description": "Output only. Time the `AccessPolicy` was created in UTC.",
+          "format": "google-datetime",
+          "type": "string"
+        },
+        "title": {
+          "description": "Required. Human readable title. Does not affect behavior.",
+          "type": "string"
+        }
+      },
+      "id": "AccessPolicy"
     },
-    "prettyPrint": {
-      "location": "query",
-      "description": "Returns response with indentations and line breaks.",
-      "type": "boolean",
-      "default": "true"
+    "Operation": {
+      "properties": {
+        "response": {
+          "additionalProperties": {
+            "description": "Properties of the object. Contains field @type with type URL.",
+            "type": "any"
+          },
+          "description": "The normal response of the operation in case of success.  If the original\nmethod returns no data on success, such as `Delete`, the response is\n`google.protobuf.Empty`.  If the original method is standard\n`Get`/`Create`/`Update`, the response should be the resource.  For other\nmethods, the response should have the type `XxxResponse`, where `Xxx`\nis the original method name.  For example, if the original method name\nis `TakeSnapshot()`, the inferred response type is\n`TakeSnapshotResponse`.",
+          "type": "object"
+        },
+        "name": {
+          "description": "The server-assigned name, which is only unique within the same service that\noriginally returns it. If you use the default HTTP mapping, the\n`name` should have the format of `operations/some/unique/name`.",
+          "type": "string"
+        },
+        "error": {
+          "description": "The error result of the operation in case of failure or cancellation.",
+          "$ref": "Status"
+        },
+        "metadata": {
+          "additionalProperties": {
+            "description": "Properties of the object. Contains field @type with type URL.",
+            "type": "any"
+          },
+          "description": "Service-specific metadata associated with the operation.  It typically\ncontains progress information and common metadata such as create time.\nSome services might not provide such metadata.  Any method that returns a\nlong-running operation should document the metadata type, if any.",
+          "type": "object"
+        },
+        "done": {
+          "description": "If the value is `false`, it means the operation is still in progress.\nIf `true`, the operation is completed, and either `error` or `response` is\navailable.",
+          "type": "boolean"
+        }
+      },
+      "id": "Operation",
+      "description": "This resource represents a long-running operation that is the result of a\nnetwork API call.",
+      "type": "object"
     }
   },
-  "version": "v1beta",
-  "baseUrl": "https://accesscontextmanager.googleapis.com/",
-  "servicePath": "",
-  "kind": "discovery#restDescription",
-  "description": "An API for setting attribute based access control to requests to GCP services.",
-  "basePath": ""
+  "protocol": "rest",
+  "icons": {
+    "x16": "http://www.google.com/images/icons/product/search-16.gif",
+    "x32": "http://www.google.com/images/icons/product/search-32.gif"
+  }
 }