{
  "canonicalName": "BeyondCorp",
  "servicePath": "",
  "name": "beyondcorp",
  "ownerDomain": "google.com",
  "rootUrl": "https://beyondcorp.googleapis.com/",
  "schemas": {
    "ImageConfig": {
      "type": "object",
      "description": "ImageConfig defines the control plane images to run.",
      "id": "ImageConfig",
      "properties": {
        "targetImage": {
          "description": "The initial image the remote agent will attempt to run for the control plane.",
          "type": "string"
        },
        "stableImage": {
          "type": "string",
          "description": "The stable image that the remote agent will fallback to if the target image fails."
        }
      }
    },
    "GoogleCloudBeyondcorpSecuritygatewaysV1alphaEgressPolicy": {
      "type": "object",
      "description": "Routing policy information.",
      "id": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaEgressPolicy",
      "properties": {
        "regions": {
          "description": "Required. List of the regions where the application sends traffic.",
          "items": {
            "type": "string"
          },
          "type": "array"
        }
      }
    },
    "GoogleCloudBeyondcorpSaasplatformInsightsV1alphaRowFieldVal": {
      "description": "Column or key value pair from the request as part of key to use in query or a single pair of the fetch response.",
      "id": "GoogleCloudBeyondcorpSaasplatformInsightsV1alphaRowFieldVal",
      "properties": {
        "filterAlias": {
          "type": "string",
          "description": "Output only. Field name to be used in filter while requesting configured insight filtered on this field.",
          "readOnly": true
        },
        "value": {
          "type": "string",
          "description": "Output only. Value of the field in string format. Acceptable values are strings or numbers.",
          "readOnly": true
        },
        "id": {
          "description": "Output only. Field id.",
          "readOnly": true,
          "type": "string"
        },
        "displayName": {
          "description": "Output only. Name of the field.",
          "readOnly": true,
          "type": "string"
        }
      },
      "type": "object"
    },
    "ResolveInstanceConfigResponse": {
      "description": "Response message for BeyondCorp.ResolveInstanceConfig.",
      "id": "ResolveInstanceConfigResponse",
      "properties": {
        "instanceConfig": {
          "$ref": "ConnectorInstanceConfig",
          "description": "ConnectorInstanceConfig."
        }
      },
      "type": "object"
    },
    "GoogleCloudBeyondcorpSaasplatformInsightsV1alphaInsightMetadata": {
      "type": "object",
      "description": "Insight filters, groupings and aggregations that can be applied for the insight. Examples: aggregations, groups, field filters.",
      "id": "GoogleCloudBeyondcorpSaasplatformInsightsV1alphaInsightMetadata",
      "properties": {
        "category": {
          "type": "string",
          "description": "Output only. Category of the insight.",
          "readOnly": true
        },
        "fields": {
          "items": {
            "$ref": "GoogleCloudBeyondcorpSaasplatformInsightsV1alphaInsightMetadataField"
          },
          "description": "Output only. List of fields available for insight.",
          "readOnly": true,
          "type": "array"
        },
        "type": {
          "description": "Output only. Type of the insight. It is metadata describing whether the insight is a metric (e.g. count) or a report (e.g. list, status).",
          "readOnly": true,
          "type": "string"
        },
        "displayName": {
          "type": "string",
          "description": "Output only. Common name of the insight.",
          "readOnly": true
        },
        "groups": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "Output only. List of groupings available for insight.",
          "readOnly": true
        },
        "aggregations": {
          "items": {
            "enum": [
              "AGGREGATION_UNSPECIFIED",
              "HOURLY",
              "DAILY",
              "WEEKLY",
              "MONTHLY",
              "CUSTOM_DATE_RANGE"
            ],
            "type": "string",
            "enumDescriptions": [
              "Unspecified.",
              "Insight should be aggregated at hourly level.",
              "Insight should be aggregated at daily level.",
              "Insight should be aggregated at weekly level.",
              "Insight should be aggregated at monthly level.",
              "Insight should be aggregated at the custom date range passed in as the start and end time in the request."
            ]
          },
          "description": "Output only. List of aggregation types available for insight.",
          "readOnly": true,
          "type": "array"
        },
        "subCategory": {
          "type": "string",
          "description": "Output only. Sub-Category of the insight.",
          "readOnly": true
        }
      }
    },
    "GoogleCloudBeyondcorpAppconnectorsV1alphaResourceInfo": {
      "description": "ResourceInfo represents the information or status of an app connector resource component that's used to report on various parts of the system. For example, ResourceInfo can be used to convey the status of a remote_agent, including the status of an appgateway for an runtime environment in a container instance.",
      "id": "GoogleCloudBeyondcorpAppconnectorsV1alphaResourceInfo",
      "properties": {
        "time": {
          "type": "string",
          "description": "The timestamp to collect the info. It is suggested to be set by the topmost level resource only.",
          "format": "google-datetime"
        },
        "id": {
          "description": "Required. Unique Id for the resource.",
          "type": "string"
        },
        "status": {
          "type": "string",
          "enumDescriptions": [
            "Health status is unknown: not initialized or failed to retrieve.",
            "The resource is healthy.",
            "The resource is unhealthy.",
            "The resource is unresponsive.",
            "Some sub-resources are UNHEALTHY."
          ],
          "description": "Overall health status. Overall status is derived based on the status of each sub level resources.",
          "enum": [
            "HEALTH_STATUS_UNSPECIFIED",
            "HEALTHY",
            "UNHEALTHY",
            "UNRESPONSIVE",
            "DEGRADED"
          ]
        },
        "sub": {
          "items": {
            "$ref": "GoogleCloudBeyondcorpAppconnectorsV1alphaResourceInfo"
          },
          "description": "List of Info for the sub level resources.",
          "type": "array"
        },
        "resource": {
          "description": "Specific details for the resource. This is for internal use only.",
          "type": "object",
          "additionalProperties": {
            "type": "any",
            "description": "Properties of the object. Contains field @type with type URL."
          }
        }
      },
      "type": "object"
    },
    "GoogleLongrunningCancelOperationRequest": {
      "type": "object",
      "description": "The request message for Operations.CancelOperation.",
      "id": "GoogleLongrunningCancelOperationRequest",
      "properties": {}
    },
    "ConnectionOperationMetadata": {
      "type": "object",
      "description": "Represents the metadata of the long-running operation.",
      "id": "ConnectionOperationMetadata",
      "properties": {
        "requestedCancellation": {
          "description": "Output only. Identifies whether the user has requested cancellation of the operation. Operations that have successfully been cancelled have Operation.error value with a google.rpc.Status.code of 1, corresponding to `Code.CANCELLED`.",
          "readOnly": true,
          "type": "boolean"
        },
        "endTime": {
          "description": "Output only. The time the operation finished running.",
          "readOnly": true,
          "format": "google-datetime",
          "type": "string"
        },
        "verb": {
          "type": "string",
          "description": "Output only. Name of the verb executed by the operation.",
          "readOnly": true
        },
        "statusMessage": {
          "type": "string",
          "description": "Output only. Human-readable status of the operation, if any.",
          "readOnly": true
        },
        "apiVersion": {
          "type": "string",
          "description": "Output only. API version used to start the operation.",
          "readOnly": true
        },
        "createTime": {
          "description": "Output only. The time the operation was created.",
          "readOnly": true,
          "format": "google-datetime",
          "type": "string"
        },
        "target": {
          "type": "string",
          "description": "Output only. Server-defined resource path for the target of the operation.",
          "readOnly": true
        }
      }
    },
    "GoogleCloudBeyondcorpSaasplatformSubscriptionsV1alphaRestartSubscriptionResponse": {
      "description": "Response message for BeyondCorp.RestartSubscription",
      "id": "GoogleCloudBeyondcorpSaasplatformSubscriptionsV1alphaRestartSubscriptionResponse",
      "properties": {},
      "type": "object"
    },
    "GoogleCloudBeyondcorpAppconnectorsV1alphaRemoteAgentDetails": {
      "id": "GoogleCloudBeyondcorpAppconnectorsV1alphaRemoteAgentDetails",
      "properties": {},
      "description": "RemoteAgentDetails reflects the details of a remote agent.",
      "type": "object"
    },
    "ListAppGatewaysResponse": {
      "id": "ListAppGatewaysResponse",
      "properties": {
        "nextPageToken": {
          "description": "A token to retrieve the next page of results, or empty if there are no more results in the list.",
          "type": "string"
        },
        "appGateways": {
          "type": "array",
          "description": "A list of BeyondCorp AppGateways in the project.",
          "items": {
            "$ref": "AppGateway"
          }
        },
        "unreachable": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "A list of locations that could not be reached."
        }
      },
      "description": "Response message for BeyondCorp.ListAppGateways.",
      "type": "object"
    },
    "GoogleCloudBeyondcorpSecuritygatewaysV1alphaSecurityGatewayOperationMetadata": {
      "type": "object",
      "description": "Represents the metadata of the long-running operation.",
      "id": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaSecurityGatewayOperationMetadata",
      "properties": {
        "createTime": {
          "type": "string",
          "description": "Output only. The time the operation was created.",
          "readOnly": true,
          "format": "google-datetime"
        },
        "target": {
          "description": "Output only. Server-defined resource path for the target of the operation.",
          "readOnly": true,
          "type": "string"
        },
        "endTime": {
          "format": "google-datetime",
          "description": "Output only. The time the operation finished running.",
          "readOnly": true,
          "type": "string"
        },
        "verb": {
          "type": "string",
          "description": "Output only. Name of the verb executed by the operation.",
          "readOnly": true
        },
        "statusMessage": {
          "description": "Output only. Human-readable status of the operation, if any.",
          "readOnly": true,
          "type": "string"
        },
        "apiVersion": {
          "type": "string",
          "description": "Output only. API version used to start the operation.",
          "readOnly": true
        },
        "requestedCancellation": {
          "description": "Output only. Identifies whether the user has requested cancellation of the operation. Operations that have been cancelled successfully have Operation.error value with a google.rpc.Status.code of 1, corresponding to `Code.CANCELLED`.",
          "readOnly": true,
          "type": "boolean"
        }
      }
    },
    "AppGatewayOperationMetadata": {
      "type": "object",
      "id": "AppGatewayOperationMetadata",
      "properties": {
        "createTime": {
          "description": "Output only. The time the operation was created.",
          "readOnly": true,
          "format": "google-datetime",
          "type": "string"
        },
        "target": {
          "type": "string",
          "description": "Output only. Server-defined resource path for the target of the operation.",
          "readOnly": true
        },
        "endTime": {
          "format": "google-datetime",
          "description": "Output only. The time the operation finished running.",
          "readOnly": true,
          "type": "string"
        },
        "verb": {
          "type": "string",
          "description": "Output only. Name of the verb executed by the operation.",
          "readOnly": true
        },
        "statusMessage": {
          "description": "Output only. Human-readable status of the operation, if any.",
          "readOnly": true,
          "type": "string"
        },
        "apiVersion": {
          "type": "string",
          "description": "Output only. API version used to start the operation.",
          "readOnly": true
        },
        "requestedCancellation": {
          "type": "boolean",
          "description": "Output only. Identifies whether the user has requested cancellation of the operation. Operations that have successfully been cancelled have google.longrunning.Operation.error value with a google.rpc.Status.code of `1`, corresponding to `Code.CANCELLED`.",
          "readOnly": true
        }
      },
      "description": "Represents the metadata of the long-running operation."
    },
    "Connector": {
      "id": "Connector",
      "properties": {
        "updateTime": {
          "format": "google-datetime",
          "description": "Output only. Timestamp when the resource was last modified.",
          "readOnly": true,
          "type": "string"
        },
        "uid": {
          "type": "string",
          "description": "Output only. A unique identifier for the instance generated by the system.",
          "readOnly": true
        },
        "resourceInfo": {
          "description": "Optional. Resource info of the connector.",
          "$ref": "ResourceInfo"
        },
        "displayName": {
          "type": "string",
          "description": "Optional. An arbitrary user-provided name for the connector. Cannot exceed 64 characters."
        },
        "state": {
          "enum": [
            "STATE_UNSPECIFIED",
            "CREATING",
            "CREATED",
            "UPDATING",
            "DELETING",
            "DOWN"
          ],
          "type": "string",
          "enumDescriptions": [
            "Default value. This value is unused.",
            "Connector is being created.",
            "Connector has been created.",
            "Connector's configuration is being updated.",
            "Connector is being deleted.",
            "Connector is down and may be restored in the future. This happens when CCFE sends ProjectState = OFF."
          ],
          "description": "Output only. The current state of the connector.",
          "readOnly": true
        },
        "createTime": {
          "description": "Output only. Timestamp when the resource was created.",
          "readOnly": true,
          "format": "google-datetime",
          "type": "string"
        },
        "principalInfo": {
          "$ref": "PrincipalInfo",
          "description": "Required. Principal information about the Identity of the connector."
        },
        "name": {
          "description": "Required. Unique resource name of the connector. The name is ignored when creating a connector.",
          "type": "string"
        },
        "labels": {
          "description": "Optional. Resource labels to represent user provided metadata.",
          "type": "object",
          "additionalProperties": {
            "type": "string"
          }
        }
      },
      "description": "A BeyondCorp connector resource that represents an application facing component deployed proximal to and with direct access to the application instances. It is used to establish connectivity between the remote enterprise environment and GCP. It initiates connections to the applications and can proxy the data from users over the connection.",
      "type": "object"
    },
    "GoogleCloudBeyondcorpSecuritygatewaysV1alphaApplication": {
      "type": "object",
      "id": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaApplication",
      "properties": {
        "createTime": {
          "description": "Output only. Timestamp when the resource was created.",
          "readOnly": true,
          "format": "google-datetime",
          "type": "string"
        },
        "name": {
          "type": "string",
          "description": "Identifier. Name of the resource."
        },
        "endpointMatchers": {
          "items": {
            "$ref": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaEndpointMatcher"
          },
          "description": "Optional. An array of conditions to match the application's network endpoint. Each element in the array is an EndpointMatcher object, which defines a specific combination of a hostname pattern and one or more ports. The application is considered matched if at least one of the EndpointMatcher conditions in this array is met (the conditions are combined using OR logic). Each EndpointMatcher must contain a hostname pattern, such as \"example.com\", and one or more port numbers specified as a string, such as \"443\". Hostname and port number examples: \"*.example.com\", \"443\" \"example.com\" and \"22\" \"example.com\" and \"22,33\"",
          "type": "array"
        },
        "updateTime": {
          "type": "string",
          "description": "Output only. Timestamp when the resource was last modified.",
          "readOnly": true,
          "format": "google-datetime"
        },
        "displayName": {
          "type": "string",
          "description": "Optional. An arbitrary user-provided name for the application resource. Cannot exceed 64 characters."
        },
        "upstreams": {
          "items": {
            "$ref": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaApplicationUpstream"
          },
          "description": "Optional. Which upstream resources to forward traffic to.",
          "type": "array"
        },
        "schema": {
          "description": "Optional. Type of the external application.",
          "enum": [
            "SCHEMA_UNSPECIFIED",
            "PROXY_GATEWAY",
            "API_GATEWAY"
          ],
          "type": "string",
          "enumDescriptions": [
            "Default value. This value is unused.",
            "Proxy which routes traffic to actual applications, like Netscaler Gateway.",
            "Service Discovery API endpoint when Service Discovery is enabled in Gateway."
          ]
        }
      },
      "description": "The information about an application resource."
    },
    "GoogleCloudBeyondcorpSecuritygatewaysV1alphaEndpoint": {
      "id": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaEndpoint",
      "properties": {
        "hostname": {
          "description": "Required. Hostname of the endpoint.",
          "type": "string"
        },
        "port": {
          "description": "Required. Port of the endpoint.",
          "format": "int32",
          "type": "integer"
        }
      },
      "description": "Internet Gateway endpoint to forward traffic to.",
      "type": "object"
    },
    "ConnectionDetails": {
      "id": "ConnectionDetails",
      "properties": {
        "recentMigVms": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "If type=GCP_REGIONAL_MIG, contains most recent VM instances, like \"https://www.googleapis.com/compute/v1/projects/{project_id}/zones/{zone_id}/instances/{instance_id}\"."
        },
        "connection": {
          "$ref": "Connection",
          "description": "A BeyondCorp Connection in the project."
        }
      },
      "description": "Details of the Connection.",
      "type": "object"
    },
    "GoogleCloudBeyondcorpSecuritygatewaysV1alphaServiceDiscovery": {
      "description": "Settings related to the Service Discovery.",
      "id": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaServiceDiscovery",
      "properties": {
        "apiGateway": {
          "description": "Optional. External API configuration.",
          "$ref": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaServiceDiscoveryApiGateway"
        }
      },
      "type": "object"
    },
    "ApplicationEndpoint": {
      "id": "ApplicationEndpoint",
      "properties": {
        "host": {
          "description": "Required. Hostname or IP address of the remote application endpoint.",
          "type": "string"
        },
        "port": {
          "description": "Required. Port of the remote application endpoint.",
          "format": "int32",
          "type": "integer"
        }
      },
      "description": "ApplicationEndpoint represents a remote application endpoint.",
      "type": "object"
    },
    "ListConnectionsResponse": {
      "type": "object",
      "id": "ListConnectionsResponse",
      "properties": {
        "nextPageToken": {
          "description": "A token to retrieve the next page of results, or empty if there are no more results in the list.",
          "type": "string"
        },
        "connections": {
          "description": "A list of BeyondCorp Connections in the project.",
          "items": {
            "$ref": "Connection"
          },
          "type": "array"
        },
        "unreachable": {
          "items": {
            "type": "string"
          },
          "description": "A list of locations that could not be reached.",
          "type": "array"
        }
      },
      "description": "Response message for BeyondCorp.ListConnections."
    },
    "GoogleCloudBeyondcorpSecuritygatewaysV1alphaProxyProtocolConfig": {
      "type": "object",
      "id": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaProxyProtocolConfig",
      "properties": {
        "clientIp": {
          "description": "Optional. Client IP configuration. The client IP address is included if true.",
          "type": "boolean"
        },
        "allowedClientHeaders": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "Optional. List of the allowed client header names."
        },
        "metadataHeaders": {
          "type": "object",
          "additionalProperties": {
            "type": "string"
          },
          "description": "Optional. Custom resource specific headers along with the values. The names should conform to RFC 9110: \u003eField names can contain alphanumeric characters, hyphens, and periods, can contain only ASCII-printable characters and tabs, and must start with a letter."
        },
        "gatewayIdentity": {
          "type": "string",
          "enumDescriptions": [
            "Unspecified gateway identity.",
            "Resource name for gateway identity, in the format: projects/{project_id}/locations/{location_id}/securityGateways/{security_gateway_id}"
          ],
          "description": "Optional. The security gateway identity configuration.",
          "enum": [
            "GATEWAY_IDENTITY_UNSPECIFIED",
            "RESOURCE_NAME"
          ]
        },
        "contextualHeaders": {
          "$ref": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaContextualHeaders",
          "description": "Optional. Configuration for the contextual headers."
        }
      },
      "description": "The configuration for the proxy."
    },
    "GoogleCloudBeyondcorpSecuritygatewaysV1SecurityGatewayOperationMetadata": {
      "type": "object",
      "id": "GoogleCloudBeyondcorpSecuritygatewaysV1SecurityGatewayOperationMetadata",
      "properties": {
        "endTime": {
          "description": "Output only. The time the operation finished running.",
          "readOnly": true,
          "format": "google-datetime",
          "type": "string"
        },
        "verb": {
          "description": "Output only. Name of the verb executed by the operation.",
          "readOnly": true,
          "type": "string"
        },
        "statusMessage": {
          "type": "string",
          "description": "Output only. Human-readable status of the operation, if any.",
          "readOnly": true
        },
        "apiVersion": {
          "type": "string",
          "description": "Output only. API version used to start the operation.",
          "readOnly": true
        },
        "createTime": {
          "type": "string",
          "description": "Output only. The time the operation was created.",
          "readOnly": true,
          "format": "google-datetime"
        },
        "target": {
          "type": "string",
          "description": "Output only. Server-defined resource path for the target of the operation.",
          "readOnly": true
        },
        "requestedCancellation": {
          "type": "boolean",
          "description": "Output only. Identifies whether the user has requested cancellation of the operation. Operations that have been cancelled successfully have Operation.error value with a google.rpc.Status.code of 1, corresponding to `Code.CANCELLED`.",
          "readOnly": true
        }
      },
      "description": "Represents the metadata of the long-running operation."
    },
    "GoogleIamV1AuditConfig": {
      "id": "GoogleIamV1AuditConfig",
      "properties": {
        "auditLogConfigs": {
          "type": "array",
          "description": "The configuration for logging of each type of permission.",
          "items": {
            "$ref": "GoogleIamV1AuditLogConfig"
          }
        },
        "service": {
          "type": "string",
          "description": "Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services."
        }
      },
      "description": "Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { \"audit_configs\": [ { \"service\": \"allServices\", \"audit_log_configs\": [ { \"log_type\": \"DATA_READ\", \"exempted_members\": [ \"user:jose@example.com\" ] }, { \"log_type\": \"DATA_WRITE\" }, { \"log_type\": \"ADMIN_READ\" } ] }, { \"service\": \"sampleservice.googleapis.com\", \"audit_log_configs\": [ { \"log_type\": \"DATA_READ\" }, { \"log_type\": \"DATA_WRITE\", \"exempted_members\": [ \"user:aliya@example.com\" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging.",
      "type": "object"
    },
    "GoogleCloudBeyondcorpAppconnectionsV1alphaAppConnectionOperationMetadata": {
      "description": "Represents the metadata of the long-running operation.",
      "id": "GoogleCloudBeyondcorpAppconnectionsV1alphaAppConnectionOperationMetadata",
      "properties": {
        "requestedCancellation": {
          "description": "Output only. Identifies whether the user has requested cancellation of the operation. Operations that have successfully been cancelled have google.longrunning.Operation.error value with a google.rpc.Status.code of 1, corresponding to `Code.CANCELLED`.",
          "readOnly": true,
          "type": "boolean"
        },
        "endTime": {
          "type": "string",
          "format": "google-datetime",
          "description": "Output only. The time the operation finished running.",
          "readOnly": true
        },
        "verb": {
          "type": "string",
          "description": "Output only. Name of the verb executed by the operation.",
          "readOnly": true
        },
        "statusMessage": {
          "description": "Output only. Human-readable status of the operation, if any.",
          "readOnly": true,
          "type": "string"
        },
        "apiVersion": {
          "type": "string",
          "description": "Output only. API version used to start the operation.",
          "readOnly": true
        },
        "createTime": {
          "description": "Output only. The time the operation was created.",
          "readOnly": true,
          "format": "google-datetime",
          "type": "string"
        },
        "target": {
          "type": "string",
          "description": "Output only. Server-defined resource path for the target of the operation.",
          "readOnly": true
        }
      },
      "type": "object"
    },
    "GoogleIamV1SetIamPolicyRequest": {
      "description": "Request message for `SetIamPolicy` method.",
      "id": "GoogleIamV1SetIamPolicyRequest",
      "properties": {
        "policy": {
          "description": "REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Google Cloud services (such as Projects) might reject them.",
          "$ref": "GoogleIamV1Policy"
        },
        "updateMask": {
          "format": "google-fieldmask",
          "description": "OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used: `paths: \"bindings, etag\"`",
          "type": "string"
        }
      },
      "type": "object"
    },
    "CloudSecurityZerotrustApplinkAppConnectorProtoGateway": {
      "type": "object",
      "description": "Gateway represents a GCE VM Instance endpoint for use by IAP TCP.",
      "id": "CloudSecurityZerotrustApplinkAppConnectorProtoGateway",
      "properties": {
        "selfLink": {
          "type": "string",
          "description": "self_link is the gateway URL in the form https://www.googleapis.com/compute/${version}/projects/${project}/zones/${zone}/instances/${instance}"
        },
        "project": {
          "description": "project is the tenant project the gateway belongs to. Different from the project in the connection, it is a BeyondCorpAPI internally created project to manage all the gateways. It is sharing the same network with the consumer project user owned. It is derived from the gateway URL. For example, project=${project} assuming a gateway URL. https://www.googleapis.com/compute/${version}/projects/${project}/zones/${zone}/instances/${instance}",
          "type": "string"
        },
        "zone": {
          "type": "string",
          "description": "zone represents the zone the instance belongs. It is derived from the gateway URL. For example, zone=${zone} assuming a gateway URL. https://www.googleapis.com/compute/${version}/projects/${project}/zones/${zone}/instances/${instance}"
        },
        "name": {
          "description": "name is the name of an instance running a gateway. It is the unique ID for a gateway. All gateways under the same connection have the same prefix. It is derived from the gateway URL. For example, name=${instance} assuming a gateway URL. https://www.googleapis.com/compute/${version}/projects/${project}/zones/${zone}/instances/${instance}",
          "type": "string"
        },
        "interface": {
          "type": "string",
          "description": "interface specifies the network interface of the gateway to connect to."
        },
        "port": {
          "type": "integer",
          "description": "port specifies the port of the gateway for tunnel connections from the connectors.",
          "format": "uint32"
        }
      }
    },
    "GoogleIamV1Policy": {
      "id": "GoogleIamV1Policy",
      "properties": {
        "etag": {
          "format": "byte",
          "description": "`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.",
          "type": "string"
        },
        "auditConfigs": {
          "type": "array",
          "items": {
            "$ref": "GoogleIamV1AuditConfig"
          },
          "description": "Specifies cloud audit logging configuration for this policy."
        },
        "version": {
          "type": "integer",
          "description": "Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
          "format": "int32"
        },
        "bindings": {
          "description": "Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.",
          "items": {
            "$ref": "GoogleIamV1Binding"
          },
          "type": "array"
        }
      },
      "description": "An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** ``` { \"bindings\": [ { \"role\": \"roles/resourcemanager.organizationAdmin\", \"members\": [ \"user:mike@example.com\", \"group:admins@example.com\", \"domain:google.com\", \"serviceAccount:my-project-id@appspot.gserviceaccount.com\" ] }, { \"role\": \"roles/resourcemanager.organizationViewer\", \"members\": [ \"user:eve@example.com\" ], \"condition\": { \"title\": \"expirable access\", \"description\": \"Does not grant access after Sep 2020\", \"expression\": \"request.time \u003c timestamp('2020-10-01T00:00:00.000Z')\", } } ], \"etag\": \"BwWWja0YfJA=\", \"version\": 3 } ``` **YAML example:** ``` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time \u003c timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).",
      "type": "object"
    },
    "GoogleCloudLocationLocation": {
      "type": "object",
      "id": "GoogleCloudLocationLocation",
      "properties": {
        "name": {
          "type": "string",
          "description": "Resource name for the location, which may vary between implementations. For example: `\"projects/example-project/locations/us-east1\"`"
        },
        "labels": {
          "description": "Cross-service attributes for the location. For example {\"cloud.googleapis.com/region\": \"us-east1\"}",
          "type": "object",
          "additionalProperties": {
            "type": "string"
          }
        },
        "locationId": {
          "type": "string",
          "description": "The canonical id for this location. For example: `\"us-east1\"`."
        },
        "metadata": {
          "description": "Service-specific metadata. For example the available capacity at the given location.",
          "type": "object",
          "additionalProperties": {
            "description": "Properties of the object. Contains field @type with type URL.",
            "type": "any"
          }
        },
        "displayName": {
          "description": "The friendly name for this location, typically a nearby city name. For example, \"Tokyo\".",
          "type": "string"
        }
      },
      "description": "A resource that represents a Google Cloud location."
    },
    "GoogleCloudBeyondcorpAppconnectionsV1alphaAppConnectionApplicationEndpoint": {
      "type": "object",
      "description": "ApplicationEndpoint represents a remote application endpoint.",
      "id": "GoogleCloudBeyondcorpAppconnectionsV1alphaAppConnectionApplicationEndpoint",
      "properties": {
        "host": {
          "type": "string",
          "description": "Required. Hostname or IP address of the remote application endpoint."
        },
        "port": {
          "format": "int32",
          "description": "Required. Port of the remote application endpoint.",
          "type": "integer"
        }
      }
    },
    "GoogleCloudBeyondcorpSaasplatformInsightsV1alphaConfiguredInsightResponse": {
      "type": "object",
      "description": "The response for the configured insight.",
      "id": "GoogleCloudBeyondcorpSaasplatformInsightsV1alphaConfiguredInsightResponse",
      "properties": {
        "rows": {
          "type": "array",
          "description": "Output only. Result rows returned containing the required value(s) for configured insight.",
          "readOnly": true,
          "items": {
            "$ref": "GoogleCloudBeyondcorpSaasplatformInsightsV1alphaRow"
          }
        },
        "appliedConfig": {
          "description": "Output only. Applied insight config to generate the result data rows.",
          "readOnly": true,
          "$ref": "GoogleCloudBeyondcorpSaasplatformInsightsV1alphaAppliedConfig"
        },
        "nextPageToken": {
          "description": "Output only. Next page token to be fetched. Set to empty or NULL if there are no more pages available.",
          "readOnly": true,
          "type": "string"
        }
      }
    },
    "GoogleCloudBeyondcorpAppconnectorsV1ContainerHealthDetails": {
      "description": "ContainerHealthDetails reflects the health details of a container.",
      "id": "GoogleCloudBeyondcorpAppconnectorsV1ContainerHealthDetails",
      "properties": {
        "expectedConfigVersion": {
          "description": "The version of the expected config.",
          "type": "string"
        },
        "currentConfigVersion": {
          "type": "string",
          "description": "The version of the current config."
        },
        "errorMsg": {
          "description": "The latest error message.",
          "type": "string"
        },
        "extendedStatus": {
          "type": "object",
          "additionalProperties": {
            "type": "string"
          },
          "description": "The extended status. Such as ExitCode, StartedAt, FinishedAt, etc."
        }
      },
      "type": "object"
    },
    "GoogleCloudBeyondcorpSecuritygatewaysV1alphaApplicationUpstreamExternal": {
      "id": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaApplicationUpstreamExternal",
      "properties": {
        "endpoints": {
          "items": {
            "$ref": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaEndpoint"
          },
          "description": "Required. List of the endpoints to forward traffic to.",
          "type": "array"
        }
      },
      "description": "Endpoints to forward traffic to.",
      "type": "object"
    },
    "PrincipalInfo": {
      "type": "object",
      "id": "PrincipalInfo",
      "properties": {
        "serviceAccount": {
          "description": "A GCP service account.",
          "$ref": "ServiceAccount"
        }
      },
      "description": "PrincipalInfo represents an Identity oneof."
    },
    "GoogleCloudBeyondcorpAppconnectorsV1AppConnectorOperationMetadata": {
      "type": "object",
      "description": "Represents the metadata of the long-running operation.",
      "id": "GoogleCloudBeyondcorpAppconnectorsV1AppConnectorOperationMetadata",
      "properties": {
        "requestedCancellation": {
          "type": "boolean",
          "description": "Output only. Identifies whether the user has requested cancellation of the operation. Operations that have successfully been cancelled have google.longrunning.Operation.error value with a google.rpc.Status.code of `1`, corresponding to `Code.CANCELLED`.",
          "readOnly": true
        },
        "endTime": {
          "type": "string",
          "format": "google-datetime",
          "description": "Output only. The time the operation finished running.",
          "readOnly": true
        },
        "verb": {
          "type": "string",
          "description": "Output only. Name of the verb executed by the operation.",
          "readOnly": true
        },
        "statusMessage": {
          "type": "string",
          "description": "Output only. Human-readable status of the operation, if any.",
          "readOnly": true
        },
        "apiVersion": {
          "type": "string",
          "description": "Output only. API version used to start the operation.",
          "readOnly": true
        },
        "createTime": {
          "format": "google-datetime",
          "description": "Output only. The time the operation was created.",
          "readOnly": true,
          "type": "string"
        },
        "target": {
          "type": "string",
          "description": "Output only. Server-defined resource path for the target of the operation.",
          "readOnly": true
        }
      }
    },
    "GoogleLongrunningListOperationsResponse": {
      "id": "GoogleLongrunningListOperationsResponse",
      "properties": {
        "operations": {
          "description": "A list of operations that matches the specified filter in the request.",
          "items": {
            "$ref": "GoogleLongrunningOperation"
          },
          "type": "array"
        },
        "nextPageToken": {
          "description": "The standard List next-page token.",
          "type": "string"
        },
        "unreachable": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "Unordered list. Unreachable resources. Populated when the request sets `ListOperationsRequest.return_partial_success` and reads across collections. For example, when attempting to list all resources across all supported locations."
        }
      },
      "description": "The response message for Operations.ListOperations.",
      "type": "object"
    },
    "GoogleCloudBeyondcorpAppconnectorsV1alphaAppConnectorPrincipalInfoServiceAccount": {
      "description": "ServiceAccount represents a GCP service account.",
      "id": "GoogleCloudBeyondcorpAppconnectorsV1alphaAppConnectorPrincipalInfoServiceAccount",
      "properties": {
        "email": {
          "type": "string",
          "description": "Email address of the service account."
        }
      },
      "type": "object"
    },
    "GoogleCloudBeyondcorpAppconnectionsV1alphaListAppConnectionsResponse": {
      "type": "object",
      "description": "Response message for BeyondCorp.ListAppConnections.",
      "id": "GoogleCloudBeyondcorpAppconnectionsV1alphaListAppConnectionsResponse",
      "properties": {
        "unreachable": {
          "type": "array",
          "description": "A list of locations that could not be reached.",
          "items": {
            "type": "string"
          }
        },
        "appConnections": {
          "description": "A list of BeyondCorp AppConnections in the project.",
          "items": {
            "$ref": "GoogleCloudBeyondcorpAppconnectionsV1alphaAppConnection"
          },
          "type": "array"
        },
        "nextPageToken": {
          "type": "string",
          "description": "A token to retrieve the next page of results, or empty if there are no more results in the list."
        }
      }
    },
    "GoogleCloudBeyondcorpSaasplatformInsightsV1alphaInsightMetadataField": {
      "id": "GoogleCloudBeyondcorpSaasplatformInsightsV1alphaInsightMetadataField",
      "properties": {
        "displayName": {
          "type": "string",
          "description": "Output only. Name of the field.",
          "readOnly": true
        },
        "filterable": {
          "description": "Output only. Indicates whether the field can be used for filtering.",
          "readOnly": true,
          "type": "boolean"
        },
        "filterAlias": {
          "description": "Output only. Field name to be used in filter while requesting configured insight filtered on this field.",
          "readOnly": true,
          "type": "string"
        },
        "groupable": {
          "description": "Output only. Indicates whether the field can be used for grouping in custom grouping request.",
          "readOnly": true,
          "type": "boolean"
        },
        "description": {
          "description": "Output only. Description of the field.",
          "readOnly": true,
          "type": "string"
        },
        "id": {
          "type": "string",
          "description": "Output only. Field id for which this is the metadata.",
          "readOnly": true
        }
      },
      "description": "Field metadata. Commonly understandable name and description for the field. Multiple such fields constitute the Insight.",
      "type": "object"
    },
    "GoogleCloudBeyondcorpSecuritygatewaysV1alphaContextualHeaders": {
      "description": "Contextual headers configuration.",
      "id": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaContextualHeaders",
      "properties": {
        "userInfo": {
          "$ref": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaContextualHeadersDelegatedUserInfo",
          "description": "Optional. User details."
        },
        "groupInfo": {
          "$ref": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaContextualHeadersDelegatedGroupInfo",
          "description": "Optional. Group details."
        },
        "deviceInfo": {
          "$ref": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaContextualHeadersDelegatedDeviceInfo",
          "description": "Optional. The device information configuration."
        },
        "outputType": {
          "description": "Optional. Default output type for all enabled headers.",
          "enum": [
            "OUTPUT_TYPE_UNSPECIFIED",
            "PROTOBUF",
            "JSON",
            "NONE"
          ],
          "type": "string",
          "enumDescriptions": [
            "The unspecified output type.",
            "Protobuf output type.",
            "JSON output type.",
            "Explicitly disable header output."
          ]
        }
      },
      "type": "object"
    },
    "GoogleCloudBeyondcorpSecuritygatewaysV1alphaContextualHeadersDelegatedUserInfo": {
      "type": "object",
      "id": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaContextualHeadersDelegatedUserInfo",
      "properties": {
        "outputType": {
          "type": "string",
          "enumDescriptions": [
            "The unspecified output type.",
            "Protobuf output type.",
            "JSON output type.",
            "Explicitly disable header output."
          ],
          "description": "Optional. The delegated user's information.",
          "enum": [
            "OUTPUT_TYPE_UNSPECIFIED",
            "PROTOBUF",
            "JSON",
            "NONE"
          ]
        }
      },
      "description": "The configuration information for the delegated user."
    },
    "GoogleCloudBeyondcorpSecuritygatewaysV1alphaEndpointMatcher": {
      "id": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaEndpointMatcher",
      "properties": {
        "hostname": {
          "type": "string",
          "description": "Required. Hostname of the application."
        },
        "ports": {
          "type": "array",
          "items": {
            "type": "integer",
            "format": "int32"
          },
          "description": "Required. The ports of the application."
        }
      },
      "description": "EndpointMatcher contains the information of the endpoint that will match the application.",
      "type": "object"
    },
    "GoogleCloudBeyondcorpSaasplatformInsightsV1alphaInsight": {
      "id": "GoogleCloudBeyondcorpSaasplatformInsightsV1alphaInsight",
      "properties": {
        "metadata": {
          "$ref": "GoogleCloudBeyondcorpSaasplatformInsightsV1alphaInsightMetadata",
          "description": "Output only. Metadata for the Insight.",
          "readOnly": true
        },
        "appliedConfig": {
          "$ref": "GoogleCloudBeyondcorpSaasplatformInsightsV1alphaAppliedConfig",
          "description": "Output only. Applied insight config to generate the result data rows.",
          "readOnly": true
        },
        "rows": {
          "type": "array",
          "items": {
            "$ref": "GoogleCloudBeyondcorpSaasplatformInsightsV1alphaRow"
          },
          "description": "Output only. Result rows returned containing the required value(s).",
          "readOnly": true
        },
        "name": {
          "type": "string",
          "description": "Output only. The insight resource name. e.g. `organizations/{organization_id}/locations/{location_id}/insights/{insight_id}` OR `projects/{project_id}/locations/{location_id}/insights/{insight_id}`.",
          "readOnly": true
        }
      },
      "description": "The Insight object with configuration that was returned and actual list of records.",
      "type": "object"
    },
    "ConnectorOperationMetadata": {
      "type": "object",
      "description": "Represents the metadata of the long-running operation.",
      "id": "ConnectorOperationMetadata",
      "properties": {
        "endTime": {
          "type": "string",
          "description": "Output only. The time the operation finished running.",
          "readOnly": true,
          "format": "google-datetime"
        },
        "verb": {
          "description": "Output only. Name of the verb executed by the operation.",
          "readOnly": true,
          "type": "string"
        },
        "statusMessage": {
          "type": "string",
          "description": "Output only. Human-readable status of the operation, if any.",
          "readOnly": true
        },
        "apiVersion": {
          "description": "Output only. API version used to start the operation.",
          "readOnly": true,
          "type": "string"
        },
        "createTime": {
          "format": "google-datetime",
          "description": "Output only. The time the operation was created.",
          "readOnly": true,
          "type": "string"
        },
        "target": {
          "description": "Output only. Server-defined resource path for the target of the operation.",
          "readOnly": true,
          "type": "string"
        },
        "requestedCancellation": {
          "description": "Output only. Identifies whether the user has requested cancellation of the operation. Operations that have successfully been cancelled have Operation.error value with a google.rpc.Status.code of 1, corresponding to `Code.CANCELLED`.",
          "readOnly": true,
          "type": "boolean"
        }
      }
    },
    "GoogleLongrunningOperation": {
      "description": "This resource represents a long-running operation that is the result of a network API call.",
      "id": "GoogleLongrunningOperation",
      "properties": {
        "done": {
          "description": "If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.",
          "type": "boolean"
        },
        "error": {
          "$ref": "GoogleRpcStatus",
          "description": "The error result of the operation in case of failure or cancellation."
        },
        "name": {
          "description": "The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.",
          "type": "string"
        },
        "metadata": {
          "type": "object",
          "additionalProperties": {
            "type": "any",
            "description": "Properties of the object. Contains field @type with type URL."
          },
          "description": "Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any."
        },
        "response": {
          "type": "object",
          "additionalProperties": {
            "description": "Properties of the object. Contains field @type with type URL.",
            "type": "any"
          },
          "description": "The normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`."
        }
      },
      "type": "object"
    },
    "RemoteAgentDetails": {
      "type": "object",
      "description": "RemoteAgentDetails reflects the details of a remote agent.",
      "id": "RemoteAgentDetails",
      "properties": {}
    },
    "Gateway": {
      "type": "object",
      "id": "Gateway",
      "properties": {
        "userPort": {
          "type": "integer",
          "format": "int32",
          "description": "Output only. User port reserved on the gateways for this connection, if not specified or zero, the default port is 19443.",
          "readOnly": true
        },
        "type": {
          "description": "Required. The type of hosting used by the gateway.",
          "enum": [
            "TYPE_UNSPECIFIED",
            "GCP_REGIONAL_MIG"
          ],
          "type": "string",
          "enumDescriptions": [
            "Default value. This value is unused.",
            "Gateway hosted in a GCP regional managed instance group."
          ]
        },
        "uri": {
          "description": "Output only. Server-defined URI for this resource.",
          "readOnly": true,
          "type": "string"
        }
      },
      "description": "Gateway represents a user facing component that serves as an entrance to enable connectivity."
    },
    "GoogleCloudBeyondcorpAppconnectorsV1RemoteAgentDetails": {
      "id": "GoogleCloudBeyondcorpAppconnectorsV1RemoteAgentDetails",
      "properties": {},
      "description": "RemoteAgentDetails reflects the details of a remote agent.",
      "type": "object"
    },
    "GoogleCloudBeyondcorpAppconnectorsV1alphaResolveInstanceConfigResponse": {
      "id": "GoogleCloudBeyondcorpAppconnectorsV1alphaResolveInstanceConfigResponse",
      "properties": {
        "instanceConfig": {
          "description": "AppConnectorInstanceConfig.",
          "$ref": "GoogleCloudBeyondcorpAppconnectorsV1alphaAppConnectorInstanceConfig"
        }
      },
      "description": "Response message for BeyondCorp.ResolveInstanceConfig.",
      "type": "object"
    },
    "ResolveConnectionsResponse": {
      "id": "ResolveConnectionsResponse",
      "properties": {
        "connectionDetails": {
          "description": "A list of BeyondCorp Connections with details in the project.",
          "items": {
            "$ref": "ConnectionDetails"
          },
          "type": "array"
        },
        "unreachable": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "A list of locations that could not be reached."
        },
        "nextPageToken": {
          "description": "A token to retrieve the next page of results, or empty if there are no more results in the list.",
          "type": "string"
        }
      },
      "description": "Response message for BeyondCorp.ResolveConnections.",
      "type": "object"
    },
    "GoogleCloudBeyondcorpSecuritygatewaysV1alphaListSecurityGatewaysResponse": {
      "description": "Message for response to listing SecurityGateways.",
      "id": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaListSecurityGatewaysResponse",
      "properties": {
        "nextPageToken": {
          "description": "A token to retrieve the next page of results, or empty if there are no more results in the list.",
          "type": "string"
        },
        "securityGateways": {
          "items": {
            "$ref": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaSecurityGateway"
          },
          "description": "A list of BeyondCorp SecurityGateway in the project.",
          "type": "array"
        },
        "unreachable": {
          "items": {
            "type": "string"
          },
          "description": "A list of locations that could not be reached.",
          "type": "array"
        }
      },
      "type": "object"
    },
    "GoogleCloudBeyondcorpSaasplatformSubscriptionsV1alphaSubscription": {
      "id": "GoogleCloudBeyondcorpSaasplatformSubscriptionsV1alphaSubscription",
      "properties": {
        "startTime": {
          "format": "google-datetime",
          "description": "Optional. Start time of the subscription.",
          "type": "string"
        },
        "type": {
          "type": "string",
          "enumDescriptions": [
            "Default value. This value is unused.",
            "Represents a trial subscription.",
            "Represents a paid subscription.",
            "Reresents an allowlisted subscription."
          ],
          "description": "Required. Type of subscription.",
          "enum": [
            "TYPE_UNSPECIFIED",
            "TRIAL",
            "PAID",
            "ALLOWLIST"
          ]
        },
        "autoRenewEnabled": {
          "description": "Output only. Represents that, if subscription will renew or end when the term ends.",
          "readOnly": true,
          "type": "boolean"
        },
        "csgCustomer": {
          "type": "boolean",
          "description": "Optional. Whether the subscription is being created as part of the Citrix flow. If this field is set to true, the subscription should have both the start_time and end_time set in the request and the billing account used will be the Citrix master billing account regardless of what its set to in the request. This field can only be set to true in create requests."
        },
        "sku": {
          "description": "Required. SKU of subscription.",
          "enum": [
            "SKU_UNSPECIFIED",
            "BCE_STANDARD_SKU"
          ],
          "type": "string",
          "enumDescriptions": [
            "Default value. This value is unused.",
            "Represents BeyondCorp Standard SKU."
          ]
        },
        "subscriberType": {
          "description": "Output only. Type of subscriber.",
          "readOnly": true,
          "type": "string",
          "enumDescriptions": [
            "Default value. This value is unused.",
            "Represents an online subscription.",
            "Represents an offline subscription.",
            "Represents a trial subscription. This maps to the 'TRIAL' subscriber_type in the Entitler proto (google3/identity/cloud/contextawareaccess/billing/proto/enums.proto), but is named 'CEP_TRIAL' here to avoid a name collision with the 'Type' enum defined above."
          ],
          "enum": [
            "SUBSCRIBER_TYPE_UNSPECIFIED",
            "ONLINE",
            "OFFLINE",
            "CEP_TRIAL"
          ]
        },
        "createTime": {
          "description": "Output only. Create time of the subscription.",
          "readOnly": true,
          "format": "google-datetime",
          "type": "string"
        },
        "name": {
          "type": "string",
          "description": "Identifier. Unique resource name of the Subscription. The name is ignored when creating a subscription."
        },
        "endTime": {
          "format": "google-datetime",
          "description": "Optional. End time of the subscription.",
          "type": "string"
        },
        "billingAccount": {
          "type": "string",
          "description": "Optional. Name of the billing account in the format. e.g. billingAccounts/123456-123456-123456 Required if Subscription is of Paid type."
        },
        "state": {
          "description": "Output only. The current state of the subscription.",
          "readOnly": true,
          "type": "string",
          "enumDescriptions": [
            "Default value. This value is unused.",
            "Represents an active subscription.",
            "Represents an upcomming subscription.",
            "Represents a completed subscription."
          ],
          "enum": [
            "STATE_UNSPECIFIED",
            "ACTIVE",
            "INACTIVE",
            "COMPLETED"
          ]
        },
        "seatCount": {
          "type": "string",
          "description": "Optional. Number of seats in the subscription.",
          "format": "int64"
        }
      },
      "description": "A BeyondCorp Subscription resource represents BeyondCorp Enterprise Subscription. BeyondCorp Enterprise Subscription enables BeyondCorp Enterprise permium features for an organization.",
      "type": "object"
    },
    "ConnectorInstanceConfig": {
      "type": "object",
      "id": "ConnectorInstanceConfig",
      "properties": {
        "imageConfig": {
          "description": "ImageConfig defines the GCR images to run for the remote agent's control plane.",
          "$ref": "ImageConfig"
        },
        "sequenceNumber": {
          "format": "int64",
          "description": "Required. A monotonically increasing number generated and maintained by the API provider. Every time a config changes in the backend, the sequenceNumber should be bumped up to reflect the change.",
          "type": "string"
        },
        "instanceConfig": {
          "description": "The SLM instance agent configuration.",
          "type": "object",
          "additionalProperties": {
            "type": "any",
            "description": "Properties of the object. Contains field @type with type URL."
          }
        },
        "notificationConfig": {
          "$ref": "NotificationConfig",
          "description": "NotificationConfig defines the notification mechanism that the remote instance should subscribe to in order to receive notification."
        }
      },
      "description": "ConnectorInstanceConfig defines the instance config of a connector."
    },
    "GoogleCloudBeyondcorpSaasplatformInsightsV1alphaCustomGrouping": {
      "type": "object",
      "description": "Customised grouping option that allows setting the group_by fields and also the filters togather for a configured insight request.",
      "id": "GoogleCloudBeyondcorpSaasplatformInsightsV1alphaCustomGrouping",
      "properties": {
        "groupFields": {
          "type": "array",
          "description": "Required. Fields to be used for grouping. NOTE: Use the `filter_alias` from `Insight.Metadata.Field` message for declaring the fields to be grouped-by here.",
          "items": {
            "type": "string"
          }
        },
        "fieldFilter": {
          "type": "string",
          "description": "Optional. Filterable parameters to be added to the grouping clause. Available fields could be fetched by calling insight list and get APIs in `BASIC` view. `=` is the only comparison operator supported. `AND` is the only logical operator supported. Usage: field_filter=\"fieldName1=fieldVal1 AND fieldName2=fieldVal2\". NOTE: Only `AND` conditions are allowed. NOTE: Use the `filter_alias` from `Insight.Metadata.Field` message for the filtering the corresponding fields in this filter field. (These expressions are based on the filter language described at https://google.aip.dev/160)."
        }
      }
    },
    "GoogleCloudBeyondcorpSaasplatformInsightsV1alphaAppliedConfig": {
      "id": "GoogleCloudBeyondcorpSaasplatformInsightsV1alphaAppliedConfig",
      "properties": {
        "endTime": {
          "type": "string",
          "format": "google-datetime",
          "description": "Output only. Ending time for the duration for which insight was pulled.",
          "readOnly": true
        },
        "group": {
          "type": "string",
          "description": "Output only. Group id of the grouping applied.",
          "readOnly": true
        },
        "aggregation": {
          "description": "Output only. Aggregation type applied.",
          "readOnly": true,
          "enum": [
            "AGGREGATION_UNSPECIFIED",
            "HOURLY",
            "DAILY",
            "WEEKLY",
            "MONTHLY",
            "CUSTOM_DATE_RANGE"
          ],
          "type": "string",
          "enumDescriptions": [
            "Unspecified.",
            "Insight should be aggregated at hourly level.",
            "Insight should be aggregated at daily level.",
            "Insight should be aggregated at weekly level.",
            "Insight should be aggregated at monthly level.",
            "Insight should be aggregated at the custom date range passed in as the start and end time in the request."
          ]
        },
        "startTime": {
          "format": "google-datetime",
          "description": "Output only. Starting time for the duration for which insight was pulled.",
          "readOnly": true,
          "type": "string"
        },
        "customGrouping": {
          "$ref": "GoogleCloudBeyondcorpSaasplatformInsightsV1alphaCustomGrouping",
          "description": "Output only. Customised grouping applied.",
          "readOnly": true
        },
        "fieldFilter": {
          "description": "Output only. Filters applied.",
          "readOnly": true,
          "type": "string"
        }
      },
      "description": "The configuration that was applied to generate the result.",
      "type": "object"
    },
    "GoogleCloudBeyondcorpAppconnectionsV1alphaResolveAppConnectionsResponseAppConnectionDetails": {
      "type": "object",
      "id": "GoogleCloudBeyondcorpAppconnectionsV1alphaResolveAppConnectionsResponseAppConnectionDetails",
      "properties": {
        "appConnection": {
          "$ref": "GoogleCloudBeyondcorpAppconnectionsV1alphaAppConnection",
          "description": "A BeyondCorp AppConnection in the project."
        },
        "recentMigVms": {
          "description": "If type=GCP_REGIONAL_MIG, contains most recent VM instances, like `https://www.googleapis.com/compute/v1/projects/{project_id}/zones/{zone_id}/instances/{instance_id}`.",
          "items": {
            "type": "string"
          },
          "type": "array"
        }
      },
      "description": "Details of the AppConnection."
    },
    "Tunnelv1ProtoTunnelerInfo": {
      "type": "object",
      "id": "Tunnelv1ProtoTunnelerInfo",
      "properties": {
        "totalRetryCount": {
          "type": "integer",
          "format": "uint32",
          "description": "total_retry_count stores the total number of times the tunneler has been retried by tunManager."
        },
        "backoffRetryCount": {
          "description": "backoff_retry_count stores the number of times the tunneler has been retried by tunManager for current backoff sequence. Gets reset to 0 if time difference between 2 consecutive retries exceeds backoffRetryResetTime.",
          "format": "uint32",
          "type": "integer"
        },
        "latestRetryTime": {
          "format": "google-datetime",
          "description": "latest_retry_time stores the time when the tunneler was last restarted.",
          "type": "string"
        },
        "id": {
          "type": "string",
          "description": "id is the unique id of a tunneler."
        },
        "latestErr": {
          "description": "latest_err stores the Error for the latest tunneler failure. Gets reset everytime the tunneler is retried by tunManager.",
          "$ref": "Tunnelv1ProtoTunnelerError"
        }
      },
      "description": "TunnelerInfo contains metadata about tunneler launched by connection manager."
    },
    "GoogleCloudBeyondcorpAppconnectorsV1alphaImageConfig": {
      "id": "GoogleCloudBeyondcorpAppconnectorsV1alphaImageConfig",
      "properties": {
        "targetImage": {
          "description": "The initial image the remote agent will attempt to run for the control plane. Format would be a gcr image path, e.g.: gcr.io/PROJECT-ID/my-image:tag1",
          "type": "string"
        },
        "stableImage": {
          "type": "string",
          "description": "The stable image that the remote agent will fallback to if the target image fails. Format would be a gcr image path, e.g.: gcr.io/PROJECT-ID/my-image:tag1"
        }
      },
      "description": "ImageConfig defines the control plane images to run.",
      "type": "object"
    },
    "GoogleCloudBeyondcorpSecuritygatewaysV1alphaInternetGateway": {
      "type": "object",
      "id": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaInternetGateway",
      "properties": {
        "assignedIps": {
          "items": {
            "type": "string"
          },
          "description": "Output only. List of IP addresses assigned to the Cloud NAT.",
          "readOnly": true,
          "type": "array"
        }
      },
      "description": "Represents the Internet Gateway configuration."
    },
    "GoogleCloudBeyondcorpSecuritygatewaysV1alphaListApplicationsResponse": {
      "type": "object",
      "description": "Message for response to listing Applications.",
      "id": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaListApplicationsResponse",
      "properties": {
        "applications": {
          "type": "array",
          "items": {
            "$ref": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaApplication"
          },
          "description": "A list of BeyondCorp Application in the project."
        },
        "unreachable": {
          "description": "A list of locations that could not be reached.",
          "items": {
            "type": "string"
          },
          "type": "array"
        },
        "nextPageToken": {
          "type": "string",
          "description": "A token to retrieve the next page of results, or empty if there are no more results in the list."
        }
      }
    },
    "GoogleIamV1TestIamPermissionsRequest": {
      "description": "Request message for `TestIamPermissions` method.",
      "id": "GoogleIamV1TestIamPermissionsRequest",
      "properties": {
        "permissions": {
          "items": {
            "type": "string"
          },
          "description": "The set of permissions to check for the `resource`. Permissions with wildcards (such as `*` or `storage.*`) are not allowed. For more information see [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).",
          "type": "array"
        }
      },
      "type": "object"
    },
    "AppGateway": {
      "type": "object",
      "id": "AppGateway",
      "properties": {
        "name": {
          "description": "Required. Unique resource name of the AppGateway. The name is ignored when creating an AppGateway.",
          "type": "string"
        },
        "displayName": {
          "type": "string",
          "description": "Optional. An arbitrary user-provided name for the AppGateway. Cannot exceed 64 characters."
        },
        "uid": {
          "type": "string",
          "description": "Output only. A unique identifier for the instance generated by the system.",
          "readOnly": true
        },
        "allocatedConnections": {
          "type": "array",
          "items": {
            "$ref": "AllocatedConnection"
          },
          "description": "Output only. A list of connections allocated for the Gateway",
          "readOnly": true
        },
        "labels": {
          "description": "Optional. Resource labels to represent user provided metadata.",
          "type": "object",
          "additionalProperties": {
            "type": "string"
          }
        },
        "createTime": {
          "description": "Output only. Timestamp when the resource was created.",
          "readOnly": true,
          "format": "google-datetime",
          "type": "string"
        },
        "state": {
          "description": "Output only. The current state of the AppGateway.",
          "readOnly": true,
          "type": "string",
          "enumDescriptions": [
            "Default value. This value is unused.",
            "AppGateway is being created.",
            "AppGateway has been created.",
            "AppGateway's configuration is being updated.",
            "AppGateway is being deleted.",
            "AppGateway is down and may be restored in the future. This happens when CCFE sends ProjectState = OFF."
          ],
          "enum": [
            "STATE_UNSPECIFIED",
            "CREATING",
            "CREATED",
            "UPDATING",
            "DELETING",
            "DOWN"
          ]
        },
        "satisfiesPzi": {
          "type": "boolean",
          "description": "Output only. Reserved for future use.",
          "readOnly": true
        },
        "updateTime": {
          "type": "string",
          "description": "Output only. Timestamp when the resource was last modified.",
          "readOnly": true,
          "format": "google-datetime"
        },
        "uri": {
          "type": "string",
          "description": "Output only. Server-defined URI for this resource.",
          "readOnly": true
        },
        "hostType": {
          "type": "string",
          "enumDescriptions": [
            "Default value. This value is unused.",
            "AppGateway hosted in a GCP regional managed instance group."
          ],
          "description": "Required. The type of hosting used by the AppGateway.",
          "enum": [
            "HOST_TYPE_UNSPECIFIED",
            "GCP_REGIONAL_MIG"
          ]
        },
        "satisfiesPzs": {
          "type": "boolean",
          "description": "Output only. Reserved for future use.",
          "readOnly": true
        },
        "type": {
          "description": "Required. The type of network connectivity used by the AppGateway.",
          "enum": [
            "TYPE_UNSPECIFIED",
            "TCP_PROXY"
          ],
          "type": "string",
          "enumDescriptions": [
            "Default value. This value is unused.",
            "TCP Proxy based BeyondCorp Connection. API will default to this if unset."
          ]
        }
      },
      "description": "A BeyondCorp AppGateway resource represents a BeyondCorp protected AppGateway to a remote application. It creates all the necessary GCP components needed for creating a BeyondCorp protected AppGateway. Multiple connectors can be authorised for a single AppGateway."
    },
    "GoogleCloudBeyondcorpAppconnectionsV1alphaAppConnectionGateway": {
      "description": "Gateway represents a user facing component that serves as an entrance to enable connectivity.",
      "id": "GoogleCloudBeyondcorpAppconnectionsV1alphaAppConnectionGateway",
      "properties": {
        "appGateway": {
          "description": "Required. AppGateway name in following format: `projects/{project_id}/locations/{location_id}/appgateways/{gateway_id}`",
          "type": "string"
        },
        "type": {
          "type": "string",
          "enumDescriptions": [
            "Default value. This value is unused.",
            "Gateway hosted in a GCP regional managed instance group."
          ],
          "description": "Required. The type of hosting used by the gateway.",
          "enum": [
            "TYPE_UNSPECIFIED",
            "GCP_REGIONAL_MIG"
          ]
        },
        "ingressPort": {
          "format": "int32",
          "description": "Output only. Ingress port reserved on the gateways for this AppConnection, if not specified or zero, the default port is 19443.",
          "readOnly": true,
          "type": "integer"
        },
        "uri": {
          "type": "string",
          "description": "Output only. Server-defined URI for this resource.",
          "readOnly": true
        },
        "l7psc": {
          "type": "string",
          "description": "Output only. L7 private service connection for this resource.",
          "readOnly": true
        }
      },
      "type": "object"
    },
    "GoogleCloudBeyondcorpAppconnectorsV1alphaListAppConnectorsResponse": {
      "id": "GoogleCloudBeyondcorpAppconnectorsV1alphaListAppConnectorsResponse",
      "properties": {
        "nextPageToken": {
          "description": "A token to retrieve the next page of results, or empty if there are no more results in the list.",
          "type": "string"
        },
        "appConnectors": {
          "type": "array",
          "description": "A list of BeyondCorp AppConnectors in the project.",
          "items": {
            "$ref": "GoogleCloudBeyondcorpAppconnectorsV1alphaAppConnector"
          }
        },
        "unreachable": {
          "description": "A list of locations that could not be reached.",
          "items": {
            "type": "string"
          },
          "type": "array"
        }
      },
      "description": "Response message for BeyondCorp.ListAppConnectors.",
      "type": "object"
    },
    "GoogleCloudBeyondcorpAppconnectorsV1alphaNotificationConfigCloudPubSubNotificationConfig": {
      "type": "object",
      "description": "The configuration for Pub/Sub messaging for the AppConnector.",
      "id": "GoogleCloudBeyondcorpAppconnectorsV1alphaNotificationConfigCloudPubSubNotificationConfig",
      "properties": {
        "pubsubSubscription": {
          "type": "string",
          "description": "The Pub/Sub subscription the AppConnector uses to receive notifications."
        }
      }
    },
    "GoogleCloudBeyondcorpAppconnectionsV1AppConnectionOperationMetadata": {
      "type": "object",
      "description": "Represents the metadata of the long-running operation.",
      "id": "GoogleCloudBeyondcorpAppconnectionsV1AppConnectionOperationMetadata",
      "properties": {
        "requestedCancellation": {
          "type": "boolean",
          "description": "Output only. Identifies whether the user has requested cancellation of the operation. Operations that have successfully been cancelled have google.longrunning.Operation.error value with a google.rpc.Status.code of 1, corresponding to `Code.CANCELLED`.",
          "readOnly": true
        },
        "endTime": {
          "format": "google-datetime",
          "description": "Output only. The time the operation finished running.",
          "readOnly": true,
          "type": "string"
        },
        "verb": {
          "description": "Output only. Name of the verb executed by the operation.",
          "readOnly": true,
          "type": "string"
        },
        "statusMessage": {
          "description": "Output only. Human-readable status of the operation, if any.",
          "readOnly": true,
          "type": "string"
        },
        "apiVersion": {
          "type": "string",
          "description": "Output only. API version used to start the operation.",
          "readOnly": true
        },
        "createTime": {
          "description": "Output only. The time the operation was created.",
          "readOnly": true,
          "format": "google-datetime",
          "type": "string"
        },
        "target": {
          "description": "Output only. Server-defined resource path for the target of the operation.",
          "readOnly": true,
          "type": "string"
        }
      }
    },
    "GoogleCloudBeyondcorpAppconnectorsV1alphaNotificationConfig": {
      "id": "GoogleCloudBeyondcorpAppconnectorsV1alphaNotificationConfig",
      "properties": {
        "pubsubNotification": {
          "$ref": "GoogleCloudBeyondcorpAppconnectorsV1alphaNotificationConfigCloudPubSubNotificationConfig",
          "description": "Cloud Pub/Sub Configuration to receive notifications."
        }
      },
      "description": "NotificationConfig defines the mechanisms to notify instance agent.",
      "type": "object"
    },
    "GoogleCloudBeyondcorpSecuritygatewaysV1alphaSecurityGateway": {
      "id": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaSecurityGateway",
      "properties": {
        "delegatingServiceAccount": {
          "description": "Output only. Service account used for operations that involve resources in consumer projects.",
          "readOnly": true,
          "type": "string"
        },
        "updateTime": {
          "format": "google-datetime",
          "description": "Output only. Timestamp when the resource was last modified.",
          "readOnly": true,
          "type": "string"
        },
        "displayName": {
          "type": "string",
          "description": "Optional. An arbitrary user-provided name for the SecurityGateway. Cannot exceed 64 characters."
        },
        "proxyProtocolConfig": {
          "$ref": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaProxyProtocolConfig",
          "description": "Optional. Shared proxy configuration for all apps."
        },
        "createTime": {
          "type": "string",
          "description": "Output only. Timestamp when the resource was created.",
          "readOnly": true,
          "format": "google-datetime"
        },
        "name": {
          "description": "Identifier. Name of the resource.",
          "type": "string"
        },
        "hubs": {
          "description": "Optional. Map of Hubs that represents regional data path deployment with GCP region as a key.",
          "type": "object",
          "additionalProperties": {
            "$ref": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaHub"
          }
        },
        "state": {
          "description": "Output only. The operational state of the SecurityGateway.",
          "readOnly": true,
          "enum": [
            "STATE_UNSPECIFIED",
            "CREATING",
            "UPDATING",
            "DELETING",
            "RUNNING",
            "DOWN",
            "ERROR"
          ],
          "type": "string",
          "enumDescriptions": [
            "Default value. This value is unused.",
            "SecurityGateway is being created.",
            "SecurityGateway is being updated.",
            "SecurityGateway is being deleted.",
            "SecurityGateway is running.",
            "SecurityGateway is down and may be restored in the future.",
            "SecurityGateway encountered an error and is in an indeterministic state."
          ]
        },
        "serviceDiscovery": {
          "$ref": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaServiceDiscovery",
          "description": "Optional. Settings related to the Service Discovery."
        },
        "logging": {
          "$ref": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaLoggingConfig",
          "description": "Optional. Configuration for Cloud Logging. If this field is present, the logging will be enabled."
        },
        "externalIps": {
          "type": "array",
          "description": "Output only. IP addresses that will be used for establishing connection to the endpoints.",
          "readOnly": true,
          "items": {
            "type": "string"
          }
        }
      },
      "description": "The information about a security gateway resource.",
      "type": "object"
    },
    "GoogleCloudBeyondcorpSecuritygatewaysV1alphaServiceDiscoveryApiGatewayOperationDescriptor": {
      "type": "object",
      "description": "API operation descriptor.",
      "id": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaServiceDiscoveryApiGatewayOperationDescriptor",
      "properties": {
        "path": {
          "type": "string",
          "description": "Optional. Contains the URI path fragment where HTTP request is sent."
        }
      }
    },
    "CloudSecurityZerotrustApplinkAppConnectorProtoConnectorDetails": {
      "description": "ConnectorDetails reflects the details of a connector.",
      "id": "CloudSecurityZerotrustApplinkAppConnectorProtoConnectorDetails",
      "properties": {},
      "type": "object"
    },
    "Connection": {
      "type": "object",
      "description": "A BeyondCorp Connection resource represents a BeyondCorp protected connection to a remote application. It creates all the necessary GCP components needed for creating a BeyondCorp protected connection. Multiple connectors can be authorised for a single Connection.",
      "id": "Connection",
      "properties": {
        "updateTime": {
          "type": "string",
          "description": "Output only. Timestamp when the resource was last modified.",
          "readOnly": true,
          "format": "google-datetime"
        },
        "uid": {
          "description": "Output only. A unique identifier for the instance generated by the system.",
          "readOnly": true,
          "type": "string"
        },
        "type": {
          "description": "Required. The type of network connectivity used by the connection.",
          "enum": [
            "TYPE_UNSPECIFIED",
            "TCP_PROXY"
          ],
          "type": "string",
          "enumDescriptions": [
            "Default value. This value is unused.",
            "TCP Proxy based BeyondCorp Connection. API will default to this if unset."
          ]
        },
        "gateway": {
          "description": "Optional. Gateway used by the connection.",
          "$ref": "Gateway"
        },
        "displayName": {
          "type": "string",
          "description": "Optional. An arbitrary user-provided name for the connection. Cannot exceed 64 characters."
        },
        "applicationEndpoint": {
          "$ref": "ApplicationEndpoint",
          "description": "Required. Address of the remote application endpoint for the BeyondCorp Connection."
        },
        "state": {
          "description": "Output only. The current state of the connection.",
          "readOnly": true,
          "enum": [
            "STATE_UNSPECIFIED",
            "CREATING",
            "CREATED",
            "UPDATING",
            "DELETING",
            "DOWN"
          ],
          "type": "string",
          "enumDescriptions": [
            "Default value. This value is unused.",
            "Connection is being created.",
            "Connection has been created.",
            "Connection's configuration is being updated.",
            "Connection is being deleted.",
            "Connection is down and may be restored in the future. This happens when CCFE sends ProjectState = OFF."
          ]
        },
        "name": {
          "description": "Required. Unique resource name of the connection. The name is ignored when creating a connection.",
          "type": "string"
        },
        "labels": {
          "description": "Optional. Resource labels to represent user provided metadata.",
          "type": "object",
          "additionalProperties": {
            "type": "string"
          }
        },
        "createTime": {
          "description": "Output only. Timestamp when the resource was created.",
          "readOnly": true,
          "format": "google-datetime",
          "type": "string"
        },
        "connectors": {
          "description": "Optional. List of [google.cloud.beyondcorp.v1main.Connector.name] that are authorised to be associated with this Connection.",
          "items": {
            "type": "string"
          },
          "type": "array"
        }
      }
    },
    "GoogleCloudBeyondcorpSaasplatformInsightsV1alphaRow": {
      "id": "GoogleCloudBeyondcorpSaasplatformInsightsV1alphaRow",
      "properties": {
        "fieldValues": {
          "type": "array",
          "description": "Output only. Columns/entries/key-vals in the result.",
          "readOnly": true,
          "items": {
            "$ref": "GoogleCloudBeyondcorpSaasplatformInsightsV1alphaRowFieldVal"
          }
        }
      },
      "description": "Row of the fetch response consisting of a set of entries.",
      "type": "object"
    },
    "Empty": {
      "type": "object",
      "id": "Empty",
      "properties": {},
      "description": "A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); }"
    },
    "GoogleIamV1TestIamPermissionsResponse": {
      "description": "Response message for `TestIamPermissions` method.",
      "id": "GoogleIamV1TestIamPermissionsResponse",
      "properties": {
        "permissions": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "A subset of `TestPermissionsRequest.permissions` that the caller is allowed."
        }
      },
      "type": "object"
    },
    "GoogleCloudBeyondcorpAppconnectorsV1alphaContainerHealthDetails": {
      "id": "GoogleCloudBeyondcorpAppconnectorsV1alphaContainerHealthDetails",
      "properties": {
        "extendedStatus": {
          "type": "object",
          "additionalProperties": {
            "type": "string"
          },
          "description": "The extended status. Such as ExitCode, StartedAt, FinishedAt, etc."
        },
        "expectedConfigVersion": {
          "type": "string",
          "description": "The version of the expected config."
        },
        "currentConfigVersion": {
          "type": "string",
          "description": "The version of the current config."
        },
        "errorMsg": {
          "type": "string",
          "description": "The latest error message."
        }
      },
      "description": "ContainerHealthDetails reflects the health details of a container.",
      "type": "object"
    },
    "GoogleCloudBeyondcorpAppconnectionsV1alphaResolveAppConnectionsResponse": {
      "id": "GoogleCloudBeyondcorpAppconnectionsV1alphaResolveAppConnectionsResponse",
      "properties": {
        "appConnectionDetails": {
          "type": "array",
          "description": "A list of BeyondCorp AppConnections with details in the project.",
          "items": {
            "$ref": "GoogleCloudBeyondcorpAppconnectionsV1alphaResolveAppConnectionsResponseAppConnectionDetails"
          }
        },
        "unreachable": {
          "items": {
            "type": "string"
          },
          "description": "A list of locations that could not be reached.",
          "type": "array"
        },
        "nextPageToken": {
          "type": "string",
          "description": "A token to retrieve the next page of results, or empty if there are no more results in the list."
        }
      },
      "description": "Response message for BeyondCorp.ResolveAppConnections.",
      "type": "object"
    },
    "GoogleCloudBeyondcorpAppconnectorsV1alphaReportStatusRequest": {
      "id": "GoogleCloudBeyondcorpAppconnectorsV1alphaReportStatusRequest",
      "properties": {
        "requestId": {
          "type": "string",
          "description": "Optional. An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000)."
        },
        "validateOnly": {
          "description": "Optional. If set, validates request by executing a dry-run which would not alter the resource in any way.",
          "type": "boolean"
        },
        "resourceInfo": {
          "description": "Required. Resource info of the connector.",
          "$ref": "GoogleCloudBeyondcorpAppconnectorsV1alphaResourceInfo"
        }
      },
      "description": "Request report the connector status.",
      "type": "object"
    },
    "CloudSecurityZerotrustApplinkAppConnectorProtoConnectionConfig": {
      "description": "ConnectionConfig represents a Connection Configuration object.",
      "id": "CloudSecurityZerotrustApplinkAppConnectorProtoConnectionConfig",
      "properties": {
        "applicationEndpoint": {
          "description": "application_endpoint is the endpoint of the application the form of host:port. For example, \"localhost:80\".",
          "type": "string"
        },
        "tunnelsPerGateway": {
          "type": "integer",
          "description": "tunnels_per_gateway reflects the number of tunnels between a connector and a gateway.",
          "format": "uint32"
        },
        "gateway": {
          "type": "array",
          "items": {
            "$ref": "CloudSecurityZerotrustApplinkAppConnectorProtoGateway"
          },
          "description": "gateway lists all instances running a gateway in GCP. They all connect to a connector on the host."
        },
        "project": {
          "type": "string",
          "description": "project represents the consumer project the connection belongs to."
        },
        "applicationName": {
          "type": "string",
          "description": "application_name represents the given name of the application the connection is connecting with."
        },
        "userPort": {
          "type": "integer",
          "format": "int32",
          "description": "user_port specifies the reserved port on gateways for user connections."
        },
        "name": {
          "description": "name is the unique ID for each connection. TODO(b/190732451) returns connection name from user-specified name in config. Now, name = ${application_name}:${application_endpoint}",
          "type": "string"
        }
      },
      "type": "object"
    },
    "GoogleCloudBeyondcorpAppconnectorsV1alphaAppConnectorOperationMetadata": {
      "type": "object",
      "id": "GoogleCloudBeyondcorpAppconnectorsV1alphaAppConnectorOperationMetadata",
      "properties": {
        "requestedCancellation": {
          "description": "Output only. Identifies whether the user has requested cancellation of the operation. Operations that have successfully been cancelled have google.longrunning.Operation.error value with a google.rpc.Status.code of `1`, corresponding to `Code.CANCELLED`.",
          "readOnly": true,
          "type": "boolean"
        },
        "endTime": {
          "type": "string",
          "description": "Output only. The time the operation finished running.",
          "readOnly": true,
          "format": "google-datetime"
        },
        "verb": {
          "type": "string",
          "description": "Output only. Name of the verb executed by the operation.",
          "readOnly": true
        },
        "statusMessage": {
          "description": "Output only. Human-readable status of the operation, if any.",
          "readOnly": true,
          "type": "string"
        },
        "apiVersion": {
          "description": "Output only. API version used to start the operation.",
          "readOnly": true,
          "type": "string"
        },
        "createTime": {
          "format": "google-datetime",
          "description": "Output only. The time the operation was created.",
          "readOnly": true,
          "type": "string"
        },
        "target": {
          "description": "Output only. Server-defined resource path for the target of the operation.",
          "readOnly": true,
          "type": "string"
        }
      },
      "description": "Represents the metadata of the long-running operation."
    },
    "GoogleCloudBeyondcorpAppgatewaysV1AppGatewayOperationMetadata": {
      "type": "object",
      "description": "Represents the metadata of the long-running operation.",
      "id": "GoogleCloudBeyondcorpAppgatewaysV1AppGatewayOperationMetadata",
      "properties": {
        "createTime": {
          "description": "Output only. The time the operation was created.",
          "readOnly": true,
          "format": "google-datetime",
          "type": "string"
        },
        "target": {
          "description": "Output only. Server-defined resource path for the target of the operation.",
          "readOnly": true,
          "type": "string"
        },
        "endTime": {
          "description": "Output only. The time the operation finished running.",
          "readOnly": true,
          "format": "google-datetime",
          "type": "string"
        },
        "verb": {
          "description": "Output only. Name of the verb executed by the operation.",
          "readOnly": true,
          "type": "string"
        },
        "statusMessage": {
          "description": "Output only. Human-readable status of the operation, if any.",
          "readOnly": true,
          "type": "string"
        },
        "apiVersion": {
          "type": "string",
          "description": "Output only. API version used to start the operation.",
          "readOnly": true
        },
        "requestedCancellation": {
          "type": "boolean",
          "description": "Output only. Identifies whether the user has requested cancellation of the operation. Operations that have successfully been cancelled have google.longrunning.Operation.error value with a google.rpc.Status.code of `1`, corresponding to `Code.CANCELLED`.",
          "readOnly": true
        }
      }
    },
    "GoogleCloudBeyondcorpSecuritygatewaysV1alphaLoggingConfig": {
      "id": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaLoggingConfig",
      "properties": {},
      "description": "Configuration for Cloud Logging.",
      "type": "object"
    },
    "GoogleCloudBeyondcorpSaasplatformInsightsV1alphaListInsightsResponse": {
      "type": "object",
      "description": "The response for the list of insights.",
      "id": "GoogleCloudBeyondcorpSaasplatformInsightsV1alphaListInsightsResponse",
      "properties": {
        "insights": {
          "description": "Output only. List of all insights.",
          "readOnly": true,
          "items": {
            "$ref": "GoogleCloudBeyondcorpSaasplatformInsightsV1alphaInsight"
          },
          "type": "array"
        },
        "nextPageToken": {
          "description": "Output only. Next page token to be fetched. Set to empty or NULL if there are no more pages available.",
          "readOnly": true,
          "type": "string"
        }
      }
    },
    "GoogleCloudBeyondcorpSecuritygatewaysV1alphaApplicationUpstream": {
      "description": "Which upstream resource to forward traffic to.",
      "id": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaApplicationUpstream",
      "properties": {
        "egressPolicy": {
          "$ref": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaEgressPolicy",
          "description": "Optional. Routing policy information."
        },
        "network": {
          "description": "Network to forward traffic to.",
          "$ref": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaApplicationUpstreamNetwork"
        },
        "external": {
          "$ref": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaApplicationUpstreamExternal",
          "description": "List of the external endpoints to forward traffic to."
        },
        "proxyProtocol": {
          "description": "Optional. Enables proxy protocol configuration for the upstream.",
          "$ref": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaProxyProtocolConfig"
        }
      },
      "type": "object"
    },
    "GoogleCloudBeyondcorpSaasplatformSubscriptionsV1alphaListSubscriptionsResponse": {
      "description": "Response message for BeyondCorp.ListSubscriptions.",
      "id": "GoogleCloudBeyondcorpSaasplatformSubscriptionsV1alphaListSubscriptionsResponse",
      "properties": {
        "subscriptions": {
          "type": "array",
          "items": {
            "$ref": "GoogleCloudBeyondcorpSaasplatformSubscriptionsV1alphaSubscription"
          },
          "description": "A list of BeyondCorp Subscriptions in the organization."
        },
        "nextPageToken": {
          "type": "string",
          "description": "A token to retrieve the next page of results, or empty if there are no more results in the list."
        }
      },
      "type": "object"
    },
    "GoogleCloudBeyondcorpPartnerservicesV1mainPartnerServiceOperationMetadata": {
      "type": "object",
      "deprecated": true,
      "description": "Represents the metadata of the long-running operation.",
      "id": "GoogleCloudBeyondcorpPartnerservicesV1mainPartnerServiceOperationMetadata",
      "properties": {
        "requestedCancellation": {
          "description": "Output only. Identifies whether the caller has requested cancellation of the operation. Operations that have successfully been cancelled have Operation.error value with a google.rpc.Status.code of 1, corresponding to `Code.CANCELLED`.",
          "readOnly": true,
          "type": "boolean"
        },
        "endTime": {
          "description": "Output only. The time the operation finished running.",
          "readOnly": true,
          "format": "google-datetime",
          "type": "string"
        },
        "verb": {
          "type": "string",
          "description": "Output only. Name of the verb executed by the operation.",
          "readOnly": true
        },
        "statusMessage": {
          "type": "string",
          "description": "Output only. Human-readable status of the operation, if any.",
          "readOnly": true
        },
        "apiVersion": {
          "type": "string",
          "description": "Output only. API version used to start the operation.",
          "readOnly": true
        },
        "createTime": {
          "type": "string",
          "format": "google-datetime",
          "description": "Output only. The time the operation was created.",
          "readOnly": true
        },
        "target": {
          "type": "string",
          "description": "Output only. Server-defined resource path for the target of the operation.",
          "readOnly": true
        }
      }
    },
    "GoogleIamV1Binding": {
      "type": "object",
      "description": "Associates `members`, or principals, with a `role`.",
      "id": "GoogleIamV1Binding",
      "properties": {
        "condition": {
          "$ref": "GoogleTypeExpr",
          "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
        },
        "role": {
          "type": "string",
          "description": "Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM roles and permissions, see the [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For a list of the available pre-defined roles, see [here](https://cloud.google.com/iam/docs/understanding-roles)."
        },
        "members": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`."
        }
      }
    },
    "GoogleCloudBeyondcorpSaasplatformSubscriptionsV1alphaCancelSubscriptionResponse": {
      "type": "object",
      "description": "Response message for BeyondCorp.CancelSubscription",
      "id": "GoogleCloudBeyondcorpSaasplatformSubscriptionsV1alphaCancelSubscriptionResponse",
      "properties": {
        "effectiveCancellationTime": {
          "description": "Time when the cancellation will become effective",
          "format": "google-datetime",
          "type": "string"
        }
      }
    },
    "ListConnectorsResponse": {
      "id": "ListConnectorsResponse",
      "properties": {
        "connectors": {
          "items": {
            "$ref": "Connector"
          },
          "description": "A list of BeyondCorp Connectors in the project.",
          "type": "array"
        },
        "unreachable": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "A list of locations that could not be reached."
        },
        "nextPageToken": {
          "type": "string",
          "description": "A token to retrieve the next page of results, or empty if there are no more results in the list."
        }
      },
      "description": "Response message for BeyondCorp.ListConnectors.",
      "type": "object"
    },
    "ResourceInfo": {
      "type": "object",
      "description": "ResourceInfo represents the information/status of the associated resource.",
      "id": "ResourceInfo",
      "properties": {
        "sub": {
          "description": "List of Info for the sub level resources.",
          "items": {
            "$ref": "ResourceInfo"
          },
          "type": "array"
        },
        "resource": {
          "type": "object",
          "additionalProperties": {
            "type": "any",
            "description": "Properties of the object. Contains field @type with type URL."
          },
          "description": "Specific details for the resource."
        },
        "time": {
          "description": "The timestamp to collect the info. It is suggested to be set by the topmost level resource only.",
          "format": "google-datetime",
          "type": "string"
        },
        "id": {
          "description": "Required. Unique Id for the resource.",
          "type": "string"
        },
        "status": {
          "type": "string",
          "enumDescriptions": [
            "Health status is unknown: not initialized or failed to retrieve.",
            "The resource is healthy.",
            "The resource is unhealthy.",
            "The resource is unresponsive.",
            "Some sub-resources are UNHEALTHY."
          ],
          "description": "Overall health status. Overall status is derived based on the status of each sub level resources.",
          "enum": [
            "HEALTH_STATUS_UNSPECIFIED",
            "HEALTHY",
            "UNHEALTHY",
            "UNRESPONSIVE",
            "DEGRADED"
          ]
        }
      }
    },
    "CloudSecurityZerotrustApplinkLogagentProtoLogAgentDetails": {
      "type": "object",
      "id": "CloudSecurityZerotrustApplinkLogagentProtoLogAgentDetails",
      "properties": {},
      "description": "LogAgentDetails reflects the details of a log agent."
    },
    "GoogleCloudBeyondcorpAppconnectorsV1alphaAppConnectorInstanceConfig": {
      "description": "AppConnectorInstanceConfig defines the instance config of a AppConnector.",
      "id": "GoogleCloudBeyondcorpAppconnectorsV1alphaAppConnectorInstanceConfig",
      "properties": {
        "sequenceNumber": {
          "type": "string",
          "format": "int64",
          "description": "Required. A monotonically increasing number generated and maintained by the API provider. Every time a config changes in the backend, the sequenceNumber should be bumped up to reflect the change."
        },
        "instanceConfig": {
          "description": "The SLM instance agent configuration.",
          "type": "object",
          "additionalProperties": {
            "type": "any",
            "description": "Properties of the object. Contains field @type with type URL."
          }
        },
        "notificationConfig": {
          "$ref": "GoogleCloudBeyondcorpAppconnectorsV1alphaNotificationConfig",
          "description": "NotificationConfig defines the notification mechanism that the remote instance should subscribe to in order to receive notification."
        },
        "imageConfig": {
          "$ref": "GoogleCloudBeyondcorpAppconnectorsV1alphaImageConfig",
          "description": "ImageConfig defines the GCR images to run for the remote agent's control plane."
        }
      },
      "type": "object"
    },
    "Tunnelv1ProtoTunnelerError": {
      "id": "Tunnelv1ProtoTunnelerError",
      "properties": {
        "retryable": {
          "description": "retryable isn't used for now, but we may want to reuse it in the future.",
          "type": "boolean"
        },
        "err": {
          "type": "string",
          "description": "Original raw error"
        }
      },
      "description": "TunnelerError is an error proto for errors returned by the connection manager.",
      "type": "object"
    },
    "GoogleCloudBeyondcorpAppconnectionsV1alphaAppConnection": {
      "id": "GoogleCloudBeyondcorpAppconnectionsV1alphaAppConnection",
      "properties": {
        "connectors": {
          "type": "array",
          "items": {
            "type": "string"
          },
          "description": "Optional. List of [google.cloud.beyondcorp.v1main.Connector.name] that are authorized to be associated with this AppConnection."
        },
        "name": {
          "description": "Required. Unique resource name of the AppConnection. The name is ignored when creating a AppConnection.",
          "type": "string"
        },
        "displayName": {
          "type": "string",
          "description": "Optional. An arbitrary user-provided name for the AppConnection. Cannot exceed 64 characters."
        },
        "applicationEndpoint": {
          "$ref": "GoogleCloudBeyondcorpAppconnectionsV1alphaAppConnectionApplicationEndpoint",
          "description": "Required. Address of the remote application endpoint for the BeyondCorp AppConnection."
        },
        "uid": {
          "type": "string",
          "description": "Output only. A unique identifier for the instance generated by the system.",
          "readOnly": true
        },
        "labels": {
          "description": "Optional. Resource labels to represent user provided metadata.",
          "type": "object",
          "additionalProperties": {
            "type": "string"
          }
        },
        "createTime": {
          "type": "string",
          "format": "google-datetime",
          "description": "Output only. Timestamp when the resource was created.",
          "readOnly": true
        },
        "state": {
          "enum": [
            "STATE_UNSPECIFIED",
            "CREATING",
            "CREATED",
            "UPDATING",
            "DELETING",
            "DOWN"
          ],
          "type": "string",
          "enumDescriptions": [
            "Default value. This value is unused.",
            "AppConnection is being created.",
            "AppConnection has been created.",
            "AppConnection's configuration is being updated.",
            "AppConnection is being deleted.",
            "AppConnection is down and may be restored in the future. This happens when CCFE sends ProjectState = OFF."
          ],
          "description": "Output only. The current state of the AppConnection.",
          "readOnly": true
        },
        "satisfiesPzi": {
          "description": "Output only. Reserved for future use.",
          "readOnly": true,
          "type": "boolean"
        },
        "satisfiesPzs": {
          "type": "boolean",
          "description": "Output only. Reserved for future use.",
          "readOnly": true
        },
        "type": {
          "type": "string",
          "enumDescriptions": [
            "Default value. This value is unused.",
            "TCP Proxy based BeyondCorp AppConnection. API will default to this if unset."
          ],
          "description": "Required. The type of network connectivity used by the AppConnection.",
          "enum": [
            "TYPE_UNSPECIFIED",
            "TCP_PROXY"
          ]
        },
        "gateway": {
          "$ref": "GoogleCloudBeyondcorpAppconnectionsV1alphaAppConnectionGateway",
          "description": "Optional. Gateway used by the AppConnection."
        },
        "updateTime": {
          "type": "string",
          "description": "Output only. Timestamp when the resource was last modified.",
          "readOnly": true,
          "format": "google-datetime"
        }
      },
      "description": "A BeyondCorp AppConnection resource represents a BeyondCorp protected AppConnection to a remote application. It creates all the necessary GCP components needed for creating a BeyondCorp protected AppConnection. Multiple connectors can be authorized for a single AppConnection.",
      "type": "object"
    },
    "GoogleRpcStatus": {
      "type": "object",
      "description": "The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors).",
      "id": "GoogleRpcStatus",
      "properties": {
        "code": {
          "description": "The status code, which should be an enum value of google.rpc.Code.",
          "format": "int32",
          "type": "integer"
        },
        "message": {
          "type": "string",
          "description": "A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client."
        },
        "details": {
          "type": "array",
          "description": "A list of messages that carry the error details. There is a common set of message types for APIs to use.",
          "items": {
            "type": "object",
            "additionalProperties": {
              "type": "any",
              "description": "Properties of the object. Contains field @type with type URL."
            }
          }
        }
      }
    },
    "GoogleCloudBeyondcorpAppconnectorsV1alphaAppConnector": {
      "description": "A BeyondCorp connector resource that represents an application facing component deployed proximal to and with direct access to the application instances. It is used to establish connectivity between the remote enterprise environment and GCP. It initiates connections to the applications and can proxy the data from users over the connection.",
      "id": "GoogleCloudBeyondcorpAppconnectorsV1alphaAppConnector",
      "properties": {
        "uid": {
          "type": "string",
          "description": "Output only. A unique identifier for the instance generated by the system.",
          "readOnly": true
        },
        "resourceInfo": {
          "$ref": "GoogleCloudBeyondcorpAppconnectorsV1alphaResourceInfo",
          "description": "Optional. Resource info of the connector."
        },
        "displayName": {
          "type": "string",
          "description": "Optional. An arbitrary user-provided name for the AppConnector. Cannot exceed 64 characters."
        },
        "updateTime": {
          "type": "string",
          "description": "Output only. Timestamp when the resource was last modified.",
          "readOnly": true,
          "format": "google-datetime"
        },
        "state": {
          "description": "Output only. The current state of the AppConnector.",
          "readOnly": true,
          "enum": [
            "STATE_UNSPECIFIED",
            "CREATING",
            "CREATED",
            "UPDATING",
            "DELETING",
            "DOWN"
          ],
          "type": "string",
          "enumDescriptions": [
            "Default value. This value is unused.",
            "AppConnector is being created.",
            "AppConnector has been created.",
            "AppConnector's configuration is being updated.",
            "AppConnector is being deleted.",
            "AppConnector is down and may be restored in the future. This happens when CCFE sends ProjectState = OFF."
          ]
        },
        "createTime": {
          "type": "string",
          "format": "google-datetime",
          "description": "Output only. Timestamp when the resource was created.",
          "readOnly": true
        },
        "principalInfo": {
          "description": "Required. Principal information about the Identity of the AppConnector.",
          "$ref": "GoogleCloudBeyondcorpAppconnectorsV1alphaAppConnectorPrincipalInfo"
        },
        "name": {
          "description": "Required. Unique resource name of the AppConnector. The name is ignored when creating a AppConnector.",
          "type": "string"
        },
        "labels": {
          "description": "Optional. Resource labels to represent user provided metadata.",
          "type": "object",
          "additionalProperties": {
            "type": "string"
          }
        }
      },
      "type": "object"
    },
    "GoogleCloudBeyondcorpSecuritygatewaysV1alphaHub": {
      "description": "The Hub message contains information pertaining to the regional data path deployments.",
      "id": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaHub",
      "properties": {
        "internetGateway": {
          "description": "Optional. Internet Gateway configuration.",
          "$ref": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaInternetGateway"
        }
      },
      "type": "object"
    },
    "NotificationConfig": {
      "description": "NotificationConfig defines the mechanisms to notify instance agent.",
      "id": "NotificationConfig",
      "properties": {
        "pubsubNotification": {
          "$ref": "CloudPubSubNotificationConfig",
          "description": "Pub/Sub topic for Connector to subscribe and receive notifications from `projects/{project}/topics/{pubsub_topic}`"
        }
      },
      "type": "object"
    },
    "AllocatedConnection": {
      "type": "object",
      "description": "Allocated connection of the AppGateway.",
      "id": "AllocatedConnection",
      "properties": {
        "ingressPort": {
          "type": "integer",
          "format": "int32",
          "description": "Required. The ingress port of an allocated connection"
        },
        "pscUri": {
          "type": "string",
          "description": "Required. The PSC uri of an allocated connection"
        }
      }
    },
    "GoogleTypeExpr": {
      "id": "GoogleTypeExpr",
      "properties": {
        "title": {
          "description": "Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.",
          "type": "string"
        },
        "location": {
          "description": "Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.",
          "type": "string"
        },
        "expression": {
          "type": "string",
          "description": "Textual representation of an expression in Common Expression Language syntax."
        },
        "description": {
          "description": "Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.",
          "type": "string"
        }
      },
      "description": "Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: \"Summary size limit\" description: \"Determines if a summary is less than 100 chars\" expression: \"document.summary.size() \u003c 100\" Example (Equality): title: \"Requestor is owner\" description: \"Determines if requestor is the document owner\" expression: \"document.owner == request.auth.claims.email\" Example (Logic): title: \"Public documents\" description: \"Determine whether the document should be publicly visible\" expression: \"document.type != 'private' && document.type != 'internal'\" Example (Data Manipulation): title: \"Notification string\" description: \"Create a notification string with a timestamp.\" expression: \"'New message received at ' + string(document.create_time)\" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.",
      "type": "object"
    },
    "GoogleCloudBeyondcorpSecuritygatewaysV1alphaApplicationUpstreamNetwork": {
      "id": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaApplicationUpstreamNetwork",
      "properties": {
        "name": {
          "description": "Required. Network name is of the format: `projects/{project}/global/networks/{network}",
          "type": "string"
        }
      },
      "description": "Network to forward traffic to.",
      "type": "object"
    },
    "GoogleCloudBeyondcorpSecuritygatewaysV1alphaContextualHeadersDelegatedDeviceInfo": {
      "type": "object",
      "description": "The delegated device information configuration.",
      "id": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaContextualHeadersDelegatedDeviceInfo",
      "properties": {
        "outputType": {
          "description": "Optional. The output type details for the delegated device.",
          "enum": [
            "OUTPUT_TYPE_UNSPECIFIED",
            "PROTOBUF",
            "JSON",
            "NONE"
          ],
          "type": "string",
          "enumDescriptions": [
            "The unspecified output type.",
            "Protobuf output type.",
            "JSON output type.",
            "Explicitly disable header output."
          ]
        }
      }
    },
    "CloudPubSubNotificationConfig": {
      "type": "object",
      "id": "CloudPubSubNotificationConfig",
      "properties": {
        "pubsubSubscription": {
          "type": "string",
          "description": "The Pub/Sub subscription the connector uses to receive notifications."
        }
      },
      "description": "The configuration for Pub/Sub messaging for the connector."
    },
    "ContainerHealthDetails": {
      "type": "object",
      "id": "ContainerHealthDetails",
      "properties": {
        "extendedStatus": {
          "type": "object",
          "additionalProperties": {
            "type": "string"
          },
          "description": "The extended status. Such as ExitCode, StartedAt, FinishedAt, etc."
        },
        "expectedConfigVersion": {
          "type": "string",
          "description": "The version of the expected config."
        },
        "currentConfigVersion": {
          "description": "The version of the current config.",
          "type": "string"
        },
        "errorMsg": {
          "type": "string",
          "description": "The latest error message."
        }
      },
      "description": "ContainerHealthDetails reflects the health details of a container."
    },
    "GoogleIamV1AuditLogConfig": {
      "description": "Provides the configuration for logging a type of permissions. Example: { \"audit_log_configs\": [ { \"log_type\": \"DATA_READ\", \"exempted_members\": [ \"user:jose@example.com\" ] }, { \"log_type\": \"DATA_WRITE\" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.",
      "id": "GoogleIamV1AuditLogConfig",
      "properties": {
        "exemptedMembers": {
          "description": "Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.",
          "items": {
            "type": "string"
          },
          "type": "array"
        },
        "logType": {
          "type": "string",
          "enumDescriptions": [
            "Default case. Should never be this.",
            "Admin reads. Example: CloudIAM getIamPolicy",
            "Data writes. Example: CloudSQL Users create",
            "Data reads. Example: CloudSQL Users list"
          ],
          "description": "The log type that this config enables.",
          "enum": [
            "LOG_TYPE_UNSPECIFIED",
            "ADMIN_READ",
            "DATA_WRITE",
            "DATA_READ"
          ]
        }
      },
      "type": "object"
    },
    "GoogleCloudBeyondcorpSecuritygatewaysV1alphaServiceDiscoveryApiGateway": {
      "type": "object",
      "id": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaServiceDiscoveryApiGateway",
      "properties": {
        "resourceOverride": {
          "description": "Optional. Enables fetching resource model updates to alter service behavior per Chrome profile.",
          "$ref": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaServiceDiscoveryApiGatewayOperationDescriptor"
        }
      },
      "description": "If Service Discovery is done through API, defines its settings."
    },
    "GoogleCloudBeyondcorpPartnerservicesV1alphaPartnerServiceOperationMetadata": {
      "id": "GoogleCloudBeyondcorpPartnerservicesV1alphaPartnerServiceOperationMetadata",
      "properties": {
        "requestedCancellation": {
          "type": "boolean",
          "description": "Output only. Identifies whether the caller has requested cancellation of the operation. Operations that have successfully been cancelled have Operation.error value with a google.rpc.Status.code of 1, corresponding to `Code.CANCELLED`.",
          "readOnly": true
        },
        "endTime": {
          "type": "string",
          "format": "google-datetime",
          "description": "Output only. The time the operation finished running.",
          "readOnly": true
        },
        "verb": {
          "type": "string",
          "description": "Output only. Name of the verb executed by the operation.",
          "readOnly": true
        },
        "statusMessage": {
          "type": "string",
          "description": "Output only. Human-readable status of the operation, if any.",
          "readOnly": true
        },
        "apiVersion": {
          "type": "string",
          "description": "Output only. API version used to start the operation.",
          "readOnly": true
        },
        "createTime": {
          "type": "string",
          "format": "google-datetime",
          "description": "Output only. The time the operation was created.",
          "readOnly": true
        },
        "target": {
          "description": "Output only. Server-defined resource path for the target of the operation.",
          "readOnly": true,
          "type": "string"
        }
      },
      "description": "Represents the metadata of the long-running operation.",
      "deprecated": true,
      "type": "object"
    },
    "GoogleCloudLocationListLocationsResponse": {
      "description": "The response message for Locations.ListLocations.",
      "id": "GoogleCloudLocationListLocationsResponse",
      "properties": {
        "locations": {
          "items": {
            "$ref": "GoogleCloudLocationLocation"
          },
          "description": "A list of locations that matches the specified filter in the request.",
          "type": "array"
        },
        "nextPageToken": {
          "type": "string",
          "description": "The standard List next-page token."
        }
      },
      "type": "object"
    },
    "GoogleCloudBeyondcorpSecuritygatewaysV1alphaContextualHeadersDelegatedGroupInfo": {
      "type": "object",
      "id": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaContextualHeadersDelegatedGroupInfo",
      "properties": {
        "outputType": {
          "description": "Optional. The output type of the delegated group information.",
          "enum": [
            "OUTPUT_TYPE_UNSPECIFIED",
            "PROTOBUF",
            "JSON",
            "NONE"
          ],
          "type": "string",
          "enumDescriptions": [
            "The unspecified output type.",
            "Protobuf output type.",
            "JSON output type.",
            "Explicitly disable header output."
          ]
        }
      },
      "description": "The delegated group configuration details."
    },
    "ServiceAccount": {
      "type": "object",
      "description": "ServiceAccount represents a GCP service account.",
      "id": "ServiceAccount",
      "properties": {
        "email": {
          "type": "string",
          "description": "Email address of the service account."
        }
      }
    },
    "GoogleCloudBeyondcorpAppconnectorsV1alphaAppConnectorPrincipalInfo": {
      "description": "PrincipalInfo represents an Identity oneof.",
      "id": "GoogleCloudBeyondcorpAppconnectorsV1alphaAppConnectorPrincipalInfo",
      "properties": {
        "serviceAccount": {
          "description": "A GCP service account.",
          "$ref": "GoogleCloudBeyondcorpAppconnectorsV1alphaAppConnectorPrincipalInfoServiceAccount"
        }
      },
      "type": "object"
    },
    "ReportStatusRequest": {
      "id": "ReportStatusRequest",
      "properties": {
        "resourceInfo": {
          "description": "Required. Resource info of the connector.",
          "$ref": "ResourceInfo"
        },
        "requestId": {
          "description": "Optional. An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).",
          "type": "string"
        },
        "validateOnly": {
          "type": "boolean",
          "description": "Optional. If set, validates request by executing a dry-run which would not alter the resource in any way."
        }
      },
      "description": "Request report the connector status.",
      "type": "object"
    }
  },
  "ownerName": "Google",
  "revision": "20260429",
  "batchPath": "batch",
  "baseUrl": "https://beyondcorp.googleapis.com/",
  "basePath": "",
  "icons": {
    "x32": "http://www.google.com/images/icons/product/search-32.gif",
    "x16": "http://www.google.com/images/icons/product/search-16.gif"
  },
  "protocol": "rest",
  "id": "beyondcorp:v1alpha",
  "resources": {
    "projects": {
      "resources": {
        "locations": {
          "methods": {
            "list": {
              "httpMethod": "GET",
              "path": "v1alpha/{+name}/locations",
              "parameterOrder": [
                "name"
              ],
              "id": "beyondcorp.projects.locations.list",
              "scopes": [
                "https://www.googleapis.com/auth/cloud-platform"
              ],
              "description": "Lists information about the supported locations for this service. This method lists locations based on the resource scope provided in the ListLocationsRequest.name field: * **Global locations**: If `name` is empty, the method lists the public locations available to all projects. * **Project-specific locations**: If `name` follows the format `projects/{project}`, the method lists locations visible to that specific project. This includes public, private, or other project-specific locations enabled for the project. For gRPC and client library implementations, the resource name is passed as the `name` field. For direct service calls, the resource name is incorporated into the request path based on the specific service implementation and version.",
              "flatPath": "v1alpha/projects/{projectsId}/locations",
              "response": {
                "$ref": "GoogleCloudLocationListLocationsResponse"
              },
              "parameters": {
                "name": {
                  "type": "string",
                  "description": "The resource that owns the locations collection, if applicable.",
                  "pattern": "^projects/[^/]+$",
                  "required": true,
                  "location": "path"
                },
                "filter": {
                  "description": "A filter to narrow down results to a preferred subset. The filtering language accepts strings like `\"displayName=tokyo\"`, and is documented in more detail in [AIP-160](https://google.aip.dev/160).",
                  "location": "query",
                  "type": "string"
                },
                "pageSize": {
                  "format": "int32",
                  "description": "The maximum number of results to return. If not set, the service selects a default.",
                  "location": "query",
                  "type": "integer"
                },
                "extraLocationTypes": {
                  "repeated": true,
                  "location": "query",
                  "type": "string",
                  "description": "Optional. Do not use this field unless explicitly documented otherwise. This is primarily for internal usage."
                },
                "pageToken": {
                  "location": "query",
                  "type": "string",
                  "description": "A page token received from the `next_page_token` field in the response. Send that page token to receive the subsequent page."
                }
              }
            },
            "get": {
              "httpMethod": "GET",
              "id": "beyondcorp.projects.locations.get",
              "scopes": [
                "https://www.googleapis.com/auth/cloud-platform"
              ],
              "description": "Gets information about a location.",
              "path": "v1alpha/{+name}",
              "parameterOrder": [
                "name"
              ],
              "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}",
              "response": {
                "$ref": "GoogleCloudLocationLocation"
              },
              "parameters": {
                "name": {
                  "type": "string",
                  "required": true,
                  "description": "Resource name for the location.",
                  "pattern": "^projects/[^/]+/locations/[^/]+$",
                  "location": "path"
                }
              }
            }
          },
          "resources": {
            "appGateways": {
              "methods": {
                "delete": {
                  "parameters": {
                    "requestId": {
                      "description": "Optional. An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).",
                      "location": "query",
                      "type": "string"
                    },
                    "name": {
                      "location": "path",
                      "description": "Required. BeyondCorp AppGateway name using the form: `projects/{project_id}/locations/{location_id}/appGateways/{app_gateway_id}`",
                      "pattern": "^projects/[^/]+/locations/[^/]+/appGateways/[^/]+$",
                      "required": true,
                      "type": "string"
                    },
                    "validateOnly": {
                      "description": "Optional. If set, validates request by executing a dry-run which would not alter the resource in any way.",
                      "location": "query",
                      "type": "boolean"
                    }
                  },
                  "response": {
                    "$ref": "GoogleLongrunningOperation"
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/appGateways/{appGatewaysId}",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Deletes a single AppGateway.",
                  "id": "beyondcorp.projects.locations.appGateways.delete",
                  "path": "v1alpha/{+name}",
                  "parameterOrder": [
                    "name"
                  ],
                  "httpMethod": "DELETE"
                },
                "testIamPermissions": {
                  "path": "v1alpha/{+resource}:testIamPermissions",
                  "parameterOrder": [
                    "resource"
                  ],
                  "id": "beyondcorp.projects.locations.appGateways.testIamPermissions",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a `NOT_FOUND` error. Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may \"fail open\" without warning.",
                  "httpMethod": "POST",
                  "parameters": {
                    "resource": {
                      "type": "string",
                      "required": true,
                      "description": "REQUIRED: The resource for which the policy detail is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
                      "pattern": "^projects/[^/]+/locations/[^/]+/appGateways/[^/]+$",
                      "location": "path"
                    }
                  },
                  "request": {
                    "$ref": "GoogleIamV1TestIamPermissionsRequest"
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/appGateways/{appGatewaysId}:testIamPermissions",
                  "response": {
                    "$ref": "GoogleIamV1TestIamPermissionsResponse"
                  }
                },
                "list": {
                  "path": "v1alpha/{+parent}/appGateways",
                  "parameterOrder": [
                    "parent"
                  ],
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Lists AppGateways in a given project and location.",
                  "id": "beyondcorp.projects.locations.appGateways.list",
                  "httpMethod": "GET",
                  "parameters": {
                    "parent": {
                      "location": "path",
                      "required": true,
                      "description": "Required. The resource name of the AppGateway location using the form: `projects/{project_id}/locations/{location_id}`",
                      "pattern": "^projects/[^/]+/locations/[^/]+$",
                      "type": "string"
                    },
                    "pageSize": {
                      "format": "int32",
                      "description": "Optional. The maximum number of items to return. If not specified, a default value of 50 will be used by the service. Regardless of the page_size value, the response may include a partial list and a caller should only rely on response's next_page_token to determine if there are more instances left to be queried.",
                      "location": "query",
                      "type": "integer"
                    },
                    "filter": {
                      "location": "query",
                      "type": "string",
                      "description": "Optional. A filter specifying constraints of a list operation."
                    },
                    "orderBy": {
                      "location": "query",
                      "type": "string",
                      "description": "Optional. Specifies the ordering of results. See [Sorting order](https://cloud.google.com/apis/design/design_patterns#sorting_order) for more information."
                    },
                    "pageToken": {
                      "description": "Optional. The next_page_token value returned from a previous ListAppGatewaysRequest, if any.",
                      "location": "query",
                      "type": "string"
                    }
                  },
                  "response": {
                    "$ref": "ListAppGatewaysResponse"
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/appGateways"
                },
                "getIamPolicy": {
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.",
                  "id": "beyondcorp.projects.locations.appGateways.getIamPolicy",
                  "path": "v1alpha/{+resource}:getIamPolicy",
                  "parameterOrder": [
                    "resource"
                  ],
                  "httpMethod": "GET",
                  "parameters": {
                    "options.requestedPolicyVersion": {
                      "location": "query",
                      "type": "integer",
                      "format": "int32",
                      "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
                    },
                    "resource": {
                      "type": "string",
                      "required": true,
                      "description": "REQUIRED: The resource for which the policy is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
                      "pattern": "^projects/[^/]+/locations/[^/]+/appGateways/[^/]+$",
                      "location": "path"
                    }
                  },
                  "response": {
                    "$ref": "GoogleIamV1Policy"
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/appGateways/{appGatewaysId}:getIamPolicy"
                },
                "create": {
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Creates a new AppGateway in a given project and location.",
                  "id": "beyondcorp.projects.locations.appGateways.create",
                  "path": "v1alpha/{+parent}/appGateways",
                  "parameterOrder": [
                    "parent"
                  ],
                  "httpMethod": "POST",
                  "parameters": {
                    "requestId": {
                      "location": "query",
                      "type": "string",
                      "description": "Optional. An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000)."
                    },
                    "parent": {
                      "type": "string",
                      "location": "path",
                      "required": true,
                      "description": "Required. The resource project name of the AppGateway location using the form: `projects/{project_id}/locations/{location_id}`",
                      "pattern": "^projects/[^/]+/locations/[^/]+$"
                    },
                    "appGatewayId": {
                      "description": "Optional. User-settable AppGateway resource ID. * Must start with a letter. * Must contain between 4-63 characters from `/a-z-/`. * Must end with a number or a letter.",
                      "location": "query",
                      "type": "string"
                    },
                    "validateOnly": {
                      "description": "Optional. If set, validates request by executing a dry-run which would not alter the resource in any way.",
                      "location": "query",
                      "type": "boolean"
                    }
                  },
                  "response": {
                    "$ref": "GoogleLongrunningOperation"
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/appGateways",
                  "request": {
                    "$ref": "AppGateway"
                  }
                },
                "get": {
                  "parameters": {
                    "name": {
                      "type": "string",
                      "required": true,
                      "description": "Required. BeyondCorp AppGateway name using the form: `projects/{project_id}/locations/{location_id}/appGateways/{app_gateway_id}`",
                      "pattern": "^projects/[^/]+/locations/[^/]+/appGateways/[^/]+$",
                      "location": "path"
                    }
                  },
                  "response": {
                    "$ref": "AppGateway"
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/appGateways/{appGatewaysId}",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Gets details of a single AppGateway.",
                  "id": "beyondcorp.projects.locations.appGateways.get",
                  "path": "v1alpha/{+name}",
                  "parameterOrder": [
                    "name"
                  ],
                  "httpMethod": "GET"
                },
                "setIamPolicy": {
                  "httpMethod": "POST",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.",
                  "id": "beyondcorp.projects.locations.appGateways.setIamPolicy",
                  "path": "v1alpha/{+resource}:setIamPolicy",
                  "parameterOrder": [
                    "resource"
                  ],
                  "response": {
                    "$ref": "GoogleIamV1Policy"
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/appGateways/{appGatewaysId}:setIamPolicy",
                  "request": {
                    "$ref": "GoogleIamV1SetIamPolicyRequest"
                  },
                  "parameters": {
                    "resource": {
                      "type": "string",
                      "location": "path",
                      "required": true,
                      "description": "REQUIRED: The resource for which the policy is being specified. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
                      "pattern": "^projects/[^/]+/locations/[^/]+/appGateways/[^/]+$"
                    }
                  }
                }
              }
            },
            "appConnections": {
              "methods": {
                "list": {
                  "path": "v1alpha/{+parent}/appConnections",
                  "parameterOrder": [
                    "parent"
                  ],
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Lists AppConnections in a given project and location.",
                  "id": "beyondcorp.projects.locations.appConnections.list",
                  "httpMethod": "GET",
                  "parameters": {
                    "parent": {
                      "type": "string",
                      "description": "Required. The resource name of the AppConnection location using the form: `projects/{project_id}/locations/{location_id}`",
                      "pattern": "^projects/[^/]+/locations/[^/]+$",
                      "required": true,
                      "location": "path"
                    },
                    "pageSize": {
                      "format": "int32",
                      "description": "Optional. The maximum number of items to return. If not specified, a default value of 50 will be used by the service. Regardless of the page_size value, the response may include a partial list and a caller should only rely on response's next_page_token to determine if there are more instances left to be queried.",
                      "location": "query",
                      "type": "integer"
                    },
                    "filter": {
                      "description": "Optional. A filter specifying constraints of a list operation.",
                      "location": "query",
                      "type": "string"
                    },
                    "orderBy": {
                      "description": "Optional. Specifies the ordering of results. See [Sorting order](https://cloud.google.com/apis/design/design_patterns#sorting_order) for more information.",
                      "location": "query",
                      "type": "string"
                    },
                    "pageToken": {
                      "description": "Optional. The next_page_token value returned from a previous ListAppConnectionsRequest, if any.",
                      "location": "query",
                      "type": "string"
                    }
                  },
                  "response": {
                    "$ref": "GoogleCloudBeyondcorpAppconnectionsV1alphaListAppConnectionsResponse"
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/appConnections"
                },
                "testIamPermissions": {
                  "httpMethod": "POST",
                  "id": "beyondcorp.projects.locations.appConnections.testIamPermissions",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a `NOT_FOUND` error. Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may \"fail open\" without warning.",
                  "path": "v1alpha/{+resource}:testIamPermissions",
                  "parameterOrder": [
                    "resource"
                  ],
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/appConnections/{appConnectionsId}:testIamPermissions",
                  "response": {
                    "$ref": "GoogleIamV1TestIamPermissionsResponse"
                  },
                  "request": {
                    "$ref": "GoogleIamV1TestIamPermissionsRequest"
                  },
                  "parameters": {
                    "resource": {
                      "location": "path",
                      "description": "REQUIRED: The resource for which the policy detail is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
                      "pattern": "^projects/[^/]+/locations/[^/]+/appConnections/[^/]+$",
                      "required": true,
                      "type": "string"
                    }
                  }
                },
                "setIamPolicy": {
                  "path": "v1alpha/{+resource}:setIamPolicy",
                  "parameterOrder": [
                    "resource"
                  ],
                  "id": "beyondcorp.projects.locations.appConnections.setIamPolicy",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.",
                  "httpMethod": "POST",
                  "parameters": {
                    "resource": {
                      "required": true,
                      "description": "REQUIRED: The resource for which the policy is being specified. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
                      "pattern": "^projects/[^/]+/locations/[^/]+/appConnections/[^/]+$",
                      "location": "path",
                      "type": "string"
                    }
                  },
                  "request": {
                    "$ref": "GoogleIamV1SetIamPolicyRequest"
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/appConnections/{appConnectionsId}:setIamPolicy",
                  "response": {
                    "$ref": "GoogleIamV1Policy"
                  }
                },
                "getIamPolicy": {
                  "httpMethod": "GET",
                  "path": "v1alpha/{+resource}:getIamPolicy",
                  "parameterOrder": [
                    "resource"
                  ],
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.",
                  "id": "beyondcorp.projects.locations.appConnections.getIamPolicy",
                  "response": {
                    "$ref": "GoogleIamV1Policy"
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/appConnections/{appConnectionsId}:getIamPolicy",
                  "parameters": {
                    "options.requestedPolicyVersion": {
                      "location": "query",
                      "type": "integer",
                      "format": "int32",
                      "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
                    },
                    "resource": {
                      "location": "path",
                      "description": "REQUIRED: The resource for which the policy is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
                      "pattern": "^projects/[^/]+/locations/[^/]+/appConnections/[^/]+$",
                      "required": true,
                      "type": "string"
                    }
                  }
                },
                "delete": {
                  "parameters": {
                    "requestId": {
                      "description": "Optional. An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if the original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).",
                      "location": "query",
                      "type": "string"
                    },
                    "name": {
                      "location": "path",
                      "required": true,
                      "description": "Required. BeyondCorp Connector name using the form: `projects/{project_id}/locations/{location_id}/appConnections/{app_connection_id}`",
                      "pattern": "^projects/[^/]+/locations/[^/]+/appConnections/[^/]+$",
                      "type": "string"
                    },
                    "validateOnly": {
                      "location": "query",
                      "type": "boolean",
                      "description": "Optional. If set, validates request by executing a dry-run which would not alter the resource in any way."
                    }
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/appConnections/{appConnectionsId}",
                  "response": {
                    "$ref": "GoogleLongrunningOperation"
                  },
                  "path": "v1alpha/{+name}",
                  "parameterOrder": [
                    "name"
                  ],
                  "id": "beyondcorp.projects.locations.appConnections.delete",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Deletes a single AppConnection.",
                  "httpMethod": "DELETE"
                },
                "create": {
                  "httpMethod": "POST",
                  "path": "v1alpha/{+parent}/appConnections",
                  "parameterOrder": [
                    "parent"
                  ],
                  "id": "beyondcorp.projects.locations.appConnections.create",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Creates a new AppConnection in a given project and location.",
                  "request": {
                    "$ref": "GoogleCloudBeyondcorpAppconnectionsV1alphaAppConnection"
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/appConnections",
                  "response": {
                    "$ref": "GoogleLongrunningOperation"
                  },
                  "parameters": {
                    "requestId": {
                      "description": "Optional. An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if the original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).",
                      "location": "query",
                      "type": "string"
                    },
                    "parent": {
                      "required": true,
                      "description": "Required. The resource project name of the AppConnection location using the form: `projects/{project_id}/locations/{location_id}`",
                      "pattern": "^projects/[^/]+/locations/[^/]+$",
                      "location": "path",
                      "type": "string"
                    },
                    "appConnectionId": {
                      "location": "query",
                      "type": "string",
                      "description": "Optional. User-settable AppConnection resource ID. * Must start with a letter. * Must contain between 4-63 characters from `/a-z-/`. * Must end with a number or a letter."
                    },
                    "validateOnly": {
                      "location": "query",
                      "type": "boolean",
                      "description": "Optional. If set, validates request by executing a dry-run which would not alter the resource in any way."
                    }
                  }
                },
                "resolve": {
                  "id": "beyondcorp.projects.locations.appConnections.resolve",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Resolves AppConnections details for a given AppConnector. An internal method called by a connector to find AppConnections to connect to.",
                  "path": "v1alpha/{+parent}/appConnections:resolve",
                  "parameterOrder": [
                    "parent"
                  ],
                  "httpMethod": "GET",
                  "parameters": {
                    "parent": {
                      "type": "string",
                      "required": true,
                      "description": "Required. The resource name of the AppConnection location using the form: `projects/{project_id}/locations/{location_id}`",
                      "pattern": "^projects/[^/]+/locations/[^/]+$",
                      "location": "path"
                    },
                    "pageSize": {
                      "description": "Optional. The maximum number of items to return. If not specified, a default value of 50 will be used by the service. Regardless of the page_size value, the response may include a partial list and a caller should only rely on response's next_page_token to determine if there are more instances left to be queried.",
                      "format": "int32",
                      "location": "query",
                      "type": "integer"
                    },
                    "appConnectorId": {
                      "description": "Required. BeyondCorp Connector name of the connector associated with those AppConnections using the form: `projects/{project_id}/locations/{location_id}/appConnectors/{app_connector_id}`",
                      "location": "query",
                      "type": "string"
                    },
                    "pageToken": {
                      "location": "query",
                      "type": "string",
                      "description": "Optional. The next_page_token value returned from a previous ResolveAppConnectionsResponse, if any."
                    }
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/appConnections:resolve",
                  "response": {
                    "$ref": "GoogleCloudBeyondcorpAppconnectionsV1alphaResolveAppConnectionsResponse"
                  }
                },
                "get": {
                  "response": {
                    "$ref": "GoogleCloudBeyondcorpAppconnectionsV1alphaAppConnection"
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/appConnections/{appConnectionsId}",
                  "parameters": {
                    "name": {
                      "location": "path",
                      "description": "Required. BeyondCorp AppConnection name using the form: `projects/{project_id}/locations/{location_id}/appConnections/{app_connection_id}`",
                      "pattern": "^projects/[^/]+/locations/[^/]+/appConnections/[^/]+$",
                      "required": true,
                      "type": "string"
                    }
                  },
                  "httpMethod": "GET",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Gets details of a single AppConnection.",
                  "id": "beyondcorp.projects.locations.appConnections.get",
                  "path": "v1alpha/{+name}",
                  "parameterOrder": [
                    "name"
                  ]
                },
                "patch": {
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Updates the parameters of a single AppConnection.",
                  "id": "beyondcorp.projects.locations.appConnections.patch",
                  "path": "v1alpha/{+name}",
                  "parameterOrder": [
                    "name"
                  ],
                  "httpMethod": "PATCH",
                  "parameters": {
                    "name": {
                      "description": "Required. Unique resource name of the AppConnection. The name is ignored when creating a AppConnection.",
                      "pattern": "^projects/[^/]+/locations/[^/]+/appConnections/[^/]+$",
                      "required": true,
                      "location": "path",
                      "type": "string"
                    },
                    "updateMask": {
                      "description": "Required. Mask of fields to update. At least one path must be supplied in this field. The elements of the repeated paths field may only include these fields from [BeyondCorp.AppConnection]: * `labels` * `display_name` * `application_endpoint` * `connectors`",
                      "format": "google-fieldmask",
                      "location": "query",
                      "type": "string"
                    },
                    "validateOnly": {
                      "description": "Optional. If set, validates request by executing a dry-run which would not alter the resource in any way.",
                      "location": "query",
                      "type": "boolean"
                    },
                    "requestId": {
                      "description": "Optional. An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if the original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).",
                      "location": "query",
                      "type": "string"
                    },
                    "allowMissing": {
                      "location": "query",
                      "type": "boolean",
                      "description": "Optional. If set as true, will create the resource if it is not found."
                    }
                  },
                  "response": {
                    "$ref": "GoogleLongrunningOperation"
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/appConnections/{appConnectionsId}",
                  "request": {
                    "$ref": "GoogleCloudBeyondcorpAppconnectionsV1alphaAppConnection"
                  }
                }
              }
            },
            "insights": {
              "methods": {
                "list": {
                  "parameters": {
                    "parent": {
                      "location": "path",
                      "required": true,
                      "description": "Required. The resource name of InsightMetadata using the form: `organizations/{organization_id}/locations/{location}` `projects/{project_id}/locations/{location_id}`",
                      "pattern": "^projects/[^/]+/locations/[^/]+$",
                      "type": "string"
                    },
                    "pageSize": {
                      "location": "query",
                      "type": "integer",
                      "description": "Optional. Requested page size. Server may return fewer items than requested. If unspecified, server will pick an appropriate default. NOTE: Default page size is 50.",
                      "format": "int32"
                    },
                    "filter": {
                      "description": "Optional. Filter expression to restrict the insights returned. Supported filter fields: * `type` * `category` * `subCategory` Examples: * \"category = application AND type = count\" * \"category = application AND subCategory = iap\" * \"type = status\" Allowed values: * type: [count, latency, status, list] * category: [application, device, request, security] * subCategory: [iap, caa, webprotect] NOTE: Only equality based comparison is allowed. Only `AND` conjunction is allowed. NOTE: The 'AND' in the filter field needs to be in capital letters only. NOTE: Just filtering on `subCategory` is not allowed. It should be passed in with the parent `category` too. (These expressions are based on the filter language described at https://google.aip.dev/160).",
                      "location": "query",
                      "type": "string"
                    },
                    "endTime": {
                      "location": "query",
                      "type": "string",
                      "format": "google-datetime",
                      "description": "Optional. Ending time for the duration for which insights are to be pulled. The default is the current time."
                    },
                    "aggregation": {
                      "description": "Optional. Aggregation type. The default is 'DAILY'.",
                      "location": "query",
                      "enum": [
                        "AGGREGATION_UNSPECIFIED",
                        "HOURLY",
                        "DAILY",
                        "WEEKLY",
                        "MONTHLY",
                        "CUSTOM_DATE_RANGE"
                      ],
                      "type": "string",
                      "enumDescriptions": [
                        "Unspecified.",
                        "Insight should be aggregated at hourly level.",
                        "Insight should be aggregated at daily level.",
                        "Insight should be aggregated at weekly level.",
                        "Insight should be aggregated at monthly level.",
                        "Insight should be aggregated at the custom date range passed in as the start and end time in the request."
                      ]
                    },
                    "orderBy": {
                      "location": "query",
                      "type": "string",
                      "description": "Optional. Hint for how to order the results. This is currently ignored."
                    },
                    "startTime": {
                      "location": "query",
                      "type": "string",
                      "description": "Optional. Starting time for the duration for which insights are to be pulled. The default is 7 days before the current time.",
                      "format": "google-datetime"
                    },
                    "pageToken": {
                      "location": "query",
                      "type": "string",
                      "description": "Optional. A token identifying a page of results the server should return."
                    },
                    "view": {
                      "type": "string",
                      "enumDescriptions": [
                        "The default / unset value. The API will default to the BASIC view.",
                        "Include basic metadata about the insight, but not the insight data. This is the default value (for both ListInsights and GetInsight).",
                        "Include everything."
                      ],
                      "enum": [
                        "INSIGHT_VIEW_UNSPECIFIED",
                        "BASIC",
                        "FULL"
                      ],
                      "location": "query",
                      "description": "Required. List only metadata or full data."
                    }
                  },
                  "response": {
                    "$ref": "GoogleCloudBeyondcorpSaasplatformInsightsV1alphaListInsightsResponse"
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/insights",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Lists for all the available insights that could be fetched from the system. Allows to filter using category. Setting the `view` to `BASIC` will let you iterate over the list of insight metadatas.",
                  "id": "beyondcorp.projects.locations.insights.list",
                  "path": "v1alpha/{+parent}/insights",
                  "parameterOrder": [
                    "parent"
                  ],
                  "httpMethod": "GET"
                },
                "get": {
                  "httpMethod": "GET",
                  "path": "v1alpha/{+name}",
                  "parameterOrder": [
                    "name"
                  ],
                  "id": "beyondcorp.projects.locations.insights.get",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Gets the value for a selected particular insight with default configuration. The default aggregation level is 'DAILY' and no grouping will be applied or default grouping if applicable. The data will be returned for recent 7 days starting the day before. The insight data size will be limited to 50 rows. Use the organization level path for fetching at org level and project level path for fetching the insight value specific to a particular project. Setting the `view` to `BASIC` will only return the metadata for the insight.",
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/insights/{insightsId}",
                  "response": {
                    "$ref": "GoogleCloudBeyondcorpSaasplatformInsightsV1alphaInsight"
                  },
                  "parameters": {
                    "name": {
                      "type": "string",
                      "location": "path",
                      "required": true,
                      "description": "Required. The resource name of the insight using the form: `organizations/{organization_id}/locations/{location_id}/insights/{insight_id}` `projects/{project_id}/locations/{location_id}/insights/{insight_id}`",
                      "pattern": "^projects/[^/]+/locations/[^/]+/insights/[^/]+$"
                    },
                    "view": {
                      "type": "string",
                      "enumDescriptions": [
                        "The default / unset value. The API will default to the BASIC view.",
                        "Include basic metadata about the insight, but not the insight data. This is the default value (for both ListInsights and GetInsight).",
                        "Include everything."
                      ],
                      "enum": [
                        "INSIGHT_VIEW_UNSPECIFIED",
                        "BASIC",
                        "FULL"
                      ],
                      "location": "query",
                      "description": "Required. Metadata only or full data view."
                    }
                  }
                },
                "configuredInsight": {
                  "httpMethod": "GET",
                  "id": "beyondcorp.projects.locations.insights.configuredInsight",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Gets the value for a selected particular insight based on the provided filters. Use the organization level path for fetching at org level and project level path for fetching the insight value specific to a particular project.",
                  "path": "v1alpha/{+insight}:configuredInsight",
                  "parameterOrder": [
                    "insight"
                  ],
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/insights/{insightsId}:configuredInsight",
                  "response": {
                    "$ref": "GoogleCloudBeyondcorpSaasplatformInsightsV1alphaConfiguredInsightResponse"
                  },
                  "parameters": {
                    "startTime": {
                      "description": "Required. Starting time for the duration for which insight is to be pulled.",
                      "format": "google-datetime",
                      "location": "query",
                      "type": "string"
                    },
                    "customGrouping.fieldFilter": {
                      "location": "query",
                      "type": "string",
                      "description": "Optional. Filterable parameters to be added to the grouping clause. Available fields could be fetched by calling insight list and get APIs in `BASIC` view. `=` is the only comparison operator supported. `AND` is the only logical operator supported. Usage: field_filter=\"fieldName1=fieldVal1 AND fieldName2=fieldVal2\". NOTE: Only `AND` conditions are allowed. NOTE: Use the `filter_alias` from `Insight.Metadata.Field` message for the filtering the corresponding fields in this filter field. (These expressions are based on the filter language described at https://google.aip.dev/160)."
                    },
                    "pageToken": {
                      "description": "Optional. Used to fetch the page represented by the token. Fetches the first page when not set.",
                      "location": "query",
                      "type": "string"
                    },
                    "fieldFilter": {
                      "location": "query",
                      "type": "string",
                      "description": "Optional. Other filterable/configurable parameters as applicable to the selected insight. Available fields could be fetched by calling insight list and get APIs in `BASIC` view. `=` is the only comparison operator supported. `AND` is the only logical operator supported. Usage: field_filter=\"fieldName1=fieldVal1 AND fieldName2=fieldVal2\". NOTE: Only `AND` conditions are allowed. NOTE: Use the `filter_alias` from `Insight.Metadata.Field` message for the filtering the corresponding fields in this filter field. (These expressions are based on the filter language described at https://google.aip.dev/160)."
                    },
                    "endTime": {
                      "location": "query",
                      "type": "string",
                      "description": "Required. Ending time for the duration for which insight is to be pulled.",
                      "format": "google-datetime"
                    },
                    "pageSize": {
                      "format": "int32",
                      "description": "Optional. Requested page size. Server may return fewer items than requested. If unspecified, server will pick an appropriate default.",
                      "location": "query",
                      "type": "integer"
                    },
                    "insight": {
                      "type": "string",
                      "location": "path",
                      "required": true,
                      "description": "Required. The resource name of the insight using the form: `organizations/{organization_id}/locations/{location_id}/insights/{insight_id}` `projects/{project_id}/locations/{location_id}/insights/{insight_id}`.",
                      "pattern": "^projects/[^/]+/locations/[^/]+/insights/[^/]+$"
                    },
                    "group": {
                      "location": "query",
                      "type": "string",
                      "description": "Optional. Group id of the available groupings for the insight. Available groupings could be fetched by calling insight list and get APIs in `BASIC` view."
                    },
                    "aggregation": {
                      "location": "query",
                      "description": "Required. Aggregation type. Available aggregation could be fetched by calling insight list and get APIs in `BASIC` view.",
                      "type": "string",
                      "enumDescriptions": [
                        "Unspecified.",
                        "Insight should be aggregated at hourly level.",
                        "Insight should be aggregated at daily level.",
                        "Insight should be aggregated at weekly level.",
                        "Insight should be aggregated at monthly level.",
                        "Insight should be aggregated at the custom date range passed in as the start and end time in the request."
                      ],
                      "enum": [
                        "AGGREGATION_UNSPECIFIED",
                        "HOURLY",
                        "DAILY",
                        "WEEKLY",
                        "MONTHLY",
                        "CUSTOM_DATE_RANGE"
                      ]
                    },
                    "customGrouping.groupFields": {
                      "repeated": true,
                      "location": "query",
                      "type": "string",
                      "description": "Required. Fields to be used for grouping. NOTE: Use the `filter_alias` from `Insight.Metadata.Field` message for declaring the fields to be grouped-by here."
                    }
                  }
                }
              }
            },
            "connections": {
              "methods": {
                "delete": {
                  "path": "v1alpha/{+name}",
                  "parameterOrder": [
                    "name"
                  ],
                  "id": "beyondcorp.projects.locations.connections.delete",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Deletes a single Connection.",
                  "httpMethod": "DELETE",
                  "parameters": {
                    "requestId": {
                      "description": "Optional. An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).",
                      "location": "query",
                      "type": "string"
                    },
                    "name": {
                      "type": "string",
                      "required": true,
                      "description": "Required. BeyondCorp Connector name using the form: `projects/{project_id}/locations/{location_id}/connections/{connection_id}`",
                      "pattern": "^projects/[^/]+/locations/[^/]+/connections/[^/]+$",
                      "location": "path"
                    },
                    "validateOnly": {
                      "location": "query",
                      "type": "boolean",
                      "description": "Optional. If set, validates request by executing a dry-run which would not alter the resource in any way."
                    }
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/connections/{connectionsId}",
                  "response": {
                    "$ref": "GoogleLongrunningOperation"
                  }
                },
                "list": {
                  "path": "v1alpha/{+parent}/connections",
                  "parameterOrder": [
                    "parent"
                  ],
                  "id": "beyondcorp.projects.locations.connections.list",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Lists Connections in a given project and location.",
                  "httpMethod": "GET",
                  "parameters": {
                    "parent": {
                      "type": "string",
                      "required": true,
                      "description": "Required. The resource name of the connection location using the form: `projects/{project_id}/locations/{location_id}`",
                      "pattern": "^projects/[^/]+/locations/[^/]+$",
                      "location": "path"
                    },
                    "pageSize": {
                      "description": "Optional. The maximum number of items to return. If not specified, a default value of 50 will be used by the service. Regardless of the page_size value, the response may include a partial list and a caller should only rely on response's next_page_token to determine if there are more instances left to be queried.",
                      "format": "int32",
                      "location": "query",
                      "type": "integer"
                    },
                    "filter": {
                      "location": "query",
                      "type": "string",
                      "description": "Optional. A filter specifying constraints of a list operation."
                    },
                    "orderBy": {
                      "location": "query",
                      "type": "string",
                      "description": "Optional. Specifies the ordering of results. See [Sorting order](https://cloud.google.com/apis/design/design_patterns#sorting_order) for more information."
                    },
                    "pageToken": {
                      "location": "query",
                      "type": "string",
                      "description": "Optional. The next_page_token value returned from a previous ListConnectionsRequest, if any."
                    }
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/connections",
                  "response": {
                    "$ref": "ListConnectionsResponse"
                  }
                },
                "getIamPolicy": {
                  "httpMethod": "GET",
                  "path": "v1alpha/{+resource}:getIamPolicy",
                  "parameterOrder": [
                    "resource"
                  ],
                  "id": "beyondcorp.projects.locations.connections.getIamPolicy",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.",
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/connections/{connectionsId}:getIamPolicy",
                  "response": {
                    "$ref": "GoogleIamV1Policy"
                  },
                  "parameters": {
                    "options.requestedPolicyVersion": {
                      "format": "int32",
                      "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                      "location": "query",
                      "type": "integer"
                    },
                    "resource": {
                      "type": "string",
                      "description": "REQUIRED: The resource for which the policy is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
                      "pattern": "^projects/[^/]+/locations/[^/]+/connections/[^/]+$",
                      "required": true,
                      "location": "path"
                    }
                  }
                },
                "create": {
                  "parameters": {
                    "parent": {
                      "location": "path",
                      "description": "Required. The resource project name of the connection location using the form: `projects/{project_id}/locations/{location_id}`",
                      "pattern": "^projects/[^/]+/locations/[^/]+$",
                      "required": true,
                      "type": "string"
                    },
                    "validateOnly": {
                      "description": "Optional. If set, validates request by executing a dry-run which would not alter the resource in any way.",
                      "location": "query",
                      "type": "boolean"
                    },
                    "requestId": {
                      "location": "query",
                      "type": "string",
                      "description": "Optional. An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000)."
                    },
                    "connectionId": {
                      "description": "Optional. User-settable connection resource ID. * Must start with a letter. * Must contain between 4-63 characters from `/a-z-/`. * Must end with a number or a letter.",
                      "location": "query",
                      "type": "string"
                    }
                  },
                  "request": {
                    "$ref": "Connection"
                  },
                  "response": {
                    "$ref": "GoogleLongrunningOperation"
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/connections",
                  "path": "v1alpha/{+parent}/connections",
                  "parameterOrder": [
                    "parent"
                  ],
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Creates a new Connection in a given project and location.",
                  "id": "beyondcorp.projects.locations.connections.create",
                  "httpMethod": "POST"
                },
                "resolve": {
                  "httpMethod": "GET",
                  "path": "v1alpha/{+parent}/connections:resolve",
                  "parameterOrder": [
                    "parent"
                  ],
                  "id": "beyondcorp.projects.locations.connections.resolve",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Resolves connections details for a given connector. An internal method called by a connector to find connections to connect to.",
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/connections:resolve",
                  "response": {
                    "$ref": "ResolveConnectionsResponse"
                  },
                  "parameters": {
                    "pageToken": {
                      "description": "Optional. The next_page_token value returned from a previous ResolveConnectionsResponse, if any.",
                      "location": "query",
                      "type": "string"
                    },
                    "parent": {
                      "type": "string",
                      "required": true,
                      "description": "Required. The resource name of the connection location using the form: `projects/{project_id}/locations/{location_id}`",
                      "pattern": "^projects/[^/]+/locations/[^/]+$",
                      "location": "path"
                    },
                    "pageSize": {
                      "location": "query",
                      "type": "integer",
                      "format": "int32",
                      "description": "Optional. The maximum number of items to return. If not specified, a default value of 50 will be used by the service. Regardless of the page_size value, the response may include a partial list and a caller should only rely on response's next_page_token to determine if there are more instances left to be queried."
                    },
                    "connectorId": {
                      "description": "Required. BeyondCorp Connector name of the connector associated with those connections using the form: `projects/{project_id}/locations/{location_id}/connectors/{connector_id}`",
                      "location": "query",
                      "type": "string"
                    }
                  }
                },
                "get": {
                  "parameters": {
                    "name": {
                      "location": "path",
                      "description": "Required. BeyondCorp Connection name using the form: `projects/{project_id}/locations/{location_id}/connections/{connection_id}`",
                      "pattern": "^projects/[^/]+/locations/[^/]+/connections/[^/]+$",
                      "required": true,
                      "type": "string"
                    }
                  },
                  "response": {
                    "$ref": "Connection"
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/connections/{connectionsId}",
                  "path": "v1alpha/{+name}",
                  "parameterOrder": [
                    "name"
                  ],
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Gets details of a single Connection.",
                  "id": "beyondcorp.projects.locations.connections.get",
                  "httpMethod": "GET"
                },
                "patch": {
                  "path": "v1alpha/{+name}",
                  "parameterOrder": [
                    "name"
                  ],
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Updates the parameters of a single Connection.",
                  "id": "beyondcorp.projects.locations.connections.patch",
                  "httpMethod": "PATCH",
                  "parameters": {
                    "name": {
                      "location": "path",
                      "description": "Required. Unique resource name of the connection. The name is ignored when creating a connection.",
                      "pattern": "^projects/[^/]+/locations/[^/]+/connections/[^/]+$",
                      "required": true,
                      "type": "string"
                    },
                    "validateOnly": {
                      "location": "query",
                      "type": "boolean",
                      "description": "Optional. If set, validates request by executing a dry-run which would not alter the resource in any way."
                    },
                    "requestId": {
                      "description": "Optional. An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).",
                      "location": "query",
                      "type": "string"
                    },
                    "allowMissing": {
                      "location": "query",
                      "type": "boolean",
                      "description": "Optional. If set as true, will create the resource if it is not found."
                    },
                    "updateMask": {
                      "location": "query",
                      "type": "string",
                      "format": "google-fieldmask",
                      "description": "Required. Mask of fields to update. At least one path must be supplied in this field. The elements of the repeated paths field may only include these fields from [BeyondCorp.Connection]: * `labels` * `display_name` * `application_endpoint` * `connectors`"
                    }
                  },
                  "request": {
                    "$ref": "Connection"
                  },
                  "response": {
                    "$ref": "GoogleLongrunningOperation"
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/connections/{connectionsId}"
                },
                "setIamPolicy": {
                  "parameters": {
                    "resource": {
                      "location": "path",
                      "description": "REQUIRED: The resource for which the policy is being specified. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
                      "pattern": "^projects/[^/]+/locations/[^/]+/connections/[^/]+$",
                      "required": true,
                      "type": "string"
                    }
                  },
                  "response": {
                    "$ref": "GoogleIamV1Policy"
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/connections/{connectionsId}:setIamPolicy",
                  "request": {
                    "$ref": "GoogleIamV1SetIamPolicyRequest"
                  },
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.",
                  "id": "beyondcorp.projects.locations.connections.setIamPolicy",
                  "path": "v1alpha/{+resource}:setIamPolicy",
                  "parameterOrder": [
                    "resource"
                  ],
                  "httpMethod": "POST"
                }
              }
            },
            "connectors": {
              "methods": {
                "reportStatus": {
                  "httpMethod": "POST",
                  "path": "v1alpha/{+connector}:reportStatus",
                  "parameterOrder": [
                    "connector"
                  ],
                  "id": "beyondcorp.projects.locations.connectors.reportStatus",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Report status for a given connector.",
                  "request": {
                    "$ref": "ReportStatusRequest"
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/connectors/{connectorsId}:reportStatus",
                  "response": {
                    "$ref": "GoogleLongrunningOperation"
                  },
                  "parameters": {
                    "connector": {
                      "type": "string",
                      "location": "path",
                      "required": true,
                      "description": "Required. BeyondCorp Connector name using the form: `projects/{project_id}/locations/{location_id}/connectors/{connector}`",
                      "pattern": "^projects/[^/]+/locations/[^/]+/connectors/[^/]+$"
                    }
                  }
                },
                "list": {
                  "httpMethod": "GET",
                  "path": "v1alpha/{+parent}/connectors",
                  "parameterOrder": [
                    "parent"
                  ],
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Lists Connectors in a given project and location.",
                  "id": "beyondcorp.projects.locations.connectors.list",
                  "response": {
                    "$ref": "ListConnectorsResponse"
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/connectors",
                  "parameters": {
                    "orderBy": {
                      "description": "Optional. Specifies the ordering of results. See [Sorting order](https://cloud.google.com/apis/design/design_patterns#sorting_order) for more information.",
                      "location": "query",
                      "type": "string"
                    },
                    "parent": {
                      "type": "string",
                      "location": "path",
                      "required": true,
                      "description": "Required. The resource name of the connector location using the form: `projects/{project_id}/locations/{location_id}`",
                      "pattern": "^projects/[^/]+/locations/[^/]+$"
                    },
                    "pageSize": {
                      "location": "query",
                      "type": "integer",
                      "format": "int32",
                      "description": "Optional. The maximum number of items to return. If not specified, a default value of 50 will be used by the service. Regardless of the page_size value, the response may include a partial list and a caller should only rely on response's next_page_token to determine if there are more instances left to be queried."
                    },
                    "filter": {
                      "description": "Optional. A filter specifying constraints of a list operation.",
                      "location": "query",
                      "type": "string"
                    },
                    "pageToken": {
                      "location": "query",
                      "type": "string",
                      "description": "Optional. The next_page_token value returned from a previous ListConnectorsRequest, if any."
                    }
                  }
                },
                "setIamPolicy": {
                  "httpMethod": "POST",
                  "id": "beyondcorp.projects.locations.connectors.setIamPolicy",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.",
                  "path": "v1alpha/{+resource}:setIamPolicy",
                  "parameterOrder": [
                    "resource"
                  ],
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/connectors/{connectorsId}:setIamPolicy",
                  "response": {
                    "$ref": "GoogleIamV1Policy"
                  },
                  "request": {
                    "$ref": "GoogleIamV1SetIamPolicyRequest"
                  },
                  "parameters": {
                    "resource": {
                      "location": "path",
                      "description": "REQUIRED: The resource for which the policy is being specified. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
                      "pattern": "^projects/[^/]+/locations/[^/]+/connectors/[^/]+$",
                      "required": true,
                      "type": "string"
                    }
                  }
                },
                "resolveInstanceConfig": {
                  "path": "v1alpha/{+connector}:resolveInstanceConfig",
                  "parameterOrder": [
                    "connector"
                  ],
                  "id": "beyondcorp.projects.locations.connectors.resolveInstanceConfig",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Gets instance configuration for a given connector. An internal method called by a connector to get its container config.",
                  "httpMethod": "GET",
                  "parameters": {
                    "connector": {
                      "type": "string",
                      "location": "path",
                      "description": "Required. BeyondCorp Connector name using the form: `projects/{project_id}/locations/{location_id}/connectors/{connector}`",
                      "pattern": "^projects/[^/]+/locations/[^/]+/connectors/[^/]+$",
                      "required": true
                    }
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/connectors/{connectorsId}:resolveInstanceConfig",
                  "response": {
                    "$ref": "ResolveInstanceConfigResponse"
                  }
                },
                "create": {
                  "parameters": {
                    "connectorId": {
                      "location": "query",
                      "type": "string",
                      "description": "Optional. User-settable connector resource ID. * Must start with a letter. * Must contain between 4-63 characters from `/a-z-/`. * Must end with a number or a letter."
                    },
                    "requestId": {
                      "location": "query",
                      "type": "string",
                      "description": "Optional. An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000)."
                    },
                    "parent": {
                      "description": "Required. The resource project name of the connector location using the form: `projects/{project_id}/locations/{location_id}`",
                      "pattern": "^projects/[^/]+/locations/[^/]+$",
                      "required": true,
                      "location": "path",
                      "type": "string"
                    },
                    "validateOnly": {
                      "location": "query",
                      "type": "boolean",
                      "description": "Optional. If set, validates request by executing a dry-run which would not alter the resource in any way."
                    }
                  },
                  "request": {
                    "$ref": "Connector"
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/connectors",
                  "response": {
                    "$ref": "GoogleLongrunningOperation"
                  },
                  "path": "v1alpha/{+parent}/connectors",
                  "parameterOrder": [
                    "parent"
                  ],
                  "id": "beyondcorp.projects.locations.connectors.create",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Creates a new Connector in a given project and location.",
                  "httpMethod": "POST"
                },
                "getIamPolicy": {
                  "httpMethod": "GET",
                  "id": "beyondcorp.projects.locations.connectors.getIamPolicy",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.",
                  "path": "v1alpha/{+resource}:getIamPolicy",
                  "parameterOrder": [
                    "resource"
                  ],
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/connectors/{connectorsId}:getIamPolicy",
                  "response": {
                    "$ref": "GoogleIamV1Policy"
                  },
                  "parameters": {
                    "resource": {
                      "type": "string",
                      "description": "REQUIRED: The resource for which the policy is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
                      "pattern": "^projects/[^/]+/locations/[^/]+/connectors/[^/]+$",
                      "required": true,
                      "location": "path"
                    },
                    "options.requestedPolicyVersion": {
                      "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                      "format": "int32",
                      "location": "query",
                      "type": "integer"
                    }
                  }
                },
                "delete": {
                  "parameters": {
                    "requestId": {
                      "location": "query",
                      "type": "string",
                      "description": "Optional. An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000)."
                    },
                    "name": {
                      "required": true,
                      "description": "Required. BeyondCorp Connector name using the form: `projects/{project_id}/locations/{location_id}/connectors/{connector_id}`",
                      "pattern": "^projects/[^/]+/locations/[^/]+/connectors/[^/]+$",
                      "location": "path",
                      "type": "string"
                    },
                    "validateOnly": {
                      "location": "query",
                      "type": "boolean",
                      "description": "Optional. If set, validates request by executing a dry-run which would not alter the resource in any way."
                    }
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/connectors/{connectorsId}",
                  "response": {
                    "$ref": "GoogleLongrunningOperation"
                  },
                  "id": "beyondcorp.projects.locations.connectors.delete",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Deletes a single Connector.",
                  "path": "v1alpha/{+name}",
                  "parameterOrder": [
                    "name"
                  ],
                  "httpMethod": "DELETE"
                },
                "get": {
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/connectors/{connectorsId}",
                  "response": {
                    "$ref": "Connector"
                  },
                  "parameters": {
                    "name": {
                      "type": "string",
                      "location": "path",
                      "required": true,
                      "description": "Required. BeyondCorp Connector name using the form: `projects/{project_id}/locations/{location_id}/connectors/{connector_id}`",
                      "pattern": "^projects/[^/]+/locations/[^/]+/connectors/[^/]+$"
                    }
                  },
                  "httpMethod": "GET",
                  "id": "beyondcorp.projects.locations.connectors.get",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Gets details of a single Connector.",
                  "path": "v1alpha/{+name}",
                  "parameterOrder": [
                    "name"
                  ]
                },
                "patch": {
                  "httpMethod": "PATCH",
                  "path": "v1alpha/{+name}",
                  "parameterOrder": [
                    "name"
                  ],
                  "id": "beyondcorp.projects.locations.connectors.patch",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Updates the parameters of a single Connector.",
                  "request": {
                    "$ref": "Connector"
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/connectors/{connectorsId}",
                  "response": {
                    "$ref": "GoogleLongrunningOperation"
                  },
                  "parameters": {
                    "requestId": {
                      "description": "Optional. An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).",
                      "location": "query",
                      "type": "string"
                    },
                    "name": {
                      "description": "Required. Unique resource name of the connector. The name is ignored when creating a connector.",
                      "pattern": "^projects/[^/]+/locations/[^/]+/connectors/[^/]+$",
                      "required": true,
                      "location": "path",
                      "type": "string"
                    },
                    "validateOnly": {
                      "location": "query",
                      "type": "boolean",
                      "description": "Optional. If set, validates request by executing a dry-run which would not alter the resource in any way."
                    },
                    "updateMask": {
                      "location": "query",
                      "type": "string",
                      "format": "google-fieldmask",
                      "description": "Required. Mask of fields to update. At least one path must be supplied in this field. The elements of the repeated paths field may only include these fields from [BeyondCorp.Connector]: * `labels` * `display_name`"
                    }
                  }
                }
              }
            },
            "applicationDomains": {
              "methods": {
                "setIamPolicy": {
                  "request": {
                    "$ref": "GoogleIamV1SetIamPolicyRequest"
                  },
                  "response": {
                    "$ref": "GoogleIamV1Policy"
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/applicationDomains/{applicationDomainsId}:setIamPolicy",
                  "parameters": {
                    "resource": {
                      "required": true,
                      "description": "REQUIRED: The resource for which the policy is being specified. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
                      "pattern": "^projects/[^/]+/locations/[^/]+/applicationDomains/[^/]+$",
                      "location": "path",
                      "type": "string"
                    }
                  },
                  "httpMethod": "POST",
                  "path": "v1alpha/{+resource}:setIamPolicy",
                  "parameterOrder": [
                    "resource"
                  ],
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.",
                  "id": "beyondcorp.projects.locations.applicationDomains.setIamPolicy"
                },
                "getIamPolicy": {
                  "httpMethod": "GET",
                  "path": "v1alpha/{+resource}:getIamPolicy",
                  "parameterOrder": [
                    "resource"
                  ],
                  "id": "beyondcorp.projects.locations.applicationDomains.getIamPolicy",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.",
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/applicationDomains/{applicationDomainsId}:getIamPolicy",
                  "response": {
                    "$ref": "GoogleIamV1Policy"
                  },
                  "parameters": {
                    "options.requestedPolicyVersion": {
                      "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                      "format": "int32",
                      "location": "query",
                      "type": "integer"
                    },
                    "resource": {
                      "location": "path",
                      "required": true,
                      "description": "REQUIRED: The resource for which the policy is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
                      "pattern": "^projects/[^/]+/locations/[^/]+/applicationDomains/[^/]+$",
                      "type": "string"
                    }
                  }
                },
                "testIamPermissions": {
                  "parameters": {
                    "resource": {
                      "type": "string",
                      "required": true,
                      "description": "REQUIRED: The resource for which the policy detail is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
                      "pattern": "^projects/[^/]+/locations/[^/]+/applicationDomains/[^/]+$",
                      "location": "path"
                    }
                  },
                  "request": {
                    "$ref": "GoogleIamV1TestIamPermissionsRequest"
                  },
                  "response": {
                    "$ref": "GoogleIamV1TestIamPermissionsResponse"
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/applicationDomains/{applicationDomainsId}:testIamPermissions",
                  "path": "v1alpha/{+resource}:testIamPermissions",
                  "parameterOrder": [
                    "resource"
                  ],
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a `NOT_FOUND` error. Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may \"fail open\" without warning.",
                  "id": "beyondcorp.projects.locations.applicationDomains.testIamPermissions",
                  "httpMethod": "POST"
                }
              }
            },
            "securityGateways": {
              "methods": {
                "delete": {
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/securityGateways/{securityGatewaysId}",
                  "response": {
                    "$ref": "GoogleLongrunningOperation"
                  },
                  "parameters": {
                    "name": {
                      "description": "Required. BeyondCorp SecurityGateway name using the form: `projects/{project_id}/locations/{location_id}/securityGateways/{security_gateway_id}`",
                      "pattern": "^projects/[^/]+/locations/[^/]+/securityGateways/[^/]+$",
                      "required": true,
                      "location": "path",
                      "type": "string"
                    },
                    "validateOnly": {
                      "location": "query",
                      "type": "boolean",
                      "description": "Optional. If set, validates request by executing a dry-run which would not alter the resource in any way."
                    },
                    "requestId": {
                      "description": "Optional. An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).",
                      "location": "query",
                      "type": "string"
                    }
                  },
                  "httpMethod": "DELETE",
                  "id": "beyondcorp.projects.locations.securityGateways.delete",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Deletes a single SecurityGateway.",
                  "path": "v1alpha/{+name}",
                  "parameterOrder": [
                    "name"
                  ]
                },
                "testIamPermissions": {
                  "parameters": {
                    "resource": {
                      "type": "string",
                      "required": true,
                      "description": "REQUIRED: The resource for which the policy detail is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
                      "pattern": "^projects/[^/]+/locations/[^/]+/securityGateways/[^/]+$",
                      "location": "path"
                    }
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/securityGateways/{securityGatewaysId}:testIamPermissions",
                  "response": {
                    "$ref": "GoogleIamV1TestIamPermissionsResponse"
                  },
                  "request": {
                    "$ref": "GoogleIamV1TestIamPermissionsRequest"
                  },
                  "id": "beyondcorp.projects.locations.securityGateways.testIamPermissions",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a `NOT_FOUND` error. Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may \"fail open\" without warning.",
                  "path": "v1alpha/{+resource}:testIamPermissions",
                  "parameterOrder": [
                    "resource"
                  ],
                  "httpMethod": "POST"
                },
                "list": {
                  "response": {
                    "$ref": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaListSecurityGatewaysResponse"
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/securityGateways",
                  "parameters": {
                    "orderBy": {
                      "location": "query",
                      "type": "string",
                      "description": "Optional. Specifies the ordering of results. See [Sorting order](https://cloud.google.com/apis/design/design_patterns#sorting_order) for more information."
                    },
                    "parent": {
                      "type": "string",
                      "location": "path",
                      "required": true,
                      "description": "Required. The parent location to which the resources belong. `projects/{project_id}/locations/{location_id}/`",
                      "pattern": "^projects/[^/]+/locations/[^/]+$"
                    },
                    "pageSize": {
                      "location": "query",
                      "type": "integer",
                      "description": "Optional. The maximum number of items to return. If not specified, a default value of 50 will be used by the service. Regardless of the page_size value, the response may include a partial list and a caller should only rely on response's next_page_token to determine if there are more instances left to be queried.",
                      "format": "int32"
                    },
                    "filter": {
                      "description": "Optional. A filter specifying constraints of a list operation. All fields in the SecurityGateway message are supported. For example, the following query will return the SecurityGateway with displayName \"test-security-gateway\" For more information, please refer to https://google.aip.dev/160.",
                      "location": "query",
                      "type": "string"
                    },
                    "pageToken": {
                      "location": "query",
                      "type": "string",
                      "description": "Optional. The next_page_token value returned from a previous ListSecurityGatewayRequest, if any."
                    }
                  },
                  "httpMethod": "GET",
                  "path": "v1alpha/{+parent}/securityGateways",
                  "parameterOrder": [
                    "parent"
                  ],
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Lists SecurityGateways in a given project and location.",
                  "id": "beyondcorp.projects.locations.securityGateways.list"
                },
                "getIamPolicy": {
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.",
                  "id": "beyondcorp.projects.locations.securityGateways.getIamPolicy",
                  "path": "v1alpha/{+resource}:getIamPolicy",
                  "parameterOrder": [
                    "resource"
                  ],
                  "httpMethod": "GET",
                  "parameters": {
                    "options.requestedPolicyVersion": {
                      "format": "int32",
                      "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                      "location": "query",
                      "type": "integer"
                    },
                    "resource": {
                      "location": "path",
                      "required": true,
                      "description": "REQUIRED: The resource for which the policy is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
                      "pattern": "^projects/[^/]+/locations/[^/]+/securityGateways/[^/]+$",
                      "type": "string"
                    }
                  },
                  "response": {
                    "$ref": "GoogleIamV1Policy"
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/securityGateways/{securityGatewaysId}:getIamPolicy"
                },
                "create": {
                  "httpMethod": "POST",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Creates a new Security Gateway in a given project and location.",
                  "id": "beyondcorp.projects.locations.securityGateways.create",
                  "path": "v1alpha/{+parent}/securityGateways",
                  "parameterOrder": [
                    "parent"
                  ],
                  "response": {
                    "$ref": "GoogleLongrunningOperation"
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/securityGateways",
                  "request": {
                    "$ref": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaSecurityGateway"
                  },
                  "parameters": {
                    "parent": {
                      "type": "string",
                      "location": "path",
                      "required": true,
                      "description": "Required. The resource project name of the SecurityGateway location using the form: `projects/{project_id}/locations/{location_id}`",
                      "pattern": "^projects/[^/]+/locations/[^/]+$"
                    },
                    "requestId": {
                      "location": "query",
                      "type": "string",
                      "description": "Optional. An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request."
                    },
                    "securityGatewayId": {
                      "location": "query",
                      "type": "string",
                      "description": "Optional. User-settable SecurityGateway resource ID. * Must start with a letter. * Must contain between 4-63 characters from `/a-z-/`. * Must end with a number or letter."
                    }
                  }
                },
                "get": {
                  "parameters": {
                    "name": {
                      "type": "string",
                      "description": "Required. The resource name of the PartnerTenant using the form: `projects/{project_id}/locations/{location_id}/securityGateway/{security_gateway_id}`",
                      "pattern": "^projects/[^/]+/locations/[^/]+/securityGateways/[^/]+$",
                      "required": true,
                      "location": "path"
                    }
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/securityGateways/{securityGatewaysId}",
                  "response": {
                    "$ref": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaSecurityGateway"
                  },
                  "id": "beyondcorp.projects.locations.securityGateways.get",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Gets details of a single SecurityGateway.",
                  "path": "v1alpha/{+name}",
                  "parameterOrder": [
                    "name"
                  ],
                  "httpMethod": "GET"
                },
                "patch": {
                  "parameters": {
                    "updateMask": {
                      "description": "Optional. Mutable fields include: display_name, hubs.",
                      "format": "google-fieldmask",
                      "location": "query",
                      "type": "string"
                    },
                    "requestId": {
                      "location": "query",
                      "type": "string",
                      "description": "Optional. An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request. For example, consider a situation where you make an initial request and the request timed out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000)."
                    },
                    "name": {
                      "type": "string",
                      "location": "path",
                      "required": true,
                      "description": "Identifier. Name of the resource.",
                      "pattern": "^projects/[^/]+/locations/[^/]+/securityGateways/[^/]+$"
                    }
                  },
                  "response": {
                    "$ref": "GoogleLongrunningOperation"
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/securityGateways/{securityGatewaysId}",
                  "request": {
                    "$ref": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaSecurityGateway"
                  },
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Updates the parameters of a single SecurityGateway.",
                  "id": "beyondcorp.projects.locations.securityGateways.patch",
                  "path": "v1alpha/{+name}",
                  "parameterOrder": [
                    "name"
                  ],
                  "httpMethod": "PATCH"
                },
                "setIamPolicy": {
                  "id": "beyondcorp.projects.locations.securityGateways.setIamPolicy",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.",
                  "path": "v1alpha/{+resource}:setIamPolicy",
                  "parameterOrder": [
                    "resource"
                  ],
                  "httpMethod": "POST",
                  "parameters": {
                    "resource": {
                      "type": "string",
                      "required": true,
                      "description": "REQUIRED: The resource for which the policy is being specified. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
                      "pattern": "^projects/[^/]+/locations/[^/]+/securityGateways/[^/]+$",
                      "location": "path"
                    }
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/securityGateways/{securityGatewaysId}:setIamPolicy",
                  "response": {
                    "$ref": "GoogleIamV1Policy"
                  },
                  "request": {
                    "$ref": "GoogleIamV1SetIamPolicyRequest"
                  }
                }
              },
              "resources": {
                "applications": {
                  "methods": {
                    "get": {
                      "scopes": [
                        "https://www.googleapis.com/auth/cloud-platform"
                      ],
                      "description": "Gets details of a single Application.",
                      "id": "beyondcorp.projects.locations.securityGateways.applications.get",
                      "path": "v1alpha/{+name}",
                      "parameterOrder": [
                        "name"
                      ],
                      "httpMethod": "GET",
                      "parameters": {
                        "name": {
                          "type": "string",
                          "location": "path",
                          "description": "Required. The resource name of the Application using the form: `projects/{project_id}/locations/global/securityGateway/{security_gateway_id}/applications/{application_id}`",
                          "pattern": "^projects/[^/]+/locations/[^/]+/securityGateways/[^/]+/applications/[^/]+$",
                          "required": true
                        }
                      },
                      "response": {
                        "$ref": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaApplication"
                      },
                      "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/securityGateways/{securityGatewaysId}/applications/{applicationsId}"
                    },
                    "patch": {
                      "httpMethod": "PATCH",
                      "path": "v1alpha/{+name}",
                      "parameterOrder": [
                        "name"
                      ],
                      "id": "beyondcorp.projects.locations.securityGateways.applications.patch",
                      "scopes": [
                        "https://www.googleapis.com/auth/cloud-platform"
                      ],
                      "description": "Updates the parameters of a single Application.",
                      "request": {
                        "$ref": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaApplication"
                      },
                      "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/securityGateways/{securityGatewaysId}/applications/{applicationsId}",
                      "response": {
                        "$ref": "GoogleLongrunningOperation"
                      },
                      "parameters": {
                        "name": {
                          "type": "string",
                          "location": "path",
                          "required": true,
                          "description": "Identifier. Name of the resource.",
                          "pattern": "^projects/[^/]+/locations/[^/]+/securityGateways/[^/]+/applications/[^/]+$"
                        },
                        "requestId": {
                          "location": "query",
                          "type": "string",
                          "description": "Optional. An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request. For example, consider a situation where you make an initial request and the request timed out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000)."
                        },
                        "updateMask": {
                          "description": "Optional. Mutable fields include: display_name.",
                          "format": "google-fieldmask",
                          "location": "query",
                          "type": "string"
                        }
                      }
                    },
                    "setIamPolicy": {
                      "request": {
                        "$ref": "GoogleIamV1SetIamPolicyRequest"
                      },
                      "response": {
                        "$ref": "GoogleIamV1Policy"
                      },
                      "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/securityGateways/{securityGatewaysId}/applications/{applicationsId}:setIamPolicy",
                      "parameters": {
                        "resource": {
                          "location": "path",
                          "description": "REQUIRED: The resource for which the policy is being specified. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
                          "pattern": "^projects/[^/]+/locations/[^/]+/securityGateways/[^/]+/applications/[^/]+$",
                          "required": true,
                          "type": "string"
                        }
                      },
                      "httpMethod": "POST",
                      "path": "v1alpha/{+resource}:setIamPolicy",
                      "parameterOrder": [
                        "resource"
                      ],
                      "scopes": [
                        "https://www.googleapis.com/auth/cloud-platform"
                      ],
                      "description": "Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.",
                      "id": "beyondcorp.projects.locations.securityGateways.applications.setIamPolicy"
                    },
                    "list": {
                      "parameters": {
                        "orderBy": {
                          "description": "Optional. Specifies the ordering of results. See [Sorting order](https://cloud.google.com/apis/design/design_patterns#sorting_order) for more information.",
                          "location": "query",
                          "type": "string"
                        },
                        "parent": {
                          "required": true,
                          "description": "Required. The parent location to which the resources belong. `projects/{project_id}/locations/global/securityGateways/{security_gateway_id}`",
                          "pattern": "^projects/[^/]+/locations/[^/]+/securityGateways/[^/]+$",
                          "location": "path",
                          "type": "string"
                        },
                        "pageSize": {
                          "location": "query",
                          "type": "integer",
                          "format": "int32",
                          "description": "Optional. The maximum number of items to return. If not specified, a default value of 50 will be used by the service. Regardless of the page_size value, the response may include a partial list and a caller should only rely on response's next_page_token to determine if there are more instances left to be queried."
                        },
                        "filter": {
                          "description": "Optional. A filter specifying constraints of a list operation. All fields in the Application message are supported. For example, the following query will return the Application with displayName \"test-application\" For more information, please refer to https://google.aip.dev/160.",
                          "location": "query",
                          "type": "string"
                        },
                        "pageToken": {
                          "description": "Optional. The next_page_token value returned from a previous ListApplicationsRequest, if any.",
                          "location": "query",
                          "type": "string"
                        }
                      },
                      "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/securityGateways/{securityGatewaysId}/applications",
                      "response": {
                        "$ref": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaListApplicationsResponse"
                      },
                      "id": "beyondcorp.projects.locations.securityGateways.applications.list",
                      "scopes": [
                        "https://www.googleapis.com/auth/cloud-platform"
                      ],
                      "description": "Lists Applications in a given project and location.",
                      "path": "v1alpha/{+parent}/applications",
                      "parameterOrder": [
                        "parent"
                      ],
                      "httpMethod": "GET"
                    },
                    "getIamPolicy": {
                      "httpMethod": "GET",
                      "path": "v1alpha/{+resource}:getIamPolicy",
                      "parameterOrder": [
                        "resource"
                      ],
                      "id": "beyondcorp.projects.locations.securityGateways.applications.getIamPolicy",
                      "scopes": [
                        "https://www.googleapis.com/auth/cloud-platform"
                      ],
                      "description": "Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.",
                      "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/securityGateways/{securityGatewaysId}/applications/{applicationsId}:getIamPolicy",
                      "response": {
                        "$ref": "GoogleIamV1Policy"
                      },
                      "parameters": {
                        "resource": {
                          "type": "string",
                          "description": "REQUIRED: The resource for which the policy is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
                          "pattern": "^projects/[^/]+/locations/[^/]+/securityGateways/[^/]+/applications/[^/]+$",
                          "required": true,
                          "location": "path"
                        },
                        "options.requestedPolicyVersion": {
                          "location": "query",
                          "type": "integer",
                          "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                          "format": "int32"
                        }
                      }
                    },
                    "delete": {
                      "scopes": [
                        "https://www.googleapis.com/auth/cloud-platform"
                      ],
                      "description": "Deletes a single application.",
                      "id": "beyondcorp.projects.locations.securityGateways.applications.delete",
                      "path": "v1alpha/{+name}",
                      "parameterOrder": [
                        "name"
                      ],
                      "httpMethod": "DELETE",
                      "parameters": {
                        "name": {
                          "type": "string",
                          "description": "Required. Name of the resource.",
                          "pattern": "^projects/[^/]+/locations/[^/]+/securityGateways/[^/]+/applications/[^/]+$",
                          "required": true,
                          "location": "path"
                        },
                        "validateOnly": {
                          "description": "Optional. If set, validates request by executing a dry-run which would not alter the resource in any way.",
                          "location": "query",
                          "type": "boolean"
                        },
                        "requestId": {
                          "location": "query",
                          "type": "string",
                          "description": "Optional. An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000)."
                        }
                      },
                      "response": {
                        "$ref": "GoogleLongrunningOperation"
                      },
                      "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/securityGateways/{securityGatewaysId}/applications/{applicationsId}"
                    },
                    "testIamPermissions": {
                      "parameters": {
                        "resource": {
                          "type": "string",
                          "location": "path",
                          "description": "REQUIRED: The resource for which the policy detail is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
                          "pattern": "^projects/[^/]+/locations/[^/]+/securityGateways/[^/]+/applications/[^/]+$",
                          "required": true
                        }
                      },
                      "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/securityGateways/{securityGatewaysId}/applications/{applicationsId}:testIamPermissions",
                      "response": {
                        "$ref": "GoogleIamV1TestIamPermissionsResponse"
                      },
                      "request": {
                        "$ref": "GoogleIamV1TestIamPermissionsRequest"
                      },
                      "id": "beyondcorp.projects.locations.securityGateways.applications.testIamPermissions",
                      "scopes": [
                        "https://www.googleapis.com/auth/cloud-platform"
                      ],
                      "description": "Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a `NOT_FOUND` error. Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may \"fail open\" without warning.",
                      "path": "v1alpha/{+resource}:testIamPermissions",
                      "parameterOrder": [
                        "resource"
                      ],
                      "httpMethod": "POST"
                    },
                    "create": {
                      "httpMethod": "POST",
                      "path": "v1alpha/{+parent}/applications",
                      "parameterOrder": [
                        "parent"
                      ],
                      "id": "beyondcorp.projects.locations.securityGateways.applications.create",
                      "scopes": [
                        "https://www.googleapis.com/auth/cloud-platform"
                      ],
                      "description": "Creates a new Application in a given project and location.",
                      "request": {
                        "$ref": "GoogleCloudBeyondcorpSecuritygatewaysV1alphaApplication"
                      },
                      "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/securityGateways/{securityGatewaysId}/applications",
                      "response": {
                        "$ref": "GoogleLongrunningOperation"
                      },
                      "parameters": {
                        "requestId": {
                          "location": "query",
                          "type": "string",
                          "description": "Optional. An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request."
                        },
                        "parent": {
                          "type": "string",
                          "required": true,
                          "description": "Required. The resource name of the parent SecurityGateway using the form: `projects/{project_id}/locations/global/securityGateways/{security_gateway_id}`",
                          "pattern": "^projects/[^/]+/locations/[^/]+/securityGateways/[^/]+$",
                          "location": "path"
                        },
                        "applicationId": {
                          "location": "query",
                          "type": "string",
                          "description": "Optional. User-settable Application resource ID. * Must start with a letter. * Must contain between 4-63 characters from `/a-z-/`. * Must end with a number or letter."
                        }
                      }
                    }
                  }
                }
              }
            },
            "operations": {
              "methods": {
                "get": {
                  "parameters": {
                    "name": {
                      "type": "string",
                      "description": "The name of the operation resource.",
                      "pattern": "^projects/[^/]+/locations/[^/]+/operations/[^/]+$",
                      "required": true,
                      "location": "path"
                    }
                  },
                  "response": {
                    "$ref": "GoogleLongrunningOperation"
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/operations/{operationsId}",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.",
                  "id": "beyondcorp.projects.locations.operations.get",
                  "path": "v1alpha/{+name}",
                  "parameterOrder": [
                    "name"
                  ],
                  "httpMethod": "GET"
                },
                "delete": {
                  "parameters": {
                    "name": {
                      "description": "The name of the operation resource to be deleted.",
                      "pattern": "^projects/[^/]+/locations/[^/]+/operations/[^/]+$",
                      "required": true,
                      "location": "path",
                      "type": "string"
                    }
                  },
                  "response": {
                    "$ref": "Empty"
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/operations/{operationsId}",
                  "path": "v1alpha/{+name}",
                  "parameterOrder": [
                    "name"
                  ],
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Deletes a long-running operation. This method indicates that the client is no longer interested in the operation result. It does not cancel the operation. If the server doesn't support this method, it returns `google.rpc.Code.UNIMPLEMENTED`.",
                  "id": "beyondcorp.projects.locations.operations.delete",
                  "httpMethod": "DELETE"
                },
                "cancel": {
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/operations/{operationsId}:cancel",
                  "response": {
                    "$ref": "Empty"
                  },
                  "request": {
                    "$ref": "GoogleLongrunningCancelOperationRequest"
                  },
                  "parameters": {
                    "name": {
                      "type": "string",
                      "required": true,
                      "description": "The name of the operation resource to be cancelled.",
                      "pattern": "^projects/[^/]+/locations/[^/]+/operations/[^/]+$",
                      "location": "path"
                    }
                  },
                  "httpMethod": "POST",
                  "id": "beyondcorp.projects.locations.operations.cancel",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Starts asynchronous cancellation on a long-running operation. The server makes a best effort to cancel the operation, but success is not guaranteed. If the server doesn't support this method, it returns `google.rpc.Code.UNIMPLEMENTED`. Clients can use Operations.GetOperation or other methods to check whether the cancellation succeeded or whether the operation completed despite cancellation. On successful cancellation, the operation is not deleted; instead, it becomes an operation with an Operation.error value with a google.rpc.Status.code of `1`, corresponding to `Code.CANCELLED`.",
                  "path": "v1alpha/{+name}:cancel",
                  "parameterOrder": [
                    "name"
                  ]
                },
                "list": {
                  "path": "v1alpha/{+name}/operations",
                  "parameterOrder": [
                    "name"
                  ],
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Lists operations that match the specified filter in the request. If the server doesn't support this method, it returns `UNIMPLEMENTED`.",
                  "id": "beyondcorp.projects.locations.operations.list",
                  "httpMethod": "GET",
                  "parameters": {
                    "name": {
                      "description": "The name of the operation's parent resource.",
                      "pattern": "^projects/[^/]+/locations/[^/]+$",
                      "required": true,
                      "location": "path",
                      "type": "string"
                    },
                    "filter": {
                      "description": "The standard list filter.",
                      "location": "query",
                      "type": "string"
                    },
                    "pageSize": {
                      "description": "The standard list page size.",
                      "format": "int32",
                      "location": "query",
                      "type": "integer"
                    },
                    "pageToken": {
                      "description": "The standard list page token.",
                      "location": "query",
                      "type": "string"
                    },
                    "returnPartialSuccess": {
                      "location": "query",
                      "type": "boolean",
                      "description": "When set to `true`, operations that are reachable are returned as normal, and those that are unreachable are returned in the ListOperationsResponse.unreachable field. This can only be `true` when reading across collections. For example, when `parent` is set to `\"projects/example/locations/-\"`. This field is not supported by default and will result in an `UNIMPLEMENTED` error if set unless explicitly documented otherwise in service or product specific documentation."
                    }
                  },
                  "response": {
                    "$ref": "GoogleLongrunningListOperationsResponse"
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/operations"
                }
              }
            },
            "appConnectors": {
              "methods": {
                "getIamPolicy": {
                  "path": "v1alpha/{+resource}:getIamPolicy",
                  "parameterOrder": [
                    "resource"
                  ],
                  "id": "beyondcorp.projects.locations.appConnectors.getIamPolicy",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.",
                  "httpMethod": "GET",
                  "parameters": {
                    "resource": {
                      "location": "path",
                      "description": "REQUIRED: The resource for which the policy is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
                      "pattern": "^projects/[^/]+/locations/[^/]+/appConnectors/[^/]+$",
                      "required": true,
                      "type": "string"
                    },
                    "options.requestedPolicyVersion": {
                      "location": "query",
                      "type": "integer",
                      "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
                      "format": "int32"
                    }
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/appConnectors/{appConnectorsId}:getIamPolicy",
                  "response": {
                    "$ref": "GoogleIamV1Policy"
                  }
                },
                "delete": {
                  "httpMethod": "DELETE",
                  "id": "beyondcorp.projects.locations.appConnectors.delete",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Deletes a single AppConnector.",
                  "path": "v1alpha/{+name}",
                  "parameterOrder": [
                    "name"
                  ],
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/appConnectors/{appConnectorsId}",
                  "response": {
                    "$ref": "GoogleLongrunningOperation"
                  },
                  "parameters": {
                    "name": {
                      "type": "string",
                      "location": "path",
                      "required": true,
                      "description": "Required. BeyondCorp AppConnector name using the form: `projects/{project_id}/locations/{location_id}/appConnectors/{app_connector_id}`",
                      "pattern": "^projects/[^/]+/locations/[^/]+/appConnectors/[^/]+$"
                    },
                    "validateOnly": {
                      "description": "Optional. If set, validates request by executing a dry-run which would not alter the resource in any way.",
                      "location": "query",
                      "type": "boolean"
                    },
                    "requestId": {
                      "location": "query",
                      "type": "string",
                      "description": "Optional. An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000)."
                    }
                  }
                },
                "create": {
                  "httpMethod": "POST",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Creates a new AppConnector in a given project and location.",
                  "id": "beyondcorp.projects.locations.appConnectors.create",
                  "path": "v1alpha/{+parent}/appConnectors",
                  "parameterOrder": [
                    "parent"
                  ],
                  "response": {
                    "$ref": "GoogleLongrunningOperation"
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/appConnectors",
                  "request": {
                    "$ref": "GoogleCloudBeyondcorpAppconnectorsV1alphaAppConnector"
                  },
                  "parameters": {
                    "appConnectorId": {
                      "description": "Optional. User-settable AppConnector resource ID. * Must start with a letter. * Must contain between 4-63 characters from `/a-z-/`. * Must end with a number or a letter.",
                      "location": "query",
                      "type": "string"
                    },
                    "requestId": {
                      "location": "query",
                      "type": "string",
                      "description": "Optional. An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000)."
                    },
                    "parent": {
                      "type": "string",
                      "location": "path",
                      "description": "Required. The resource project name of the AppConnector location using the form: `projects/{project_id}/locations/{location_id}`",
                      "pattern": "^projects/[^/]+/locations/[^/]+$",
                      "required": true
                    },
                    "validateOnly": {
                      "description": "Optional. If set, validates request by executing a dry-run which would not alter the resource in any way.",
                      "location": "query",
                      "type": "boolean"
                    }
                  }
                },
                "get": {
                  "httpMethod": "GET",
                  "id": "beyondcorp.projects.locations.appConnectors.get",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Gets details of a single AppConnector.",
                  "path": "v1alpha/{+name}",
                  "parameterOrder": [
                    "name"
                  ],
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/appConnectors/{appConnectorsId}",
                  "response": {
                    "$ref": "GoogleCloudBeyondcorpAppconnectorsV1alphaAppConnector"
                  },
                  "parameters": {
                    "name": {
                      "type": "string",
                      "location": "path",
                      "description": "Required. BeyondCorp AppConnector name using the form: `projects/{project_id}/locations/{location_id}/appConnectors/{app_connector_id}`",
                      "pattern": "^projects/[^/]+/locations/[^/]+/appConnectors/[^/]+$",
                      "required": true
                    }
                  }
                },
                "patch": {
                  "httpMethod": "PATCH",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Updates the parameters of a single AppConnector.",
                  "id": "beyondcorp.projects.locations.appConnectors.patch",
                  "path": "v1alpha/{+name}",
                  "parameterOrder": [
                    "name"
                  ],
                  "response": {
                    "$ref": "GoogleLongrunningOperation"
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/appConnectors/{appConnectorsId}",
                  "request": {
                    "$ref": "GoogleCloudBeyondcorpAppconnectorsV1alphaAppConnector"
                  },
                  "parameters": {
                    "updateMask": {
                      "format": "google-fieldmask",
                      "description": "Required. Mask of fields to update. At least one path must be supplied in this field. The elements of the repeated paths field may only include these fields from [BeyondCorp.AppConnector]: * `labels` * `display_name`",
                      "location": "query",
                      "type": "string"
                    },
                    "requestId": {
                      "location": "query",
                      "type": "string",
                      "description": "Optional. An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000)."
                    },
                    "name": {
                      "type": "string",
                      "required": true,
                      "description": "Required. Unique resource name of the AppConnector. The name is ignored when creating a AppConnector.",
                      "pattern": "^projects/[^/]+/locations/[^/]+/appConnectors/[^/]+$",
                      "location": "path"
                    },
                    "validateOnly": {
                      "description": "Optional. If set, validates request by executing a dry-run which would not alter the resource in any way.",
                      "location": "query",
                      "type": "boolean"
                    }
                  }
                },
                "list": {
                  "httpMethod": "GET",
                  "path": "v1alpha/{+parent}/appConnectors",
                  "parameterOrder": [
                    "parent"
                  ],
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Lists AppConnectors in a given project and location.",
                  "id": "beyondcorp.projects.locations.appConnectors.list",
                  "response": {
                    "$ref": "GoogleCloudBeyondcorpAppconnectorsV1alphaListAppConnectorsResponse"
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/appConnectors",
                  "parameters": {
                    "parent": {
                      "type": "string",
                      "required": true,
                      "description": "Required. The resource name of the AppConnector location using the form: `projects/{project_id}/locations/{location_id}`",
                      "pattern": "^projects/[^/]+/locations/[^/]+$",
                      "location": "path"
                    },
                    "pageSize": {
                      "location": "query",
                      "type": "integer",
                      "description": "Optional. The maximum number of items to return. If not specified, a default value of 50 will be used by the service. Regardless of the page_size value, the response may include a partial list and a caller should only rely on response's next_page_token to determine if there are more instances left to be queried.",
                      "format": "int32"
                    },
                    "filter": {
                      "location": "query",
                      "type": "string",
                      "description": "Optional. A filter specifying constraints of a list operation."
                    },
                    "orderBy": {
                      "location": "query",
                      "type": "string",
                      "description": "Optional. Specifies the ordering of results. See [Sorting order](https://cloud.google.com/apis/design/design_patterns#sorting_order) for more information."
                    },
                    "pageToken": {
                      "location": "query",
                      "type": "string",
                      "description": "Optional. The next_page_token value returned from a previous ListAppConnectorsRequest, if any."
                    }
                  }
                },
                "testIamPermissions": {
                  "httpMethod": "POST",
                  "path": "v1alpha/{+resource}:testIamPermissions",
                  "parameterOrder": [
                    "resource"
                  ],
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a `NOT_FOUND` error. Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may \"fail open\" without warning.",
                  "id": "beyondcorp.projects.locations.appConnectors.testIamPermissions",
                  "request": {
                    "$ref": "GoogleIamV1TestIamPermissionsRequest"
                  },
                  "response": {
                    "$ref": "GoogleIamV1TestIamPermissionsResponse"
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/appConnectors/{appConnectorsId}:testIamPermissions",
                  "parameters": {
                    "resource": {
                      "type": "string",
                      "description": "REQUIRED: The resource for which the policy detail is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
                      "pattern": "^projects/[^/]+/locations/[^/]+/appConnectors/[^/]+$",
                      "required": true,
                      "location": "path"
                    }
                  }
                },
                "reportStatus": {
                  "parameters": {
                    "appConnector": {
                      "type": "string",
                      "description": "Required. BeyondCorp Connector name using the form: `projects/{project_id}/locations/{location_id}/connectors/{connector}`",
                      "pattern": "^projects/[^/]+/locations/[^/]+/appConnectors/[^/]+$",
                      "required": true,
                      "location": "path"
                    }
                  },
                  "response": {
                    "$ref": "GoogleLongrunningOperation"
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/appConnectors/{appConnectorsId}:reportStatus",
                  "request": {
                    "$ref": "GoogleCloudBeyondcorpAppconnectorsV1alphaReportStatusRequest"
                  },
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Report status for a given connector.",
                  "id": "beyondcorp.projects.locations.appConnectors.reportStatus",
                  "path": "v1alpha/{+appConnector}:reportStatus",
                  "parameterOrder": [
                    "appConnector"
                  ],
                  "httpMethod": "POST"
                },
                "resolveInstanceConfig": {
                  "httpMethod": "GET",
                  "id": "beyondcorp.projects.locations.appConnectors.resolveInstanceConfig",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Gets instance configuration for a given AppConnector. An internal method called by a AppConnector to get its container config.",
                  "path": "v1alpha/{+appConnector}:resolveInstanceConfig",
                  "parameterOrder": [
                    "appConnector"
                  ],
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/appConnectors/{appConnectorsId}:resolveInstanceConfig",
                  "response": {
                    "$ref": "GoogleCloudBeyondcorpAppconnectorsV1alphaResolveInstanceConfigResponse"
                  },
                  "parameters": {
                    "appConnector": {
                      "description": "Required. BeyondCorp AppConnector name using the form: `projects/{project_id}/locations/{location_id}/appConnectors/{app_connector}`",
                      "pattern": "^projects/[^/]+/locations/[^/]+/appConnectors/[^/]+$",
                      "required": true,
                      "location": "path",
                      "type": "string"
                    }
                  }
                },
                "setIamPolicy": {
                  "parameters": {
                    "resource": {
                      "type": "string",
                      "location": "path",
                      "required": true,
                      "description": "REQUIRED: The resource for which the policy is being specified. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
                      "pattern": "^projects/[^/]+/locations/[^/]+/appConnectors/[^/]+$"
                    }
                  },
                  "request": {
                    "$ref": "GoogleIamV1SetIamPolicyRequest"
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/appConnectors/{appConnectorsId}:setIamPolicy",
                  "response": {
                    "$ref": "GoogleIamV1Policy"
                  },
                  "path": "v1alpha/{+resource}:setIamPolicy",
                  "parameterOrder": [
                    "resource"
                  ],
                  "id": "beyondcorp.projects.locations.appConnectors.setIamPolicy",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.",
                  "httpMethod": "POST"
                }
              }
            },
            "applications": {
              "methods": {
                "getIamPolicy": {
                  "path": "v1alpha/{+resource}:getIamPolicy",
                  "parameterOrder": [
                    "resource"
                  ],
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.",
                  "id": "beyondcorp.projects.locations.applications.getIamPolicy",
                  "httpMethod": "GET",
                  "parameters": {
                    "resource": {
                      "type": "string",
                      "location": "path",
                      "required": true,
                      "description": "REQUIRED: The resource for which the policy is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
                      "pattern": "^projects/[^/]+/locations/[^/]+/applications/[^/]+$"
                    },
                    "options.requestedPolicyVersion": {
                      "location": "query",
                      "type": "integer",
                      "format": "int32",
                      "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
                    }
                  },
                  "response": {
                    "$ref": "GoogleIamV1Policy"
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/applications/{applicationsId}:getIamPolicy"
                },
                "testIamPermissions": {
                  "parameters": {
                    "resource": {
                      "type": "string",
                      "description": "REQUIRED: The resource for which the policy detail is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
                      "pattern": "^projects/[^/]+/locations/[^/]+/applications/[^/]+$",
                      "required": true,
                      "location": "path"
                    }
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/applications/{applicationsId}:testIamPermissions",
                  "response": {
                    "$ref": "GoogleIamV1TestIamPermissionsResponse"
                  },
                  "request": {
                    "$ref": "GoogleIamV1TestIamPermissionsRequest"
                  },
                  "id": "beyondcorp.projects.locations.applications.testIamPermissions",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a `NOT_FOUND` error. Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may \"fail open\" without warning.",
                  "path": "v1alpha/{+resource}:testIamPermissions",
                  "parameterOrder": [
                    "resource"
                  ],
                  "httpMethod": "POST"
                },
                "setIamPolicy": {
                  "parameters": {
                    "resource": {
                      "type": "string",
                      "description": "REQUIRED: The resource for which the policy is being specified. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
                      "pattern": "^projects/[^/]+/locations/[^/]+/applications/[^/]+$",
                      "required": true,
                      "location": "path"
                    }
                  },
                  "response": {
                    "$ref": "GoogleIamV1Policy"
                  },
                  "flatPath": "v1alpha/projects/{projectsId}/locations/{locationsId}/applications/{applicationsId}:setIamPolicy",
                  "request": {
                    "$ref": "GoogleIamV1SetIamPolicyRequest"
                  },
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.",
                  "id": "beyondcorp.projects.locations.applications.setIamPolicy",
                  "path": "v1alpha/{+resource}:setIamPolicy",
                  "parameterOrder": [
                    "resource"
                  ],
                  "httpMethod": "POST"
                }
              }
            }
          }
        }
      }
    },
    "organizations": {
      "resources": {
        "locations": {
          "resources": {
            "operations": {
              "methods": {
                "get": {
                  "path": "v1alpha/{+name}",
                  "parameterOrder": [
                    "name"
                  ],
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.",
                  "id": "beyondcorp.organizations.locations.operations.get",
                  "httpMethod": "GET",
                  "parameters": {
                    "name": {
                      "type": "string",
                      "location": "path",
                      "required": true,
                      "description": "The name of the operation resource.",
                      "pattern": "^organizations/[^/]+/locations/[^/]+/operations/[^/]+$"
                    }
                  },
                  "response": {
                    "$ref": "GoogleLongrunningOperation"
                  },
                  "flatPath": "v1alpha/organizations/{organizationsId}/locations/{locationsId}/operations/{operationsId}"
                },
                "delete": {
                  "response": {
                    "$ref": "Empty"
                  },
                  "flatPath": "v1alpha/organizations/{organizationsId}/locations/{locationsId}/operations/{operationsId}",
                  "parameters": {
                    "name": {
                      "type": "string",
                      "location": "path",
                      "required": true,
                      "description": "The name of the operation resource to be deleted.",
                      "pattern": "^organizations/[^/]+/locations/[^/]+/operations/[^/]+$"
                    }
                  },
                  "httpMethod": "DELETE",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Deletes a long-running operation. This method indicates that the client is no longer interested in the operation result. It does not cancel the operation. If the server doesn't support this method, it returns `google.rpc.Code.UNIMPLEMENTED`.",
                  "id": "beyondcorp.organizations.locations.operations.delete",
                  "path": "v1alpha/{+name}",
                  "parameterOrder": [
                    "name"
                  ]
                },
                "cancel": {
                  "flatPath": "v1alpha/organizations/{organizationsId}/locations/{locationsId}/operations/{operationsId}:cancel",
                  "response": {
                    "$ref": "Empty"
                  },
                  "request": {
                    "$ref": "GoogleLongrunningCancelOperationRequest"
                  },
                  "parameters": {
                    "name": {
                      "type": "string",
                      "location": "path",
                      "description": "The name of the operation resource to be cancelled.",
                      "pattern": "^organizations/[^/]+/locations/[^/]+/operations/[^/]+$",
                      "required": true
                    }
                  },
                  "httpMethod": "POST",
                  "id": "beyondcorp.organizations.locations.operations.cancel",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Starts asynchronous cancellation on a long-running operation. The server makes a best effort to cancel the operation, but success is not guaranteed. If the server doesn't support this method, it returns `google.rpc.Code.UNIMPLEMENTED`. Clients can use Operations.GetOperation or other methods to check whether the cancellation succeeded or whether the operation completed despite cancellation. On successful cancellation, the operation is not deleted; instead, it becomes an operation with an Operation.error value with a google.rpc.Status.code of `1`, corresponding to `Code.CANCELLED`.",
                  "path": "v1alpha/{+name}:cancel",
                  "parameterOrder": [
                    "name"
                  ]
                },
                "list": {
                  "flatPath": "v1alpha/organizations/{organizationsId}/locations/{locationsId}/operations",
                  "response": {
                    "$ref": "GoogleLongrunningListOperationsResponse"
                  },
                  "parameters": {
                    "returnPartialSuccess": {
                      "description": "When set to `true`, operations that are reachable are returned as normal, and those that are unreachable are returned in the ListOperationsResponse.unreachable field. This can only be `true` when reading across collections. For example, when `parent` is set to `\"projects/example/locations/-\"`. This field is not supported by default and will result in an `UNIMPLEMENTED` error if set unless explicitly documented otherwise in service or product specific documentation.",
                      "location": "query",
                      "type": "boolean"
                    },
                    "pageToken": {
                      "location": "query",
                      "type": "string",
                      "description": "The standard list page token."
                    },
                    "name": {
                      "required": true,
                      "description": "The name of the operation's parent resource.",
                      "pattern": "^organizations/[^/]+/locations/[^/]+$",
                      "location": "path",
                      "type": "string"
                    },
                    "filter": {
                      "location": "query",
                      "type": "string",
                      "description": "The standard list filter."
                    },
                    "pageSize": {
                      "location": "query",
                      "type": "integer",
                      "description": "The standard list page size.",
                      "format": "int32"
                    }
                  },
                  "httpMethod": "GET",
                  "path": "v1alpha/{+name}/operations",
                  "parameterOrder": [
                    "name"
                  ],
                  "id": "beyondcorp.organizations.locations.operations.list",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Lists operations that match the specified filter in the request. If the server doesn't support this method, it returns `UNIMPLEMENTED`."
                }
              }
            },
            "insights": {
              "methods": {
                "list": {
                  "flatPath": "v1alpha/organizations/{organizationsId}/locations/{locationsId}/insights",
                  "response": {
                    "$ref": "GoogleCloudBeyondcorpSaasplatformInsightsV1alphaListInsightsResponse"
                  },
                  "parameters": {
                    "aggregation": {
                      "enum": [
                        "AGGREGATION_UNSPECIFIED",
                        "HOURLY",
                        "DAILY",
                        "WEEKLY",
                        "MONTHLY",
                        "CUSTOM_DATE_RANGE"
                      ],
                      "type": "string",
                      "enumDescriptions": [
                        "Unspecified.",
                        "Insight should be aggregated at hourly level.",
                        "Insight should be aggregated at daily level.",
                        "Insight should be aggregated at weekly level.",
                        "Insight should be aggregated at monthly level.",
                        "Insight should be aggregated at the custom date range passed in as the start and end time in the request."
                      ],
                      "description": "Optional. Aggregation type. The default is 'DAILY'.",
                      "location": "query"
                    },
                    "parent": {
                      "type": "string",
                      "location": "path",
                      "description": "Required. The resource name of InsightMetadata using the form: `organizations/{organization_id}/locations/{location}` `projects/{project_id}/locations/{location_id}`",
                      "pattern": "^organizations/[^/]+/locations/[^/]+$",
                      "required": true
                    },
                    "pageSize": {
                      "format": "int32",
                      "description": "Optional. Requested page size. Server may return fewer items than requested. If unspecified, server will pick an appropriate default. NOTE: Default page size is 50.",
                      "location": "query",
                      "type": "integer"
                    },
                    "filter": {
                      "location": "query",
                      "type": "string",
                      "description": "Optional. Filter expression to restrict the insights returned. Supported filter fields: * `type` * `category` * `subCategory` Examples: * \"category = application AND type = count\" * \"category = application AND subCategory = iap\" * \"type = status\" Allowed values: * type: [count, latency, status, list] * category: [application, device, request, security] * subCategory: [iap, caa, webprotect] NOTE: Only equality based comparison is allowed. Only `AND` conjunction is allowed. NOTE: The 'AND' in the filter field needs to be in capital letters only. NOTE: Just filtering on `subCategory` is not allowed. It should be passed in with the parent `category` too. (These expressions are based on the filter language described at https://google.aip.dev/160)."
                    },
                    "endTime": {
                      "format": "google-datetime",
                      "description": "Optional. Ending time for the duration for which insights are to be pulled. The default is the current time.",
                      "location": "query",
                      "type": "string"
                    },
                    "orderBy": {
                      "location": "query",
                      "type": "string",
                      "description": "Optional. Hint for how to order the results. This is currently ignored."
                    },
                    "view": {
                      "location": "query",
                      "description": "Required. List only metadata or full data.",
                      "type": "string",
                      "enumDescriptions": [
                        "The default / unset value. The API will default to the BASIC view.",
                        "Include basic metadata about the insight, but not the insight data. This is the default value (for both ListInsights and GetInsight).",
                        "Include everything."
                      ],
                      "enum": [
                        "INSIGHT_VIEW_UNSPECIFIED",
                        "BASIC",
                        "FULL"
                      ]
                    },
                    "startTime": {
                      "location": "query",
                      "type": "string",
                      "format": "google-datetime",
                      "description": "Optional. Starting time for the duration for which insights are to be pulled. The default is 7 days before the current time."
                    },
                    "pageToken": {
                      "description": "Optional. A token identifying a page of results the server should return.",
                      "location": "query",
                      "type": "string"
                    }
                  },
                  "httpMethod": "GET",
                  "path": "v1alpha/{+parent}/insights",
                  "parameterOrder": [
                    "parent"
                  ],
                  "id": "beyondcorp.organizations.locations.insights.list",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Lists for all the available insights that could be fetched from the system. Allows to filter using category. Setting the `view` to `BASIC` will let you iterate over the list of insight metadatas."
                },
                "get": {
                  "flatPath": "v1alpha/organizations/{organizationsId}/locations/{locationsId}/insights/{insightsId}",
                  "response": {
                    "$ref": "GoogleCloudBeyondcorpSaasplatformInsightsV1alphaInsight"
                  },
                  "parameters": {
                    "name": {
                      "required": true,
                      "description": "Required. The resource name of the insight using the form: `organizations/{organization_id}/locations/{location_id}/insights/{insight_id}` `projects/{project_id}/locations/{location_id}/insights/{insight_id}`",
                      "pattern": "^organizations/[^/]+/locations/[^/]+/insights/[^/]+$",
                      "location": "path",
                      "type": "string"
                    },
                    "view": {
                      "enum": [
                        "INSIGHT_VIEW_UNSPECIFIED",
                        "BASIC",
                        "FULL"
                      ],
                      "type": "string",
                      "enumDescriptions": [
                        "The default / unset value. The API will default to the BASIC view.",
                        "Include basic metadata about the insight, but not the insight data. This is the default value (for both ListInsights and GetInsight).",
                        "Include everything."
                      ],
                      "description": "Required. Metadata only or full data view.",
                      "location": "query"
                    }
                  },
                  "httpMethod": "GET",
                  "id": "beyondcorp.organizations.locations.insights.get",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Gets the value for a selected particular insight with default configuration. The default aggregation level is 'DAILY' and no grouping will be applied or default grouping if applicable. The data will be returned for recent 7 days starting the day before. The insight data size will be limited to 50 rows. Use the organization level path for fetching at org level and project level path for fetching the insight value specific to a particular project. Setting the `view` to `BASIC` will only return the metadata for the insight.",
                  "path": "v1alpha/{+name}",
                  "parameterOrder": [
                    "name"
                  ]
                },
                "configuredInsight": {
                  "parameters": {
                    "startTime": {
                      "location": "query",
                      "type": "string",
                      "description": "Required. Starting time for the duration for which insight is to be pulled.",
                      "format": "google-datetime"
                    },
                    "customGrouping.fieldFilter": {
                      "description": "Optional. Filterable parameters to be added to the grouping clause. Available fields could be fetched by calling insight list and get APIs in `BASIC` view. `=` is the only comparison operator supported. `AND` is the only logical operator supported. Usage: field_filter=\"fieldName1=fieldVal1 AND fieldName2=fieldVal2\". NOTE: Only `AND` conditions are allowed. NOTE: Use the `filter_alias` from `Insight.Metadata.Field` message for the filtering the corresponding fields in this filter field. (These expressions are based on the filter language described at https://google.aip.dev/160).",
                      "location": "query",
                      "type": "string"
                    },
                    "pageToken": {
                      "location": "query",
                      "type": "string",
                      "description": "Optional. Used to fetch the page represented by the token. Fetches the first page when not set."
                    },
                    "fieldFilter": {
                      "description": "Optional. Other filterable/configurable parameters as applicable to the selected insight. Available fields could be fetched by calling insight list and get APIs in `BASIC` view. `=` is the only comparison operator supported. `AND` is the only logical operator supported. Usage: field_filter=\"fieldName1=fieldVal1 AND fieldName2=fieldVal2\". NOTE: Only `AND` conditions are allowed. NOTE: Use the `filter_alias` from `Insight.Metadata.Field` message for the filtering the corresponding fields in this filter field. (These expressions are based on the filter language described at https://google.aip.dev/160).",
                      "location": "query",
                      "type": "string"
                    },
                    "endTime": {
                      "location": "query",
                      "type": "string",
                      "description": "Required. Ending time for the duration for which insight is to be pulled.",
                      "format": "google-datetime"
                    },
                    "pageSize": {
                      "location": "query",
                      "type": "integer",
                      "description": "Optional. Requested page size. Server may return fewer items than requested. If unspecified, server will pick an appropriate default.",
                      "format": "int32"
                    },
                    "insight": {
                      "type": "string",
                      "required": true,
                      "description": "Required. The resource name of the insight using the form: `organizations/{organization_id}/locations/{location_id}/insights/{insight_id}` `projects/{project_id}/locations/{location_id}/insights/{insight_id}`.",
                      "pattern": "^organizations/[^/]+/locations/[^/]+/insights/[^/]+$",
                      "location": "path"
                    },
                    "group": {
                      "location": "query",
                      "type": "string",
                      "description": "Optional. Group id of the available groupings for the insight. Available groupings could be fetched by calling insight list and get APIs in `BASIC` view."
                    },
                    "aggregation": {
                      "type": "string",
                      "enumDescriptions": [
                        "Unspecified.",
                        "Insight should be aggregated at hourly level.",
                        "Insight should be aggregated at daily level.",
                        "Insight should be aggregated at weekly level.",
                        "Insight should be aggregated at monthly level.",
                        "Insight should be aggregated at the custom date range passed in as the start and end time in the request."
                      ],
                      "enum": [
                        "AGGREGATION_UNSPECIFIED",
                        "HOURLY",
                        "DAILY",
                        "WEEKLY",
                        "MONTHLY",
                        "CUSTOM_DATE_RANGE"
                      ],
                      "location": "query",
                      "description": "Required. Aggregation type. Available aggregation could be fetched by calling insight list and get APIs in `BASIC` view."
                    },
                    "customGrouping.groupFields": {
                      "repeated": true,
                      "location": "query",
                      "type": "string",
                      "description": "Required. Fields to be used for grouping. NOTE: Use the `filter_alias` from `Insight.Metadata.Field` message for declaring the fields to be grouped-by here."
                    }
                  },
                  "flatPath": "v1alpha/organizations/{organizationsId}/locations/{locationsId}/insights/{insightsId}:configuredInsight",
                  "response": {
                    "$ref": "GoogleCloudBeyondcorpSaasplatformInsightsV1alphaConfiguredInsightResponse"
                  },
                  "id": "beyondcorp.organizations.locations.insights.configuredInsight",
                  "scopes": [
                    "https://www.googleapis.com/auth/cloud-platform"
                  ],
                  "description": "Gets the value for a selected particular insight based on the provided filters. Use the organization level path for fetching at org level and project level path for fetching the insight value specific to a particular project.",
                  "path": "v1alpha/{+insight}:configuredInsight",
                  "parameterOrder": [
                    "insight"
                  ],
                  "httpMethod": "GET"
                }
              }
            },
            "subscriptions": {
              "methods": {
                "patch": {
                  "request": {
                    "$ref": "GoogleCloudBeyondcorpSaasplatformSubscriptionsV1alphaSubscription"
                  },
                  "flatPath": "v1alpha/organizations/{organizationsId}/locations/{locationsId}/subscriptions/{subscriptionsId}",
                  "response": {
                    "$ref": "GoogleCloudBeyondcorpSaasplatformSubscriptionsV1alphaSubscription"
                  },
                  "parameters": {
                    "updateMask": {
                      "location": "query",
                      "type": "string",
                      "description": "Required. Field mask is used to specify the fields to be overwritten in the Subscription resource by the update. The fields specified in the update_mask are relative to the resource, not the full request. A field will be overwritten if it is in the mask. Mutable fields: seat_count.",
                      "format": "google-fieldmask"
                    },
                    "name": {
                      "location": "path",
                      "description": "Identifier. Unique resource name of the Subscription. The name is ignored when creating a subscription.",
                      "pattern": "^organizations/[^/]+/locations/[^/]+/subscriptions/[^/]+$",
                      "required": true,
                      "type": "string"
                    },
                    "requestId": {
                      "description": "Optional. An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes since the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).",
                      "location": "query",
                      "type": "string"
                    }
                  },
                  "httpMethod": "PATCH",
                  "path": "v1alpha/{+name}",
                  "parameterOrder": [
                    "name"
                  ],
                  "id": "beyondcorp.organizations.locations.subscriptions.patch",
                  "description": "Updates an existing BeyondCorp Enterprise Subscription in a given organization. Location will always be global as BeyondCorp subscriptions are per organization."
                },
                "get": {
                  "flatPath": "v1alpha/organizations/{organizationsId}/locations/{locationsId}/subscriptions/{subscriptionsId}",
                  "response": {
                    "$ref": "GoogleCloudBeyondcorpSaasplatformSubscriptionsV1alphaSubscription"
                  },
                  "httpMethod": "GET",
                  "id": "beyondcorp.organizations.locations.subscriptions.get",
                  "description": "Gets details of a single Subscription.",
                  "path": "v1alpha/{+name}",
                  "parameters": {
                    "name": {
                      "type": "string",
                      "location": "path",
                      "required": true,
                      "description": "Required. The resource name of Subscription using the form: `organizations/{organization_id}/locations/{location}/subscriptions/{subscription_id}`",
                      "pattern": "^organizations/[^/]+/locations/[^/]+/subscriptions/[^/]+$"
                    }
                  },
                  "parameterOrder": [
                    "name"
                  ]
                },
                "cancel": {
                  "response": {
                    "$ref": "GoogleCloudBeyondcorpSaasplatformSubscriptionsV1alphaCancelSubscriptionResponse"
                  },
                  "flatPath": "v1alpha/organizations/{organizationsId}/locations/{locationsId}/subscriptions/{subscriptionsId}:cancel",
                  "httpMethod": "GET",
                  "description": "Cancels an existing BeyondCorp Enterprise Subscription in a given organization. Location will always be global as BeyondCorp subscriptions are per organization. Returns the timestamp for when the cancellation will become effective",
                  "id": "beyondcorp.organizations.locations.subscriptions.cancel",
                  "path": "v1alpha/{+name}:cancel",
                  "parameters": {
                    "requestId": {
                      "location": "query",
                      "type": "string",
                      "description": "Optional. An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000)."
                    },
                    "name": {
                      "type": "string",
                      "location": "path",
                      "required": true,
                      "description": "Required. Name of the resource.",
                      "pattern": "^organizations/[^/]+/locations/[^/]+/subscriptions/[^/]+$"
                    }
                  },
                  "parameterOrder": [
                    "name"
                  ]
                },
                "restart": {
                  "httpMethod": "GET",
                  "response": {
                    "$ref": "GoogleCloudBeyondcorpSaasplatformSubscriptionsV1alphaRestartSubscriptionResponse"
                  },
                  "flatPath": "v1alpha/organizations/{organizationsId}/locations/{locationsId}/subscriptions/{subscriptionsId}:restart",
                  "path": "v1alpha/{+name}:restart",
                  "parameters": {
                    "name": {
                      "location": "path",
                      "description": "Required. Name of the resource.",
                      "pattern": "^organizations/[^/]+/locations/[^/]+/subscriptions/[^/]+$",
                      "required": true,
                      "type": "string"
                    },
                    "requestId": {
                      "location": "query",
                      "type": "string",
                      "description": "Optional. An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed. The server will guarantee that for at least 60 minutes after the first request. For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments. The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000)."
                    }
                  },
                  "parameterOrder": [
                    "name"
                  ],
                  "description": "Restarts an existing BeyondCorp Enterprise Subscription in a given organization, that is scheduled for cancellation. Location will always be global as BeyondCorp subscriptions are per organization. Returns the timestamp for when the cancellation will become effective",
                  "id": "beyondcorp.organizations.locations.subscriptions.restart"
                },
                "create": {
                  "path": "v1alpha/{+parent}/subscriptions",
                  "parameterOrder": [
                    "parent"
                  ],
                  "id": "beyondcorp.organizations.locations.subscriptions.create",
                  "description": "Creates a new BeyondCorp Enterprise Subscription in a given organization. Location will always be global as BeyondCorp subscriptions are per organization.",
                  "httpMethod": "POST",
                  "parameters": {
                    "parent": {
                      "type": "string",
                      "location": "path",
                      "description": "Required. The resource name of the subscription location using the form: `organizations/{organization_id}/locations/{location}`",
                      "pattern": "^organizations/[^/]+/locations/[^/]+$",
                      "required": true
                    }
                  },
                  "request": {
                    "$ref": "GoogleCloudBeyondcorpSaasplatformSubscriptionsV1alphaSubscription"
                  },
                  "flatPath": "v1alpha/organizations/{organizationsId}/locations/{locationsId}/subscriptions",
                  "response": {
                    "$ref": "GoogleCloudBeyondcorpSaasplatformSubscriptionsV1alphaSubscription"
                  }
                },
                "list": {
                  "httpMethod": "GET",
                  "response": {
                    "$ref": "GoogleCloudBeyondcorpSaasplatformSubscriptionsV1alphaListSubscriptionsResponse"
                  },
                  "flatPath": "v1alpha/organizations/{organizationsId}/locations/{locationsId}/subscriptions",
                  "path": "v1alpha/{+parent}/subscriptions",
                  "parameters": {
                    "pageToken": {
                      "location": "query",
                      "type": "string",
                      "description": "Optional. The next_page_token value returned from a previous ListSubscriptionsRequest, if any."
                    },
                    "parent": {
                      "type": "string",
                      "location": "path",
                      "required": true,
                      "description": "Required. The resource name of Subscription using the form: `organizations/{organization_id}/locations/{location}`",
                      "pattern": "^organizations/[^/]+/locations/[^/]+$"
                    },
                    "pageSize": {
                      "location": "query",
                      "type": "integer",
                      "description": "Optional. The maximum number of items to return. If not specified, a default value of 50 will be used by the service. Regardless of the page_size value, the response may include a partial list and a caller should only rely on response's next_page_token to determine if there are more instances left to be queried.",
                      "format": "int32"
                    }
                  },
                  "parameterOrder": [
                    "parent"
                  ],
                  "description": "Lists Subscriptions in a given organization and location.",
                  "id": "beyondcorp.organizations.locations.subscriptions.list"
                }
              }
            }
          }
        }
      }
    }
  },
  "mtlsRootUrl": "https://beyondcorp.mtls.googleapis.com/",
  "discoveryVersion": "v1",
  "version": "v1alpha",
  "documentationLink": "https://cloud.google.com/",
  "version_module": true,
  "parameters": {
    "$.xgafv": {
      "type": "string",
      "enumDescriptions": [
        "v1 error format",
        "v2 error format"
      ],
      "enum": [
        "1",
        "2"
      ],
      "location": "query",
      "description": "V1 error format."
    },
    "prettyPrint": {
      "description": "Returns response with indentations and line breaks.",
      "type": "boolean",
      "default": "true",
      "location": "query"
    },
    "uploadType": {
      "description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
      "type": "string",
      "location": "query"
    },
    "key": {
      "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
      "type": "string",
      "location": "query"
    },
    "upload_protocol": {
      "type": "string",
      "location": "query",
      "description": "Upload protocol for media (e.g. \"raw\", \"multipart\")."
    },
    "access_token": {
      "type": "string",
      "location": "query",
      "description": "OAuth access token."
    },
    "oauth_token": {
      "type": "string",
      "location": "query",
      "description": "OAuth 2.0 token for the current user."
    },
    "fields": {
      "type": "string",
      "location": "query",
      "description": "Selector specifying which fields to include in a partial response."
    },
    "alt": {
      "enum": [
        "json",
        "media",
        "proto"
      ],
      "type": "string",
      "default": "json",
      "enumDescriptions": [
        "Responses with Content-Type of application/json",
        "Media download with context-dependent Content-Type",
        "Responses with Content-Type of application/x-protobuf"
      ],
      "description": "Data format for response.",
      "location": "query"
    },
    "callback": {
      "description": "JSONP",
      "type": "string",
      "location": "query"
    },
    "quotaUser": {
      "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
      "type": "string",
      "location": "query"
    }
  },
  "fullyEncodeReservedExpansion": true,
  "auth": {
    "oauth2": {
      "scopes": {
        "https://www.googleapis.com/auth/cloud-platform": {
          "description": "See, edit, configure, and delete your Google Cloud data and see the email address for your Google Account."
        }
      }
    }
  },
  "description": "Chrome Enterprise Premium is a secure enterprise browsing solution that provides secure access to applications and resources, and offers integrated threat and data protection. It adds an extra layer of security to safeguard your Chrome browser environment, including Data Loss Prevention (DLP), real-time URL and file scanning, and Context-Aware Access for SaaS and web apps.",
  "title": "BeyondCorp API",
  "kind": "discovery#restDescription"
}
