Merge branch 'main' into release-please--branches--main

discovery/accesscontextmanager-v1.json

@@ -1205,6 +1205,11 @@
                 "name"
               ],
               "parameters": {
+                "appendScopedAccessSettings": {
+                  "description": "Optional. This field will be used to control whether or not scoped access settings are appended to the existing list of scoped access settings. If true, the scoped access settings in the request will be appended to the existing list of scoped access settings. If false, the scoped access settings in the request replace the existing list of scoped access settings.",
+                  "location": "query",
+                  "type": "boolean"
+                },
                 "name": {
                   "description": "Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by [RFC 3986 Section 2.3](https://tools.ietf.org/html/rfc3986#section-2.3)). Should not be specified by the client during creation. Example: \"organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N\"",
                   "location": "path",
@@ -1213,7 +1218,7 @@
                   "type": "string"
                 },
                 "updateMask": {
-                  "description": "Required. Only the fields specified in this mask are updated. Because name and group_key cannot be changed, update_mask is required and may only contain the following fields: `access_levels`, `dry_run_access_levels`. update_mask { paths: \"access_levels\" }",
+                  "description": "Required. Only the fields specified in this mask are updated. Because name and group_key cannot be changed, update_mask is required and may only contain the following fields: `access_levels`, `dry_run_access_levels`, `reauth_settings`, `scoped_access_settings`. update_mask { paths: \"access_levels\" }",
                   "format": "google-fieldmask",
                   "location": "query",
                   "type": "string"
@@ -1290,7 +1295,7 @@
       }
     }
   },
-  "revision": "20240811",
+  "revision": "20240923",
   "rootUrl": "https://accesscontextmanager.googleapis.com/",
   "schemas": {
     "AccessContextManagerOperationMetadata": {
@@ -1357,6 +1362,35 @@
       },
       "type": "object"
     },
+    "AccessScope": {
+      "description": "Access scope represents the client scope, etc. to which the settings will be applied to.",
+      "id": "AccessScope",
+      "properties": {
+        "clientScope": {
+          "$ref": "ClientScope",
+          "description": "Optional. Client scope for this access scope."
+        }
+      },
+      "type": "object"
+    },
+    "AccessSettings": {
+      "description": "Access settings represent the set of conditions that must be met for access to be granted. At least one of the fields must be set.",
+      "id": "AccessSettings",
+      "properties": {
+        "accessLevels": {
+          "description": "Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: \"accessPolicies/9522/accessLevels/device_trusted\"",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "reauthSettings": {
+          "$ref": "ReauthSettings",
+          "description": "Optional. Reauth settings applied to user access on a given AccessScope."
+        }
+      },
+      "type": "object"
+    },
     "ApiOperation": {
       "description": "Identification for an API Operation.",
       "id": "ApiOperation",
@@ -1550,6 +1584,17 @@
       "properties": {},
       "type": "object"
     },
+    "ClientScope": {
+      "description": "Client scope represents the application, etc. subject to this binding's restrictions.",
+      "id": "ClientScope",
+      "properties": {
+        "restrictedClientApplication": {
+          "$ref": "Application",
+          "description": "Optional. The application that is subject to this binding's scope."
+        }
+      },
+      "type": "object"
+    },
     "CommitServicePerimetersRequest": {
       "description": "A request to commit dry-run specs in all Service Perimeters belonging to an Access Policy.",
       "id": "CommitServicePerimetersRequest",
@@ -1860,12 +1905,23 @@
           "description": "Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by [RFC 3986 Section 2.3](https://tools.ietf.org/html/rfc3986#section-2.3)). Should not be specified by the client during creation. Example: \"organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N\"",
           "type": "string"
         },
+        "reauthSettings": {
+          "$ref": "ReauthSettings",
+          "description": "Optional. GCSL policy for the group key."
+        },
         "restrictedClientApplications": {
           "description": "Optional. A list of applications that are subject to this binding's restrictions. If the list is empty, the binding restrictions will universally apply to all applications.",
           "items": {
             "$ref": "Application"
           },
           "type": "array"
+        },
+        "scopedAccessSettings": {
+          "description": "Optional. A list of scoped access settings that set this binding's restrictions on a subset of applications. This field cannot be set if restricted_client_applications is set.",
+          "items": {
+            "$ref": "ScopedAccessSettings"
+          },
+          "type": "array"
         }
       },
       "type": "object"
@@ -2231,6 +2287,47 @@
       },
       "type": "object"
     },
+    "ReauthSettings": {
+      "description": "Stores settings related to Google Cloud Session Length including session duration, the type of challenge (i.e. method) they should face when their session expires, and other related settings.",
+      "id": "ReauthSettings",
+      "properties": {
+        "maxInactivity": {
+          "description": "Optional. How long a user is allowed to take between actions before a new access token must be issued. Presently only set for Cloud Apps.",
+          "format": "google-duration",
+          "type": "string"
+        },
+        "reauthMethod": {
+          "description": "Optional. Reauth method when users GCP session is up.",
+          "enum": [
+            "REAUTH_METHOD_UNSPECIFIED",
+            "LOGIN",
+            "SECURITY_KEY",
+            "PASSWORD"
+          ],
+          "enumDescriptions": [
+            "If method undefined in API, we will use LOGIN by default.",
+            "The user will prompted to perform regular login. Users who are enrolled for two-step verification and haven't chosen to \"Remember this computer\" will be prompted for their second factor.",
+            "The user will be prompted to autheticate using their security key. If no security key has been configured, then we will fallback to LOGIN.",
+            "The user will be prompted for their password."
+          ],
+          "type": "string"
+        },
+        "sessionLength": {
+          "description": "Optional. The session length. Setting this field to zero is equal to disabling. Reauth. Also can set infinite session by flipping the enabled bit to false below. If use_oidc_max_age is true, for OIDC apps, the session length will be the minimum of this field and OIDC max_age param.",
+          "format": "google-duration",
+          "type": "string"
+        },
+        "sessionLengthEnabled": {
+          "description": "Optional. Big red button to turn off GCSL. When false, all fields set above will be disregarded and the session length is basically infinite.",
+          "type": "boolean"
+        },
+        "useOidcMaxAge": {
+          "description": "Optional. Only useful for OIDC apps. When false, the OIDC max_age param, if passed in the authentication request will be ignored. When true, the re-auth period will be the minimum of the session_length field and the max_age OIDC param.",
+          "type": "boolean"
+        }
+      },
+      "type": "object"
+    },
     "ReplaceAccessLevelsRequest": {
       "description": "A request to replace all existing Access Levels in an Access Policy with the Access Levels provided. This is done atomically.",
       "id": "ReplaceAccessLevelsRequest",
@@ -2295,6 +2392,25 @@
       },
       "type": "object"
     },
+    "ScopedAccessSettings": {
+      "description": "A relationship between access settings and its scope.",
+      "id": "ScopedAccessSettings",
+      "properties": {
+        "activeSettings": {
+          "$ref": "AccessSettings",
+          "description": "Optional. Access settings for this scoped access settings. This field may be empty if dry_run_settings is set."
+        },
+        "dryRunSettings": {
+          "$ref": "AccessSettings",
+          "description": "Optional. Dry-run access settings for this scoped access settings. This field may be empty if active_settings is set."
+        },
+        "scope": {
+          "$ref": "AccessScope",
+          "description": "Optional. Application, etc. to which the access settings will be applied to. Implicitly, this is the scoped access settings key; as such, it must be unique and non-empty."
+        }
+      },
+      "type": "object"
+    },
     "ServicePerimeter": {
       "description": "`ServicePerimeter` describes a set of Google Cloud resources which can freely import and export data amongst themselves, but not export outside of the `ServicePerimeter`. If a request with a source within this `ServicePerimeter` has a target outside of the `ServicePerimeter`, the request will be blocked. Otherwise the request is allowed. There are two types of Service Perimeter - Regular and Bridge. Regular Service Perimeters cannot overlap, a single Google Cloud project or VPC network can only belong to a single regular Service Perimeter. Service Perimeter Bridges can contain only Google Cloud projects as members, a single Google Cloud project may belong to multiple Service Perimeter Bridges.",
       "id": "ServicePerimeter",

discovery/adexchangebuyer2-v2beta1.json

@@ -3115,7 +3115,7 @@
       }
     }
   },
-  "revision": "20231213",
+  "revision": "20241002",
   "rootUrl": "https://adexchangebuyer.googleapis.com/",
   "schemas": {
     "AbsoluteDateRange": {
@@ -6570,22 +6570,22 @@
       "id": "TimeOfDay",
       "properties": {
         "hours": {
-          "description": "Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.",
+          "description": "Hours of a day in 24 hour format. Must be greater than or equal to 0 and typically must be less than or equal to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.",
           "format": "int32",
           "type": "integer"
         },
         "minutes": {
-          "description": "Minutes of hour of day. Must be from 0 to 59.",
+          "description": "Minutes of an hour. Must be greater than or equal to 0 and less than or equal to 59.",
           "format": "int32",
           "type": "integer"
         },
         "nanos": {
-          "description": "Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.",
+          "description": "Fractions of seconds, in nanoseconds. Must be greater than or equal to 0 and less than or equal to 999,999,999.",
           "format": "int32",
           "type": "integer"
         },
         "seconds": {
-          "description": "Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.",
+          "description": "Seconds of a minute. Must be greater than or equal to 0 and typically must be less than or equal to 59. An API may allow the value 60 if it allows leap-seconds.",
           "format": "int32",
           "type": "integer"
         }

discovery/admin-directory_v1.json

@@ -15,10 +15,10 @@
           "description": "View customer related information"
         },
         "https://www.googleapis.com/auth/admin.directory.device.chromeos": {
-          "description": "View and manage your Chrome OS devices' metadata"
+          "description": "View and manage your ChromeOS devices' metadata"
         },
         "https://www.googleapis.com/auth/admin.directory.device.chromeos.readonly": {
-          "description": "View your Chrome OS devices' metadata"
+          "description": "View your ChromeOS devices' metadata"
         },
         "https://www.googleapis.com/auth/admin.directory.device.mobile": {
           "description": "View and manage your mobile devices' metadata"
@@ -1677,7 +1677,7 @@
               "type": "string"
             },
             "userKey": {
-              "description": "Email or immutable ID of the user if only those groups are to be listed, the given user is a member of. If it's an ID, it should match with the ID of the user object.",
+              "description": "Email or immutable ID of the user if only those groups are to be listed, the given user is a member of. If it's an ID, it should match with the ID of the user object. Cannot be used with the `customer` parameter.",
               "location": "query",
               "type": "string"
             }
@@ -4671,7 +4671,7 @@
       }
     }
   },
-  "revision": "20240709",
+  "revision": "20240924",
   "rootUrl": "https://admin.googleapis.com/",
   "schemas": {
     "Alias": {
@@ -6245,7 +6245,7 @@
           "type": "string"
         },
         "payload": {
-          "description": "The payload for the command, provide it only if command supports it. The following commands support adding payload: * `SET_VOLUME`: Payload is a stringified JSON object in the form: { \"volume\": 50 }. The volume has to be an integer in the range [0,100]. * `DEVICE_START_CRD_SESSION`: Payload is optionally a stringified JSON object in the form: { \"ackedUserPresence\": true }. `ackedUserPresence` is a boolean. By default, `ackedUserPresence` is set to `false`. To start a Chrome Remote Desktop session for an active device, set `ackedUserPresence` to `true`. * `REBOOT`: Payload is a stringified JSON object in the form: { \"user_session_delay_seconds\": 300 }. The delay has to be in the range [0, 300]. * `FETCH_SUPPORT_PACKET`: Payload is optionally a stringified JSON object in the form: {\"supportPacketDetails\":{ \"issueCaseId\": optional_support_case_id_string, \"issueDescription\": optional_issue_description_string, \"requestedDataCollectors\": []}} The list of available `data_collector_enums` are as following: Chrome System Information (1), Crash IDs (2), Memory Details (3), UI Hierarchy (4), Additional ChromeOS Platform Logs (5), Device Event (6), Intel WiFi NICs Debug Dump (7), Touch Events (8), Lacros (9), Lacros System Information (10), ChromeOS Flex Logs (11), DBus Details (12), ChromeOS Network Routes (13), ChromeOS Shill (Connection Manager) Logs (14), Policies (15), ChromeOS System State and Logs (16), ChromeOS System Logs (17), ChromeOS Chrome User Logs (18), ChromeOS Bluetooth (19), ChromeOS Connected Input Devices (20), ChromeOS Traffic Counters (21), ChromeOS Virtual Keyboard (22), ChromeOS Network Health (23). See more details in [help article](https://support.google.com/chrome/a?p=remote-log).",
+          "description": "The payload for the command, provide it only if command supports it. The following commands support adding payload: * `SET_VOLUME`: Payload is a stringified JSON object in the form: { \"volume\": 50 }. The volume has to be an integer in the range [0,100]. * `DEVICE_START_CRD_SESSION`: Payload is optionally a stringified JSON object in the form: { \"ackedUserPresence\": true, \"crdSessionType\": string }. `ackedUserPresence` is a boolean. By default, `ackedUserPresence` is set to `false`. To start a Chrome Remote Desktop session for an active device, set `ackedUserPresence` to `true`. `crdSessionType` can only select from values `private` (which grants the remote admin exclusive control of the ChromeOS device) or `shared` (which allows the admin and the local user to share control of the ChromeOS device). If not set, `crdSessionType` defaults to `shared`. * `REBOOT`: Payload is a stringified JSON object in the form: { \"user_session_delay_seconds\": 300 }. The `user_session_delay_seconds` is the amount of seconds to wait before rebooting the device if a user is logged in. It has to be an integer in the range [0,300]. When payload is not present for reboot, 0 delay is the default. Note: This only applies if an actual user is logged in, including a Guest. If the device is in the login screen or in Kiosk mode the value is not respected and the device immediately reboots. * `FETCH_SUPPORT_PACKET`: Payload is optionally a stringified JSON object in the form: {\"supportPacketDetails\":{ \"issueCaseId\": optional_support_case_id_string, \"issueDescription\": optional_issue_description_string, \"requestedDataCollectors\": []}} The list of available `data_collector_enums` are as following: Chrome System Information (1), Crash IDs (2), Memory Details (3), UI Hierarchy (4), Additional ChromeOS Platform Logs (5), Device Event (6), Intel WiFi NICs Debug Dump (7), Touch Events (8), Lacros (9), Lacros System Information (10), ChromeOS Flex Logs (11), DBus Details (12), ChromeOS Network Routes (13), ChromeOS Shill (Connection Manager) Logs (14), Policies (15), ChromeOS System State and Logs (16), ChromeOS System Logs (17), ChromeOS Chrome User Logs (18), ChromeOS Bluetooth (19), ChromeOS Connected Input Devices (20), ChromeOS Traffic Counters (21), ChromeOS Virtual Keyboard (22), ChromeOS Network Health (23). See more details in [help article](https://support.google.com/chrome/a?p=remote-log).",
           "type": "string"
         }
       },