googleapis · chingor13 · Dec 4, 2019 · Dec 4, 2019
diff --git a/clients/google-api-services-servicebroker/v1.metadata.json b/clients/google-api-services-servicebroker/v1.metadata.json
@@ -2,6 +2,6 @@
   "maven": {
     "groupId": "com.google.apis",
     "artifactId": "google-api-services-servicebroker",
-    "version": "v1-rev20191112-1.30.3"
+    "version": "v1-rev20191202-1.30.3"
   }
 }
diff --git a/...cebroker/v1/1.28.0/com/google/api/services/servicebroker/v1/model/GoogleIamV1Binding.java b/...cebroker/v1/1.28.0/com/google/api/services/servicebroker/v1/model/GoogleIamV1Binding.java
@@ -57,6 +57,22 @@ public final class GoogleIamV1Binding extends com.google.api.client.json.Generic
    * * `group:{emailid}`: An email address that represents a Google group.    For example,
    * `admins@example.com`.
    *
+   * * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique    identifier)
+   * representing a user that has been recently deleted. For    example,
+   * `alice@example.com?uid=123456789012345678901`. If the user is    recovered, this value reverts
+   * to `user:{emailid}` and the recovered user    retains the role in the binding.
+   *
+   * * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus    unique
+   * identifier) representing a service account that has been recently    deleted. For example,
+   * `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.    If the service account
+   * is undeleted, this value reverts to    `serviceAccount:{emailid}` and the undeleted service
+   * account retains the    role in the binding.
+   *
+   * * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique    identifier)
+   * representing a Google group that has been recently    deleted. For example,
+   * `admins@example.com?uid=123456789012345678901`. If    the group is recovered, this value
+   * reverts to `group:{emailid}` and the    recovered group retains the role in the binding.
+   *
    * * `domain:{domain}`: The G Suite domain (primary) that represents all the    users of that
    * domain. For example, `google.com` or `example.com`.
    * The value may be {@code null}.
@@ -112,6 +128,22 @@ public GoogleIamV1Binding setCondition(GoogleTypeExpr condition) {
    * * `group:{emailid}`: An email address that represents a Google group.    For example,
    * `admins@example.com`.
    *
+   * * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique    identifier)
+   * representing a user that has been recently deleted. For    example,
+   * `alice@example.com?uid=123456789012345678901`. If the user is    recovered, this value reverts
+   * to `user:{emailid}` and the recovered user    retains the role in the binding.
+   *
+   * * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus    unique
+   * identifier) representing a service account that has been recently    deleted. For example,
+   * `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.    If the service account
+   * is undeleted, this value reverts to    `serviceAccount:{emailid}` and the undeleted service
+   * account retains the    role in the binding.
+   *
+   * * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique    identifier)
+   * representing a Google group that has been recently    deleted. For example,
+   * `admins@example.com?uid=123456789012345678901`. If    the group is recovered, this value
+   * reverts to `group:{emailid}` and the    recovered group retains the role in the binding.
+   *
    * * `domain:{domain}`: The G Suite domain (primary) that represents all the    users of that
    * domain. For example, `google.com` or `example.com`.
    * @return value or {@code null} for none
@@ -139,6 +171,22 @@ public java.util.List<java.lang.String> getMembers() {
    * * `group:{emailid}`: An email address that represents a Google group.    For example,
    * `admins@example.com`.
    *
+   * * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique    identifier)
+   * representing a user that has been recently deleted. For    example,
+   * `alice@example.com?uid=123456789012345678901`. If the user is    recovered, this value reverts
+   * to `user:{emailid}` and the recovered user    retains the role in the binding.
+   *
+   * * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus    unique
+   * identifier) representing a service account that has been recently    deleted. For example,
+   * `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.    If the service account
+   * is undeleted, this value reverts to    `serviceAccount:{emailid}` and the undeleted service
+   * account retains the    role in the binding.
+   *
+   * * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique    identifier)
+   * representing a Google group that has been recently    deleted. For example,
+   * `admins@example.com?uid=123456789012345678901`. If    the group is recovered, this value
+   * reverts to `group:{emailid}` and the    recovered group retains the role in the binding.
+   *
    * * `domain:{domain}`: The G Suite domain (primary) that represents all the    users of that
    * domain. For example, `google.com` or `example.com`.
    * @param members members or {@code null} for none

diff --git a/...icebroker/v1/1.28.0/com/google/api/services/servicebroker/v1/model/GoogleIamV1Policy.java b/...icebroker/v1/1.28.0/com/google/api/services/servicebroker/v1/model/GoogleIamV1Policy.java
@@ -17,37 +17,40 @@
 package com.google.api.services.servicebroker.v1.model;
 
 /**
- * Defines an Identity and Access Management (IAM) policy. It is used to specify access control
- * policies for Cloud Platform resources.
+ * An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud
+ * resources.
  *
  * A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single
  * `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G
- * Suite). A `role` is a named list of permissions (defined by IAM or configured by users). A
- * `binding` can optionally specify a `condition`, which is a logic expression that further
- * constrains the role binding based on attributes about the request and/or target resource.
+ * Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a
+ * user-created custom role.
  *
- * **JSON Example**
+ * Optionally, a `binding` can specify a `condition`, which is a logical expression that allows
+ * access to a resource only if the expression evaluates to `true`. A condition can add constraints
+ * based on attributes of the request, the resource, or both.
+ *
+ * **JSON example:**
  *
  *     {       "bindings": [         {           "role": "roles/resourcemanager.organizationAdmin",
  * "members": [             "user:mike@example.com",             "group:admins@example.com",
  * "domain:google.com",             "serviceAccount:my-project-id@appspot.gserviceaccount.com"
  * ]         },         {           "role": "roles/resourcemanager.organizationViewer",
  * "members": ["user:eve@example.com"],           "condition": {             "title": "expirable
  * access",             "description": "Does not grant access after Sep 2020",
- * "expression": "request.time <             timestamp('2020-10-01T00:00:00.000Z')",           }
- * }       ]     }
+ * "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')",           }         }
+ * ],       "etag": "BwWWja0YfJA=",       "version": 3     }
  *
- * **YAML Example**
+ * **YAML example:**
  *
  *     bindings:     - members:       - user:mike@example.com       - group:admins@example.com
  * - domain:google.com       - serviceAccount:my-project-id@appspot.gserviceaccount.com       role:
  * roles/resourcemanager.organizationAdmin     - members:       - user:eve@example.com       role:
  * roles/resourcemanager.organizationViewer       condition:         title: expirable access
  * description: Does not grant access after Sep 2020         expression: request.time <
- * timestamp('2020-10-01T00:00:00.000Z')
+ * timestamp('2020-10-01T00:00:00.000Z')     - etag: BwWWja0YfJA=     - version: 3
  *
- * For a description of IAM and its features, see the [IAM developer's
- * guide](https://cloud.google.com/iam/docs).
+ * For a description of IAM and its features, see the [IAM
+ * documentation](https://cloud.google.com/iam/docs/).
  *
  * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
  * transmitted over HTTP when working with the Service Broker API. For a detailed explanation see:
@@ -60,8 +63,9 @@
 public final class GoogleIamV1Policy extends com.google.api.client.json.GenericJson {
 
   /**
-   * Associates a list of `members` to a `role`. Optionally may specify a `condition` that
-   * determines when binding is in effect. `bindings` with no members will result in an error.
+   * Associates a list of `members` to a `role`. Optionally, may specify a `condition` that
+   * determines how and when the `bindings` are applied. Each of the `bindings` must contain at
+   * least one member.
    * The value may be {@code null}.
    */
   @com.google.api.client.util.Key
@@ -81,10 +85,9 @@ public final class GoogleIamV1Policy extends com.google.api.client.json.GenericJ
    * to put that etag in the request to `setIamPolicy` to ensure that their change will be applied
    * to the same version of the policy.
    *
-   * If no `etag` is provided in the call to `setIamPolicy`, then the existing policy is
-   * overwritten. Due to blind-set semantics of an etag-less policy, 'setIamPolicy' will not fail
-   * even if the incoming policy version does not meet the requirements for modifying the stored
-   * policy.
+   * **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call
+   * `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy
+   * with a version `1` policy, and all of the conditions in the version `3` policy are lost.
    * The value may be {@code null}.
    */
   @com.google.api.client.util.Key
@@ -93,32 +96,40 @@ public final class GoogleIamV1Policy extends com.google.api.client.json.GenericJ
   /**
    * Specifies the format of the policy.
    *
-   * Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.
+   * Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected.
+   *
+   * Any operation that affects conditional role bindings must specify version `3`. This requirement
+   * applies to the following operations:
    *
-   * Operations affecting conditional bindings must specify version 3. This can be either setting a
-   * conditional policy, modifying a conditional binding, or removing a binding (conditional or
-   * unconditional) from the stored conditional policy. Operations on non-conditional policies may
-   * specify any valid value or leave the field unset.
+   * * Getting a policy that includes a conditional role binding * Adding a conditional role binding
+   * to a policy * Changing a conditional role binding in a policy * Removing any role binding, with
+   * or without a condition, from a policy   that includes conditions
    *
-   * If no etag is provided in the call to `setIamPolicy`, version compliance checks against the
-   * stored policy is skipped.
+   * **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call
+   * `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy
+   * with a version `1` policy, and all of the conditions in the version `3` policy are lost.
+   *
+   * If a policy does not include any conditions, operations on that policy may specify any valid
+   * version or leave the field unset.
    * The value may be {@code null}.
    */
   @com.google.api.client.util.Key
   private java.lang.Integer version;
 
   /**
-   * Associates a list of `members` to a `role`. Optionally may specify a `condition` that
-   * determines when binding is in effect. `bindings` with no members will result in an error.
+   * Associates a list of `members` to a `role`. Optionally, may specify a `condition` that
+   * determines how and when the `bindings` are applied. Each of the `bindings` must contain at
+   * least one member.
    * @return value or {@code null} for none
    */
   public java.util.List<GoogleIamV1Binding> getBindings() {
     return bindings;
   }
 
   /**
-   * Associates a list of `members` to a `role`. Optionally may specify a `condition` that
-   * determines when binding is in effect. `bindings` with no members will result in an error.
+   * Associates a list of `members` to a `role`. Optionally, may specify a `condition` that
+   * determines how and when the `bindings` are applied. Each of the `bindings` must contain at
+   * least one member.
    * @param bindings bindings or {@code null} for none
    */
   public GoogleIamV1Policy setBindings(java.util.List<GoogleIamV1Binding> bindings) {
@@ -134,10 +145,9 @@ public GoogleIamV1Policy setBindings(java.util.List<GoogleIamV1Binding> bindings
    * to put that etag in the request to `setIamPolicy` to ensure that their change will be applied
    * to the same version of the policy.
    *
-   * If no `etag` is provided in the call to `setIamPolicy`, then the existing policy is
-   * overwritten. Due to blind-set semantics of an etag-less policy, 'setIamPolicy' will not fail
-   * even if the incoming policy version does not meet the requirements for modifying the stored
-   * policy.
+   * **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call
+   * `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy
+   * with a version `1` policy, and all of the conditions in the version `3` policy are lost.
    * @see #decodeEtag()
    * @return value or {@code null} for none
    */
@@ -153,10 +163,9 @@ public java.lang.String getEtag() {
    * to put that etag in the request to `setIamPolicy` to ensure that their change will be applied
    * to the same version of the policy.
    *
-   * If no `etag` is provided in the call to `setIamPolicy`, then the existing policy is
-   * overwritten. Due to blind-set semantics of an etag-less policy, 'setIamPolicy' will not fail
-   * even if the incoming policy version does not meet the requirements for modifying the stored
-   * policy.
+   * **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call
+   * `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy
+   * with a version `1` policy, and all of the conditions in the version `3` policy are lost.
    * @see #getEtag()
    * @return Base64 decoded value or {@code null} for none
    *
@@ -174,10 +183,9 @@ public byte[] decodeEtag() {
    * to put that etag in the request to `setIamPolicy` to ensure that their change will be applied
    * to the same version of the policy.
    *
-   * If no `etag` is provided in the call to `setIamPolicy`, then the existing policy is
-   * overwritten. Due to blind-set semantics of an etag-less policy, 'setIamPolicy' will not fail
-   * even if the incoming policy version does not meet the requirements for modifying the stored
-   * policy.
+   * **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call
+   * `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy
+   * with a version `1` policy, and all of the conditions in the version `3` policy are lost.
    * @see #encodeEtag()
    * @param etag etag or {@code null} for none
    */
@@ -194,10 +202,9 @@ public GoogleIamV1Policy setEtag(java.lang.String etag) {
    * to put that etag in the request to `setIamPolicy` to ensure that their change will be applied
    * to the same version of the policy.
    *
-   * If no `etag` is provided in the call to `setIamPolicy`, then the existing policy is
-   * overwritten. Due to blind-set semantics of an etag-less policy, 'setIamPolicy' will not fail
-   * even if the incoming policy version does not meet the requirements for modifying the stored
-   * policy.
+   * **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call
+   * `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy
+   * with a version `1` policy, and all of the conditions in the version `3` policy are lost.
    * @see #setEtag()
    *
    * <p>
@@ -214,15 +221,21 @@ public GoogleIamV1Policy encodeEtag(byte[] etag) {
   /**
    * Specifies the format of the policy.
    *
-   * Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.
+   * Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected.
+   *
+   * Any operation that affects conditional role bindings must specify version `3`. This requirement
+   * applies to the following operations:
    *
-   * Operations affecting conditional bindings must specify version 3. This can be either setting a
-   * conditional policy, modifying a conditional binding, or removing a binding (conditional or
-   * unconditional) from the stored conditional policy. Operations on non-conditional policies may
-   * specify any valid value or leave the field unset.
+   * * Getting a policy that includes a conditional role binding * Adding a conditional role binding
+   * to a policy * Changing a conditional role binding in a policy * Removing any role binding, with
+   * or without a condition, from a policy   that includes conditions
    *
-   * If no etag is provided in the call to `setIamPolicy`, version compliance checks against the
-   * stored policy is skipped.
+   * **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call
+   * `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy
+   * with a version `1` policy, and all of the conditions in the version `3` policy are lost.
+   *
+   * If a policy does not include any conditions, operations on that policy may specify any valid
+   * version or leave the field unset.
    * @return value or {@code null} for none
    */
   public java.lang.Integer getVersion() {
@@ -232,15 +245,21 @@ public java.lang.Integer getVersion() {
   /**
    * Specifies the format of the policy.
    *
-   * Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.
+   * Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected.
+   *
+   * Any operation that affects conditional role bindings must specify version `3`. This requirement
+   * applies to the following operations:
+   *
+   * * Getting a policy that includes a conditional role binding * Adding a conditional role binding
+   * to a policy * Changing a conditional role binding in a policy * Removing any role binding, with
+   * or without a condition, from a policy   that includes conditions
    *
-   * Operations affecting conditional bindings must specify version 3. This can be either setting a
-   * conditional policy, modifying a conditional binding, or removing a binding (conditional or
-   * unconditional) from the stored conditional policy. Operations on non-conditional policies may
-   * specify any valid value or leave the field unset.
+   * **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call
+   * `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy
+   * with a version `1` policy, and all of the conditions in the version `3` policy are lost.
    *
-   * If no etag is provided in the call to `setIamPolicy`, version compliance checks against the
-   * stored policy is skipped.
+   * If a policy does not include any conditions, operations on that policy may specify any valid
+   * version or leave the field unset.
    * @param version version or {@code null} for none
    */
   public GoogleIamV1Policy setVersion(java.lang.Integer version) {

diff --git a/clients/google-api-services-servicebroker/v1/1.28.0/pom.xml b/clients/google-api-services-servicebroker/v1/1.28.0/pom.xml
@@ -8,8 +8,8 @@
 
   <groupId>com.google.apis</groupId>
   <artifactId>google-api-services-servicebroker</artifactId>
-  <version>v1-rev20191112-1.28.0</version>
-  <name>Service Broker API v1-rev20191112-1.28.0</name>
+  <version>v1-rev20191202-1.28.0</version>
+  <name>Service Broker API v1-rev20191202-1.28.0</name>
   <packaging>jar</packaging>
 
   <inceptionYear>2011</inceptionYear>