diff --git a/apis/Google.Cloud.Security.PrivateCA.V1/Google.Cloud.Security.PrivateCA.V1/CertificateAuthorityServiceClient.g.cs b/apis/Google.Cloud.Security.PrivateCA.V1/Google.Cloud.Security.PrivateCA.V1/CertificateAuthorityServiceClient.g.cs
index 0d48e31f8a0c..ebbe9fa2f9b8 100644
--- a/apis/Google.Cloud.Security.PrivateCA.V1/Google.Cloud.Security.PrivateCA.V1/CertificateAuthorityServiceClient.g.cs
+++ b/apis/Google.Cloud.Security.PrivateCA.V1/Google.Cloud.Security.PrivateCA.V1/CertificateAuthorityServiceClient.g.cs
@@ -1065,8 +1065,9 @@ private CertificateAuthorityServiceClient BuildImpl()
 
     /// <summary>CertificateAuthorityService client wrapper, for convenient use.</summary>
     /// <remarks>
-    /// [Certificate Authority Service][google.cloud.security.privateca.v1.CertificateAuthorityService] manages private
-    /// certificate authorities and issued certificates.
+    /// [Certificate Authority
+    /// Service][google.cloud.security.privateca.v1.CertificateAuthorityService]
+    /// manages private certificate authorities and issued certificates.
     /// </remarks>
     public abstract partial class CertificateAuthorityServiceClient
     {
@@ -1158,7 +1159,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
         public virtual gciv::IAMPolicyClient IAMPolicyClient => throw new sys::NotImplementedException();
 
         /// <summary>
-        /// Create a new [Certificate][google.cloud.security.privateca.v1.Certificate] in a given Project, Location from a particular
+        /// Create a new [Certificate][google.cloud.security.privateca.v1.Certificate]
+        /// in a given Project, Location from a particular
         /// [CaPool][google.cloud.security.privateca.v1.CaPool].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
@@ -1168,7 +1170,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             throw new sys::NotImplementedException();
 
         /// <summary>
-        /// Create a new [Certificate][google.cloud.security.privateca.v1.Certificate] in a given Project, Location from a particular
+        /// Create a new [Certificate][google.cloud.security.privateca.v1.Certificate]
+        /// in a given Project, Location from a particular
         /// [CaPool][google.cloud.security.privateca.v1.CaPool].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
@@ -1178,7 +1181,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             throw new sys::NotImplementedException();
 
         /// <summary>
-        /// Create a new [Certificate][google.cloud.security.privateca.v1.Certificate] in a given Project, Location from a particular
+        /// Create a new [Certificate][google.cloud.security.privateca.v1.Certificate]
+        /// in a given Project, Location from a particular
         /// [CaPool][google.cloud.security.privateca.v1.CaPool].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
@@ -1188,21 +1192,26 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             CreateCertificateAsync(request, gaxgrpc::CallSettings.FromCancellationToken(cancellationToken));
 
         /// <summary>
-        /// Create a new [Certificate][google.cloud.security.privateca.v1.Certificate] in a given Project, Location from a particular
+        /// Create a new [Certificate][google.cloud.security.privateca.v1.Certificate]
+        /// in a given Project, Location from a particular
         /// [CaPool][google.cloud.security.privateca.v1.CaPool].
         /// </summary>
         /// <param name="parent">
-        /// Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the [Certificate][google.cloud.security.privateca.v1.Certificate],
-        /// in the format `projects/*/locations/*/caPools/*`.
+        /// Required. The resource name of the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+        /// [Certificate][google.cloud.security.privateca.v1.Certificate], in the
+        /// format `projects/*/locations/*/caPools/*`.
         /// </param>
         /// <param name="certificate">
-        /// Required. A [Certificate][google.cloud.security.privateca.v1.Certificate] with initial field values.
+        /// Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
+        /// with initial field values.
         /// </param>
         /// <param name="certificateId">
         /// Optional. It must be unique within a location and match the regular
         /// expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a
-        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the Enterprise [CertificateAuthority.Tier][],
-        /// but is optional and its value is ignored otherwise.
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in the Enterprise [CertificateAuthority.Tier][], but is optional and its
+        /// value is ignored otherwise.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>The RPC response.</returns>
@@ -1215,21 +1224,26 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Create a new [Certificate][google.cloud.security.privateca.v1.Certificate] in a given Project, Location from a particular
+        /// Create a new [Certificate][google.cloud.security.privateca.v1.Certificate]
+        /// in a given Project, Location from a particular
         /// [CaPool][google.cloud.security.privateca.v1.CaPool].
         /// </summary>
         /// <param name="parent">
-        /// Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the [Certificate][google.cloud.security.privateca.v1.Certificate],
-        /// in the format `projects/*/locations/*/caPools/*`.
+        /// Required. The resource name of the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+        /// [Certificate][google.cloud.security.privateca.v1.Certificate], in the
+        /// format `projects/*/locations/*/caPools/*`.
         /// </param>
         /// <param name="certificate">
-        /// Required. A [Certificate][google.cloud.security.privateca.v1.Certificate] with initial field values.
+        /// Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
+        /// with initial field values.
         /// </param>
         /// <param name="certificateId">
         /// Optional. It must be unique within a location and match the regular
         /// expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a
-        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the Enterprise [CertificateAuthority.Tier][],
-        /// but is optional and its value is ignored otherwise.
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in the Enterprise [CertificateAuthority.Tier][], but is optional and its
+        /// value is ignored otherwise.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -1242,21 +1256,26 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Create a new [Certificate][google.cloud.security.privateca.v1.Certificate] in a given Project, Location from a particular
+        /// Create a new [Certificate][google.cloud.security.privateca.v1.Certificate]
+        /// in a given Project, Location from a particular
         /// [CaPool][google.cloud.security.privateca.v1.CaPool].
         /// </summary>
         /// <param name="parent">
-        /// Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the [Certificate][google.cloud.security.privateca.v1.Certificate],
-        /// in the format `projects/*/locations/*/caPools/*`.
+        /// Required. The resource name of the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+        /// [Certificate][google.cloud.security.privateca.v1.Certificate], in the
+        /// format `projects/*/locations/*/caPools/*`.
         /// </param>
         /// <param name="certificate">
-        /// Required. A [Certificate][google.cloud.security.privateca.v1.Certificate] with initial field values.
+        /// Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
+        /// with initial field values.
         /// </param>
         /// <param name="certificateId">
         /// Optional. It must be unique within a location and match the regular
         /// expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a
-        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the Enterprise [CertificateAuthority.Tier][],
-        /// but is optional and its value is ignored otherwise.
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in the Enterprise [CertificateAuthority.Tier][], but is optional and its
+        /// value is ignored otherwise.
         /// </param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -1264,21 +1283,26 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             CreateCertificateAsync(parent, certificate, certificateId, gaxgrpc::CallSettings.FromCancellationToken(cancellationToken));
 
         /// <summary>
-        /// Create a new [Certificate][google.cloud.security.privateca.v1.Certificate] in a given Project, Location from a particular
+        /// Create a new [Certificate][google.cloud.security.privateca.v1.Certificate]
+        /// in a given Project, Location from a particular
         /// [CaPool][google.cloud.security.privateca.v1.CaPool].
         /// </summary>
         /// <param name="parent">
-        /// Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the [Certificate][google.cloud.security.privateca.v1.Certificate],
-        /// in the format `projects/*/locations/*/caPools/*`.
+        /// Required. The resource name of the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+        /// [Certificate][google.cloud.security.privateca.v1.Certificate], in the
+        /// format `projects/*/locations/*/caPools/*`.
         /// </param>
         /// <param name="certificate">
-        /// Required. A [Certificate][google.cloud.security.privateca.v1.Certificate] with initial field values.
+        /// Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
+        /// with initial field values.
         /// </param>
         /// <param name="certificateId">
         /// Optional. It must be unique within a location and match the regular
         /// expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a
-        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the Enterprise [CertificateAuthority.Tier][],
-        /// but is optional and its value is ignored otherwise.
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in the Enterprise [CertificateAuthority.Tier][], but is optional and its
+        /// value is ignored otherwise.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>The RPC response.</returns>
@@ -1291,21 +1315,26 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Create a new [Certificate][google.cloud.security.privateca.v1.Certificate] in a given Project, Location from a particular
+        /// Create a new [Certificate][google.cloud.security.privateca.v1.Certificate]
+        /// in a given Project, Location from a particular
         /// [CaPool][google.cloud.security.privateca.v1.CaPool].
         /// </summary>
         /// <param name="parent">
-        /// Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the [Certificate][google.cloud.security.privateca.v1.Certificate],
-        /// in the format `projects/*/locations/*/caPools/*`.
+        /// Required. The resource name of the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+        /// [Certificate][google.cloud.security.privateca.v1.Certificate], in the
+        /// format `projects/*/locations/*/caPools/*`.
         /// </param>
         /// <param name="certificate">
-        /// Required. A [Certificate][google.cloud.security.privateca.v1.Certificate] with initial field values.
+        /// Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
+        /// with initial field values.
         /// </param>
         /// <param name="certificateId">
         /// Optional. It must be unique within a location and match the regular
         /// expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a
-        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the Enterprise [CertificateAuthority.Tier][],
-        /// but is optional and its value is ignored otherwise.
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in the Enterprise [CertificateAuthority.Tier][], but is optional and its
+        /// value is ignored otherwise.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -1318,21 +1347,26 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Create a new [Certificate][google.cloud.security.privateca.v1.Certificate] in a given Project, Location from a particular
+        /// Create a new [Certificate][google.cloud.security.privateca.v1.Certificate]
+        /// in a given Project, Location from a particular
         /// [CaPool][google.cloud.security.privateca.v1.CaPool].
         /// </summary>
         /// <param name="parent">
-        /// Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the [Certificate][google.cloud.security.privateca.v1.Certificate],
-        /// in the format `projects/*/locations/*/caPools/*`.
+        /// Required. The resource name of the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+        /// [Certificate][google.cloud.security.privateca.v1.Certificate], in the
+        /// format `projects/*/locations/*/caPools/*`.
         /// </param>
         /// <param name="certificate">
-        /// Required. A [Certificate][google.cloud.security.privateca.v1.Certificate] with initial field values.
+        /// Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
+        /// with initial field values.
         /// </param>
         /// <param name="certificateId">
         /// Optional. It must be unique within a location and match the regular
         /// expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a
-        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the Enterprise [CertificateAuthority.Tier][],
-        /// but is optional and its value is ignored otherwise.
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in the Enterprise [CertificateAuthority.Tier][], but is optional and its
+        /// value is ignored otherwise.
         /// </param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -1370,7 +1404,9 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
         /// Returns a [Certificate][google.cloud.security.privateca.v1.Certificate].
         /// </summary>
         /// <param name="name">
-        /// Required. The [name][google.cloud.security.privateca.v1.Certificate.name] of the [Certificate][google.cloud.security.privateca.v1.Certificate] to get.
+        /// Required. The [name][google.cloud.security.privateca.v1.Certificate.name]
+        /// of the [Certificate][google.cloud.security.privateca.v1.Certificate] to
+        /// get.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>The RPC response.</returns>
@@ -1384,7 +1420,9 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
         /// Returns a [Certificate][google.cloud.security.privateca.v1.Certificate].
         /// </summary>
         /// <param name="name">
-        /// Required. The [name][google.cloud.security.privateca.v1.Certificate.name] of the [Certificate][google.cloud.security.privateca.v1.Certificate] to get.
+        /// Required. The [name][google.cloud.security.privateca.v1.Certificate.name]
+        /// of the [Certificate][google.cloud.security.privateca.v1.Certificate] to
+        /// get.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -1398,7 +1436,9 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
         /// Returns a [Certificate][google.cloud.security.privateca.v1.Certificate].
         /// </summary>
         /// <param name="name">
-        /// Required. The [name][google.cloud.security.privateca.v1.Certificate.name] of the [Certificate][google.cloud.security.privateca.v1.Certificate] to get.
+        /// Required. The [name][google.cloud.security.privateca.v1.Certificate.name]
+        /// of the [Certificate][google.cloud.security.privateca.v1.Certificate] to
+        /// get.
         /// </param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -1409,7 +1449,9 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
         /// Returns a [Certificate][google.cloud.security.privateca.v1.Certificate].
         /// </summary>
         /// <param name="name">
-        /// Required. The [name][google.cloud.security.privateca.v1.Certificate.name] of the [Certificate][google.cloud.security.privateca.v1.Certificate] to get.
+        /// Required. The [name][google.cloud.security.privateca.v1.Certificate.name]
+        /// of the [Certificate][google.cloud.security.privateca.v1.Certificate] to
+        /// get.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>The RPC response.</returns>
@@ -1423,7 +1465,9 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
         /// Returns a [Certificate][google.cloud.security.privateca.v1.Certificate].
         /// </summary>
         /// <param name="name">
-        /// Required. The [name][google.cloud.security.privateca.v1.Certificate.name] of the [Certificate][google.cloud.security.privateca.v1.Certificate] to get.
+        /// Required. The [name][google.cloud.security.privateca.v1.Certificate.name]
+        /// of the [Certificate][google.cloud.security.privateca.v1.Certificate] to
+        /// get.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -1437,7 +1481,9 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
         /// Returns a [Certificate][google.cloud.security.privateca.v1.Certificate].
         /// </summary>
         /// <param name="name">
-        /// Required. The [name][google.cloud.security.privateca.v1.Certificate.name] of the [Certificate][google.cloud.security.privateca.v1.Certificate] to get.
+        /// Required. The [name][google.cloud.security.privateca.v1.Certificate.name]
+        /// of the [Certificate][google.cloud.security.privateca.v1.Certificate] to
+        /// get.
         /// </param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -1467,8 +1513,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
         /// </summary>
         /// <param name="parent">
         /// Required. The resource name of the location associated with the
-        /// [Certificates][google.cloud.security.privateca.v1.Certificate], in the format
-        /// `projects/*/locations/*/caPools/*`.
+        /// [Certificates][google.cloud.security.privateca.v1.Certificate], in the
+        /// format `projects/*/locations/*/caPools/*`.
         /// </param>
         /// <param name="pageToken">
         /// The token returned from the previous request. A value of <c>null</c> or an empty string retrieves the first
@@ -1493,8 +1539,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
         /// </summary>
         /// <param name="parent">
         /// Required. The resource name of the location associated with the
-        /// [Certificates][google.cloud.security.privateca.v1.Certificate], in the format
-        /// `projects/*/locations/*/caPools/*`.
+        /// [Certificates][google.cloud.security.privateca.v1.Certificate], in the
+        /// format `projects/*/locations/*/caPools/*`.
         /// </param>
         /// <param name="pageToken">
         /// The token returned from the previous request. A value of <c>null</c> or an empty string retrieves the first
@@ -1519,8 +1565,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
         /// </summary>
         /// <param name="parent">
         /// Required. The resource name of the location associated with the
-        /// [Certificates][google.cloud.security.privateca.v1.Certificate], in the format
-        /// `projects/*/locations/*/caPools/*`.
+        /// [Certificates][google.cloud.security.privateca.v1.Certificate], in the
+        /// format `projects/*/locations/*/caPools/*`.
         /// </param>
         /// <param name="pageToken">
         /// The token returned from the previous request. A value of <c>null</c> or an empty string retrieves the first
@@ -1545,8 +1591,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
         /// </summary>
         /// <param name="parent">
         /// Required. The resource name of the location associated with the
-        /// [Certificates][google.cloud.security.privateca.v1.Certificate], in the format
-        /// `projects/*/locations/*/caPools/*`.
+        /// [Certificates][google.cloud.security.privateca.v1.Certificate], in the
+        /// format `projects/*/locations/*/caPools/*`.
         /// </param>
         /// <param name="pageToken">
         /// The token returned from the previous request. A value of <c>null</c> or an empty string retrieves the first
@@ -1597,8 +1643,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
         /// Revoke a [Certificate][google.cloud.security.privateca.v1.Certificate].
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [Certificate][google.cloud.security.privateca.v1.Certificate] in the
-        /// format
+        /// Required. The resource name for this
+        /// [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
         /// `projects/*/locations/*/caPools/*/certificates/*`.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -1613,8 +1659,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
         /// Revoke a [Certificate][google.cloud.security.privateca.v1.Certificate].
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [Certificate][google.cloud.security.privateca.v1.Certificate] in the
-        /// format
+        /// Required. The resource name for this
+        /// [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
         /// `projects/*/locations/*/caPools/*/certificates/*`.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -1629,8 +1675,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
         /// Revoke a [Certificate][google.cloud.security.privateca.v1.Certificate].
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [Certificate][google.cloud.security.privateca.v1.Certificate] in the
-        /// format
+        /// Required. The resource name for this
+        /// [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
         /// `projects/*/locations/*/caPools/*/certificates/*`.
         /// </param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
@@ -1642,8 +1688,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
         /// Revoke a [Certificate][google.cloud.security.privateca.v1.Certificate].
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [Certificate][google.cloud.security.privateca.v1.Certificate] in the
-        /// format
+        /// Required. The resource name for this
+        /// [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
         /// `projects/*/locations/*/caPools/*/certificates/*`.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -1658,8 +1704,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
         /// Revoke a [Certificate][google.cloud.security.privateca.v1.Certificate].
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [Certificate][google.cloud.security.privateca.v1.Certificate] in the
-        /// format
+        /// Required. The resource name for this
+        /// [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
         /// `projects/*/locations/*/caPools/*/certificates/*`.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -1674,8 +1720,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
         /// Revoke a [Certificate][google.cloud.security.privateca.v1.Certificate].
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [Certificate][google.cloud.security.privateca.v1.Certificate] in the
-        /// format
+        /// Required. The resource name for this
+        /// [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
         /// `projects/*/locations/*/caPools/*/certificates/*`.
         /// </param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
@@ -1684,7 +1730,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             RevokeCertificateAsync(name, gaxgrpc::CallSettings.FromCancellationToken(cancellationToken));
 
         /// <summary>
-        /// Update a [Certificate][google.cloud.security.privateca.v1.Certificate]. Currently, the only field you can update is the
+        /// Update a [Certificate][google.cloud.security.privateca.v1.Certificate].
+        /// Currently, the only field you can update is the
         /// [labels][google.cloud.security.privateca.v1.Certificate.labels] field.
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
@@ -1694,7 +1741,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             throw new sys::NotImplementedException();
 
         /// <summary>
-        /// Update a [Certificate][google.cloud.security.privateca.v1.Certificate]. Currently, the only field you can update is the
+        /// Update a [Certificate][google.cloud.security.privateca.v1.Certificate].
+        /// Currently, the only field you can update is the
         /// [labels][google.cloud.security.privateca.v1.Certificate.labels] field.
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
@@ -1704,7 +1752,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             throw new sys::NotImplementedException();
 
         /// <summary>
-        /// Update a [Certificate][google.cloud.security.privateca.v1.Certificate]. Currently, the only field you can update is the
+        /// Update a [Certificate][google.cloud.security.privateca.v1.Certificate].
+        /// Currently, the only field you can update is the
         /// [labels][google.cloud.security.privateca.v1.Certificate.labels] field.
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
@@ -1714,11 +1763,13 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             UpdateCertificateAsync(request, gaxgrpc::CallSettings.FromCancellationToken(cancellationToken));
 
         /// <summary>
-        /// Update a [Certificate][google.cloud.security.privateca.v1.Certificate]. Currently, the only field you can update is the
+        /// Update a [Certificate][google.cloud.security.privateca.v1.Certificate].
+        /// Currently, the only field you can update is the
         /// [labels][google.cloud.security.privateca.v1.Certificate.labels] field.
         /// </summary>
         /// <param name="certificate">
-        /// Required. [Certificate][google.cloud.security.privateca.v1.Certificate] with updated values.
+        /// Required. [Certificate][google.cloud.security.privateca.v1.Certificate]
+        /// with updated values.
         /// </param>
         /// <param name="updateMask">
         /// Required. A list of fields to be updated in this request.
@@ -1733,11 +1784,13 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Update a [Certificate][google.cloud.security.privateca.v1.Certificate]. Currently, the only field you can update is the
+        /// Update a [Certificate][google.cloud.security.privateca.v1.Certificate].
+        /// Currently, the only field you can update is the
         /// [labels][google.cloud.security.privateca.v1.Certificate.labels] field.
         /// </summary>
         /// <param name="certificate">
-        /// Required. [Certificate][google.cloud.security.privateca.v1.Certificate] with updated values.
+        /// Required. [Certificate][google.cloud.security.privateca.v1.Certificate]
+        /// with updated values.
         /// </param>
         /// <param name="updateMask">
         /// Required. A list of fields to be updated in this request.
@@ -1752,11 +1805,13 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Update a [Certificate][google.cloud.security.privateca.v1.Certificate]. Currently, the only field you can update is the
+        /// Update a [Certificate][google.cloud.security.privateca.v1.Certificate].
+        /// Currently, the only field you can update is the
         /// [labels][google.cloud.security.privateca.v1.Certificate.labels] field.
         /// </summary>
         /// <param name="certificate">
-        /// Required. [Certificate][google.cloud.security.privateca.v1.Certificate] with updated values.
+        /// Required. [Certificate][google.cloud.security.privateca.v1.Certificate]
+        /// with updated values.
         /// </param>
         /// <param name="updateMask">
         /// Required. A list of fields to be updated in this request.
@@ -1767,12 +1822,16 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             UpdateCertificateAsync(certificate, updateMask, gaxgrpc::CallSettings.FromCancellationToken(cancellationToken));
 
         /// <summary>
-        /// Activate a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that is in state
+        /// Activate a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// that is in state
         /// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
-        /// and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. After
-        /// the parent Certificate Authority signs a certificate signing request from
-        /// [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr], this method can complete the activation
-        /// process.
+        /// and is of type
+        /// [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+        /// After the parent Certificate Authority signs a certificate signing request
+        /// from
+        /// [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr],
+        /// this method can complete the activation process.
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -1781,12 +1840,16 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             throw new sys::NotImplementedException();
 
         /// <summary>
-        /// Activate a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that is in state
+        /// Activate a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// that is in state
         /// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
-        /// and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. After
-        /// the parent Certificate Authority signs a certificate signing request from
-        /// [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr], this method can complete the activation
-        /// process.
+        /// and is of type
+        /// [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+        /// After the parent Certificate Authority signs a certificate signing request
+        /// from
+        /// [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr],
+        /// this method can complete the activation process.
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -1795,12 +1858,16 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             throw new sys::NotImplementedException();
 
         /// <summary>
-        /// Activate a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that is in state
+        /// Activate a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// that is in state
         /// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
-        /// and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. After
-        /// the parent Certificate Authority signs a certificate signing request from
-        /// [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr], this method can complete the activation
-        /// process.
+        /// and is of type
+        /// [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+        /// After the parent Certificate Authority signs a certificate signing request
+        /// from
+        /// [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr],
+        /// this method can complete the activation process.
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
@@ -1836,16 +1903,21 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             lro::Operation<CertificateAuthority, OperationMetadata>.PollOnceFromNameAsync(gax::GaxPreconditions.CheckNotNullOrEmpty(operationName, nameof(operationName)), ActivateCertificateAuthorityOperationsClient, callSettings);
 
         /// <summary>
-        /// Activate a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that is in state
+        /// Activate a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// that is in state
         /// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
-        /// and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. After
-        /// the parent Certificate Authority signs a certificate signing request from
-        /// [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr], this method can complete the activation
-        /// process.
+        /// and is of type
+        /// [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+        /// After the parent Certificate Authority signs a certificate signing request
+        /// from
+        /// [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr],
+        /// this method can complete the activation process.
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-        /// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+        /// Required. The resource name for this
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>The RPC response.</returns>
@@ -1856,16 +1928,21 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Activate a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that is in state
+        /// Activate a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// that is in state
         /// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
-        /// and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. After
-        /// the parent Certificate Authority signs a certificate signing request from
-        /// [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr], this method can complete the activation
-        /// process.
+        /// and is of type
+        /// [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+        /// After the parent Certificate Authority signs a certificate signing request
+        /// from
+        /// [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr],
+        /// this method can complete the activation process.
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-        /// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+        /// Required. The resource name for this
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -1876,16 +1953,21 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Activate a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that is in state
+        /// Activate a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// that is in state
         /// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
-        /// and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. After
-        /// the parent Certificate Authority signs a certificate signing request from
-        /// [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr], this method can complete the activation
-        /// process.
+        /// and is of type
+        /// [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+        /// After the parent Certificate Authority signs a certificate signing request
+        /// from
+        /// [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr],
+        /// this method can complete the activation process.
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-        /// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+        /// Required. The resource name for this
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
         /// </param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -1893,16 +1975,21 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             ActivateCertificateAuthorityAsync(name, gaxgrpc::CallSettings.FromCancellationToken(cancellationToken));
 
         /// <summary>
-        /// Activate a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that is in state
+        /// Activate a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// that is in state
         /// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
-        /// and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. After
-        /// the parent Certificate Authority signs a certificate signing request from
-        /// [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr], this method can complete the activation
-        /// process.
+        /// and is of type
+        /// [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+        /// After the parent Certificate Authority signs a certificate signing request
+        /// from
+        /// [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr],
+        /// this method can complete the activation process.
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-        /// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+        /// Required. The resource name for this
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>The RPC response.</returns>
@@ -1913,16 +2000,21 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Activate a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that is in state
+        /// Activate a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// that is in state
         /// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
-        /// and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. After
-        /// the parent Certificate Authority signs a certificate signing request from
-        /// [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr], this method can complete the activation
-        /// process.
+        /// and is of type
+        /// [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+        /// After the parent Certificate Authority signs a certificate signing request
+        /// from
+        /// [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr],
+        /// this method can complete the activation process.
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-        /// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+        /// Required. The resource name for this
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -1933,16 +2025,21 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Activate a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that is in state
+        /// Activate a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// that is in state
         /// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
-        /// and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. After
-        /// the parent Certificate Authority signs a certificate signing request from
-        /// [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr], this method can complete the activation
-        /// process.
+        /// and is of type
+        /// [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+        /// After the parent Certificate Authority signs a certificate signing request
+        /// from
+        /// [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr],
+        /// this method can complete the activation process.
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-        /// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+        /// Required. The resource name for this
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
         /// </param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -1950,7 +2047,9 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             ActivateCertificateAuthorityAsync(name, gaxgrpc::CallSettings.FromCancellationToken(cancellationToken));
 
         /// <summary>
-        /// Create a new [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in a given Project and Location.
+        /// Create a new
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in a given Project and Location.
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -1959,7 +2058,9 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             throw new sys::NotImplementedException();
 
         /// <summary>
-        /// Create a new [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in a given Project and Location.
+        /// Create a new
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in a given Project and Location.
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -1968,7 +2069,9 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             throw new sys::NotImplementedException();
 
         /// <summary>
-        /// Create a new [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in a given Project and Location.
+        /// Create a new
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in a given Project and Location.
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
@@ -2004,15 +2107,20 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             lro::Operation<CertificateAuthority, OperationMetadata>.PollOnceFromNameAsync(gax::GaxPreconditions.CheckNotNullOrEmpty(operationName, nameof(operationName)), CreateCertificateAuthorityOperationsClient, callSettings);
 
         /// <summary>
-        /// Create a new [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in a given Project and Location.
+        /// Create a new
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in a given Project and Location.
         /// </summary>
         /// <param name="parent">
-        /// Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-        /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
-        /// `projects/*/locations/*/caPools/*`.
+        /// Required. The resource name of the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+        /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+        /// in the format `projects/*/locations/*/caPools/*`.
         /// </param>
         /// <param name="certificateAuthority">
-        /// Required. A [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with initial field values.
+        /// Required. A
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// with initial field values.
         /// </param>
         /// <param name="certificateAuthorityId">
         /// Required. It must be unique within a location and match the regular
@@ -2029,15 +2137,20 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Create a new [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in a given Project and Location.
+        /// Create a new
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in a given Project and Location.
         /// </summary>
         /// <param name="parent">
-        /// Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-        /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
-        /// `projects/*/locations/*/caPools/*`.
+        /// Required. The resource name of the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+        /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+        /// in the format `projects/*/locations/*/caPools/*`.
         /// </param>
         /// <param name="certificateAuthority">
-        /// Required. A [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with initial field values.
+        /// Required. A
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// with initial field values.
         /// </param>
         /// <param name="certificateAuthorityId">
         /// Required. It must be unique within a location and match the regular
@@ -2054,15 +2167,20 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Create a new [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in a given Project and Location.
+        /// Create a new
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in a given Project and Location.
         /// </summary>
         /// <param name="parent">
-        /// Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-        /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
-        /// `projects/*/locations/*/caPools/*`.
+        /// Required. The resource name of the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+        /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+        /// in the format `projects/*/locations/*/caPools/*`.
         /// </param>
         /// <param name="certificateAuthority">
-        /// Required. A [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with initial field values.
+        /// Required. A
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// with initial field values.
         /// </param>
         /// <param name="certificateAuthorityId">
         /// Required. It must be unique within a location and match the regular
@@ -2074,15 +2192,20 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             CreateCertificateAuthorityAsync(parent, certificateAuthority, certificateAuthorityId, gaxgrpc::CallSettings.FromCancellationToken(cancellationToken));
 
         /// <summary>
-        /// Create a new [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in a given Project and Location.
+        /// Create a new
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in a given Project and Location.
         /// </summary>
         /// <param name="parent">
-        /// Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-        /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
-        /// `projects/*/locations/*/caPools/*`.
+        /// Required. The resource name of the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+        /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+        /// in the format `projects/*/locations/*/caPools/*`.
         /// </param>
         /// <param name="certificateAuthority">
-        /// Required. A [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with initial field values.
+        /// Required. A
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// with initial field values.
         /// </param>
         /// <param name="certificateAuthorityId">
         /// Required. It must be unique within a location and match the regular
@@ -2099,15 +2222,20 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Create a new [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in a given Project and Location.
+        /// Create a new
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in a given Project and Location.
         /// </summary>
         /// <param name="parent">
-        /// Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-        /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
-        /// `projects/*/locations/*/caPools/*`.
+        /// Required. The resource name of the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+        /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+        /// in the format `projects/*/locations/*/caPools/*`.
         /// </param>
         /// <param name="certificateAuthority">
-        /// Required. A [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with initial field values.
+        /// Required. A
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// with initial field values.
         /// </param>
         /// <param name="certificateAuthorityId">
         /// Required. It must be unique within a location and match the regular
@@ -2124,15 +2252,20 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Create a new [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in a given Project and Location.
+        /// Create a new
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in a given Project and Location.
         /// </summary>
         /// <param name="parent">
-        /// Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-        /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
-        /// `projects/*/locations/*/caPools/*`.
+        /// Required. The resource name of the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+        /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+        /// in the format `projects/*/locations/*/caPools/*`.
         /// </param>
         /// <param name="certificateAuthority">
-        /// Required. A [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with initial field values.
+        /// Required. A
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// with initial field values.
         /// </param>
         /// <param name="certificateAuthorityId">
         /// Required. It must be unique within a location and match the regular
@@ -2144,7 +2277,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             CreateCertificateAuthorityAsync(parent, certificateAuthority, certificateAuthorityId, gaxgrpc::CallSettings.FromCancellationToken(cancellationToken));
 
         /// <summary>
-        /// Disable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Disable a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -2153,7 +2287,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             throw new sys::NotImplementedException();
 
         /// <summary>
-        /// Disable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Disable a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -2162,7 +2297,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             throw new sys::NotImplementedException();
 
         /// <summary>
-        /// Disable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Disable a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
@@ -2198,11 +2334,13 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             lro::Operation<CertificateAuthority, OperationMetadata>.PollOnceFromNameAsync(gax::GaxPreconditions.CheckNotNullOrEmpty(operationName, nameof(operationName)), DisableCertificateAuthorityOperationsClient, callSettings);
 
         /// <summary>
-        /// Disable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Disable a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-        /// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+        /// Required. The resource name for this
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>The RPC response.</returns>
@@ -2213,11 +2351,13 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Disable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Disable a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-        /// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+        /// Required. The resource name for this
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -2228,11 +2368,13 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Disable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Disable a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-        /// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+        /// Required. The resource name for this
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
         /// </param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -2240,11 +2382,13 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             DisableCertificateAuthorityAsync(name, gaxgrpc::CallSettings.FromCancellationToken(cancellationToken));
 
         /// <summary>
-        /// Disable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Disable a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-        /// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+        /// Required. The resource name for this
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>The RPC response.</returns>
@@ -2255,11 +2399,13 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Disable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Disable a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-        /// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+        /// Required. The resource name for this
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -2270,11 +2416,13 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Disable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Disable a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-        /// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+        /// Required. The resource name for this
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
         /// </param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -2282,7 +2430,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             DisableCertificateAuthorityAsync(name, gaxgrpc::CallSettings.FromCancellationToken(cancellationToken));
 
         /// <summary>
-        /// Enable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Enable a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -2291,7 +2440,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             throw new sys::NotImplementedException();
 
         /// <summary>
-        /// Enable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Enable a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -2300,7 +2450,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             throw new sys::NotImplementedException();
 
         /// <summary>
-        /// Enable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Enable a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
@@ -2336,11 +2487,13 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             lro::Operation<CertificateAuthority, OperationMetadata>.PollOnceFromNameAsync(gax::GaxPreconditions.CheckNotNullOrEmpty(operationName, nameof(operationName)), EnableCertificateAuthorityOperationsClient, callSettings);
 
         /// <summary>
-        /// Enable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Enable a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-        /// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+        /// Required. The resource name for this
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>The RPC response.</returns>
@@ -2351,11 +2504,13 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Enable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Enable a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-        /// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+        /// Required. The resource name for this
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -2366,11 +2521,13 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Enable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Enable a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-        /// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+        /// Required. The resource name for this
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
         /// </param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -2378,11 +2535,13 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             EnableCertificateAuthorityAsync(name, gaxgrpc::CallSettings.FromCancellationToken(cancellationToken));
 
         /// <summary>
-        /// Enable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Enable a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-        /// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+        /// Required. The resource name for this
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>The RPC response.</returns>
@@ -2393,11 +2552,13 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Enable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Enable a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-        /// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+        /// Required. The resource name for this
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -2408,11 +2569,13 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Enable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Enable a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-        /// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+        /// Required. The resource name for this
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
         /// </param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -2420,13 +2583,17 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             EnableCertificateAuthorityAsync(name, gaxgrpc::CallSettings.FromCancellationToken(cancellationToken));
 
         /// <summary>
-        /// Fetch a certificate signing request (CSR) from a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// Fetch a certificate signing request (CSR) from a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
         /// that is in state
         /// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
-        /// and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. The
-        /// CSR must then be signed by the desired parent Certificate Authority, which
-        /// could be another [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] resource, or could be an on-prem
-        /// certificate authority. See also [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
+        /// and is of type
+        /// [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+        /// The CSR must then be signed by the desired parent Certificate Authority,
+        /// which could be another
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// resource, or could be an on-prem certificate authority. See also
+        /// [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -2435,13 +2602,17 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             throw new sys::NotImplementedException();
 
         /// <summary>
-        /// Fetch a certificate signing request (CSR) from a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// Fetch a certificate signing request (CSR) from a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
         /// that is in state
         /// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
-        /// and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. The
-        /// CSR must then be signed by the desired parent Certificate Authority, which
-        /// could be another [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] resource, or could be an on-prem
-        /// certificate authority. See also [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
+        /// and is of type
+        /// [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+        /// The CSR must then be signed by the desired parent Certificate Authority,
+        /// which could be another
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// resource, or could be an on-prem certificate authority. See also
+        /// [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -2450,13 +2621,17 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             throw new sys::NotImplementedException();
 
         /// <summary>
-        /// Fetch a certificate signing request (CSR) from a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// Fetch a certificate signing request (CSR) from a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
         /// that is in state
         /// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
-        /// and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. The
-        /// CSR must then be signed by the desired parent Certificate Authority, which
-        /// could be another [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] resource, or could be an on-prem
-        /// certificate authority. See also [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
+        /// and is of type
+        /// [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+        /// The CSR must then be signed by the desired parent Certificate Authority,
+        /// which could be another
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// resource, or could be an on-prem certificate authority. See also
+        /// [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
@@ -2465,17 +2640,22 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             FetchCertificateAuthorityCsrAsync(request, gaxgrpc::CallSettings.FromCancellationToken(cancellationToken));
 
         /// <summary>
-        /// Fetch a certificate signing request (CSR) from a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// Fetch a certificate signing request (CSR) from a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
         /// that is in state
         /// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
-        /// and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. The
-        /// CSR must then be signed by the desired parent Certificate Authority, which
-        /// could be another [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] resource, or could be an on-prem
-        /// certificate authority. See also [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
+        /// and is of type
+        /// [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+        /// The CSR must then be signed by the desired parent Certificate Authority,
+        /// which could be another
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// resource, or could be an on-prem certificate authority. See also
+        /// [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-        /// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+        /// Required. The resource name for this
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>The RPC response.</returns>
@@ -2486,17 +2666,22 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Fetch a certificate signing request (CSR) from a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// Fetch a certificate signing request (CSR) from a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
         /// that is in state
         /// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
-        /// and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. The
-        /// CSR must then be signed by the desired parent Certificate Authority, which
-        /// could be another [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] resource, or could be an on-prem
-        /// certificate authority. See also [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
+        /// and is of type
+        /// [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+        /// The CSR must then be signed by the desired parent Certificate Authority,
+        /// which could be another
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// resource, or could be an on-prem certificate authority. See also
+        /// [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-        /// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+        /// Required. The resource name for this
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -2507,17 +2692,22 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Fetch a certificate signing request (CSR) from a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// Fetch a certificate signing request (CSR) from a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
         /// that is in state
         /// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
-        /// and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. The
-        /// CSR must then be signed by the desired parent Certificate Authority, which
-        /// could be another [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] resource, or could be an on-prem
-        /// certificate authority. See also [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
+        /// and is of type
+        /// [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+        /// The CSR must then be signed by the desired parent Certificate Authority,
+        /// which could be another
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// resource, or could be an on-prem certificate authority. See also
+        /// [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-        /// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+        /// Required. The resource name for this
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
         /// </param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -2525,17 +2715,22 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             FetchCertificateAuthorityCsrAsync(name, gaxgrpc::CallSettings.FromCancellationToken(cancellationToken));
 
         /// <summary>
-        /// Fetch a certificate signing request (CSR) from a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// Fetch a certificate signing request (CSR) from a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
         /// that is in state
         /// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
-        /// and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. The
-        /// CSR must then be signed by the desired parent Certificate Authority, which
-        /// could be another [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] resource, or could be an on-prem
-        /// certificate authority. See also [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
+        /// and is of type
+        /// [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+        /// The CSR must then be signed by the desired parent Certificate Authority,
+        /// which could be another
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// resource, or could be an on-prem certificate authority. See also
+        /// [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-        /// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+        /// Required. The resource name for this
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>The RPC response.</returns>
@@ -2546,17 +2741,22 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Fetch a certificate signing request (CSR) from a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// Fetch a certificate signing request (CSR) from a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
         /// that is in state
         /// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
-        /// and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. The
-        /// CSR must then be signed by the desired parent Certificate Authority, which
-        /// could be another [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] resource, or could be an on-prem
-        /// certificate authority. See also [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
+        /// and is of type
+        /// [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+        /// The CSR must then be signed by the desired parent Certificate Authority,
+        /// which could be another
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// resource, or could be an on-prem certificate authority. See also
+        /// [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-        /// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+        /// Required. The resource name for this
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -2567,17 +2767,22 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Fetch a certificate signing request (CSR) from a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// Fetch a certificate signing request (CSR) from a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
         /// that is in state
         /// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
-        /// and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. The
-        /// CSR must then be signed by the desired parent Certificate Authority, which
-        /// could be another [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] resource, or could be an on-prem
-        /// certificate authority. See also [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
+        /// and is of type
+        /// [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+        /// The CSR must then be signed by the desired parent Certificate Authority,
+        /// which could be another
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// resource, or could be an on-prem certificate authority. See also
+        /// [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-        /// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+        /// Required. The resource name for this
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
         /// </param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -2585,7 +2790,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             FetchCertificateAuthorityCsrAsync(name, gaxgrpc::CallSettings.FromCancellationToken(cancellationToken));
 
         /// <summary>
-        /// Returns a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Returns a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -2594,7 +2800,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             throw new sys::NotImplementedException();
 
         /// <summary>
-        /// Returns a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Returns a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -2603,7 +2810,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             throw new sys::NotImplementedException();
 
         /// <summary>
-        /// Returns a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Returns a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
@@ -2612,11 +2820,14 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             GetCertificateAuthorityAsync(request, gaxgrpc::CallSettings.FromCancellationToken(cancellationToken));
 
         /// <summary>
-        /// Returns a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Returns a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="name">
-        /// Required. The [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] to
-        /// get.
+        /// Required. The
+        /// [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// to get.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>The RPC response.</returns>
@@ -2627,11 +2838,14 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Returns a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Returns a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="name">
-        /// Required. The [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] to
-        /// get.
+        /// Required. The
+        /// [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// to get.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -2642,11 +2856,14 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Returns a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Returns a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="name">
-        /// Required. The [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] to
-        /// get.
+        /// Required. The
+        /// [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// to get.
         /// </param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -2654,11 +2871,14 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             GetCertificateAuthorityAsync(name, gaxgrpc::CallSettings.FromCancellationToken(cancellationToken));
 
         /// <summary>
-        /// Returns a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Returns a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="name">
-        /// Required. The [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] to
-        /// get.
+        /// Required. The
+        /// [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// to get.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>The RPC response.</returns>
@@ -2669,11 +2889,14 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Returns a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Returns a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="name">
-        /// Required. The [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] to
-        /// get.
+        /// Required. The
+        /// [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// to get.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -2684,11 +2907,14 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Returns a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Returns a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="name">
-        /// Required. The [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] to
-        /// get.
+        /// Required. The
+        /// [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// to get.
         /// </param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -2696,7 +2922,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             GetCertificateAuthorityAsync(name, gaxgrpc::CallSettings.FromCancellationToken(cancellationToken));
 
         /// <summary>
-        /// Lists [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Lists
+        /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -2705,7 +2932,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             throw new sys::NotImplementedException();
 
         /// <summary>
-        /// Lists [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Lists
+        /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -2714,12 +2942,14 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             throw new sys::NotImplementedException();
 
         /// <summary>
-        /// Lists [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Lists
+        /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="parent">
-        /// Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-        /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
-        /// `projects/*/locations/*/caPools/*`.
+        /// Required. The resource name of the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+        /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+        /// in the format `projects/*/locations/*/caPools/*`.
         /// </param>
         /// <param name="pageToken">
         /// The token returned from the previous request. A value of <c>null</c> or an empty string retrieves the first
@@ -2740,12 +2970,14 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Lists [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Lists
+        /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="parent">
-        /// Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-        /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
-        /// `projects/*/locations/*/caPools/*`.
+        /// Required. The resource name of the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+        /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+        /// in the format `projects/*/locations/*/caPools/*`.
         /// </param>
         /// <param name="pageToken">
         /// The token returned from the previous request. A value of <c>null</c> or an empty string retrieves the first
@@ -2766,12 +2998,14 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Lists [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Lists
+        /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="parent">
-        /// Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-        /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
-        /// `projects/*/locations/*/caPools/*`.
+        /// Required. The resource name of the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+        /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+        /// in the format `projects/*/locations/*/caPools/*`.
         /// </param>
         /// <param name="pageToken">
         /// The token returned from the previous request. A value of <c>null</c> or an empty string retrieves the first
@@ -2792,12 +3026,14 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Lists [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Lists
+        /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="parent">
-        /// Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-        /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
-        /// `projects/*/locations/*/caPools/*`.
+        /// Required. The resource name of the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+        /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+        /// in the format `projects/*/locations/*/caPools/*`.
         /// </param>
         /// <param name="pageToken">
         /// The token returned from the previous request. A value of <c>null</c> or an empty string retrieves the first
@@ -2818,7 +3054,9 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Undelete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that has been deleted.
+        /// Undelete a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// that has been deleted.
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -2827,7 +3065,9 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             throw new sys::NotImplementedException();
 
         /// <summary>
-        /// Undelete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that has been deleted.
+        /// Undelete a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// that has been deleted.
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -2836,7 +3076,9 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             throw new sys::NotImplementedException();
 
         /// <summary>
-        /// Undelete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that has been deleted.
+        /// Undelete a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// that has been deleted.
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
@@ -2872,11 +3114,14 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             lro::Operation<CertificateAuthority, OperationMetadata>.PollOnceFromNameAsync(gax::GaxPreconditions.CheckNotNullOrEmpty(operationName, nameof(operationName)), UndeleteCertificateAuthorityOperationsClient, callSettings);
 
         /// <summary>
-        /// Undelete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that has been deleted.
+        /// Undelete a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// that has been deleted.
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-        /// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+        /// Required. The resource name for this
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>The RPC response.</returns>
@@ -2887,11 +3132,14 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Undelete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that has been deleted.
+        /// Undelete a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// that has been deleted.
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-        /// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+        /// Required. The resource name for this
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -2902,11 +3150,14 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Undelete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that has been deleted.
+        /// Undelete a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// that has been deleted.
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-        /// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+        /// Required. The resource name for this
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
         /// </param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -2914,11 +3165,14 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             UndeleteCertificateAuthorityAsync(name, gaxgrpc::CallSettings.FromCancellationToken(cancellationToken));
 
         /// <summary>
-        /// Undelete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that has been deleted.
+        /// Undelete a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// that has been deleted.
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-        /// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+        /// Required. The resource name for this
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>The RPC response.</returns>
@@ -2929,11 +3183,14 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Undelete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that has been deleted.
+        /// Undelete a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// that has been deleted.
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-        /// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+        /// Required. The resource name for this
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -2944,11 +3201,14 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Undelete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that has been deleted.
+        /// Undelete a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// that has been deleted.
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-        /// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+        /// Required. The resource name for this
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
         /// </param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -2956,7 +3216,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             UndeleteCertificateAuthorityAsync(name, gaxgrpc::CallSettings.FromCancellationToken(cancellationToken));
 
         /// <summary>
-        /// Delete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Delete a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -2965,7 +3226,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             throw new sys::NotImplementedException();
 
         /// <summary>
-        /// Delete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Delete a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -2974,7 +3236,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             throw new sys::NotImplementedException();
 
         /// <summary>
-        /// Delete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Delete a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
@@ -3010,11 +3273,13 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             lro::Operation<CertificateAuthority, OperationMetadata>.PollOnceFromNameAsync(gax::GaxPreconditions.CheckNotNullOrEmpty(operationName, nameof(operationName)), DeleteCertificateAuthorityOperationsClient, callSettings);
 
         /// <summary>
-        /// Delete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Delete a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-        /// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+        /// Required. The resource name for this
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>The RPC response.</returns>
@@ -3025,11 +3290,13 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Delete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Delete a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-        /// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+        /// Required. The resource name for this
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -3040,11 +3307,13 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Delete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Delete a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-        /// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+        /// Required. The resource name for this
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
         /// </param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -3052,11 +3321,13 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             DeleteCertificateAuthorityAsync(name, gaxgrpc::CallSettings.FromCancellationToken(cancellationToken));
 
         /// <summary>
-        /// Delete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Delete a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-        /// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+        /// Required. The resource name for this
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>The RPC response.</returns>
@@ -3067,11 +3338,13 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Delete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Delete a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-        /// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+        /// Required. The resource name for this
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -3082,11 +3355,13 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Delete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Delete a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-        /// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+        /// Required. The resource name for this
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
         /// </param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -3094,7 +3369,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             DeleteCertificateAuthorityAsync(name, gaxgrpc::CallSettings.FromCancellationToken(cancellationToken));
 
         /// <summary>
-        /// Update a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Update a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -3103,7 +3379,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             throw new sys::NotImplementedException();
 
         /// <summary>
-        /// Update a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Update a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -3112,7 +3389,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             throw new sys::NotImplementedException();
 
         /// <summary>
-        /// Update a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Update a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
@@ -3148,10 +3426,13 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             lro::Operation<CertificateAuthority, OperationMetadata>.PollOnceFromNameAsync(gax::GaxPreconditions.CheckNotNullOrEmpty(operationName, nameof(operationName)), UpdateCertificateAuthorityOperationsClient, callSettings);
 
         /// <summary>
-        /// Update a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Update a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="certificateAuthority">
-        /// Required. [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with updated values.
+        /// Required.
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// with updated values.
         /// </param>
         /// <param name="updateMask">
         /// Required. A list of fields to be updated in this request.
@@ -3166,10 +3447,13 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Update a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Update a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="certificateAuthority">
-        /// Required. [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with updated values.
+        /// Required.
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// with updated values.
         /// </param>
         /// <param name="updateMask">
         /// Required. A list of fields to be updated in this request.
@@ -3184,10 +3468,13 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Update a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Update a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="certificateAuthority">
-        /// Required. [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with updated values.
+        /// Required.
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// with updated values.
         /// </param>
         /// <param name="updateMask">
         /// Required. A list of fields to be updated in this request.
@@ -3255,10 +3542,12 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
         /// </summary>
         /// <param name="parent">
         /// Required. The resource name of the location associated with the
-        /// [CaPool][google.cloud.security.privateca.v1.CaPool], in the format `projects/*/locations/*`.
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool], in the format
+        /// `projects/*/locations/*`.
         /// </param>
         /// <param name="caPool">
-        /// Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with initial field values.
+        /// Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
+        /// initial field values.
         /// </param>
         /// <param name="caPoolId">
         /// Required. It must be unique within a location and match the regular
@@ -3279,10 +3568,12 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
         /// </summary>
         /// <param name="parent">
         /// Required. The resource name of the location associated with the
-        /// [CaPool][google.cloud.security.privateca.v1.CaPool], in the format `projects/*/locations/*`.
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool], in the format
+        /// `projects/*/locations/*`.
         /// </param>
         /// <param name="caPool">
-        /// Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with initial field values.
+        /// Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
+        /// initial field values.
         /// </param>
         /// <param name="caPoolId">
         /// Required. It must be unique within a location and match the regular
@@ -3303,10 +3594,12 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
         /// </summary>
         /// <param name="parent">
         /// Required. The resource name of the location associated with the
-        /// [CaPool][google.cloud.security.privateca.v1.CaPool], in the format `projects/*/locations/*`.
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool], in the format
+        /// `projects/*/locations/*`.
         /// </param>
         /// <param name="caPool">
-        /// Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with initial field values.
+        /// Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
+        /// initial field values.
         /// </param>
         /// <param name="caPoolId">
         /// Required. It must be unique within a location and match the regular
@@ -3322,10 +3615,12 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
         /// </summary>
         /// <param name="parent">
         /// Required. The resource name of the location associated with the
-        /// [CaPool][google.cloud.security.privateca.v1.CaPool], in the format `projects/*/locations/*`.
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool], in the format
+        /// `projects/*/locations/*`.
         /// </param>
         /// <param name="caPool">
-        /// Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with initial field values.
+        /// Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
+        /// initial field values.
         /// </param>
         /// <param name="caPoolId">
         /// Required. It must be unique within a location and match the regular
@@ -3346,10 +3641,12 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
         /// </summary>
         /// <param name="parent">
         /// Required. The resource name of the location associated with the
-        /// [CaPool][google.cloud.security.privateca.v1.CaPool], in the format `projects/*/locations/*`.
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool], in the format
+        /// `projects/*/locations/*`.
         /// </param>
         /// <param name="caPool">
-        /// Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with initial field values.
+        /// Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
+        /// initial field values.
         /// </param>
         /// <param name="caPoolId">
         /// Required. It must be unique within a location and match the regular
@@ -3370,10 +3667,12 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
         /// </summary>
         /// <param name="parent">
         /// Required. The resource name of the location associated with the
-        /// [CaPool][google.cloud.security.privateca.v1.CaPool], in the format `projects/*/locations/*`.
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool], in the format
+        /// `projects/*/locations/*`.
         /// </param>
         /// <param name="caPool">
-        /// Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with initial field values.
+        /// Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
+        /// initial field values.
         /// </param>
         /// <param name="caPoolId">
         /// Required. It must be unique within a location and match the regular
@@ -3441,7 +3740,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
         /// Update a [CaPool][google.cloud.security.privateca.v1.CaPool].
         /// </summary>
         /// <param name="caPool">
-        /// Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated values.
+        /// Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated
+        /// values.
         /// </param>
         /// <param name="updateMask">
         /// Required. A list of fields to be updated in this request.
@@ -3459,7 +3759,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
         /// Update a [CaPool][google.cloud.security.privateca.v1.CaPool].
         /// </summary>
         /// <param name="caPool">
-        /// Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated values.
+        /// Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated
+        /// values.
         /// </param>
         /// <param name="updateMask">
         /// Required. A list of fields to be updated in this request.
@@ -3477,7 +3778,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
         /// Update a [CaPool][google.cloud.security.privateca.v1.CaPool].
         /// </summary>
         /// <param name="caPool">
-        /// Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated values.
+        /// Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated
+        /// values.
         /// </param>
         /// <param name="updateMask">
         /// Required. A list of fields to be updated in this request.
@@ -3518,7 +3820,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
         /// Returns a [CaPool][google.cloud.security.privateca.v1.CaPool].
         /// </summary>
         /// <param name="name">
-        /// Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
+        /// Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>The RPC response.</returns>
@@ -3532,7 +3835,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
         /// Returns a [CaPool][google.cloud.security.privateca.v1.CaPool].
         /// </summary>
         /// <param name="name">
-        /// Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
+        /// Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -3546,7 +3850,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
         /// Returns a [CaPool][google.cloud.security.privateca.v1.CaPool].
         /// </summary>
         /// <param name="name">
-        /// Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
+        /// Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
         /// </param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -3557,7 +3862,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
         /// Returns a [CaPool][google.cloud.security.privateca.v1.CaPool].
         /// </summary>
         /// <param name="name">
-        /// Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
+        /// Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>The RPC response.</returns>
@@ -3571,7 +3877,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
         /// Returns a [CaPool][google.cloud.security.privateca.v1.CaPool].
         /// </summary>
         /// <param name="name">
-        /// Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
+        /// Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -3585,7 +3892,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
         /// Returns a [CaPool][google.cloud.security.privateca.v1.CaPool].
         /// </summary>
         /// <param name="name">
-        /// Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
+        /// Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
         /// </param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -3771,8 +4079,9 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
         /// Delete a [CaPool][google.cloud.security.privateca.v1.CaPool].
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CaPool][google.cloud.security.privateca.v1.CaPool] in the
-        /// format `projects/*/locations/*/caPools/*`.
+        /// Required. The resource name for this
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+        /// `projects/*/locations/*/caPools/*`.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>The RPC response.</returns>
@@ -3786,8 +4095,9 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
         /// Delete a [CaPool][google.cloud.security.privateca.v1.CaPool].
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CaPool][google.cloud.security.privateca.v1.CaPool] in the
-        /// format `projects/*/locations/*/caPools/*`.
+        /// Required. The resource name for this
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+        /// `projects/*/locations/*/caPools/*`.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -3801,8 +4111,9 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
         /// Delete a [CaPool][google.cloud.security.privateca.v1.CaPool].
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CaPool][google.cloud.security.privateca.v1.CaPool] in the
-        /// format `projects/*/locations/*/caPools/*`.
+        /// Required. The resource name for this
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+        /// `projects/*/locations/*/caPools/*`.
         /// </param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -3813,8 +4124,9 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
         /// Delete a [CaPool][google.cloud.security.privateca.v1.CaPool].
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CaPool][google.cloud.security.privateca.v1.CaPool] in the
-        /// format `projects/*/locations/*/caPools/*`.
+        /// Required. The resource name for this
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+        /// `projects/*/locations/*/caPools/*`.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>The RPC response.</returns>
@@ -3828,8 +4140,9 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
         /// Delete a [CaPool][google.cloud.security.privateca.v1.CaPool].
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CaPool][google.cloud.security.privateca.v1.CaPool] in the
-        /// format `projects/*/locations/*/caPools/*`.
+        /// Required. The resource name for this
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+        /// `projects/*/locations/*/caPools/*`.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -3843,8 +4156,9 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
         /// Delete a [CaPool][google.cloud.security.privateca.v1.CaPool].
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CaPool][google.cloud.security.privateca.v1.CaPool] in the
-        /// format `projects/*/locations/*/caPools/*`.
+        /// Required. The resource name for this
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+        /// `projects/*/locations/*/caPools/*`.
         /// </param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -3852,8 +4166,10 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             DeleteCaPoolAsync(name, gaxgrpc::CallSettings.FromCancellationToken(cancellationToken));
 
         /// <summary>
-        /// FetchCaCerts returns the current trust anchor for the [CaPool][google.cloud.security.privateca.v1.CaPool]. This will
-        /// include CA certificate chains for all ACTIVE [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// FetchCaCerts returns the current trust anchor for the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool]. This will include CA
+        /// certificate chains for all ACTIVE
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
         /// resources in the [CaPool][google.cloud.security.privateca.v1.CaPool].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
@@ -3863,8 +4179,10 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             throw new sys::NotImplementedException();
 
         /// <summary>
-        /// FetchCaCerts returns the current trust anchor for the [CaPool][google.cloud.security.privateca.v1.CaPool]. This will
-        /// include CA certificate chains for all ACTIVE [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// FetchCaCerts returns the current trust anchor for the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool]. This will include CA
+        /// certificate chains for all ACTIVE
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
         /// resources in the [CaPool][google.cloud.security.privateca.v1.CaPool].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
@@ -3874,8 +4192,10 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             throw new sys::NotImplementedException();
 
         /// <summary>
-        /// FetchCaCerts returns the current trust anchor for the [CaPool][google.cloud.security.privateca.v1.CaPool]. This will
-        /// include CA certificate chains for all ACTIVE [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// FetchCaCerts returns the current trust anchor for the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool]. This will include CA
+        /// certificate chains for all ACTIVE
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
         /// resources in the [CaPool][google.cloud.security.privateca.v1.CaPool].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
@@ -3885,13 +4205,16 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             FetchCaCertsAsync(request, gaxgrpc::CallSettings.FromCancellationToken(cancellationToken));
 
         /// <summary>
-        /// FetchCaCerts returns the current trust anchor for the [CaPool][google.cloud.security.privateca.v1.CaPool]. This will
-        /// include CA certificate chains for all ACTIVE [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// FetchCaCerts returns the current trust anchor for the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool]. This will include CA
+        /// certificate chains for all ACTIVE
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
         /// resources in the [CaPool][google.cloud.security.privateca.v1.CaPool].
         /// </summary>
         /// <param name="caPool">
-        /// Required. The resource name for the [CaPool][google.cloud.security.privateca.v1.CaPool] in the
-        /// format `projects/*/locations/*/caPools/*`.
+        /// Required. The resource name for the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+        /// `projects/*/locations/*/caPools/*`.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>The RPC response.</returns>
@@ -3902,13 +4225,16 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// FetchCaCerts returns the current trust anchor for the [CaPool][google.cloud.security.privateca.v1.CaPool]. This will
-        /// include CA certificate chains for all ACTIVE [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// FetchCaCerts returns the current trust anchor for the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool]. This will include CA
+        /// certificate chains for all ACTIVE
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
         /// resources in the [CaPool][google.cloud.security.privateca.v1.CaPool].
         /// </summary>
         /// <param name="caPool">
-        /// Required. The resource name for the [CaPool][google.cloud.security.privateca.v1.CaPool] in the
-        /// format `projects/*/locations/*/caPools/*`.
+        /// Required. The resource name for the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+        /// `projects/*/locations/*/caPools/*`.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -3919,13 +4245,16 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// FetchCaCerts returns the current trust anchor for the [CaPool][google.cloud.security.privateca.v1.CaPool]. This will
-        /// include CA certificate chains for all ACTIVE [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// FetchCaCerts returns the current trust anchor for the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool]. This will include CA
+        /// certificate chains for all ACTIVE
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
         /// resources in the [CaPool][google.cloud.security.privateca.v1.CaPool].
         /// </summary>
         /// <param name="caPool">
-        /// Required. The resource name for the [CaPool][google.cloud.security.privateca.v1.CaPool] in the
-        /// format `projects/*/locations/*/caPools/*`.
+        /// Required. The resource name for the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+        /// `projects/*/locations/*/caPools/*`.
         /// </param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -3933,13 +4262,16 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             FetchCaCertsAsync(caPool, gaxgrpc::CallSettings.FromCancellationToken(cancellationToken));
 
         /// <summary>
-        /// FetchCaCerts returns the current trust anchor for the [CaPool][google.cloud.security.privateca.v1.CaPool]. This will
-        /// include CA certificate chains for all ACTIVE [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// FetchCaCerts returns the current trust anchor for the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool]. This will include CA
+        /// certificate chains for all ACTIVE
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
         /// resources in the [CaPool][google.cloud.security.privateca.v1.CaPool].
         /// </summary>
         /// <param name="caPool">
-        /// Required. The resource name for the [CaPool][google.cloud.security.privateca.v1.CaPool] in the
-        /// format `projects/*/locations/*/caPools/*`.
+        /// Required. The resource name for the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+        /// `projects/*/locations/*/caPools/*`.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>The RPC response.</returns>
@@ -3950,13 +4282,16 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// FetchCaCerts returns the current trust anchor for the [CaPool][google.cloud.security.privateca.v1.CaPool]. This will
-        /// include CA certificate chains for all ACTIVE [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// FetchCaCerts returns the current trust anchor for the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool]. This will include CA
+        /// certificate chains for all ACTIVE
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
         /// resources in the [CaPool][google.cloud.security.privateca.v1.CaPool].
         /// </summary>
         /// <param name="caPool">
-        /// Required. The resource name for the [CaPool][google.cloud.security.privateca.v1.CaPool] in the
-        /// format `projects/*/locations/*/caPools/*`.
+        /// Required. The resource name for the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+        /// `projects/*/locations/*/caPools/*`.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -3967,13 +4302,16 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// FetchCaCerts returns the current trust anchor for the [CaPool][google.cloud.security.privateca.v1.CaPool]. This will
-        /// include CA certificate chains for all ACTIVE [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// FetchCaCerts returns the current trust anchor for the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool]. This will include CA
+        /// certificate chains for all ACTIVE
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
         /// resources in the [CaPool][google.cloud.security.privateca.v1.CaPool].
         /// </summary>
         /// <param name="caPool">
-        /// Required. The resource name for the [CaPool][google.cloud.security.privateca.v1.CaPool] in the
-        /// format `projects/*/locations/*/caPools/*`.
+        /// Required. The resource name for the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+        /// `projects/*/locations/*/caPools/*`.
         /// </param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -3981,7 +4319,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             FetchCaCertsAsync(caPool, gaxgrpc::CallSettings.FromCancellationToken(cancellationToken));
 
         /// <summary>
-        /// Returns a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+        /// Returns a
+        /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -3990,7 +4329,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             throw new sys::NotImplementedException();
 
         /// <summary>
-        /// Returns a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+        /// Returns a
+        /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -3999,7 +4339,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             throw new sys::NotImplementedException();
 
         /// <summary>
-        /// Returns a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+        /// Returns a
+        /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
@@ -4008,11 +4349,15 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             GetCertificateRevocationListAsync(request, gaxgrpc::CallSettings.FromCancellationToken(cancellationToken));
 
         /// <summary>
-        /// Returns a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+        /// Returns a
+        /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
         /// </summary>
         /// <param name="name">
-        /// Required. The [name][google.cloud.security.privateca.v1.CertificateRevocationList.name] of the
-        /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] to get.
+        /// Required. The
+        /// [name][google.cloud.security.privateca.v1.CertificateRevocationList.name]
+        /// of the
+        /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+        /// to get.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>The RPC response.</returns>
@@ -4023,11 +4368,15 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Returns a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+        /// Returns a
+        /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
         /// </summary>
         /// <param name="name">
-        /// Required. The [name][google.cloud.security.privateca.v1.CertificateRevocationList.name] of the
-        /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] to get.
+        /// Required. The
+        /// [name][google.cloud.security.privateca.v1.CertificateRevocationList.name]
+        /// of the
+        /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+        /// to get.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -4038,11 +4387,15 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Returns a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+        /// Returns a
+        /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
         /// </summary>
         /// <param name="name">
-        /// Required. The [name][google.cloud.security.privateca.v1.CertificateRevocationList.name] of the
-        /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] to get.
+        /// Required. The
+        /// [name][google.cloud.security.privateca.v1.CertificateRevocationList.name]
+        /// of the
+        /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+        /// to get.
         /// </param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -4050,11 +4403,15 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             GetCertificateRevocationListAsync(name, gaxgrpc::CallSettings.FromCancellationToken(cancellationToken));
 
         /// <summary>
-        /// Returns a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+        /// Returns a
+        /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
         /// </summary>
         /// <param name="name">
-        /// Required. The [name][google.cloud.security.privateca.v1.CertificateRevocationList.name] of the
-        /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] to get.
+        /// Required. The
+        /// [name][google.cloud.security.privateca.v1.CertificateRevocationList.name]
+        /// of the
+        /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+        /// to get.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>The RPC response.</returns>
@@ -4065,11 +4422,15 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Returns a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+        /// Returns a
+        /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
         /// </summary>
         /// <param name="name">
-        /// Required. The [name][google.cloud.security.privateca.v1.CertificateRevocationList.name] of the
-        /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] to get.
+        /// Required. The
+        /// [name][google.cloud.security.privateca.v1.CertificateRevocationList.name]
+        /// of the
+        /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+        /// to get.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -4080,11 +4441,15 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Returns a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+        /// Returns a
+        /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
         /// </summary>
         /// <param name="name">
-        /// Required. The [name][google.cloud.security.privateca.v1.CertificateRevocationList.name] of the
-        /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] to get.
+        /// Required. The
+        /// [name][google.cloud.security.privateca.v1.CertificateRevocationList.name]
+        /// of the
+        /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+        /// to get.
         /// </param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -4092,7 +4457,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             GetCertificateRevocationListAsync(name, gaxgrpc::CallSettings.FromCancellationToken(cancellationToken));
 
         /// <summary>
-        /// Lists [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+        /// Lists
+        /// [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -4101,7 +4467,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             throw new sys::NotImplementedException();
 
         /// <summary>
-        /// Lists [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+        /// Lists
+        /// [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -4110,12 +4477,13 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             throw new sys::NotImplementedException();
 
         /// <summary>
-        /// Lists [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+        /// Lists
+        /// [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
         /// </summary>
         /// <param name="parent">
         /// Required. The resource name of the location associated with the
-        /// [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList], in the format
-        /// `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+        /// [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList],
+        /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
         /// </param>
         /// <param name="pageToken">
         /// The token returned from the previous request. A value of <c>null</c> or an empty string retrieves the first
@@ -4136,12 +4504,13 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Lists [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+        /// Lists
+        /// [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
         /// </summary>
         /// <param name="parent">
         /// Required. The resource name of the location associated with the
-        /// [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList], in the format
-        /// `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+        /// [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList],
+        /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
         /// </param>
         /// <param name="pageToken">
         /// The token returned from the previous request. A value of <c>null</c> or an empty string retrieves the first
@@ -4162,12 +4531,13 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Lists [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+        /// Lists
+        /// [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
         /// </summary>
         /// <param name="parent">
         /// Required. The resource name of the location associated with the
-        /// [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList], in the format
-        /// `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+        /// [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList],
+        /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
         /// </param>
         /// <param name="pageToken">
         /// The token returned from the previous request. A value of <c>null</c> or an empty string retrieves the first
@@ -4188,12 +4558,13 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Lists [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+        /// Lists
+        /// [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
         /// </summary>
         /// <param name="parent">
         /// Required. The resource name of the location associated with the
-        /// [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList], in the format
-        /// `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+        /// [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList],
+        /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
         /// </param>
         /// <param name="pageToken">
         /// The token returned from the previous request. A value of <c>null</c> or an empty string retrieves the first
@@ -4214,7 +4585,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Update a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+        /// Update a
+        /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -4223,7 +4595,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             throw new sys::NotImplementedException();
 
         /// <summary>
-        /// Update a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+        /// Update a
+        /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -4232,7 +4605,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             throw new sys::NotImplementedException();
 
         /// <summary>
-        /// Update a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+        /// Update a
+        /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
@@ -4268,10 +4642,13 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             lro::Operation<CertificateRevocationList, OperationMetadata>.PollOnceFromNameAsync(gax::GaxPreconditions.CheckNotNullOrEmpty(operationName, nameof(operationName)), UpdateCertificateRevocationListOperationsClient, callSettings);
 
         /// <summary>
-        /// Update a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+        /// Update a
+        /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
         /// </summary>
         /// <param name="certificateRevocationList">
-        /// Required. [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] with updated values.
+        /// Required.
+        /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+        /// with updated values.
         /// </param>
         /// <param name="updateMask">
         /// Required. A list of fields to be updated in this request.
@@ -4286,10 +4663,13 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Update a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+        /// Update a
+        /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
         /// </summary>
         /// <param name="certificateRevocationList">
-        /// Required. [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] with updated values.
+        /// Required.
+        /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+        /// with updated values.
         /// </param>
         /// <param name="updateMask">
         /// Required. A list of fields to be updated in this request.
@@ -4304,10 +4684,13 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Update a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+        /// Update a
+        /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
         /// </summary>
         /// <param name="certificateRevocationList">
-        /// Required. [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] with updated values.
+        /// Required.
+        /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+        /// with updated values.
         /// </param>
         /// <param name="updateMask">
         /// Required. A list of fields to be updated in this request.
@@ -4318,7 +4701,9 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             UpdateCertificateRevocationListAsync(certificateRevocationList, updateMask, gaxgrpc::CallSettings.FromCancellationToken(cancellationToken));
 
         /// <summary>
-        /// Create a new [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in a given Project and Location.
+        /// Create a new
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+        /// in a given Project and Location.
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -4327,7 +4712,9 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             throw new sys::NotImplementedException();
 
         /// <summary>
-        /// Create a new [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in a given Project and Location.
+        /// Create a new
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+        /// in a given Project and Location.
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -4336,7 +4723,9 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             throw new sys::NotImplementedException();
 
         /// <summary>
-        /// Create a new [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in a given Project and Location.
+        /// Create a new
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+        /// in a given Project and Location.
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
@@ -4372,15 +4761,19 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             lro::Operation<CertificateTemplate, OperationMetadata>.PollOnceFromNameAsync(gax::GaxPreconditions.CheckNotNullOrEmpty(operationName, nameof(operationName)), CreateCertificateTemplateOperationsClient, callSettings);
 
         /// <summary>
-        /// Create a new [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in a given Project and Location.
+        /// Create a new
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+        /// in a given Project and Location.
         /// </summary>
         /// <param name="parent">
         /// Required. The resource name of the location associated with the
-        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate], in the format
-        /// `projects/*/locations/*`.
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate],
+        /// in the format `projects/*/locations/*`.
         /// </param>
         /// <param name="certificateTemplate">
-        /// Required. A [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with initial field values.
+        /// Required. A
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+        /// with initial field values.
         /// </param>
         /// <param name="certificateTemplateId">
         /// Required. It must be unique within a location and match the regular
@@ -4397,15 +4790,19 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Create a new [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in a given Project and Location.
+        /// Create a new
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+        /// in a given Project and Location.
         /// </summary>
         /// <param name="parent">
         /// Required. The resource name of the location associated with the
-        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate], in the format
-        /// `projects/*/locations/*`.
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate],
+        /// in the format `projects/*/locations/*`.
         /// </param>
         /// <param name="certificateTemplate">
-        /// Required. A [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with initial field values.
+        /// Required. A
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+        /// with initial field values.
         /// </param>
         /// <param name="certificateTemplateId">
         /// Required. It must be unique within a location and match the regular
@@ -4422,15 +4819,19 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Create a new [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in a given Project and Location.
+        /// Create a new
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+        /// in a given Project and Location.
         /// </summary>
         /// <param name="parent">
         /// Required. The resource name of the location associated with the
-        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate], in the format
-        /// `projects/*/locations/*`.
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate],
+        /// in the format `projects/*/locations/*`.
         /// </param>
         /// <param name="certificateTemplate">
-        /// Required. A [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with initial field values.
+        /// Required. A
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+        /// with initial field values.
         /// </param>
         /// <param name="certificateTemplateId">
         /// Required. It must be unique within a location and match the regular
@@ -4442,15 +4843,19 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             CreateCertificateTemplateAsync(parent, certificateTemplate, certificateTemplateId, gaxgrpc::CallSettings.FromCancellationToken(cancellationToken));
 
         /// <summary>
-        /// Create a new [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in a given Project and Location.
+        /// Create a new
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+        /// in a given Project and Location.
         /// </summary>
         /// <param name="parent">
         /// Required. The resource name of the location associated with the
-        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate], in the format
-        /// `projects/*/locations/*`.
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate],
+        /// in the format `projects/*/locations/*`.
         /// </param>
         /// <param name="certificateTemplate">
-        /// Required. A [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with initial field values.
+        /// Required. A
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+        /// with initial field values.
         /// </param>
         /// <param name="certificateTemplateId">
         /// Required. It must be unique within a location and match the regular
@@ -4467,15 +4872,19 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Create a new [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in a given Project and Location.
+        /// Create a new
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+        /// in a given Project and Location.
         /// </summary>
         /// <param name="parent">
         /// Required. The resource name of the location associated with the
-        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate], in the format
-        /// `projects/*/locations/*`.
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate],
+        /// in the format `projects/*/locations/*`.
         /// </param>
         /// <param name="certificateTemplate">
-        /// Required. A [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with initial field values.
+        /// Required. A
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+        /// with initial field values.
         /// </param>
         /// <param name="certificateTemplateId">
         /// Required. It must be unique within a location and match the regular
@@ -4492,15 +4901,19 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Create a new [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in a given Project and Location.
+        /// Create a new
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+        /// in a given Project and Location.
         /// </summary>
         /// <param name="parent">
         /// Required. The resource name of the location associated with the
-        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate], in the format
-        /// `projects/*/locations/*`.
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate],
+        /// in the format `projects/*/locations/*`.
         /// </param>
         /// <param name="certificateTemplate">
-        /// Required. A [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with initial field values.
+        /// Required. A
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+        /// with initial field values.
         /// </param>
         /// <param name="certificateTemplateId">
         /// Required. It must be unique within a location and match the regular
@@ -4512,7 +4925,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             CreateCertificateTemplateAsync(parent, certificateTemplate, certificateTemplateId, gaxgrpc::CallSettings.FromCancellationToken(cancellationToken));
 
         /// <summary>
-        /// DeleteCertificateTemplate deletes a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+        /// DeleteCertificateTemplate deletes a
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -4521,7 +4935,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             throw new sys::NotImplementedException();
 
         /// <summary>
-        /// DeleteCertificateTemplate deletes a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+        /// DeleteCertificateTemplate deletes a
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -4530,7 +4945,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             throw new sys::NotImplementedException();
 
         /// <summary>
-        /// DeleteCertificateTemplate deletes a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+        /// DeleteCertificateTemplate deletes a
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
@@ -4566,11 +4982,13 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             lro::Operation<wkt::Empty, OperationMetadata>.PollOnceFromNameAsync(gax::GaxPreconditions.CheckNotNullOrEmpty(operationName, nameof(operationName)), DeleteCertificateTemplateOperationsClient, callSettings);
 
         /// <summary>
-        /// DeleteCertificateTemplate deletes a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+        /// DeleteCertificateTemplate deletes a
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in the format
-        /// `projects/*/locations/*/certificateTemplates/*`.
+        /// Required. The resource name for this
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+        /// in the format `projects/*/locations/*/certificateTemplates/*`.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>The RPC response.</returns>
@@ -4581,11 +4999,13 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// DeleteCertificateTemplate deletes a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+        /// DeleteCertificateTemplate deletes a
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in the format
-        /// `projects/*/locations/*/certificateTemplates/*`.
+        /// Required. The resource name for this
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+        /// in the format `projects/*/locations/*/certificateTemplates/*`.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -4596,11 +5016,13 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// DeleteCertificateTemplate deletes a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+        /// DeleteCertificateTemplate deletes a
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in the format
-        /// `projects/*/locations/*/certificateTemplates/*`.
+        /// Required. The resource name for this
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+        /// in the format `projects/*/locations/*/certificateTemplates/*`.
         /// </param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -4608,11 +5030,13 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             DeleteCertificateTemplateAsync(name, gaxgrpc::CallSettings.FromCancellationToken(cancellationToken));
 
         /// <summary>
-        /// DeleteCertificateTemplate deletes a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+        /// DeleteCertificateTemplate deletes a
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in the format
-        /// `projects/*/locations/*/certificateTemplates/*`.
+        /// Required. The resource name for this
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+        /// in the format `projects/*/locations/*/certificateTemplates/*`.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>The RPC response.</returns>
@@ -4623,11 +5047,13 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// DeleteCertificateTemplate deletes a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+        /// DeleteCertificateTemplate deletes a
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in the format
-        /// `projects/*/locations/*/certificateTemplates/*`.
+        /// Required. The resource name for this
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+        /// in the format `projects/*/locations/*/certificateTemplates/*`.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -4638,11 +5064,13 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// DeleteCertificateTemplate deletes a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+        /// DeleteCertificateTemplate deletes a
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
         /// </summary>
         /// <param name="name">
-        /// Required. The resource name for this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in the format
-        /// `projects/*/locations/*/certificateTemplates/*`.
+        /// Required. The resource name for this
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+        /// in the format `projects/*/locations/*/certificateTemplates/*`.
         /// </param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -4650,7 +5078,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             DeleteCertificateTemplateAsync(name, gaxgrpc::CallSettings.FromCancellationToken(cancellationToken));
 
         /// <summary>
-        /// Returns a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+        /// Returns a
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -4659,7 +5088,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             throw new sys::NotImplementedException();
 
         /// <summary>
-        /// Returns a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+        /// Returns a
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -4668,7 +5098,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             throw new sys::NotImplementedException();
 
         /// <summary>
-        /// Returns a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+        /// Returns a
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
@@ -4677,11 +5108,14 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             GetCertificateTemplateAsync(request, gaxgrpc::CallSettings.FromCancellationToken(cancellationToken));
 
         /// <summary>
-        /// Returns a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+        /// Returns a
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
         /// </summary>
         /// <param name="name">
-        /// Required. The [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] to
-        /// get.
+        /// Required. The
+        /// [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+        /// to get.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>The RPC response.</returns>
@@ -4692,11 +5126,14 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Returns a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+        /// Returns a
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
         /// </summary>
         /// <param name="name">
-        /// Required. The [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] to
-        /// get.
+        /// Required. The
+        /// [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+        /// to get.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -4707,11 +5144,14 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Returns a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+        /// Returns a
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
         /// </summary>
         /// <param name="name">
-        /// Required. The [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] to
-        /// get.
+        /// Required. The
+        /// [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+        /// to get.
         /// </param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -4719,11 +5159,14 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             GetCertificateTemplateAsync(name, gaxgrpc::CallSettings.FromCancellationToken(cancellationToken));
 
         /// <summary>
-        /// Returns a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+        /// Returns a
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
         /// </summary>
         /// <param name="name">
-        /// Required. The [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] to
-        /// get.
+        /// Required. The
+        /// [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+        /// to get.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>The RPC response.</returns>
@@ -4734,11 +5177,14 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Returns a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+        /// Returns a
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
         /// </summary>
         /// <param name="name">
-        /// Required. The [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] to
-        /// get.
+        /// Required. The
+        /// [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+        /// to get.
         /// </param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -4749,11 +5195,14 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Returns a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+        /// Returns a
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
         /// </summary>
         /// <param name="name">
-        /// Required. The [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] to
-        /// get.
+        /// Required. The
+        /// [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+        /// to get.
         /// </param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
         /// <returns>A Task containing the RPC response.</returns>
@@ -4761,7 +5210,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             GetCertificateTemplateAsync(name, gaxgrpc::CallSettings.FromCancellationToken(cancellationToken));
 
         /// <summary>
-        /// Lists [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+        /// Lists
+        /// [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -4770,7 +5220,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             throw new sys::NotImplementedException();
 
         /// <summary>
-        /// Lists [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+        /// Lists
+        /// [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -4779,12 +5230,13 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             throw new sys::NotImplementedException();
 
         /// <summary>
-        /// Lists [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+        /// Lists
+        /// [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
         /// </summary>
         /// <param name="parent">
         /// Required. The resource name of the location associated with the
-        /// [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate], in the format
-        /// `projects/*/locations/*`.
+        /// [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate],
+        /// in the format `projects/*/locations/*`.
         /// </param>
         /// <param name="pageToken">
         /// The token returned from the previous request. A value of <c>null</c> or an empty string retrieves the first
@@ -4805,12 +5257,13 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Lists [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+        /// Lists
+        /// [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
         /// </summary>
         /// <param name="parent">
         /// Required. The resource name of the location associated with the
-        /// [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate], in the format
-        /// `projects/*/locations/*`.
+        /// [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate],
+        /// in the format `projects/*/locations/*`.
         /// </param>
         /// <param name="pageToken">
         /// The token returned from the previous request. A value of <c>null</c> or an empty string retrieves the first
@@ -4831,12 +5284,13 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Lists [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+        /// Lists
+        /// [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
         /// </summary>
         /// <param name="parent">
         /// Required. The resource name of the location associated with the
-        /// [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate], in the format
-        /// `projects/*/locations/*`.
+        /// [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate],
+        /// in the format `projects/*/locations/*`.
         /// </param>
         /// <param name="pageToken">
         /// The token returned from the previous request. A value of <c>null</c> or an empty string retrieves the first
@@ -4857,12 +5311,13 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Lists [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+        /// Lists
+        /// [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
         /// </summary>
         /// <param name="parent">
         /// Required. The resource name of the location associated with the
-        /// [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate], in the format
-        /// `projects/*/locations/*`.
+        /// [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate],
+        /// in the format `projects/*/locations/*`.
         /// </param>
         /// <param name="pageToken">
         /// The token returned from the previous request. A value of <c>null</c> or an empty string retrieves the first
@@ -4883,7 +5338,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Update a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+        /// Update a
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -4892,7 +5348,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             throw new sys::NotImplementedException();
 
         /// <summary>
-        /// Update a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+        /// Update a
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -4901,7 +5358,8 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             throw new sys::NotImplementedException();
 
         /// <summary>
-        /// Update a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+        /// Update a
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="cancellationToken">A <see cref="st::CancellationToken"/> to use for this RPC.</param>
@@ -4937,10 +5395,13 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             lro::Operation<CertificateTemplate, OperationMetadata>.PollOnceFromNameAsync(gax::GaxPreconditions.CheckNotNullOrEmpty(operationName, nameof(operationName)), UpdateCertificateTemplateOperationsClient, callSettings);
 
         /// <summary>
-        /// Update a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+        /// Update a
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
         /// </summary>
         /// <param name="certificateTemplate">
-        /// Required. [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with updated values.
+        /// Required.
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+        /// with updated values.
         /// </param>
         /// <param name="updateMask">
         /// Required. A list of fields to be updated in this request.
@@ -4955,10 +5416,13 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Update a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+        /// Update a
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
         /// </summary>
         /// <param name="certificateTemplate">
-        /// Required. [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with updated values.
+        /// Required.
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+        /// with updated values.
         /// </param>
         /// <param name="updateMask">
         /// Required. A list of fields to be updated in this request.
@@ -4973,10 +5437,13 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
             }, callSettings);
 
         /// <summary>
-        /// Update a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+        /// Update a
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
         /// </summary>
         /// <param name="certificateTemplate">
-        /// Required. [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with updated values.
+        /// Required.
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+        /// with updated values.
         /// </param>
         /// <param name="updateMask">
         /// Required. A list of fields to be updated in this request.
@@ -4989,8 +5456,9 @@ internal static CertificateAuthorityServiceClient Create(grpccore::CallInvoker c
 
     /// <summary>CertificateAuthorityService client wrapper implementation, for convenient use.</summary>
     /// <remarks>
-    /// [Certificate Authority Service][google.cloud.security.privateca.v1.CertificateAuthorityService] manages private
-    /// certificate authorities and issued certificates.
+    /// [Certificate Authority
+    /// Service][google.cloud.security.privateca.v1.CertificateAuthorityService]
+    /// manages private certificate authorities and issued certificates.
     /// </remarks>
     public sealed partial class CertificateAuthorityServiceClientImpl : CertificateAuthorityServiceClient
     {
@@ -5302,7 +5770,8 @@ public CertificateAuthorityServiceClientImpl(CertificateAuthorityService.Certifi
         partial void Modify_UpdateCertificateTemplateRequest(ref UpdateCertificateTemplateRequest request, ref gaxgrpc::CallSettings settings);
 
         /// <summary>
-        /// Create a new [Certificate][google.cloud.security.privateca.v1.Certificate] in a given Project, Location from a particular
+        /// Create a new [Certificate][google.cloud.security.privateca.v1.Certificate]
+        /// in a given Project, Location from a particular
         /// [CaPool][google.cloud.security.privateca.v1.CaPool].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
@@ -5315,7 +5784,8 @@ public override Certificate CreateCertificate(CreateCertificateRequest request,
         }
 
         /// <summary>
-        /// Create a new [Certificate][google.cloud.security.privateca.v1.Certificate] in a given Project, Location from a particular
+        /// Create a new [Certificate][google.cloud.security.privateca.v1.Certificate]
+        /// in a given Project, Location from a particular
         /// [CaPool][google.cloud.security.privateca.v1.CaPool].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
@@ -5400,7 +5870,8 @@ public override Certificate RevokeCertificate(RevokeCertificateRequest request,
         }
 
         /// <summary>
-        /// Update a [Certificate][google.cloud.security.privateca.v1.Certificate]. Currently, the only field you can update is the
+        /// Update a [Certificate][google.cloud.security.privateca.v1.Certificate].
+        /// Currently, the only field you can update is the
         /// [labels][google.cloud.security.privateca.v1.Certificate.labels] field.
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
@@ -5413,7 +5884,8 @@ public override Certificate UpdateCertificate(UpdateCertificateRequest request,
         }
 
         /// <summary>
-        /// Update a [Certificate][google.cloud.security.privateca.v1.Certificate]. Currently, the only field you can update is the
+        /// Update a [Certificate][google.cloud.security.privateca.v1.Certificate].
+        /// Currently, the only field you can update is the
         /// [labels][google.cloud.security.privateca.v1.Certificate.labels] field.
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
@@ -5429,12 +5901,16 @@ public override Certificate UpdateCertificate(UpdateCertificateRequest request,
         public override lro::OperationsClient ActivateCertificateAuthorityOperationsClient { get; }
 
         /// <summary>
-        /// Activate a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that is in state
+        /// Activate a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// that is in state
         /// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
-        /// and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. After
-        /// the parent Certificate Authority signs a certificate signing request from
-        /// [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr], this method can complete the activation
-        /// process.
+        /// and is of type
+        /// [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+        /// After the parent Certificate Authority signs a certificate signing request
+        /// from
+        /// [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr],
+        /// this method can complete the activation process.
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -5446,12 +5922,16 @@ public override Certificate UpdateCertificate(UpdateCertificateRequest request,
         }
 
         /// <summary>
-        /// Activate a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that is in state
+        /// Activate a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// that is in state
         /// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
-        /// and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. After
-        /// the parent Certificate Authority signs a certificate signing request from
-        /// [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr], this method can complete the activation
-        /// process.
+        /// and is of type
+        /// [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+        /// After the parent Certificate Authority signs a certificate signing request
+        /// from
+        /// [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr],
+        /// this method can complete the activation process.
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -5466,7 +5946,9 @@ public override Certificate UpdateCertificate(UpdateCertificateRequest request,
         public override lro::OperationsClient CreateCertificateAuthorityOperationsClient { get; }
 
         /// <summary>
-        /// Create a new [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in a given Project and Location.
+        /// Create a new
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in a given Project and Location.
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -5478,7 +5960,9 @@ public override Certificate UpdateCertificate(UpdateCertificateRequest request,
         }
 
         /// <summary>
-        /// Create a new [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in a given Project and Location.
+        /// Create a new
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// in a given Project and Location.
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -5493,7 +5977,8 @@ public override Certificate UpdateCertificate(UpdateCertificateRequest request,
         public override lro::OperationsClient DisableCertificateAuthorityOperationsClient { get; }
 
         /// <summary>
-        /// Disable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Disable a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -5505,7 +5990,8 @@ public override Certificate UpdateCertificate(UpdateCertificateRequest request,
         }
 
         /// <summary>
-        /// Disable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Disable a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -5520,7 +6006,8 @@ public override Certificate UpdateCertificate(UpdateCertificateRequest request,
         public override lro::OperationsClient EnableCertificateAuthorityOperationsClient { get; }
 
         /// <summary>
-        /// Enable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Enable a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -5532,7 +6019,8 @@ public override Certificate UpdateCertificate(UpdateCertificateRequest request,
         }
 
         /// <summary>
-        /// Enable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Enable a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -5544,13 +6032,17 @@ public override Certificate UpdateCertificate(UpdateCertificateRequest request,
         }
 
         /// <summary>
-        /// Fetch a certificate signing request (CSR) from a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// Fetch a certificate signing request (CSR) from a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
         /// that is in state
         /// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
-        /// and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. The
-        /// CSR must then be signed by the desired parent Certificate Authority, which
-        /// could be another [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] resource, or could be an on-prem
-        /// certificate authority. See also [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
+        /// and is of type
+        /// [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+        /// The CSR must then be signed by the desired parent Certificate Authority,
+        /// which could be another
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// resource, or could be an on-prem certificate authority. See also
+        /// [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -5562,13 +6054,17 @@ public override FetchCertificateAuthorityCsrResponse FetchCertificateAuthorityCs
         }
 
         /// <summary>
-        /// Fetch a certificate signing request (CSR) from a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// Fetch a certificate signing request (CSR) from a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
         /// that is in state
         /// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
-        /// and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. The
-        /// CSR must then be signed by the desired parent Certificate Authority, which
-        /// could be another [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] resource, or could be an on-prem
-        /// certificate authority. See also [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
+        /// and is of type
+        /// [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+        /// The CSR must then be signed by the desired parent Certificate Authority,
+        /// which could be another
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// resource, or could be an on-prem certificate authority. See also
+        /// [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -5580,7 +6076,8 @@ public override FetchCertificateAuthorityCsrResponse FetchCertificateAuthorityCs
         }
 
         /// <summary>
-        /// Returns a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Returns a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -5592,7 +6089,8 @@ public override CertificateAuthority GetCertificateAuthority(GetCertificateAutho
         }
 
         /// <summary>
-        /// Returns a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Returns a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -5604,7 +6102,8 @@ public override CertificateAuthority GetCertificateAuthority(GetCertificateAutho
         }
 
         /// <summary>
-        /// Lists [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Lists
+        /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -5616,7 +6115,8 @@ public override CertificateAuthority GetCertificateAuthority(GetCertificateAutho
         }
 
         /// <summary>
-        /// Lists [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Lists
+        /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -5631,7 +6131,9 @@ public override CertificateAuthority GetCertificateAuthority(GetCertificateAutho
         public override lro::OperationsClient UndeleteCertificateAuthorityOperationsClient { get; }
 
         /// <summary>
-        /// Undelete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that has been deleted.
+        /// Undelete a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// that has been deleted.
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -5643,7 +6145,9 @@ public override CertificateAuthority GetCertificateAuthority(GetCertificateAutho
         }
 
         /// <summary>
-        /// Undelete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that has been deleted.
+        /// Undelete a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// that has been deleted.
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -5658,7 +6162,8 @@ public override CertificateAuthority GetCertificateAuthority(GetCertificateAutho
         public override lro::OperationsClient DeleteCertificateAuthorityOperationsClient { get; }
 
         /// <summary>
-        /// Delete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Delete a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -5670,7 +6175,8 @@ public override CertificateAuthority GetCertificateAuthority(GetCertificateAutho
         }
 
         /// <summary>
-        /// Delete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Delete a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -5685,7 +6191,8 @@ public override CertificateAuthority GetCertificateAuthority(GetCertificateAutho
         public override lro::OperationsClient UpdateCertificateAuthorityOperationsClient { get; }
 
         /// <summary>
-        /// Update a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Update a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -5697,7 +6204,8 @@ public override CertificateAuthority GetCertificateAuthority(GetCertificateAutho
         }
 
         /// <summary>
-        /// Update a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+        /// Update a
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -5838,8 +6346,10 @@ public override CaPool GetCaPool(GetCaPoolRequest request, gaxgrpc::CallSettings
         }
 
         /// <summary>
-        /// FetchCaCerts returns the current trust anchor for the [CaPool][google.cloud.security.privateca.v1.CaPool]. This will
-        /// include CA certificate chains for all ACTIVE [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// FetchCaCerts returns the current trust anchor for the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool]. This will include CA
+        /// certificate chains for all ACTIVE
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
         /// resources in the [CaPool][google.cloud.security.privateca.v1.CaPool].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
@@ -5852,8 +6362,10 @@ public override FetchCaCertsResponse FetchCaCerts(FetchCaCertsRequest request, g
         }
 
         /// <summary>
-        /// FetchCaCerts returns the current trust anchor for the [CaPool][google.cloud.security.privateca.v1.CaPool]. This will
-        /// include CA certificate chains for all ACTIVE [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// FetchCaCerts returns the current trust anchor for the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool]. This will include CA
+        /// certificate chains for all ACTIVE
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
         /// resources in the [CaPool][google.cloud.security.privateca.v1.CaPool].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
@@ -5866,7 +6378,8 @@ public override FetchCaCertsResponse FetchCaCerts(FetchCaCertsRequest request, g
         }
 
         /// <summary>
-        /// Returns a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+        /// Returns a
+        /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -5878,7 +6391,8 @@ public override CertificateRevocationList GetCertificateRevocationList(GetCertif
         }
 
         /// <summary>
-        /// Returns a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+        /// Returns a
+        /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -5890,7 +6404,8 @@ public override CertificateRevocationList GetCertificateRevocationList(GetCertif
         }
 
         /// <summary>
-        /// Lists [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+        /// Lists
+        /// [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -5902,7 +6417,8 @@ public override CertificateRevocationList GetCertificateRevocationList(GetCertif
         }
 
         /// <summary>
-        /// Lists [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+        /// Lists
+        /// [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -5917,7 +6433,8 @@ public override CertificateRevocationList GetCertificateRevocationList(GetCertif
         public override lro::OperationsClient UpdateCertificateRevocationListOperationsClient { get; }
 
         /// <summary>
-        /// Update a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+        /// Update a
+        /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -5929,7 +6446,8 @@ public override CertificateRevocationList GetCertificateRevocationList(GetCertif
         }
 
         /// <summary>
-        /// Update a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+        /// Update a
+        /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -5944,7 +6462,9 @@ public override CertificateRevocationList GetCertificateRevocationList(GetCertif
         public override lro::OperationsClient CreateCertificateTemplateOperationsClient { get; }
 
         /// <summary>
-        /// Create a new [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in a given Project and Location.
+        /// Create a new
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+        /// in a given Project and Location.
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -5956,7 +6476,9 @@ public override CertificateRevocationList GetCertificateRevocationList(GetCertif
         }
 
         /// <summary>
-        /// Create a new [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in a given Project and Location.
+        /// Create a new
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+        /// in a given Project and Location.
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -5971,7 +6493,8 @@ public override CertificateRevocationList GetCertificateRevocationList(GetCertif
         public override lro::OperationsClient DeleteCertificateTemplateOperationsClient { get; }
 
         /// <summary>
-        /// DeleteCertificateTemplate deletes a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+        /// DeleteCertificateTemplate deletes a
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -5983,7 +6506,8 @@ public override CertificateRevocationList GetCertificateRevocationList(GetCertif
         }
 
         /// <summary>
-        /// DeleteCertificateTemplate deletes a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+        /// DeleteCertificateTemplate deletes a
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -5995,7 +6519,8 @@ public override CertificateRevocationList GetCertificateRevocationList(GetCertif
         }
 
         /// <summary>
-        /// Returns a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+        /// Returns a
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -6007,7 +6532,8 @@ public override CertificateTemplate GetCertificateTemplate(GetCertificateTemplat
         }
 
         /// <summary>
-        /// Returns a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+        /// Returns a
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -6019,7 +6545,8 @@ public override CertificateTemplate GetCertificateTemplate(GetCertificateTemplat
         }
 
         /// <summary>
-        /// Lists [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+        /// Lists
+        /// [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -6031,7 +6558,8 @@ public override CertificateTemplate GetCertificateTemplate(GetCertificateTemplat
         }
 
         /// <summary>
-        /// Lists [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+        /// Lists
+        /// [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -6046,7 +6574,8 @@ public override CertificateTemplate GetCertificateTemplate(GetCertificateTemplat
         public override lro::OperationsClient UpdateCertificateTemplateOperationsClient { get; }
 
         /// <summary>
-        /// Update a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+        /// Update a
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
@@ -6058,7 +6587,8 @@ public override CertificateTemplate GetCertificateTemplate(GetCertificateTemplat
         }
 
         /// <summary>
-        /// Update a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+        /// Update a
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
         /// </summary>
         /// <param name="request">The request object containing all of the parameters for the API call.</param>
         /// <param name="callSettings">If not null, applies overrides to this RPC call.</param>
diff --git a/apis/Google.Cloud.Security.PrivateCA.V1/Google.Cloud.Security.PrivateCA.V1/Resources.g.cs b/apis/Google.Cloud.Security.PrivateCA.V1/Google.Cloud.Security.PrivateCA.V1/Resources.g.cs
index 3e426f8b0e78..b1aa65543566 100644
--- a/apis/Google.Cloud.Security.PrivateCA.V1/Google.Cloud.Security.PrivateCA.V1/Resources.g.cs
+++ b/apis/Google.Cloud.Security.PrivateCA.V1/Google.Cloud.Security.PrivateCA.V1/Resources.g.cs
@@ -187,117 +187,126 @@ public static partial class ResourcesReflection {
             "GAEgASgJEg0KBXZhbHVlGAIgASgJOgI4ATqHAepBgwEKLHByaXZhdGVjYS5n",
             "b29nbGVhcGlzLmNvbS9DZXJ0aWZpY2F0ZVRlbXBsYXRlElNwcm9qZWN0cy97",
             "cHJvamVjdH0vbG9jYXRpb25zL3tsb2NhdGlvbn0vY2VydGlmaWNhdGVUZW1w",
-            "bGF0ZXMve2NlcnRpZmljYXRlX3RlbXBsYXRlfSLfAwoOWDUwOVBhcmFtZXRl",
+            "bGF0ZXMve2NlcnRpZmljYXRlX3RlbXBsYXRlfSLOBgoOWDUwOVBhcmFtZXRl",
             "cnMSRAoJa2V5X3VzYWdlGAEgASgLMiwuZ29vZ2xlLmNsb3VkLnNlY3VyaXR5",
             "LnByaXZhdGVjYS52MS5LZXlVc2FnZUID4EEBElUKCmNhX29wdGlvbnMYAiAB",
             "KAsyPC5nb29nbGUuY2xvdWQuc2VjdXJpdHkucHJpdmF0ZWNhLnYxLlg1MDlQ",
             "YXJhbWV0ZXJzLkNhT3B0aW9uc0ID4EEBEkUKCnBvbGljeV9pZHMYAyADKAsy",
             "LC5nb29nbGUuY2xvdWQuc2VjdXJpdHkucHJpdmF0ZWNhLnYxLk9iamVjdElk",
-            "QgPgQQESHQoQYWlhX29jc3Bfc2VydmVycxgEIAMoCUID4EEBElUKFWFkZGl0",
-            "aW9uYWxfZXh0ZW5zaW9ucxgFIAMoCzIxLmdvb2dsZS5jbG91ZC5zZWN1cml0",
-            "eS5wcml2YXRlY2EudjEuWDUwOUV4dGVuc2lvbkID4EEBGnMKCUNhT3B0aW9u",
-            "cxIXCgVpc19jYRgBIAEoCEID4EEBSACIAQESKAoWbWF4X2lzc3Vlcl9wYXRo",
-            "X2xlbmd0aBgCIAEoBUID4EEBSAGIAQFCCAoGX2lzX2NhQhkKF19tYXhfaXNz",
-            "dWVyX3BhdGhfbGVuZ3RoIqkCChFTdWJvcmRpbmF0ZUNvbmZpZxJWChVjZXJ0",
-            "aWZpY2F0ZV9hdXRob3JpdHkYASABKAlCNeBBAvpBLwotcHJpdmF0ZWNhLmdv",
-            "b2dsZWFwaXMuY29tL0NlcnRpZmljYXRlQXV0aG9yaXR5SAASbQoQcGVtX2lz",
-            "c3Vlcl9jaGFpbhgCIAEoCzJMLmdvb2dsZS5jbG91ZC5zZWN1cml0eS5wcml2",
-            "YXRlY2EudjEuU3Vib3JkaW5hdGVDb25maWcuU3Vib3JkaW5hdGVDb25maWdD",
-            "aGFpbkID4EECSAAaNwoWU3Vib3JkaW5hdGVDb25maWdDaGFpbhIdChBwZW1f",
-            "Y2VydGlmaWNhdGVzGAEgAygJQgPgQQJCFAoSc3Vib3JkaW5hdGVfY29uZmln",
-            "Ip0BCglQdWJsaWNLZXkSEAoDa2V5GAEgASgMQgPgQQISTAoGZm9ybWF0GAIg",
-            "ASgOMjcuZ29vZ2xlLmNsb3VkLnNlY3VyaXR5LnByaXZhdGVjYS52MS5QdWJs",
-            "aWNLZXkuS2V5Rm9ybWF0QgPgQQIiMAoJS2V5Rm9ybWF0EhoKFktFWV9GT1JN",
-            "QVRfVU5TUEVDSUZJRUQQABIHCgNQRU0QASK0AwoRQ2VydGlmaWNhdGVDb25m",
-            "aWcSYAoOc3ViamVjdF9jb25maWcYASABKAsyQy5nb29nbGUuY2xvdWQuc2Vj",
-            "dXJpdHkucHJpdmF0ZWNhLnYxLkNlcnRpZmljYXRlQ29uZmlnLlN1YmplY3RD",
-            "b25maWdCA+BBAhJMCgt4NTA5X2NvbmZpZxgCIAEoCzIyLmdvb2dsZS5jbG91",
-            "ZC5zZWN1cml0eS5wcml2YXRlY2EudjEuWDUwOVBhcmFtZXRlcnNCA+BBAhJG",
-            "CgpwdWJsaWNfa2V5GAMgASgLMi0uZ29vZ2xlLmNsb3VkLnNlY3VyaXR5LnBy",
-            "aXZhdGVjYS52MS5QdWJsaWNLZXlCA+BBARqmAQoNU3ViamVjdENvbmZpZxJB",
-            "CgdzdWJqZWN0GAEgASgLMisuZ29vZ2xlLmNsb3VkLnNlY3VyaXR5LnByaXZh",
-            "dGVjYS52MS5TdWJqZWN0QgPgQQISUgoQc3ViamVjdF9hbHRfbmFtZRgCIAEo",
-            "CzIzLmdvb2dsZS5jbG91ZC5zZWN1cml0eS5wcml2YXRlY2EudjEuU3ViamVj",
-            "dEFsdE5hbWVzQgPgQQEioQgKFkNlcnRpZmljYXRlRGVzY3JpcHRpb24SagoT",
-            "c3ViamVjdF9kZXNjcmlwdGlvbhgBIAEoCzJNLmdvb2dsZS5jbG91ZC5zZWN1",
-            "cml0eS5wcml2YXRlY2EudjEuQ2VydGlmaWNhdGVEZXNjcmlwdGlvbi5TdWJq",
-            "ZWN0RGVzY3JpcHRpb24STAoQeDUwOV9kZXNjcmlwdGlvbhgCIAEoCzIyLmdv",
-            "b2dsZS5jbG91ZC5zZWN1cml0eS5wcml2YXRlY2EudjEuWDUwOVBhcmFtZXRl",
-            "cnMSQQoKcHVibGljX2tleRgDIAEoCzItLmdvb2dsZS5jbG91ZC5zZWN1cml0",
-            "eS5wcml2YXRlY2EudjEuUHVibGljS2V5ElgKDnN1YmplY3Rfa2V5X2lkGAQg",
-            "ASgLMkAuZ29vZ2xlLmNsb3VkLnNlY3VyaXR5LnByaXZhdGVjYS52MS5DZXJ0",
-            "aWZpY2F0ZURlc2NyaXB0aW9uLktleUlkEloKEGF1dGhvcml0eV9rZXlfaWQY",
-            "BSABKAsyQC5nb29nbGUuY2xvdWQuc2VjdXJpdHkucHJpdmF0ZWNhLnYxLkNl",
-            "cnRpZmljYXRlRGVzY3JpcHRpb24uS2V5SWQSHwoXY3JsX2Rpc3RyaWJ1dGlv",
-            "bl9wb2ludHMYBiADKAkSJAocYWlhX2lzc3VpbmdfY2VydGlmaWNhdGVfdXJs",
-            "cxgHIAMoCRJrChBjZXJ0X2ZpbmdlcnByaW50GAggASgLMlEuZ29vZ2xlLmNs",
-            "b3VkLnNlY3VyaXR5LnByaXZhdGVjYS52MS5DZXJ0aWZpY2F0ZURlc2NyaXB0",
-            "aW9uLkNlcnRpZmljYXRlRmluZ2VycHJpbnQa0gIKElN1YmplY3REZXNjcmlw",
-            "dGlvbhI8CgdzdWJqZWN0GAEgASgLMisuZ29vZ2xlLmNsb3VkLnNlY3VyaXR5",
-            "LnByaXZhdGVjYS52MS5TdWJqZWN0Ek0KEHN1YmplY3RfYWx0X25hbWUYAiAB",
-            "KAsyMy5nb29nbGUuY2xvdWQuc2VjdXJpdHkucHJpdmF0ZWNhLnYxLlN1Ympl",
-            "Y3RBbHROYW1lcxIZChFoZXhfc2VyaWFsX251bWJlchgDIAEoCRIrCghsaWZl",
-            "dGltZRgEIAEoCzIZLmdvb2dsZS5wcm90b2J1Zi5EdXJhdGlvbhIzCg9ub3Rf",
-            "YmVmb3JlX3RpbWUYBSABKAsyGi5nb29nbGUucHJvdG9idWYuVGltZXN0YW1w",
-            "EjIKDm5vdF9hZnRlcl90aW1lGAYgASgLMhouZ29vZ2xlLnByb3RvYnVmLlRp",
-            "bWVzdGFtcBocCgVLZXlJZBITCgZrZXlfaWQYASABKAlCA+BBARotChZDZXJ0",
-            "aWZpY2F0ZUZpbmdlcnByaW50EhMKC3NoYTI1Nl9oYXNoGAEgASgJIicKCE9i",
-            "amVjdElkEhsKDm9iamVjdF9pZF9wYXRoGAEgAygFQgPgQQIigAEKDVg1MDlF",
-            "eHRlbnNpb24SRAoJb2JqZWN0X2lkGAEgASgLMiwuZ29vZ2xlLmNsb3VkLnNl",
-            "Y3VyaXR5LnByaXZhdGVjYS52MS5PYmplY3RJZEID4EECEhUKCGNyaXRpY2Fs",
-            "GAIgASgIQgPgQQESEgoFdmFsdWUYAyABKAxCA+BBAiKiBQoIS2V5VXNhZ2US",
-            "VAoOYmFzZV9rZXlfdXNhZ2UYASABKAsyPC5nb29nbGUuY2xvdWQuc2VjdXJp",
-            "dHkucHJpdmF0ZWNhLnYxLktleVVzYWdlLktleVVzYWdlT3B0aW9ucxJgChJl",
-            "eHRlbmRlZF9rZXlfdXNhZ2UYAiABKAsyRC5nb29nbGUuY2xvdWQuc2VjdXJp",
-            "dHkucHJpdmF0ZWNhLnYxLktleVVzYWdlLkV4dGVuZGVkS2V5VXNhZ2VPcHRp",
-            "b25zElEKG3Vua25vd25fZXh0ZW5kZWRfa2V5X3VzYWdlcxgDIAMoCzIsLmdv",
-            "b2dsZS5jbG91ZC5zZWN1cml0eS5wcml2YXRlY2EudjEuT2JqZWN0SWQa5wEK",
-            "D0tleVVzYWdlT3B0aW9ucxIZChFkaWdpdGFsX3NpZ25hdHVyZRgBIAEoCBIa",
-            "ChJjb250ZW50X2NvbW1pdG1lbnQYAiABKAgSGAoQa2V5X2VuY2lwaGVybWVu",
-            "dBgDIAEoCBIZChFkYXRhX2VuY2lwaGVybWVudBgEIAEoCBIVCg1rZXlfYWdy",
-            "ZWVtZW50GAUgASgIEhEKCWNlcnRfc2lnbhgGIAEoCBIQCghjcmxfc2lnbhgH",
-            "IAEoCBIVCg1lbmNpcGhlcl9vbmx5GAggASgIEhUKDWRlY2lwaGVyX29ubHkY",
-            "CSABKAgaoAEKF0V4dGVuZGVkS2V5VXNhZ2VPcHRpb25zEhMKC3NlcnZlcl9h",
-            "dXRoGAEgASgIEhMKC2NsaWVudF9hdXRoGAIgASgIEhQKDGNvZGVfc2lnbmlu",
-            "ZxgDIAEoCBIYChBlbWFpbF9wcm90ZWN0aW9uGAQgASgIEhUKDXRpbWVfc3Rh",
-            "bXBpbmcYBSABKAgSFAoMb2NzcF9zaWduaW5nGAYgASgIIrgBCgdTdWJqZWN0",
-            "EhMKC2NvbW1vbl9uYW1lGAEgASgJEhQKDGNvdW50cnlfY29kZRgCIAEoCRIU",
-            "Cgxvcmdhbml6YXRpb24YAyABKAkSGwoTb3JnYW5pemF0aW9uYWxfdW5pdBgE",
-            "IAEoCRIQCghsb2NhbGl0eRgFIAEoCRIQCghwcm92aW5jZRgGIAEoCRIWCg5z",
-            "dHJlZXRfYWRkcmVzcxgHIAEoCRITCgtwb3N0YWxfY29kZRgIIAEoCSKpAQoP",
-            "U3ViamVjdEFsdE5hbWVzEhEKCWRuc19uYW1lcxgBIAMoCRIMCgR1cmlzGAIg",
-            "AygJEhcKD2VtYWlsX2FkZHJlc3NlcxgDIAMoCRIUCgxpcF9hZGRyZXNzZXMY",
-            "BCADKAkSRgoLY3VzdG9tX3NhbnMYBSADKAsyMS5nb29nbGUuY2xvdWQuc2Vj",
-            "dXJpdHkucHJpdmF0ZWNhLnYxLlg1MDlFeHRlbnNpb24i+gEKHkNlcnRpZmlj",
-            "YXRlSWRlbnRpdHlDb25zdHJhaW50cxIuCg5jZWxfZXhwcmVzc2lvbhgBIAEo",
-            "CzIRLmdvb2dsZS50eXBlLkV4cHJCA+BBARIrChlhbGxvd19zdWJqZWN0X3Bh",
-            "c3N0aHJvdWdoGAIgASgIQgPgQQJIAIgBARI1CiNhbGxvd19zdWJqZWN0X2Fs",
-            "dF9uYW1lc19wYXNzdGhyb3VnaBgDIAEoCEID4EECSAGIAQFCHAoaX2FsbG93",
-            "X3N1YmplY3RfcGFzc3Rocm91Z2hCJgokX2FsbG93X3N1YmplY3RfYWx0X25h",
-            "bWVzX3Bhc3N0aHJvdWdoIp4DCh9DZXJ0aWZpY2F0ZUV4dGVuc2lvbkNvbnN0",
-            "cmFpbnRzEnwKEGtub3duX2V4dGVuc2lvbnMYASADKA4yXS5nb29nbGUuY2xv",
-            "dWQuc2VjdXJpdHkucHJpdmF0ZWNhLnYxLkNlcnRpZmljYXRlRXh0ZW5zaW9u",
-            "Q29uc3RyYWludHMuS25vd25DZXJ0aWZpY2F0ZUV4dGVuc2lvbkID4EEBElAK",
-            "FWFkZGl0aW9uYWxfZXh0ZW5zaW9ucxgCIAMoCzIsLmdvb2dsZS5jbG91ZC5z",
-            "ZWN1cml0eS5wcml2YXRlY2EudjEuT2JqZWN0SWRCA+BBASKqAQoZS25vd25D",
-            "ZXJ0aWZpY2F0ZUV4dGVuc2lvbhIrCidLTk9XTl9DRVJUSUZJQ0FURV9FWFRF",
-            "TlNJT05fVU5TUEVDSUZJRUQQABISCg5CQVNFX0tFWV9VU0FHRRABEhYKEkVY",
-            "VEVOREVEX0tFWV9VU0FHRRACEg4KCkNBX09QVElPTlMQAxIOCgpQT0xJQ1lf",
-            "SURTEAQSFAoQQUlBX09DU1BfU0VSVkVSUxAFKocCChBSZXZvY2F0aW9uUmVh",
-            "c29uEiEKHVJFVk9DQVRJT05fUkVBU09OX1VOU1BFQ0lGSUVEEAASEgoOS0VZ",
-            "X0NPTVBST01JU0UQARIkCiBDRVJUSUZJQ0FURV9BVVRIT1JJVFlfQ09NUFJP",
-            "TUlTRRACEhcKE0FGRklMSUFUSU9OX0NIQU5HRUQQAxIOCgpTVVBFUlNFREVE",
-            "EAQSGgoWQ0VTU0FUSU9OX09GX09QRVJBVElPThAFEhQKEENFUlRJRklDQVRF",
-            "X0hPTEQQBhIXChNQUklWSUxFR0VfV0lUSERSQVdOEAcSIgoeQVRUUklCVVRF",
-            "X0FVVEhPUklUWV9DT01QUk9NSVNFEAgqXQoSU3ViamVjdFJlcXVlc3RNb2Rl",
-            "EiQKIFNVQkpFQ1RfUkVRVUVTVF9NT0RFX1VOU1BFQ0lGSUVEEAASCwoHREVG",
-            "QVVMVBABEhQKEFJFRkxFQ1RFRF9TUElGRkUQAkL/AQomY29tLmdvb2dsZS5j",
-            "bG91ZC5zZWN1cml0eS5wcml2YXRlY2EudjFCF1ByaXZhdGVDYVJlc291cmNl",
-            "c1Byb3RvUAFaRGNsb3VkLmdvb2dsZS5jb20vZ28vc2VjdXJpdHkvcHJpdmF0",
-            "ZWNhL2FwaXYxL3ByaXZhdGVjYXBiO3ByaXZhdGVjYXBi+AEBqgIiR29vZ2xl",
-            "LkNsb3VkLlNlY3VyaXR5LlByaXZhdGVDQS5WMcoCIkdvb2dsZVxDbG91ZFxT",
-            "ZWN1cml0eVxQcml2YXRlQ0FcVjHqAiZHb29nbGU6OkNsb3VkOjpTZWN1cml0",
-            "eTo6UHJpdmF0ZUNBOjpWMWIGcHJvdG8z"));
+            "QgPgQQESHQoQYWlhX29jc3Bfc2VydmVycxgEIAMoCUID4EEBEmEKEG5hbWVf",
+            "Y29uc3RyYWludHMYBiABKAsyQi5nb29nbGUuY2xvdWQuc2VjdXJpdHkucHJp",
+            "dmF0ZWNhLnYxLlg1MDlQYXJhbWV0ZXJzLk5hbWVDb25zdHJhaW50c0ID4EEB",
+            "ElUKFWFkZGl0aW9uYWxfZXh0ZW5zaW9ucxgFIAMoCzIxLmdvb2dsZS5jbG91",
+            "ZC5zZWN1cml0eS5wcml2YXRlY2EudjEuWDUwOUV4dGVuc2lvbkID4EEBGnMK",
+            "CUNhT3B0aW9ucxIXCgVpc19jYRgBIAEoCEID4EEBSACIAQESKAoWbWF4X2lz",
+            "c3Vlcl9wYXRoX2xlbmd0aBgCIAEoBUID4EEBSAGIAQFCCAoGX2lzX2NhQhkK",
+            "F19tYXhfaXNzdWVyX3BhdGhfbGVuZ3RoGokCCg9OYW1lQ29uc3RyYWludHMS",
+            "EAoIY3JpdGljYWwYASABKAgSGwoTcGVybWl0dGVkX2Ruc19uYW1lcxgCIAMo",
+            "CRIaChJleGNsdWRlZF9kbnNfbmFtZXMYAyADKAkSGwoTcGVybWl0dGVkX2lw",
+            "X3JhbmdlcxgEIAMoCRIaChJleGNsdWRlZF9pcF9yYW5nZXMYBSADKAkSIQoZ",
+            "cGVybWl0dGVkX2VtYWlsX2FkZHJlc3NlcxgGIAMoCRIgChhleGNsdWRlZF9l",
+            "bWFpbF9hZGRyZXNzZXMYByADKAkSFgoOcGVybWl0dGVkX3VyaXMYCCADKAkS",
+            "FQoNZXhjbHVkZWRfdXJpcxgJIAMoCSKpAgoRU3Vib3JkaW5hdGVDb25maWcS",
+            "VgoVY2VydGlmaWNhdGVfYXV0aG9yaXR5GAEgASgJQjXgQQL6QS8KLXByaXZh",
+            "dGVjYS5nb29nbGVhcGlzLmNvbS9DZXJ0aWZpY2F0ZUF1dGhvcml0eUgAEm0K",
+            "EHBlbV9pc3N1ZXJfY2hhaW4YAiABKAsyTC5nb29nbGUuY2xvdWQuc2VjdXJp",
+            "dHkucHJpdmF0ZWNhLnYxLlN1Ym9yZGluYXRlQ29uZmlnLlN1Ym9yZGluYXRl",
+            "Q29uZmlnQ2hhaW5CA+BBAkgAGjcKFlN1Ym9yZGluYXRlQ29uZmlnQ2hhaW4S",
+            "HQoQcGVtX2NlcnRpZmljYXRlcxgBIAMoCUID4EECQhQKEnN1Ym9yZGluYXRl",
+            "X2NvbmZpZyKdAQoJUHVibGljS2V5EhAKA2tleRgBIAEoDEID4EECEkwKBmZv",
+            "cm1hdBgCIAEoDjI3Lmdvb2dsZS5jbG91ZC5zZWN1cml0eS5wcml2YXRlY2Eu",
+            "djEuUHVibGljS2V5LktleUZvcm1hdEID4EECIjAKCUtleUZvcm1hdBIaChZL",
+            "RVlfRk9STUFUX1VOU1BFQ0lGSUVEEAASBwoDUEVNEAEitAMKEUNlcnRpZmlj",
+            "YXRlQ29uZmlnEmAKDnN1YmplY3RfY29uZmlnGAEgASgLMkMuZ29vZ2xlLmNs",
+            "b3VkLnNlY3VyaXR5LnByaXZhdGVjYS52MS5DZXJ0aWZpY2F0ZUNvbmZpZy5T",
+            "dWJqZWN0Q29uZmlnQgPgQQISTAoLeDUwOV9jb25maWcYAiABKAsyMi5nb29n",
+            "bGUuY2xvdWQuc2VjdXJpdHkucHJpdmF0ZWNhLnYxLlg1MDlQYXJhbWV0ZXJz",
+            "QgPgQQISRgoKcHVibGljX2tleRgDIAEoCzItLmdvb2dsZS5jbG91ZC5zZWN1",
+            "cml0eS5wcml2YXRlY2EudjEuUHVibGljS2V5QgPgQQEapgEKDVN1YmplY3RD",
+            "b25maWcSQQoHc3ViamVjdBgBIAEoCzIrLmdvb2dsZS5jbG91ZC5zZWN1cml0",
+            "eS5wcml2YXRlY2EudjEuU3ViamVjdEID4EECElIKEHN1YmplY3RfYWx0X25h",
+            "bWUYAiABKAsyMy5nb29nbGUuY2xvdWQuc2VjdXJpdHkucHJpdmF0ZWNhLnYx",
+            "LlN1YmplY3RBbHROYW1lc0ID4EEBIqEIChZDZXJ0aWZpY2F0ZURlc2NyaXB0",
+            "aW9uEmoKE3N1YmplY3RfZGVzY3JpcHRpb24YASABKAsyTS5nb29nbGUuY2xv",
+            "dWQuc2VjdXJpdHkucHJpdmF0ZWNhLnYxLkNlcnRpZmljYXRlRGVzY3JpcHRp",
+            "b24uU3ViamVjdERlc2NyaXB0aW9uEkwKEHg1MDlfZGVzY3JpcHRpb24YAiAB",
+            "KAsyMi5nb29nbGUuY2xvdWQuc2VjdXJpdHkucHJpdmF0ZWNhLnYxLlg1MDlQ",
+            "YXJhbWV0ZXJzEkEKCnB1YmxpY19rZXkYAyABKAsyLS5nb29nbGUuY2xvdWQu",
+            "c2VjdXJpdHkucHJpdmF0ZWNhLnYxLlB1YmxpY0tleRJYCg5zdWJqZWN0X2tl",
+            "eV9pZBgEIAEoCzJALmdvb2dsZS5jbG91ZC5zZWN1cml0eS5wcml2YXRlY2Eu",
+            "djEuQ2VydGlmaWNhdGVEZXNjcmlwdGlvbi5LZXlJZBJaChBhdXRob3JpdHlf",
+            "a2V5X2lkGAUgASgLMkAuZ29vZ2xlLmNsb3VkLnNlY3VyaXR5LnByaXZhdGVj",
+            "YS52MS5DZXJ0aWZpY2F0ZURlc2NyaXB0aW9uLktleUlkEh8KF2NybF9kaXN0",
+            "cmlidXRpb25fcG9pbnRzGAYgAygJEiQKHGFpYV9pc3N1aW5nX2NlcnRpZmlj",
+            "YXRlX3VybHMYByADKAkSawoQY2VydF9maW5nZXJwcmludBgIIAEoCzJRLmdv",
+            "b2dsZS5jbG91ZC5zZWN1cml0eS5wcml2YXRlY2EudjEuQ2VydGlmaWNhdGVE",
+            "ZXNjcmlwdGlvbi5DZXJ0aWZpY2F0ZUZpbmdlcnByaW50GtICChJTdWJqZWN0",
+            "RGVzY3JpcHRpb24SPAoHc3ViamVjdBgBIAEoCzIrLmdvb2dsZS5jbG91ZC5z",
+            "ZWN1cml0eS5wcml2YXRlY2EudjEuU3ViamVjdBJNChBzdWJqZWN0X2FsdF9u",
+            "YW1lGAIgASgLMjMuZ29vZ2xlLmNsb3VkLnNlY3VyaXR5LnByaXZhdGVjYS52",
+            "MS5TdWJqZWN0QWx0TmFtZXMSGQoRaGV4X3NlcmlhbF9udW1iZXIYAyABKAkS",
+            "KwoIbGlmZXRpbWUYBCABKAsyGS5nb29nbGUucHJvdG9idWYuRHVyYXRpb24S",
+            "MwoPbm90X2JlZm9yZV90aW1lGAUgASgLMhouZ29vZ2xlLnByb3RvYnVmLlRp",
+            "bWVzdGFtcBIyCg5ub3RfYWZ0ZXJfdGltZRgGIAEoCzIaLmdvb2dsZS5wcm90",
+            "b2J1Zi5UaW1lc3RhbXAaHAoFS2V5SWQSEwoGa2V5X2lkGAEgASgJQgPgQQEa",
+            "LQoWQ2VydGlmaWNhdGVGaW5nZXJwcmludBITCgtzaGEyNTZfaGFzaBgBIAEo",
+            "CSInCghPYmplY3RJZBIbCg5vYmplY3RfaWRfcGF0aBgBIAMoBUID4EECIoAB",
+            "Cg1YNTA5RXh0ZW5zaW9uEkQKCW9iamVjdF9pZBgBIAEoCzIsLmdvb2dsZS5j",
+            "bG91ZC5zZWN1cml0eS5wcml2YXRlY2EudjEuT2JqZWN0SWRCA+BBAhIVCghj",
+            "cml0aWNhbBgCIAEoCEID4EEBEhIKBXZhbHVlGAMgASgMQgPgQQIiogUKCEtl",
+            "eVVzYWdlElQKDmJhc2Vfa2V5X3VzYWdlGAEgASgLMjwuZ29vZ2xlLmNsb3Vk",
+            "LnNlY3VyaXR5LnByaXZhdGVjYS52MS5LZXlVc2FnZS5LZXlVc2FnZU9wdGlv",
+            "bnMSYAoSZXh0ZW5kZWRfa2V5X3VzYWdlGAIgASgLMkQuZ29vZ2xlLmNsb3Vk",
+            "LnNlY3VyaXR5LnByaXZhdGVjYS52MS5LZXlVc2FnZS5FeHRlbmRlZEtleVVz",
+            "YWdlT3B0aW9ucxJRCht1bmtub3duX2V4dGVuZGVkX2tleV91c2FnZXMYAyAD",
+            "KAsyLC5nb29nbGUuY2xvdWQuc2VjdXJpdHkucHJpdmF0ZWNhLnYxLk9iamVj",
+            "dElkGucBCg9LZXlVc2FnZU9wdGlvbnMSGQoRZGlnaXRhbF9zaWduYXR1cmUY",
+            "ASABKAgSGgoSY29udGVudF9jb21taXRtZW50GAIgASgIEhgKEGtleV9lbmNp",
+            "cGhlcm1lbnQYAyABKAgSGQoRZGF0YV9lbmNpcGhlcm1lbnQYBCABKAgSFQoN",
+            "a2V5X2FncmVlbWVudBgFIAEoCBIRCgljZXJ0X3NpZ24YBiABKAgSEAoIY3Js",
+            "X3NpZ24YByABKAgSFQoNZW5jaXBoZXJfb25seRgIIAEoCBIVCg1kZWNpcGhl",
+            "cl9vbmx5GAkgASgIGqABChdFeHRlbmRlZEtleVVzYWdlT3B0aW9ucxITCgtz",
+            "ZXJ2ZXJfYXV0aBgBIAEoCBITCgtjbGllbnRfYXV0aBgCIAEoCBIUCgxjb2Rl",
+            "X3NpZ25pbmcYAyABKAgSGAoQZW1haWxfcHJvdGVjdGlvbhgEIAEoCBIVCg10",
+            "aW1lX3N0YW1waW5nGAUgASgIEhQKDG9jc3Bfc2lnbmluZxgGIAEoCCK4AQoH",
+            "U3ViamVjdBITCgtjb21tb25fbmFtZRgBIAEoCRIUCgxjb3VudHJ5X2NvZGUY",
+            "AiABKAkSFAoMb3JnYW5pemF0aW9uGAMgASgJEhsKE29yZ2FuaXphdGlvbmFs",
+            "X3VuaXQYBCABKAkSEAoIbG9jYWxpdHkYBSABKAkSEAoIcHJvdmluY2UYBiAB",
+            "KAkSFgoOc3RyZWV0X2FkZHJlc3MYByABKAkSEwoLcG9zdGFsX2NvZGUYCCAB",
+            "KAkiqQEKD1N1YmplY3RBbHROYW1lcxIRCglkbnNfbmFtZXMYASADKAkSDAoE",
+            "dXJpcxgCIAMoCRIXCg9lbWFpbF9hZGRyZXNzZXMYAyADKAkSFAoMaXBfYWRk",
+            "cmVzc2VzGAQgAygJEkYKC2N1c3RvbV9zYW5zGAUgAygLMjEuZ29vZ2xlLmNs",
+            "b3VkLnNlY3VyaXR5LnByaXZhdGVjYS52MS5YNTA5RXh0ZW5zaW9uIvoBCh5D",
+            "ZXJ0aWZpY2F0ZUlkZW50aXR5Q29uc3RyYWludHMSLgoOY2VsX2V4cHJlc3Np",
+            "b24YASABKAsyES5nb29nbGUudHlwZS5FeHByQgPgQQESKwoZYWxsb3dfc3Vi",
+            "amVjdF9wYXNzdGhyb3VnaBgCIAEoCEID4EECSACIAQESNQojYWxsb3dfc3Vi",
+            "amVjdF9hbHRfbmFtZXNfcGFzc3Rocm91Z2gYAyABKAhCA+BBAkgBiAEBQhwK",
+            "Gl9hbGxvd19zdWJqZWN0X3Bhc3N0aHJvdWdoQiYKJF9hbGxvd19zdWJqZWN0",
+            "X2FsdF9uYW1lc19wYXNzdGhyb3VnaCK0AwofQ2VydGlmaWNhdGVFeHRlbnNp",
+            "b25Db25zdHJhaW50cxJ8ChBrbm93bl9leHRlbnNpb25zGAEgAygOMl0uZ29v",
+            "Z2xlLmNsb3VkLnNlY3VyaXR5LnByaXZhdGVjYS52MS5DZXJ0aWZpY2F0ZUV4",
+            "dGVuc2lvbkNvbnN0cmFpbnRzLktub3duQ2VydGlmaWNhdGVFeHRlbnNpb25C",
+            "A+BBARJQChVhZGRpdGlvbmFsX2V4dGVuc2lvbnMYAiADKAsyLC5nb29nbGUu",
+            "Y2xvdWQuc2VjdXJpdHkucHJpdmF0ZWNhLnYxLk9iamVjdElkQgPgQQEiwAEK",
+            "GUtub3duQ2VydGlmaWNhdGVFeHRlbnNpb24SKwonS05PV05fQ0VSVElGSUNB",
+            "VEVfRVhURU5TSU9OX1VOU1BFQ0lGSUVEEAASEgoOQkFTRV9LRVlfVVNBR0UQ",
+            "ARIWChJFWFRFTkRFRF9LRVlfVVNBR0UQAhIOCgpDQV9PUFRJT05TEAMSDgoK",
+            "UE9MSUNZX0lEUxAEEhQKEEFJQV9PQ1NQX1NFUlZFUlMQBRIUChBOQU1FX0NP",
+            "TlNUUkFJTlRTEAYqhwIKEFJldm9jYXRpb25SZWFzb24SIQodUkVWT0NBVElP",
+            "Tl9SRUFTT05fVU5TUEVDSUZJRUQQABISCg5LRVlfQ09NUFJPTUlTRRABEiQK",
+            "IENFUlRJRklDQVRFX0FVVEhPUklUWV9DT01QUk9NSVNFEAISFwoTQUZGSUxJ",
+            "QVRJT05fQ0hBTkdFRBADEg4KClNVUEVSU0VERUQQBBIaChZDRVNTQVRJT05f",
+            "T0ZfT1BFUkFUSU9OEAUSFAoQQ0VSVElGSUNBVEVfSE9MRBAGEhcKE1BSSVZJ",
+            "TEVHRV9XSVRIRFJBV04QBxIiCh5BVFRSSUJVVEVfQVVUSE9SSVRZX0NPTVBS",
+            "T01JU0UQCCpdChJTdWJqZWN0UmVxdWVzdE1vZGUSJAogU1VCSkVDVF9SRVFV",
+            "RVNUX01PREVfVU5TUEVDSUZJRUQQABILCgdERUZBVUxUEAESFAoQUkVGTEVD",
+            "VEVEX1NQSUZGRRACQv8BCiZjb20uZ29vZ2xlLmNsb3VkLnNlY3VyaXR5LnBy",
+            "aXZhdGVjYS52MUIXUHJpdmF0ZUNhUmVzb3VyY2VzUHJvdG9QAVpEY2xvdWQu",
+            "Z29vZ2xlLmNvbS9nby9zZWN1cml0eS9wcml2YXRlY2EvYXBpdjEvcHJpdmF0",
+            "ZWNhcGI7cHJpdmF0ZWNhcGL4AQGqAiJHb29nbGUuQ2xvdWQuU2VjdXJpdHku",
+            "UHJpdmF0ZUNBLlYxygIiR29vZ2xlXENsb3VkXFNlY3VyaXR5XFByaXZhdGVD",
+            "QVxWMeoCJkdvb2dsZTo6Q2xvdWQ6OlNlY3VyaXR5OjpQcml2YXRlQ0E6OlYx",
+            "YgZwcm90bzM="));
       descriptor = pbr::FileDescriptor.FromGeneratedCode(descriptorData,
           new pbr::FileDescriptor[] { global::Google.Api.FieldBehaviorReflection.Descriptor, global::Google.Api.ResourceReflection.Descriptor, global::Google.Protobuf.WellKnownTypes.DurationReflection.Descriptor, global::Google.Protobuf.WellKnownTypes.TimestampReflection.Descriptor, global::Google.Type.ExprReflection.Descriptor, },
           new pbr::GeneratedClrTypeInfo(new[] {typeof(global::Google.Cloud.Security.PrivateCA.V1.RevocationReason), typeof(global::Google.Cloud.Security.PrivateCA.V1.SubjectRequestMode), }, null, new pbr::GeneratedClrTypeInfo[] {
@@ -314,7 +323,8 @@ public static partial class ResourcesReflection {
             new pbr::GeneratedClrTypeInfo(typeof(global::Google.Cloud.Security.PrivateCA.V1.Certificate), global::Google.Cloud.Security.PrivateCA.V1.Certificate.Parser, new[]{ "Name", "PemCsr", "Config", "IssuerCertificateAuthority", "Lifetime", "CertificateTemplate", "SubjectMode", "RevocationDetails", "PemCertificate", "CertificateDescription", "PemCertificateChain", "CreateTime", "UpdateTime", "Labels" }, new[]{ "CertificateConfig" }, null, null, new pbr::GeneratedClrTypeInfo[] { new pbr::GeneratedClrTypeInfo(typeof(global::Google.Cloud.Security.PrivateCA.V1.Certificate.Types.RevocationDetails), global::Google.Cloud.Security.PrivateCA.V1.Certificate.Types.RevocationDetails.Parser, new[]{ "RevocationState", "RevocationTime" }, null, null, null, null),
             null, }),
             new pbr::GeneratedClrTypeInfo(typeof(global::Google.Cloud.Security.PrivateCA.V1.CertificateTemplate), global::Google.Cloud.Security.PrivateCA.V1.CertificateTemplate.Parser, new[]{ "Name", "PredefinedValues", "IdentityConstraints", "PassthroughExtensions", "Description", "CreateTime", "UpdateTime", "Labels" }, null, null, null, new pbr::GeneratedClrTypeInfo[] { null, }),
-            new pbr::GeneratedClrTypeInfo(typeof(global::Google.Cloud.Security.PrivateCA.V1.X509Parameters), global::Google.Cloud.Security.PrivateCA.V1.X509Parameters.Parser, new[]{ "KeyUsage", "CaOptions", "PolicyIds", "AiaOcspServers", "AdditionalExtensions" }, null, null, null, new pbr::GeneratedClrTypeInfo[] { new pbr::GeneratedClrTypeInfo(typeof(global::Google.Cloud.Security.PrivateCA.V1.X509Parameters.Types.CaOptions), global::Google.Cloud.Security.PrivateCA.V1.X509Parameters.Types.CaOptions.Parser, new[]{ "IsCa", "MaxIssuerPathLength" }, new[]{ "IsCa", "MaxIssuerPathLength" }, null, null, null)}),
+            new pbr::GeneratedClrTypeInfo(typeof(global::Google.Cloud.Security.PrivateCA.V1.X509Parameters), global::Google.Cloud.Security.PrivateCA.V1.X509Parameters.Parser, new[]{ "KeyUsage", "CaOptions", "PolicyIds", "AiaOcspServers", "NameConstraints", "AdditionalExtensions" }, null, null, null, new pbr::GeneratedClrTypeInfo[] { new pbr::GeneratedClrTypeInfo(typeof(global::Google.Cloud.Security.PrivateCA.V1.X509Parameters.Types.CaOptions), global::Google.Cloud.Security.PrivateCA.V1.X509Parameters.Types.CaOptions.Parser, new[]{ "IsCa", "MaxIssuerPathLength" }, new[]{ "IsCa", "MaxIssuerPathLength" }, null, null, null),
+            new pbr::GeneratedClrTypeInfo(typeof(global::Google.Cloud.Security.PrivateCA.V1.X509Parameters.Types.NameConstraints), global::Google.Cloud.Security.PrivateCA.V1.X509Parameters.Types.NameConstraints.Parser, new[]{ "Critical", "PermittedDnsNames", "ExcludedDnsNames", "PermittedIpRanges", "ExcludedIpRanges", "PermittedEmailAddresses", "ExcludedEmailAddresses", "PermittedUris", "ExcludedUris" }, null, null, null, null)}),
             new pbr::GeneratedClrTypeInfo(typeof(global::Google.Cloud.Security.PrivateCA.V1.SubordinateConfig), global::Google.Cloud.Security.PrivateCA.V1.SubordinateConfig.Parser, new[]{ "CertificateAuthority", "PemIssuerChain" }, new[]{ "SubordinateConfig" }, null, null, new pbr::GeneratedClrTypeInfo[] { new pbr::GeneratedClrTypeInfo(typeof(global::Google.Cloud.Security.PrivateCA.V1.SubordinateConfig.Types.SubordinateConfigChain), global::Google.Cloud.Security.PrivateCA.V1.SubordinateConfig.Types.SubordinateConfigChain.Parser, new[]{ "PemCertificates" }, null, null, null, null)}),
             new pbr::GeneratedClrTypeInfo(typeof(global::Google.Cloud.Security.PrivateCA.V1.PublicKey), global::Google.Cloud.Security.PrivateCA.V1.PublicKey.Parser, new[]{ "Key", "Format" }, null, new[]{ typeof(global::Google.Cloud.Security.PrivateCA.V1.PublicKey.Types.KeyFormat) }, null, null),
             new pbr::GeneratedClrTypeInfo(typeof(global::Google.Cloud.Security.PrivateCA.V1.CertificateConfig), global::Google.Cloud.Security.PrivateCA.V1.CertificateConfig.Parser, new[]{ "SubjectConfig", "X509Config", "PublicKey" }, null, null, null, new pbr::GeneratedClrTypeInfo[] { new pbr::GeneratedClrTypeInfo(typeof(global::Google.Cloud.Security.PrivateCA.V1.CertificateConfig.Types.SubjectConfig), global::Google.Cloud.Security.PrivateCA.V1.CertificateConfig.Types.SubjectConfig.Parser, new[]{ "Subject", "SubjectAltName" }, null, null, null, null)}),
@@ -336,20 +346,25 @@ public static partial class ResourcesReflection {
   }
   #region Enums
   /// <summary>
-  /// A [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] indicates whether a [Certificate][google.cloud.security.privateca.v1.Certificate] has been revoked,
-  /// and the reason for revocation. These correspond to standard revocation
-  /// reasons from RFC 5280. Note that the enum labels and values in this
-  /// definition are not the same ASN.1 values defined in RFC 5280. These values
-  /// will be translated to the correct ASN.1 values when a CRL is created.
+  /// A [RevocationReason][google.cloud.security.privateca.v1.RevocationReason]
+  /// indicates whether a
+  /// [Certificate][google.cloud.security.privateca.v1.Certificate] has been
+  /// revoked, and the reason for revocation. These correspond to standard
+  /// revocation reasons from RFC 5280. Note that the enum labels and values in
+  /// this definition are not the same ASN.1 values defined in RFC 5280. These
+  /// values will be translated to the correct ASN.1 values when a CRL is created.
   /// </summary>
   public enum RevocationReason {
     /// <summary>
-    /// Default unspecified value. This value does indicate that a [Certificate][google.cloud.security.privateca.v1.Certificate]
-    /// has been revoked, but that a reason has not been recorded.
+    /// Default unspecified value. This value does indicate that a
+    /// [Certificate][google.cloud.security.privateca.v1.Certificate] has been
+    /// revoked, but that a reason has not been recorded.
     /// </summary>
     [pbr::OriginalName("REVOCATION_REASON_UNSPECIFIED")] Unspecified = 0,
     /// <summary>
-    /// Key material for this [Certificate][google.cloud.security.privateca.v1.Certificate] may have leaked.
+    /// Key material for this
+    /// [Certificate][google.cloud.security.privateca.v1.Certificate] may have
+    /// leaked.
     /// </summary>
     [pbr::OriginalName("KEY_COMPROMISE")] KeyCompromise = 1,
     /// <summary>
@@ -358,38 +373,45 @@ public enum RevocationReason {
     /// </summary>
     [pbr::OriginalName("CERTIFICATE_AUTHORITY_COMPROMISE")] CertificateAuthorityCompromise = 2,
     /// <summary>
-    /// The subject or other attributes in this [Certificate][google.cloud.security.privateca.v1.Certificate] have changed.
+    /// The subject or other attributes in this
+    /// [Certificate][google.cloud.security.privateca.v1.Certificate] have changed.
     /// </summary>
     [pbr::OriginalName("AFFILIATION_CHANGED")] AffiliationChanged = 3,
     /// <summary>
-    /// This [Certificate][google.cloud.security.privateca.v1.Certificate] has been superseded.
+    /// This [Certificate][google.cloud.security.privateca.v1.Certificate] has been
+    /// superseded.
     /// </summary>
     [pbr::OriginalName("SUPERSEDED")] Superseded = 4,
     /// <summary>
-    /// This [Certificate][google.cloud.security.privateca.v1.Certificate] or entities in the issuing path have ceased to
-    /// operate.
+    /// This [Certificate][google.cloud.security.privateca.v1.Certificate] or
+    /// entities in the issuing path have ceased to operate.
     /// </summary>
     [pbr::OriginalName("CESSATION_OF_OPERATION")] CessationOfOperation = 5,
     /// <summary>
-    /// This [Certificate][google.cloud.security.privateca.v1.Certificate] should not be considered valid, it is expected that it
-    /// may become valid in the future.
+    /// This [Certificate][google.cloud.security.privateca.v1.Certificate] should
+    /// not be considered valid, it is expected that it may become valid in the
+    /// future.
     /// </summary>
     [pbr::OriginalName("CERTIFICATE_HOLD")] CertificateHold = 6,
     /// <summary>
-    /// This [Certificate][google.cloud.security.privateca.v1.Certificate] no longer has permission to assert the listed
-    /// attributes.
+    /// This [Certificate][google.cloud.security.privateca.v1.Certificate] no
+    /// longer has permission to assert the listed attributes.
     /// </summary>
     [pbr::OriginalName("PRIVILEGE_WITHDRAWN")] PrivilegeWithdrawn = 7,
     /// <summary>
-    /// The authority which determines appropriate attributes for a [Certificate][google.cloud.security.privateca.v1.Certificate]
-    /// may have been compromised.
+    /// The authority which determines appropriate attributes for a
+    /// [Certificate][google.cloud.security.privateca.v1.Certificate] may have been
+    /// compromised.
     /// </summary>
     [pbr::OriginalName("ATTRIBUTE_AUTHORITY_COMPROMISE")] AttributeAuthorityCompromise = 8,
   }
 
   /// <summary>
-  /// Describes the way in which a [Certificate][google.cloud.security.privateca.v1.Certificate]'s [Subject][google.cloud.security.privateca.v1.Subject] and/or
-  /// [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] will be resolved.
+  /// Describes the way in which a
+  /// [Certificate][google.cloud.security.privateca.v1.Certificate]'s
+  /// [Subject][google.cloud.security.privateca.v1.Subject] and/or
+  /// [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] will be
+  /// resolved.
   /// </summary>
   public enum SubjectRequestMode {
     /// <summary>
@@ -398,17 +420,21 @@ public enum SubjectRequestMode {
     [pbr::OriginalName("SUBJECT_REQUEST_MODE_UNSPECIFIED")] Unspecified = 0,
     /// <summary>
     /// The default mode used in most cases. Indicates that the certificate's
-    /// [Subject][google.cloud.security.privateca.v1.Subject] and/or [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] are specified in the certificate
-    /// request. This mode requires the caller to have the
-    /// `privateca.certificates.create` permission.
+    /// [Subject][google.cloud.security.privateca.v1.Subject] and/or
+    /// [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] are
+    /// specified in the certificate request. This mode requires the caller to have
+    /// the `privateca.certificates.create` permission.
     /// </summary>
     [pbr::OriginalName("DEFAULT")] Default = 1,
     /// <summary>
     /// A mode reserved for special cases. Indicates that the certificate should
-    /// have one or more SPIFFE [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] set by the service based
-    /// on the caller's identity. This mode will ignore any explicitly specified
-    /// [Subject][google.cloud.security.privateca.v1.Subject] and/or [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] in the certificate request.
-    /// This mode requires the caller to have the
+    /// have one or more SPIFFE
+    /// [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] set
+    /// by the service based on the caller's identity. This mode will ignore any
+    /// explicitly specified [Subject][google.cloud.security.privateca.v1.Subject]
+    /// and/or
+    /// [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] in
+    /// the certificate request. This mode requires the caller to have the
     /// `privateca.certificates.createForSelf` permission.
     /// </summary>
     [pbr::OriginalName("REFLECTED_SPIFFE")] ReflectedSpiffe = 2,
@@ -418,8 +444,12 @@ public enum SubjectRequestMode {
 
   #region Messages
   /// <summary>
-  /// A [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] represents an individual Certificate Authority.
-  /// A [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] can be used to create [Certificates][google.cloud.security.privateca.v1.Certificate].
+  /// A
+  /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+  /// represents an individual Certificate Authority. A
+  /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+  /// can be used to create
+  /// [Certificates][google.cloud.security.privateca.v1.Certificate].
   /// </summary>
   public sealed partial class CertificateAuthority : pb::IMessage<CertificateAuthority>
   #if !GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE
@@ -485,8 +515,9 @@ public sealed partial class CertificateAuthority : pb::IMessage<CertificateAutho
     public const int NameFieldNumber = 1;
     private string name_ = "";
     /// <summary>
-    /// Output only. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-    /// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+    /// Output only. The resource name for this
+    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+    /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -501,7 +532,10 @@ public sealed partial class CertificateAuthority : pb::IMessage<CertificateAutho
     public const int TypeFieldNumber = 2;
     private global::Google.Cloud.Security.PrivateCA.V1.CertificateAuthority.Types.Type type_ = global::Google.Cloud.Security.PrivateCA.V1.CertificateAuthority.Types.Type.Unspecified;
     /// <summary>
-    /// Required. Immutable. The [Type][google.cloud.security.privateca.v1.CertificateAuthority.Type] of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+    /// Required. Immutable. The
+    /// [Type][google.cloud.security.privateca.v1.CertificateAuthority.Type] of
+    /// this
+    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -516,7 +550,8 @@ public sealed partial class CertificateAuthority : pb::IMessage<CertificateAutho
     public const int ConfigFieldNumber = 3;
     private global::Google.Cloud.Security.PrivateCA.V1.CertificateConfig config_;
     /// <summary>
-    /// Required. Immutable. The config used to create a self-signed X.509 certificate or CSR.
+    /// Required. Immutable. The config used to create a self-signed X.509
+    /// certificate or CSR.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -531,8 +566,8 @@ public sealed partial class CertificateAuthority : pb::IMessage<CertificateAutho
     public const int LifetimeFieldNumber = 4;
     private global::Google.Protobuf.WellKnownTypes.Duration lifetime_;
     /// <summary>
-    /// Required. Immutable. The desired lifetime of the CA certificate. Used to create the
-    /// "not_before_time" and "not_after_time" fields inside an X.509
+    /// Required. Immutable. The desired lifetime of the CA certificate. Used to
+    /// create the "not_before_time" and "not_after_time" fields inside an X.509
     /// certificate.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
@@ -548,10 +583,12 @@ public sealed partial class CertificateAuthority : pb::IMessage<CertificateAutho
     public const int KeySpecFieldNumber = 5;
     private global::Google.Cloud.Security.PrivateCA.V1.CertificateAuthority.Types.KeyVersionSpec keySpec_;
     /// <summary>
-    /// Required. Immutable. Used when issuing certificates for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. If this
-    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] is a self-signed CertificateAuthority, this key
-    /// is also used to sign the self-signed CA certificate. Otherwise, it
-    /// is used to sign a CSR.
+    /// Required. Immutable. Used when issuing certificates for this
+    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+    /// If this
+    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+    /// is a self-signed CertificateAuthority, this key is also used to sign the
+    /// self-signed CA certificate. Otherwise, it is used to sign a CSR.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -566,9 +603,12 @@ public sealed partial class CertificateAuthority : pb::IMessage<CertificateAutho
     public const int SubordinateConfigFieldNumber = 6;
     private global::Google.Cloud.Security.PrivateCA.V1.SubordinateConfig subordinateConfig_;
     /// <summary>
-    /// Optional. If this is a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], this field will be set
-    /// with the subordinate configuration, which describes its issuers. This may
-    /// be updated, but this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] must continue to validate.
+    /// Optional. If this is a subordinate
+    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority],
+    /// this field will be set with the subordinate configuration, which describes
+    /// its issuers. This may be updated, but this
+    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+    /// must continue to validate.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -583,7 +623,9 @@ public sealed partial class CertificateAuthority : pb::IMessage<CertificateAutho
     public const int TierFieldNumber = 7;
     private global::Google.Cloud.Security.PrivateCA.V1.CaPool.Types.Tier tier_ = global::Google.Cloud.Security.PrivateCA.V1.CaPool.Types.Tier.Unspecified;
     /// <summary>
-    /// Output only. The [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier] of the [CaPool][google.cloud.security.privateca.v1.CaPool] that includes this
+    /// Output only. The
+    /// [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier] of the
+    /// [CaPool][google.cloud.security.privateca.v1.CaPool] that includes this
     /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
@@ -599,7 +641,10 @@ public sealed partial class CertificateAuthority : pb::IMessage<CertificateAutho
     public const int StateFieldNumber = 8;
     private global::Google.Cloud.Security.PrivateCA.V1.CertificateAuthority.Types.State state_ = global::Google.Cloud.Security.PrivateCA.V1.CertificateAuthority.Types.State.Unspecified;
     /// <summary>
-    /// Output only. The [State][google.cloud.security.privateca.v1.CertificateAuthority.State] for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+    /// Output only. The
+    /// [State][google.cloud.security.privateca.v1.CertificateAuthority.State] for
+    /// this
+    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -616,10 +661,15 @@ public sealed partial class CertificateAuthority : pb::IMessage<CertificateAutho
         = pb::FieldCodec.ForString(74);
     private readonly pbc::RepeatedField<string> pemCaCertificates_ = new pbc::RepeatedField<string>();
     /// <summary>
-    /// Output only. This [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate chain, including the current
-    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate. Ordered such that the root issuer
-    /// is the final element (consistent with RFC 5246). For a self-signed CA, this
-    /// will only list the current [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate.
+    /// Output only. This
+    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
+    /// certificate chain, including the current
+    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
+    /// certificate. Ordered such that the root issuer is the final element
+    /// (consistent with RFC 5246). For a self-signed CA, this will only list the
+    /// current
+    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
+    /// certificate.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -633,8 +683,9 @@ public sealed partial class CertificateAuthority : pb::IMessage<CertificateAutho
         = pb::FieldCodec.ForMessage(82, global::Google.Cloud.Security.PrivateCA.V1.CertificateDescription.Parser);
     private readonly pbc::RepeatedField<global::Google.Cloud.Security.PrivateCA.V1.CertificateDescription> caCertificateDescriptions_ = new pbc::RepeatedField<global::Google.Cloud.Security.PrivateCA.V1.CertificateDescription>();
     /// <summary>
-    /// Output only. A structured description of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate
-    /// and its issuers. Ordered as self-to-root.
+    /// Output only. A structured description of this
+    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
+    /// CA certificate and its issuers. Ordered as self-to-root.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -646,9 +697,10 @@ public sealed partial class CertificateAuthority : pb::IMessage<CertificateAutho
     public const int GcsBucketFieldNumber = 11;
     private string gcsBucket_ = "";
     /// <summary>
-    /// Immutable. The name of a Cloud Storage bucket where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will
-    /// publish content, such as the CA certificate and CRLs. This must be a bucket
-    /// name, without any prefixes (such as `gs://`) or suffixes (such as
+    /// Immutable. The name of a Cloud Storage bucket where this
+    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+    /// will publish content, such as the CA certificate and CRLs. This must be a
+    /// bucket name, without any prefixes (such as `gs://`) or suffixes (such as
     /// `.googleapis.com`). For example, to use a bucket named `my-bucket`, you
     /// would simply specify `my-bucket`. If not specified, a managed bucket will
     /// be created.
@@ -666,8 +718,8 @@ public sealed partial class CertificateAuthority : pb::IMessage<CertificateAutho
     public const int AccessUrlsFieldNumber = 12;
     private global::Google.Cloud.Security.PrivateCA.V1.CertificateAuthority.Types.AccessUrls accessUrls_;
     /// <summary>
-    /// Output only. URLs for accessing content published by this CA, such as the CA certificate
-    /// and CRLs.
+    /// Output only. URLs for accessing content published by this CA, such as the
+    /// CA certificate and CRLs.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -682,7 +734,9 @@ public sealed partial class CertificateAuthority : pb::IMessage<CertificateAutho
     public const int CreateTimeFieldNumber = 13;
     private global::Google.Protobuf.WellKnownTypes.Timestamp createTime_;
     /// <summary>
-    /// Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was created.
+    /// Output only. The time at which this
+    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+    /// was created.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -697,7 +751,9 @@ public sealed partial class CertificateAuthority : pb::IMessage<CertificateAutho
     public const int UpdateTimeFieldNumber = 14;
     private global::Google.Protobuf.WellKnownTypes.Timestamp updateTime_;
     /// <summary>
-    /// Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was last updated.
+    /// Output only. The time at which this
+    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+    /// was last updated.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -712,8 +768,11 @@ public sealed partial class CertificateAuthority : pb::IMessage<CertificateAutho
     public const int DeleteTimeFieldNumber = 15;
     private global::Google.Protobuf.WellKnownTypes.Timestamp deleteTime_;
     /// <summary>
-    /// Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was soft deleted, if
-    /// it is in the [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED] state.
+    /// Output only. The time at which this
+    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+    /// was soft deleted, if it is in the
+    /// [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED]
+    /// state.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -728,8 +787,11 @@ public sealed partial class CertificateAuthority : pb::IMessage<CertificateAutho
     public const int ExpireTimeFieldNumber = 16;
     private global::Google.Protobuf.WellKnownTypes.Timestamp expireTime_;
     /// <summary>
-    /// Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will be permanently purged,
-    /// if it is in the [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED] state.
+    /// Output only. The time at which this
+    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+    /// will be permanently purged, if it is in the
+    /// [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED]
+    /// state.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -1326,7 +1388,9 @@ public sealed partial class CertificateAuthority : pb::IMessage<CertificateAutho
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
     public static partial class Types {
       /// <summary>
-      /// The type of a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], indicating its issuing chain.
+      /// The type of a
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority],
+      /// indicating its issuing chain.
       /// </summary>
       public enum Type {
         /// <summary>
@@ -1338,14 +1402,17 @@ public enum Type {
         /// </summary>
         [pbr::OriginalName("SELF_SIGNED")] SelfSigned = 1,
         /// <summary>
-        /// Subordinate CA. Could be issued by a Private CA [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// Subordinate CA. Could be issued by a Private CA
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
         /// or an unmanaged CA.
         /// </summary>
         [pbr::OriginalName("SUBORDINATE")] Subordinate = 2,
       }
 
       /// <summary>
-      /// The state of a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], indicating if it can be used.
+      /// The state of a
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority],
+      /// indicating if it can be used.
       /// </summary>
       public enum State {
         /// <summary>
@@ -1354,35 +1421,46 @@ public enum State {
         [pbr::OriginalName("STATE_UNSPECIFIED")] Unspecified = 0,
         /// <summary>
         /// Certificates can be issued from this CA. CRLs will be generated for this
-        /// CA. The CA will be part of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, and will be
-        /// used to issue certificates from the [CaPool][google.cloud.security.privateca.v1.CaPool].
+        /// CA. The CA will be part of the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, and
+        /// will be used to issue certificates from the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool].
         /// </summary>
         [pbr::OriginalName("ENABLED")] Enabled = 1,
         /// <summary>
         /// Certificates cannot be issued from this CA. CRLs will still be generated.
-        /// The CA will be part of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, but will not be
-        /// used to issue certificates from the [CaPool][google.cloud.security.privateca.v1.CaPool].
+        /// The CA will be part of the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, but
+        /// will not be used to issue certificates from the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool].
         /// </summary>
         [pbr::OriginalName("DISABLED")] Disabled = 2,
         /// <summary>
         /// Certificates can be issued from this CA. CRLs will be generated for this
-        /// CA. The CA will be part of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, but will not
-        /// be used to issue certificates from the [CaPool][google.cloud.security.privateca.v1.CaPool].
+        /// CA. The CA will be part of the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, but
+        /// will not be used to issue certificates from the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool].
         /// </summary>
         [pbr::OriginalName("STAGED")] Staged = 3,
         /// <summary>
         /// Certificates cannot be issued from this CA. CRLs will not be generated.
-        /// The CA will not be part of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, and will not be
-        /// used to issue certificates from the [CaPool][google.cloud.security.privateca.v1.CaPool].
+        /// The CA will not be part of the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, and
+        /// will not be used to issue certificates from the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool].
         /// </summary>
         [pbr::OriginalName("AWAITING_USER_ACTIVATION")] AwaitingUserActivation = 4,
         /// <summary>
         /// Certificates cannot be issued from this CA. CRLs will not be generated.
         /// The CA may still be recovered by calling
-        /// [CertificateAuthorityService.UndeleteCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.UndeleteCertificateAuthority] before
+        /// [CertificateAuthorityService.UndeleteCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.UndeleteCertificateAuthority]
+        /// before
         /// [expire_time][google.cloud.security.privateca.v1.CertificateAuthority.expire_time].
-        /// The CA will not be part of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, and will not be
-        /// used to issue certificates from the [CaPool][google.cloud.security.privateca.v1.CaPool].
+        /// The CA will not be part of the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, and
+        /// will not be used to issue certificates from the
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool].
         /// </summary>
         [pbr::OriginalName("DELETED")] Deleted = 5,
       }
@@ -1438,7 +1516,9 @@ public enum SignHashAlgorithm {
       }
 
       /// <summary>
-      /// URLs where a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will publish content.
+      /// URLs where a
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+      /// will publish content.
       /// </summary>
       public sealed partial class AccessUrls : pb::IMessage<AccessUrls>
       #if !GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE
@@ -1489,8 +1569,10 @@ public sealed partial class AccessUrls : pb::IMessage<AccessUrls>
         public const int CaCertificateAccessUrlFieldNumber = 1;
         private string caCertificateAccessUrl_ = "";
         /// <summary>
-        /// The URL where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate is
-        /// published. This will only be set for CAs that have been activated.
+        /// The URL where this
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
+        /// CA certificate is published. This will only be set for CAs that have been
+        /// activated.
         /// </summary>
         [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
         [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -1507,8 +1589,10 @@ public sealed partial class AccessUrls : pb::IMessage<AccessUrls>
             = pb::FieldCodec.ForString(18);
         private readonly pbc::RepeatedField<string> crlAccessUrls_ = new pbc::RepeatedField<string>();
         /// <summary>
-        /// The URLs where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CRLs are published. This
-        /// will only be set for CAs that have been activated.
+        /// The URLs where this
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
+        /// CRLs are published. This will only be set for CAs that have been
+        /// activated.
         /// </summary>
         [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
         [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -1664,7 +1748,9 @@ public sealed partial class AccessUrls : pb::IMessage<AccessUrls>
       }
 
       /// <summary>
-      /// A Cloud KMS key configuration that a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will use.
+      /// A Cloud KMS key configuration that a
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+      /// will use.
       /// </summary>
       public sealed partial class KeyVersionSpec : pb::IMessage<KeyVersionSpec>
       #if !GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE
@@ -1946,10 +2032,12 @@ public enum KeyVersionOneofCase {
 
   /// <summary>
   /// A [CaPool][google.cloud.security.privateca.v1.CaPool] represents a group of
-  /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority] that form a trust anchor. A
-  /// [CaPool][google.cloud.security.privateca.v1.CaPool] can be used to manage issuance policies for one or more
-  /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] resources and to rotate CA certificates in and out
-  /// of the trust anchor.
+  /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority]
+  /// that form a trust anchor. A
+  /// [CaPool][google.cloud.security.privateca.v1.CaPool] can be used to manage
+  /// issuance policies for one or more
+  /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+  /// resources and to rotate CA certificates in and out of the trust anchor.
   /// </summary>
   public sealed partial class CaPool : pb::IMessage<CaPool>
   #if !GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE
@@ -2003,8 +2091,9 @@ public sealed partial class CaPool : pb::IMessage<CaPool>
     public const int NameFieldNumber = 1;
     private string name_ = "";
     /// <summary>
-    /// Output only. The resource name for this [CaPool][google.cloud.security.privateca.v1.CaPool] in the
-    /// format `projects/*/locations/*/caPools/*`.
+    /// Output only. The resource name for this
+    /// [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+    /// `projects/*/locations/*/caPools/*`.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -2019,7 +2108,9 @@ public sealed partial class CaPool : pb::IMessage<CaPool>
     public const int TierFieldNumber = 2;
     private global::Google.Cloud.Security.PrivateCA.V1.CaPool.Types.Tier tier_ = global::Google.Cloud.Security.PrivateCA.V1.CaPool.Types.Tier.Unspecified;
     /// <summary>
-    /// Required. Immutable. The [Tier][google.cloud.security.privateca.v1.CaPool.Tier] of this [CaPool][google.cloud.security.privateca.v1.CaPool].
+    /// Required. Immutable. The
+    /// [Tier][google.cloud.security.privateca.v1.CaPool.Tier] of this
+    /// [CaPool][google.cloud.security.privateca.v1.CaPool].
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -2034,8 +2125,11 @@ public sealed partial class CaPool : pb::IMessage<CaPool>
     public const int IssuancePolicyFieldNumber = 3;
     private global::Google.Cloud.Security.PrivateCA.V1.CaPool.Types.IssuancePolicy issuancePolicy_;
     /// <summary>
-    /// Optional. The [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy] to control how [Certificates][google.cloud.security.privateca.v1.Certificate]
-    /// will be issued from this [CaPool][google.cloud.security.privateca.v1.CaPool].
+    /// Optional. The
+    /// [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
+    /// to control how
+    /// [Certificates][google.cloud.security.privateca.v1.Certificate] will be
+    /// issued from this [CaPool][google.cloud.security.privateca.v1.CaPool].
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -2050,9 +2144,12 @@ public sealed partial class CaPool : pb::IMessage<CaPool>
     public const int PublishingOptionsFieldNumber = 4;
     private global::Google.Cloud.Security.PrivateCA.V1.CaPool.Types.PublishingOptions publishingOptions_;
     /// <summary>
-    /// Optional. The [PublishingOptions][google.cloud.security.privateca.v1.CaPool.PublishingOptions] to follow when issuing
-    /// [Certificates][google.cloud.security.privateca.v1.Certificate] from any [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in this
-    /// [CaPool][google.cloud.security.privateca.v1.CaPool].
+    /// Optional. The
+    /// [PublishingOptions][google.cloud.security.privateca.v1.CaPool.PublishingOptions]
+    /// to follow when issuing
+    /// [Certificates][google.cloud.security.privateca.v1.Certificate] from any
+    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+    /// in this [CaPool][google.cloud.security.privateca.v1.CaPool].
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -2318,8 +2415,8 @@ public sealed partial class CaPool : pb::IMessage<CaPool>
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
     public static partial class Types {
       /// <summary>
-      /// The tier of a [CaPool][google.cloud.security.privateca.v1.CaPool], indicating its supported functionality and/or
-      /// billing SKU.
+      /// The tier of a [CaPool][google.cloud.security.privateca.v1.CaPool],
+      /// indicating its supported functionality and/or billing SKU.
       /// </summary>
       public enum Tier {
         /// <summary>
@@ -2337,10 +2434,13 @@ public enum Tier {
       }
 
       /// <summary>
-      /// Options relating to the publication of each [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA
-      /// certificate and CRLs and their inclusion as extensions in issued
-      /// [Certificates][google.cloud.security.privateca.v1.Certificate]. The options set here apply to certificates
-      /// issued by any [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the [CaPool][google.cloud.security.privateca.v1.CaPool].
+      /// Options relating to the publication of each
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
+      /// CA certificate and CRLs and their inclusion as extensions in issued
+      /// [Certificates][google.cloud.security.privateca.v1.Certificate]. The options
+      /// set here apply to certificates issued by any
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+      /// in the [CaPool][google.cloud.security.privateca.v1.CaPool].
       /// </summary>
       public sealed partial class PublishingOptions : pb::IMessage<PublishingOptions>
       #if !GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE
@@ -2391,11 +2491,13 @@ public sealed partial class PublishingOptions : pb::IMessage<PublishingOptions>
         public const int PublishCaCertFieldNumber = 1;
         private bool publishCaCert_;
         /// <summary>
-        /// Optional. When true, publishes each [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate and
-        /// includes its URL in the "Authority Information Access" X.509 extension
-        /// in all issued [Certificates][google.cloud.security.privateca.v1.Certificate]. If this is false, the CA
-        /// certificate will not be published and the corresponding X.509 extension
-        /// will not be written in issued certificates.
+        /// Optional. When true, publishes each
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
+        /// CA certificate and includes its URL in the "Authority Information Access"
+        /// X.509 extension in all issued
+        /// [Certificates][google.cloud.security.privateca.v1.Certificate]. If this
+        /// is false, the CA certificate will not be published and the corresponding
+        /// X.509 extension will not be written in issued certificates.
         /// </summary>
         [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
         [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -2410,13 +2512,15 @@ public sealed partial class PublishingOptions : pb::IMessage<PublishingOptions>
         public const int PublishCrlFieldNumber = 2;
         private bool publishCrl_;
         /// <summary>
-        /// Optional. When true, publishes each [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CRL and includes its
-        /// URL in the "CRL Distribution Points" X.509 extension in all issued
-        /// [Certificates][google.cloud.security.privateca.v1.Certificate]. If this is false, CRLs will not be published
-        /// and the corresponding X.509 extension will not be written in issued
-        /// certificates.
-        /// CRLs will expire 7 days from their creation. However, we will rebuild
-        /// daily. CRLs are also rebuilt shortly after a certificate is revoked.
+        /// Optional. When true, publishes each
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s
+        /// CRL and includes its URL in the "CRL Distribution Points" X.509 extension
+        /// in all issued
+        /// [Certificates][google.cloud.security.privateca.v1.Certificate]. If this
+        /// is false, CRLs will not be published and the corresponding X.509
+        /// extension will not be written in issued certificates. CRLs will expire 7
+        /// days from their creation. However, we will rebuild daily. CRLs are also
+        /// rebuilt shortly after a certificate is revoked.
         /// </summary>
         [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
         [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -2585,7 +2689,8 @@ public sealed partial class PublishingOptions : pb::IMessage<PublishingOptions>
       }
 
       /// <summary>
-      /// Defines controls over all certificate issuance within a [CaPool][google.cloud.security.privateca.v1.CaPool].
+      /// Defines controls over all certificate issuance within a
+      /// [CaPool][google.cloud.security.privateca.v1.CaPool].
       /// </summary>
       public sealed partial class IssuancePolicy : pb::IMessage<IssuancePolicy>
       #if !GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE
@@ -2642,9 +2747,10 @@ public sealed partial class IssuancePolicy : pb::IMessage<IssuancePolicy>
             = pb::FieldCodec.ForMessage(10, global::Google.Cloud.Security.PrivateCA.V1.CaPool.Types.IssuancePolicy.Types.AllowedKeyType.Parser);
         private readonly pbc::RepeatedField<global::Google.Cloud.Security.PrivateCA.V1.CaPool.Types.IssuancePolicy.Types.AllowedKeyType> allowedKeyTypes_ = new pbc::RepeatedField<global::Google.Cloud.Security.PrivateCA.V1.CaPool.Types.IssuancePolicy.Types.AllowedKeyType>();
         /// <summary>
-        /// Optional. If any [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] is specified, then the certificate request's
-        /// public key must match one of the key types listed here. Otherwise,
-        /// any key may be used.
+        /// Optional. If any
+        /// [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType]
+        /// is specified, then the certificate request's public key must match one of
+        /// the key types listed here. Otherwise, any key may be used.
         /// </summary>
         [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
         [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -2656,10 +2762,14 @@ public sealed partial class IssuancePolicy : pb::IMessage<IssuancePolicy>
         public const int MaximumLifetimeFieldNumber = 2;
         private global::Google.Protobuf.WellKnownTypes.Duration maximumLifetime_;
         /// <summary>
-        /// Optional. The maximum lifetime allowed for issued [Certificates][google.cloud.security.privateca.v1.Certificate]. Note
-        /// that if the issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] expires before a
-        /// [Certificate][google.cloud.security.privateca.v1.Certificate]'s requested maximum_lifetime, the effective lifetime will
-        /// be explicitly truncated to match it.
+        /// Optional. The maximum lifetime allowed for issued
+        /// [Certificates][google.cloud.security.privateca.v1.Certificate]. Note that
+        /// if the issuing
+        /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+        /// expires before a
+        /// [Certificate][google.cloud.security.privateca.v1.Certificate]'s requested
+        /// maximum_lifetime, the effective lifetime will be explicitly truncated to
+        /// match it.
         /// </summary>
         [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
         [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -2674,8 +2784,10 @@ public sealed partial class IssuancePolicy : pb::IMessage<IssuancePolicy>
         public const int AllowedIssuanceModesFieldNumber = 3;
         private global::Google.Cloud.Security.PrivateCA.V1.CaPool.Types.IssuancePolicy.Types.IssuanceModes allowedIssuanceModes_;
         /// <summary>
-        /// Optional. If specified, then only methods allowed in the [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes] may be
-        /// used to issue [Certificates][google.cloud.security.privateca.v1.Certificate].
+        /// Optional. If specified, then only methods allowed in the
+        /// [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes]
+        /// may be used to issue
+        /// [Certificates][google.cloud.security.privateca.v1.Certificate].
         /// </summary>
         [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
         [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -2690,13 +2802,15 @@ public sealed partial class IssuancePolicy : pb::IMessage<IssuancePolicy>
         public const int BaselineValuesFieldNumber = 4;
         private global::Google.Cloud.Security.PrivateCA.V1.X509Parameters baselineValues_;
         /// <summary>
-        /// Optional. A set of X.509 values that will be applied to all certificates issued
-        /// through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request includes conflicting
-        /// values for the same properties, they will be overwritten by the values
-        /// defined here. If a certificate request uses a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+        /// Optional. A set of X.509 values that will be applied to all certificates
+        /// issued through this [CaPool][google.cloud.security.privateca.v1.CaPool].
+        /// If a certificate request includes conflicting values for the same
+        /// properties, they will be overwritten by the values defined here. If a
+        /// certificate request uses a
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
         /// that defines conflicting
-        /// [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] for the same
-        /// properties, the certificate issuance request will fail.
+        /// [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values]
+        /// for the same properties, the certificate issuance request will fail.
         /// </summary>
         [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
         [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -2712,9 +2826,10 @@ public sealed partial class IssuancePolicy : pb::IMessage<IssuancePolicy>
         private global::Google.Cloud.Security.PrivateCA.V1.CertificateIdentityConstraints identityConstraints_;
         /// <summary>
         /// Optional. Describes constraints on identities that may appear in
-        /// [Certificates][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool].
-        /// If this is omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
-        /// certificate's identity.
+        /// [Certificates][google.cloud.security.privateca.v1.Certificate] issued
+        /// through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If this
+        /// is omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool]
+        /// will not add restrictions on a certificate's identity.
         /// </summary>
         [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
         [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -2730,15 +2845,21 @@ public sealed partial class IssuancePolicy : pb::IMessage<IssuancePolicy>
         private global::Google.Cloud.Security.PrivateCA.V1.CertificateExtensionConstraints passthroughExtensions_;
         /// <summary>
         /// Optional. Describes the set of X.509 extensions that may appear in a
-        /// [Certificate][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request
-        /// sets extensions that don't appear in the [passthrough_extensions][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.passthrough_extensions],
+        /// [Certificate][google.cloud.security.privateca.v1.Certificate] issued
+        /// through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a
+        /// certificate request sets extensions that don't appear in the
+        /// [passthrough_extensions][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.passthrough_extensions],
         /// those extensions will be dropped. If a certificate request uses a
-        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with
-        /// [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] that don't
-        /// appear here, the certificate issuance request will fail. If this is
-        /// omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
-        /// certificate's X.509 extensions. These constraints do not apply to X.509
-        /// extensions set in this [CaPool][google.cloud.security.privateca.v1.CaPool]'s [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values].
+        /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+        /// with
+        /// [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values]
+        /// that don't appear here, the certificate issuance request will fail. If
+        /// this is omitted, then this
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool] will not add
+        /// restrictions on a certificate's X.509 extensions. These constraints do
+        /// not apply to X.509 extensions set in this
+        /// [CaPool][google.cloud.security.privateca.v1.CaPool]'s
+        /// [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values].
         /// </summary>
         [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
         [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -3041,11 +3162,12 @@ public sealed partial class IssuancePolicy : pb::IMessage<IssuancePolicy>
         [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
         public static partial class Types {
           /// <summary>
-          /// Describes a "type" of key that may be used in a [Certificate][google.cloud.security.privateca.v1.Certificate] issued
-          /// from a [CaPool][google.cloud.security.privateca.v1.CaPool].
-          /// Note that a single [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] may refer to either a
-          /// fully-qualified key algorithm, such as RSA 4096, or a family of key
-          /// algorithms, such as any RSA key.
+          /// Describes a "type" of key that may be used in a
+          /// [Certificate][google.cloud.security.privateca.v1.Certificate] issued from
+          /// a [CaPool][google.cloud.security.privateca.v1.CaPool]. Note that a single
+          /// [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType]
+          /// may refer to either a fully-qualified key algorithm, such as RSA 4096, or
+          /// a family of key algorithms, such as any RSA key.
           /// </summary>
           public sealed partial class AllowedKeyType : pb::IMessage<AllowedKeyType>
           #if !GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE
@@ -3342,8 +3464,9 @@ public enum KeyTypeOneofCase {
             [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
             public static partial class Types {
               /// <summary>
-              /// Describes an RSA key that may be used in a [Certificate][google.cloud.security.privateca.v1.Certificate] issued from
-              /// a [CaPool][google.cloud.security.privateca.v1.CaPool].
+              /// Describes an RSA key that may be used in a
+              /// [Certificate][google.cloud.security.privateca.v1.Certificate] issued
+              /// from a [CaPool][google.cloud.security.privateca.v1.CaPool].
               /// </summary>
               public sealed partial class RsaKeyType : pb::IMessage<RsaKeyType>
               #if !GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE
@@ -3394,9 +3517,9 @@ public sealed partial class RsaKeyType : pb::IMessage<RsaKeyType>
                 public const int MinModulusSizeFieldNumber = 1;
                 private long minModulusSize_;
                 /// <summary>
-                /// Optional. The minimum allowed RSA modulus size (inclusive), in bits. If this is
-                /// not set, or if set to zero, the service-level min RSA modulus size
-                /// will continue to apply.
+                /// Optional. The minimum allowed RSA modulus size (inclusive), in bits.
+                /// If this is not set, or if set to zero, the service-level min RSA
+                /// modulus size will continue to apply.
                 /// </summary>
                 [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
                 [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -3411,9 +3534,9 @@ public sealed partial class RsaKeyType : pb::IMessage<RsaKeyType>
                 public const int MaxModulusSizeFieldNumber = 2;
                 private long maxModulusSize_;
                 /// <summary>
-                /// Optional. The maximum allowed RSA modulus size (inclusive), in bits. If this is
-                /// not set, or if set to zero, the service will not enforce an explicit
-                /// upper bound on RSA modulus sizes.
+                /// Optional. The maximum allowed RSA modulus size (inclusive), in bits.
+                /// If this is not set, or if set to zero, the service will not enforce
+                /// an explicit upper bound on RSA modulus sizes.
                 /// </summary>
                 [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
                 [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -3582,8 +3705,9 @@ public sealed partial class RsaKeyType : pb::IMessage<RsaKeyType>
               }
 
               /// <summary>
-              /// Describes an Elliptic Curve key that may be used in a [Certificate][google.cloud.security.privateca.v1.Certificate]
-              /// issued from a [CaPool][google.cloud.security.privateca.v1.CaPool].
+              /// Describes an Elliptic Curve key that may be used in a
+              /// [Certificate][google.cloud.security.privateca.v1.Certificate] issued
+              /// from a [CaPool][google.cloud.security.privateca.v1.CaPool].
               /// </summary>
               public sealed partial class EcKeyType : pb::IMessage<EcKeyType>
               #if !GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE
@@ -3633,8 +3757,8 @@ public sealed partial class EcKeyType : pb::IMessage<EcKeyType>
                 public const int SignatureAlgorithmFieldNumber = 1;
                 private global::Google.Cloud.Security.PrivateCA.V1.CaPool.Types.IssuancePolicy.Types.AllowedKeyType.Types.EcKeyType.Types.EcSignatureAlgorithm signatureAlgorithm_ = global::Google.Cloud.Security.PrivateCA.V1.CaPool.Types.IssuancePolicy.Types.AllowedKeyType.Types.EcKeyType.Types.EcSignatureAlgorithm.Unspecified;
                 /// <summary>
-                /// Optional. A signature algorithm that must be used. If this is omitted, any
-                /// EC-based signature algorithm will be allowed.
+                /// Optional. A signature algorithm that must be used. If this is
+                /// omitted, any EC-based signature algorithm will be allowed.
                 /// </summary>
                 [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
                 [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -3783,7 +3907,9 @@ public sealed partial class EcKeyType : pb::IMessage<EcKeyType>
                 public static partial class Types {
                   /// <summary>
                   /// Describes an elliptic curve-based signature algorithm that may be
-                  /// used in a [Certificate][google.cloud.security.privateca.v1.Certificate] issued from a [CaPool][google.cloud.security.privateca.v1.CaPool].
+                  /// used in a
+                  /// [Certificate][google.cloud.security.privateca.v1.Certificate] issued
+                  /// from a [CaPool][google.cloud.security.privateca.v1.CaPool].
                   /// </summary>
                   public enum EcSignatureAlgorithm {
                     /// <summary>
@@ -3818,9 +3944,10 @@ public enum EcSignatureAlgorithm {
           }
 
           /// <summary>
-          /// [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes] specifies the allowed ways in which
-          /// [Certificates][google.cloud.security.privateca.v1.Certificate] may be requested from this
-          /// [CaPool][google.cloud.security.privateca.v1.CaPool].
+          /// [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes]
+          /// specifies the allowed ways in which
+          /// [Certificates][google.cloud.security.privateca.v1.Certificate] may be
+          /// requested from this [CaPool][google.cloud.security.privateca.v1.CaPool].
           /// </summary>
           public sealed partial class IssuanceModes : pb::IMessage<IssuanceModes>
           #if !GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE
@@ -3871,7 +3998,8 @@ public sealed partial class IssuanceModes : pb::IMessage<IssuanceModes>
             public const int AllowCsrBasedIssuanceFieldNumber = 1;
             private bool allowCsrBasedIssuance_;
             /// <summary>
-            /// Optional. When true, allows callers to create [Certificates][google.cloud.security.privateca.v1.Certificate] by
+            /// Optional. When true, allows callers to create
+            /// [Certificates][google.cloud.security.privateca.v1.Certificate] by
             /// specifying a CSR.
             /// </summary>
             [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
@@ -3887,8 +4015,10 @@ public sealed partial class IssuanceModes : pb::IMessage<IssuanceModes>
             public const int AllowConfigBasedIssuanceFieldNumber = 2;
             private bool allowConfigBasedIssuance_;
             /// <summary>
-            /// Optional. When true, allows callers to create [Certificates][google.cloud.security.privateca.v1.Certificate] by
-            /// specifying a [CertificateConfig][google.cloud.security.privateca.v1.CertificateConfig].
+            /// Optional. When true, allows callers to create
+            /// [Certificates][google.cloud.security.privateca.v1.Certificate] by
+            /// specifying a
+            /// [CertificateConfig][google.cloud.security.privateca.v1.CertificateConfig].
             /// </summary>
             [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
             [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -4067,9 +4197,10 @@ public sealed partial class IssuanceModes : pb::IMessage<IssuanceModes>
   }
 
   /// <summary>
-  /// A [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] corresponds to a signed X.509 certificate
-  /// Revocation List (CRL). A CRL contains the serial numbers of certificates that
-  /// should no longer be trusted.
+  /// A
+  /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+  /// corresponds to a signed X.509 certificate Revocation List (CRL). A CRL
+  /// contains the serial numbers of certificates that should no longer be trusted.
   /// </summary>
   public sealed partial class CertificateRevocationList : pb::IMessage<CertificateRevocationList>
   #if !GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE
@@ -4128,9 +4259,9 @@ public sealed partial class CertificateRevocationList : pb::IMessage<Certificate
     public const int NameFieldNumber = 1;
     private string name_ = "";
     /// <summary>
-    /// Output only. The resource name for this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] in
-    /// the format
-    /// `projects/*/locations/*/caPools/*certificateAuthorities/*/
+    /// Output only. The resource name for this
+    /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+    /// in the format `projects/*/locations/*/caPools/*certificateAuthorities/*/
     ///    certificateRevocationLists/*`.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
@@ -4205,7 +4336,10 @@ public sealed partial class CertificateRevocationList : pb::IMessage<Certificate
     public const int StateFieldNumber = 6;
     private global::Google.Cloud.Security.PrivateCA.V1.CertificateRevocationList.Types.State state_ = global::Google.Cloud.Security.PrivateCA.V1.CertificateRevocationList.Types.State.Unspecified;
     /// <summary>
-    /// Output only. The [State][google.cloud.security.privateca.v1.CertificateRevocationList.State] for this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+    /// Output only. The
+    /// [State][google.cloud.security.privateca.v1.CertificateRevocationList.State]
+    /// for this
+    /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -4220,7 +4354,9 @@ public sealed partial class CertificateRevocationList : pb::IMessage<Certificate
     public const int CreateTimeFieldNumber = 7;
     private global::Google.Protobuf.WellKnownTypes.Timestamp createTime_;
     /// <summary>
-    /// Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] was created.
+    /// Output only. The time at which this
+    /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+    /// was created.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -4235,7 +4371,9 @@ public sealed partial class CertificateRevocationList : pb::IMessage<Certificate
     public const int UpdateTimeFieldNumber = 8;
     private global::Google.Protobuf.WellKnownTypes.Timestamp updateTime_;
     /// <summary>
-    /// Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] was updated.
+    /// Output only. The time at which this
+    /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+    /// was updated.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -4250,9 +4388,10 @@ public sealed partial class CertificateRevocationList : pb::IMessage<Certificate
     public const int RevisionIdFieldNumber = 9;
     private string revisionId_ = "";
     /// <summary>
-    /// Output only. The revision ID of this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]. A new revision is
-    /// committed whenever a new CRL is published. The format is an 8-character
-    /// hexadecimal string.
+    /// Output only. The revision ID of this
+    /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+    /// A new revision is committed whenever a new CRL is published. The format is
+    /// an 8-character hexadecimal string.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -4628,7 +4767,9 @@ public sealed partial class CertificateRevocationList : pb::IMessage<Certificate
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
     public static partial class Types {
       /// <summary>
-      /// The state of a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList], indicating if it is current.
+      /// The state of a
+      /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList],
+      /// indicating if it is current.
       /// </summary>
       public enum State {
         /// <summary>
@@ -4636,17 +4777,22 @@ public enum State {
         /// </summary>
         [pbr::OriginalName("STATE_UNSPECIFIED")] Unspecified = 0,
         /// <summary>
-        /// The [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] is up to date.
+        /// The
+        /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+        /// is up to date.
         /// </summary>
         [pbr::OriginalName("ACTIVE")] Active = 1,
         /// <summary>
-        /// The [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] is no longer current.
+        /// The
+        /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+        /// is no longer current.
         /// </summary>
         [pbr::OriginalName("SUPERSEDED")] Superseded = 2,
       }
 
       /// <summary>
-      /// Describes a revoked [Certificate][google.cloud.security.privateca.v1.Certificate].
+      /// Describes a revoked
+      /// [Certificate][google.cloud.security.privateca.v1.Certificate].
       /// </summary>
       public sealed partial class RevokedCertificate : pb::IMessage<RevokedCertificate>
       #if !GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE
@@ -4698,8 +4844,9 @@ public sealed partial class RevokedCertificate : pb::IMessage<RevokedCertificate
         public const int CertificateFieldNumber = 1;
         private string certificate_ = "";
         /// <summary>
-        /// The resource name for the [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
-        /// `projects/*/locations/*/caPools/*/certificates/*`.
+        /// The resource name for the
+        /// [Certificate][google.cloud.security.privateca.v1.Certificate] in the
+        /// format `projects/*/locations/*/caPools/*/certificates/*`.
         /// </summary>
         [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
         [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -4714,7 +4861,8 @@ public sealed partial class RevokedCertificate : pb::IMessage<RevokedCertificate
         public const int HexSerialNumberFieldNumber = 2;
         private string hexSerialNumber_ = "";
         /// <summary>
-        /// The serial number of the [Certificate][google.cloud.security.privateca.v1.Certificate].
+        /// The serial number of the
+        /// [Certificate][google.cloud.security.privateca.v1.Certificate].
         /// </summary>
         [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
         [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -4729,7 +4877,9 @@ public sealed partial class RevokedCertificate : pb::IMessage<RevokedCertificate
         public const int RevocationReasonFieldNumber = 3;
         private global::Google.Cloud.Security.PrivateCA.V1.RevocationReason revocationReason_ = global::Google.Cloud.Security.PrivateCA.V1.RevocationReason.Unspecified;
         /// <summary>
-        /// The reason the [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+        /// The reason the
+        /// [Certificate][google.cloud.security.privateca.v1.Certificate] was
+        /// revoked.
         /// </summary>
         [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
         [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -4927,7 +5077,8 @@ public sealed partial class RevokedCertificate : pb::IMessage<RevokedCertificate
   }
 
   /// <summary>
-  /// A [Certificate][google.cloud.security.privateca.v1.Certificate] corresponds to a signed X.509 certificate issued by a
+  /// A [Certificate][google.cloud.security.privateca.v1.Certificate] corresponds
+  /// to a signed X.509 certificate issued by a
   /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
   /// </summary>
   public sealed partial class Certificate : pb::IMessage<Certificate>
@@ -4998,7 +5149,8 @@ public sealed partial class Certificate : pb::IMessage<Certificate>
     public const int NameFieldNumber = 1;
     private string name_ = "";
     /// <summary>
-    /// Output only. The resource name for this [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+    /// Output only. The resource name for this
+    /// [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
     /// `projects/*/locations/*/caPools/*/certificates/*`.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
@@ -5028,8 +5180,8 @@ public sealed partial class Certificate : pb::IMessage<Certificate>
     /// <summary>Field number for the "config" field.</summary>
     public const int ConfigFieldNumber = 3;
     /// <summary>
-    /// Immutable. A description of the certificate and key that does not require X.509 or
-    /// ASN.1.
+    /// Immutable. A description of the certificate and key that does not require
+    /// X.509 or ASN.1.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -5045,8 +5197,9 @@ public sealed partial class Certificate : pb::IMessage<Certificate>
     public const int IssuerCertificateAuthorityFieldNumber = 4;
     private string issuerCertificateAuthority_ = "";
     /// <summary>
-    /// Output only. The resource name of the issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the format
-    /// `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+    /// Output only. The resource name of the issuing
+    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+    /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -5061,8 +5214,8 @@ public sealed partial class Certificate : pb::IMessage<Certificate>
     public const int LifetimeFieldNumber = 5;
     private global::Google.Protobuf.WellKnownTypes.Duration lifetime_;
     /// <summary>
-    /// Required. Immutable. The desired lifetime of a certificate. Used to create the
-    /// "not_before_time" and "not_after_time" fields inside an X.509
+    /// Required. Immutable. The desired lifetime of a certificate. Used to create
+    /// the "not_before_time" and "not_after_time" fields inside an X.509
     /// certificate. Note that the lifetime may be truncated if it would extend
     /// past the life of any certificate authority in the issuing chain.
     /// </summary>
@@ -5079,12 +5232,14 @@ public sealed partial class Certificate : pb::IMessage<Certificate>
     public const int CertificateTemplateFieldNumber = 6;
     private string certificateTemplate_ = "";
     /// <summary>
-    /// Immutable. The resource name for a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] used to issue this
-    /// certificate, in the format
+    /// Immutable. The resource name for a
+    /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+    /// used to issue this certificate, in the format
     /// `projects/*/locations/*/certificateTemplates/*`.
     /// If this is specified, the caller must have the necessary permission to
     /// use this template. If this is omitted, no template will be used.
-    /// This template must be in the same location as the [Certificate][google.cloud.security.privateca.v1.Certificate].
+    /// This template must be in the same location as the
+    /// [Certificate][google.cloud.security.privateca.v1.Certificate].
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -5099,8 +5254,10 @@ public sealed partial class Certificate : pb::IMessage<Certificate>
     public const int SubjectModeFieldNumber = 7;
     private global::Google.Cloud.Security.PrivateCA.V1.SubjectRequestMode subjectMode_ = global::Google.Cloud.Security.PrivateCA.V1.SubjectRequestMode.Unspecified;
     /// <summary>
-    /// Immutable. Specifies how the [Certificate][google.cloud.security.privateca.v1.Certificate]'s identity fields are to be decided.
-    /// If this is omitted, the `DEFAULT` subject mode will be used.
+    /// Immutable. Specifies how the
+    /// [Certificate][google.cloud.security.privateca.v1.Certificate]'s identity
+    /// fields are to be decided. If this is omitted, the `DEFAULT` subject mode
+    /// will be used.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -5115,8 +5272,10 @@ public sealed partial class Certificate : pb::IMessage<Certificate>
     public const int RevocationDetailsFieldNumber = 8;
     private global::Google.Cloud.Security.PrivateCA.V1.Certificate.Types.RevocationDetails revocationDetails_;
     /// <summary>
-    /// Output only. Details regarding the revocation of this [Certificate][google.cloud.security.privateca.v1.Certificate]. This
-    /// [Certificate][google.cloud.security.privateca.v1.Certificate] is considered revoked if and only if this field is present.
+    /// Output only. Details regarding the revocation of this
+    /// [Certificate][google.cloud.security.privateca.v1.Certificate]. This
+    /// [Certificate][google.cloud.security.privateca.v1.Certificate] is considered
+    /// revoked if and only if this field is present.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -5163,8 +5322,8 @@ public sealed partial class Certificate : pb::IMessage<Certificate>
         = pb::FieldCodec.ForString(90);
     private readonly pbc::RepeatedField<string> pemCertificateChain_ = new pbc::RepeatedField<string>();
     /// <summary>
-    /// Output only. The chain that may be used to verify the X.509 certificate. Expected to be
-    /// in issuer-to-root order according to RFC 5246.
+    /// Output only. The chain that may be used to verify the X.509 certificate.
+    /// Expected to be in issuer-to-root order according to RFC 5246.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -5176,7 +5335,8 @@ public sealed partial class Certificate : pb::IMessage<Certificate>
     public const int CreateTimeFieldNumber = 12;
     private global::Google.Protobuf.WellKnownTypes.Timestamp createTime_;
     /// <summary>
-    /// Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was created.
+    /// Output only. The time at which this
+    /// [Certificate][google.cloud.security.privateca.v1.Certificate] was created.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -5191,7 +5351,8 @@ public sealed partial class Certificate : pb::IMessage<Certificate>
     public const int UpdateTimeFieldNumber = 13;
     private global::Google.Protobuf.WellKnownTypes.Timestamp updateTime_;
     /// <summary>
-    /// Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was updated.
+    /// Output only. The time at which this
+    /// [Certificate][google.cloud.security.privateca.v1.Certificate] was updated.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -5729,7 +5890,8 @@ public enum CertificateConfigOneofCase {
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
     public static partial class Types {
       /// <summary>
-      /// Describes fields that are relavent to the revocation of a [Certificate][google.cloud.security.privateca.v1.Certificate].
+      /// Describes fields that are relavent to the revocation of a
+      /// [Certificate][google.cloud.security.privateca.v1.Certificate].
       /// </summary>
       public sealed partial class RevocationDetails : pb::IMessage<RevocationDetails>
       #if !GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE
@@ -5780,7 +5942,9 @@ public sealed partial class RevocationDetails : pb::IMessage<RevocationDetails>
         public const int RevocationStateFieldNumber = 1;
         private global::Google.Cloud.Security.PrivateCA.V1.RevocationReason revocationState_ = global::Google.Cloud.Security.PrivateCA.V1.RevocationReason.Unspecified;
         /// <summary>
-        /// Indicates why a [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+        /// Indicates why a
+        /// [Certificate][google.cloud.security.privateca.v1.Certificate] was
+        /// revoked.
         /// </summary>
         [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
         [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -5795,7 +5959,9 @@ public sealed partial class RevocationDetails : pb::IMessage<RevocationDetails>
         public const int RevocationTimeFieldNumber = 2;
         private global::Google.Protobuf.WellKnownTypes.Timestamp revocationTime_;
         /// <summary>
-        /// The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+        /// The time at which this
+        /// [Certificate][google.cloud.security.privateca.v1.Certificate] was
+        /// revoked.
         /// </summary>
         [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
         [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -5978,8 +6144,9 @@ public sealed partial class RevocationDetails : pb::IMessage<RevocationDetails>
   }
 
   /// <summary>
-  /// A [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] refers to a managed template for certificate
-  /// issuance.
+  /// A
+  /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+  /// refers to a managed template for certificate issuance.
   /// </summary>
   public sealed partial class CertificateTemplate : pb::IMessage<CertificateTemplate>
   #if !GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE
@@ -6036,8 +6203,9 @@ public sealed partial class CertificateTemplate : pb::IMessage<CertificateTempla
     public const int NameFieldNumber = 1;
     private string name_ = "";
     /// <summary>
-    /// Output only. The resource name for this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in the format
-    /// `projects/*/locations/*/certificateTemplates/*`.
+    /// Output only. The resource name for this
+    /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+    /// in the format `projects/*/locations/*/certificateTemplates/*`.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -6052,13 +6220,15 @@ public sealed partial class CertificateTemplate : pb::IMessage<CertificateTempla
     public const int PredefinedValuesFieldNumber = 2;
     private global::Google.Cloud.Security.PrivateCA.V1.X509Parameters predefinedValues_;
     /// <summary>
-    /// Optional. A set of X.509 values that will be applied to all issued certificates that
-    /// use this template. If the certificate request includes conflicting values
-    /// for the same properties, they will be overwritten by the values defined
-    /// here. If the issuing [CaPool][google.cloud.security.privateca.v1.CaPool]'s [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
+    /// Optional. A set of X.509 values that will be applied to all issued
+    /// certificates that use this template. If the certificate request includes
+    /// conflicting values for the same properties, they will be overwritten by the
+    /// values defined here. If the issuing
+    /// [CaPool][google.cloud.security.privateca.v1.CaPool]'s
+    /// [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
     /// defines conflicting
-    /// [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values] for the same
-    /// properties, the certificate issuance request will fail.
+    /// [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values]
+    /// for the same properties, the certificate issuance request will fail.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -6074,8 +6244,9 @@ public sealed partial class CertificateTemplate : pb::IMessage<CertificateTempla
     private global::Google.Cloud.Security.PrivateCA.V1.CertificateIdentityConstraints identityConstraints_;
     /// <summary>
     /// Optional. Describes constraints on identities that may be appear in
-    /// [Certificates][google.cloud.security.privateca.v1.Certificate] issued using this template. If this is omitted,
-    /// then this template will not add restrictions on a certificate's identity.
+    /// [Certificates][google.cloud.security.privateca.v1.Certificate] issued using
+    /// this template. If this is omitted, then this template will not add
+    /// restrictions on a certificate's identity.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -6091,15 +6262,22 @@ public sealed partial class CertificateTemplate : pb::IMessage<CertificateTempla
     private global::Google.Cloud.Security.PrivateCA.V1.CertificateExtensionConstraints passthroughExtensions_;
     /// <summary>
     /// Optional. Describes the set of X.509 extensions that may appear in a
-    /// [Certificate][google.cloud.security.privateca.v1.Certificate] issued using this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]. If a certificate
-    /// request sets extensions that don't appear in the
-    /// [passthrough_extensions][google.cloud.security.privateca.v1.CertificateTemplate.passthrough_extensions], those extensions will be dropped. If the
-    /// issuing [CaPool][google.cloud.security.privateca.v1.CaPool]'s [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy] defines
-    /// [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values] that don't appear
-    /// here, the certificate issuance request will fail. If this is omitted, then
-    /// this template will not add restrictions on a certificate's X.509
-    /// extensions. These constraints do not apply to X.509 extensions set in this
-    /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]'s [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values].
+    /// [Certificate][google.cloud.security.privateca.v1.Certificate] issued using
+    /// this
+    /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+    /// If a certificate request sets extensions that don't appear in the
+    /// [passthrough_extensions][google.cloud.security.privateca.v1.CertificateTemplate.passthrough_extensions],
+    /// those extensions will be dropped. If the issuing
+    /// [CaPool][google.cloud.security.privateca.v1.CaPool]'s
+    /// [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
+    /// defines
+    /// [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values]
+    /// that don't appear here, the certificate issuance request will fail. If this
+    /// is omitted, then this template will not add restrictions on a certificate's
+    /// X.509 extensions. These constraints do not apply to X.509 extensions set in
+    /// this
+    /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]'s
+    /// [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values].
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -6114,7 +6292,8 @@ public sealed partial class CertificateTemplate : pb::IMessage<CertificateTempla
     public const int DescriptionFieldNumber = 5;
     private string description_ = "";
     /// <summary>
-    /// Optional. A human-readable description of scenarios this template is intended for.
+    /// Optional. A human-readable description of scenarios this template is
+    /// intended for.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -6129,7 +6308,9 @@ public sealed partial class CertificateTemplate : pb::IMessage<CertificateTempla
     public const int CreateTimeFieldNumber = 6;
     private global::Google.Protobuf.WellKnownTypes.Timestamp createTime_;
     /// <summary>
-    /// Output only. The time at which this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] was created.
+    /// Output only. The time at which this
+    /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+    /// was created.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -6144,7 +6325,9 @@ public sealed partial class CertificateTemplate : pb::IMessage<CertificateTempla
     public const int UpdateTimeFieldNumber = 7;
     private global::Google.Protobuf.WellKnownTypes.Timestamp updateTime_;
     /// <summary>
-    /// Output only. The time at which this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] was updated.
+    /// Output only. The time at which this
+    /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+    /// was updated.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -6506,9 +6689,10 @@ public sealed partial class CertificateTemplate : pb::IMessage<CertificateTempla
   }
 
   /// <summary>
-  /// An [X509Parameters][google.cloud.security.privateca.v1.X509Parameters] is used to describe certain fields of an
-  /// X.509 certificate, such as the key usage fields, fields specific to CA
-  /// certificates, certificate policy extensions and custom extensions.
+  /// An [X509Parameters][google.cloud.security.privateca.v1.X509Parameters] is
+  /// used to describe certain fields of an X.509 certificate, such as the key
+  /// usage fields, fields specific to CA certificates, certificate policy
+  /// extensions and custom extensions.
   /// </summary>
   public sealed partial class X509Parameters : pb::IMessage<X509Parameters>
   #if !GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE
@@ -6548,6 +6732,7 @@ public sealed partial class X509Parameters : pb::IMessage<X509Parameters>
       caOptions_ = other.caOptions_ != null ? other.caOptions_.Clone() : null;
       policyIds_ = other.policyIds_.Clone();
       aiaOcspServers_ = other.aiaOcspServers_.Clone();
+      nameConstraints_ = other.nameConstraints_ != null ? other.nameConstraints_.Clone() : null;
       additionalExtensions_ = other.additionalExtensions_.Clone();
       _unknownFields = pb::UnknownFieldSet.Clone(other._unknownFields);
     }
@@ -6562,7 +6747,8 @@ public sealed partial class X509Parameters : pb::IMessage<X509Parameters>
     public const int KeyUsageFieldNumber = 1;
     private global::Google.Cloud.Security.PrivateCA.V1.KeyUsage keyUsage_;
     /// <summary>
-    /// Optional. Indicates the intended use for keys that correspond to a certificate.
+    /// Optional. Indicates the intended use for keys that correspond to a
+    /// certificate.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -6577,8 +6763,9 @@ public sealed partial class X509Parameters : pb::IMessage<X509Parameters>
     public const int CaOptionsFieldNumber = 2;
     private global::Google.Cloud.Security.PrivateCA.V1.X509Parameters.Types.CaOptions caOptions_;
     /// <summary>
-    /// Optional. Describes options in this [X509Parameters][google.cloud.security.privateca.v1.X509Parameters] that are relevant in a CA
-    /// certificate.
+    /// Optional. Describes options in this
+    /// [X509Parameters][google.cloud.security.privateca.v1.X509Parameters] that
+    /// are relevant in a CA certificate.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -6610,9 +6797,9 @@ public sealed partial class X509Parameters : pb::IMessage<X509Parameters>
         = pb::FieldCodec.ForString(34);
     private readonly pbc::RepeatedField<string> aiaOcspServers_ = new pbc::RepeatedField<string>();
     /// <summary>
-    /// Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses
-    /// that appear in the "Authority Information Access" extension in the
-    /// certificate.
+    /// Optional. Describes Online Certificate Status Protocol (OCSP) endpoint
+    /// addresses that appear in the "Authority Information Access" extension in
+    /// the certificate.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -6620,6 +6807,21 @@ public sealed partial class X509Parameters : pb::IMessage<X509Parameters>
       get { return aiaOcspServers_; }
     }
 
+    /// <summary>Field number for the "name_constraints" field.</summary>
+    public const int NameConstraintsFieldNumber = 6;
+    private global::Google.Cloud.Security.PrivateCA.V1.X509Parameters.Types.NameConstraints nameConstraints_;
+    /// <summary>
+    /// Optional. Describes the X.509 name constraints extension.
+    /// </summary>
+    [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
+    [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
+    public global::Google.Cloud.Security.PrivateCA.V1.X509Parameters.Types.NameConstraints NameConstraints {
+      get { return nameConstraints_; }
+      set {
+        nameConstraints_ = value;
+      }
+    }
+
     /// <summary>Field number for the "additional_extensions" field.</summary>
     public const int AdditionalExtensionsFieldNumber = 5;
     private static readonly pb::FieldCodec<global::Google.Cloud.Security.PrivateCA.V1.X509Extension> _repeated_additionalExtensions_codec
@@ -6653,6 +6855,7 @@ public sealed partial class X509Parameters : pb::IMessage<X509Parameters>
       if (!object.Equals(CaOptions, other.CaOptions)) return false;
       if(!policyIds_.Equals(other.policyIds_)) return false;
       if(!aiaOcspServers_.Equals(other.aiaOcspServers_)) return false;
+      if (!object.Equals(NameConstraints, other.NameConstraints)) return false;
       if(!additionalExtensions_.Equals(other.additionalExtensions_)) return false;
       return Equals(_unknownFields, other._unknownFields);
     }
@@ -6665,6 +6868,7 @@ public sealed partial class X509Parameters : pb::IMessage<X509Parameters>
       if (caOptions_ != null) hash ^= CaOptions.GetHashCode();
       hash ^= policyIds_.GetHashCode();
       hash ^= aiaOcspServers_.GetHashCode();
+      if (nameConstraints_ != null) hash ^= NameConstraints.GetHashCode();
       hash ^= additionalExtensions_.GetHashCode();
       if (_unknownFields != null) {
         hash ^= _unknownFields.GetHashCode();
@@ -6695,6 +6899,10 @@ public sealed partial class X509Parameters : pb::IMessage<X509Parameters>
       policyIds_.WriteTo(output, _repeated_policyIds_codec);
       aiaOcspServers_.WriteTo(output, _repeated_aiaOcspServers_codec);
       additionalExtensions_.WriteTo(output, _repeated_additionalExtensions_codec);
+      if (nameConstraints_ != null) {
+        output.WriteRawTag(50);
+        output.WriteMessage(NameConstraints);
+      }
       if (_unknownFields != null) {
         _unknownFields.WriteTo(output);
       }
@@ -6716,6 +6924,10 @@ public sealed partial class X509Parameters : pb::IMessage<X509Parameters>
       policyIds_.WriteTo(ref output, _repeated_policyIds_codec);
       aiaOcspServers_.WriteTo(ref output, _repeated_aiaOcspServers_codec);
       additionalExtensions_.WriteTo(ref output, _repeated_additionalExtensions_codec);
+      if (nameConstraints_ != null) {
+        output.WriteRawTag(50);
+        output.WriteMessage(NameConstraints);
+      }
       if (_unknownFields != null) {
         _unknownFields.WriteTo(ref output);
       }
@@ -6734,6 +6946,9 @@ public sealed partial class X509Parameters : pb::IMessage<X509Parameters>
       }
       size += policyIds_.CalculateSize(_repeated_policyIds_codec);
       size += aiaOcspServers_.CalculateSize(_repeated_aiaOcspServers_codec);
+      if (nameConstraints_ != null) {
+        size += 1 + pb::CodedOutputStream.ComputeMessageSize(NameConstraints);
+      }
       size += additionalExtensions_.CalculateSize(_repeated_additionalExtensions_codec);
       if (_unknownFields != null) {
         size += _unknownFields.CalculateSize();
@@ -6761,6 +6976,12 @@ public sealed partial class X509Parameters : pb::IMessage<X509Parameters>
       }
       policyIds_.Add(other.policyIds_);
       aiaOcspServers_.Add(other.aiaOcspServers_);
+      if (other.nameConstraints_ != null) {
+        if (nameConstraints_ == null) {
+          NameConstraints = new global::Google.Cloud.Security.PrivateCA.V1.X509Parameters.Types.NameConstraints();
+        }
+        NameConstraints.MergeFrom(other.NameConstraints);
+      }
       additionalExtensions_.Add(other.additionalExtensions_);
       _unknownFields = pb::UnknownFieldSet.MergeFrom(_unknownFields, other._unknownFields);
     }
@@ -6803,6 +7024,13 @@ public sealed partial class X509Parameters : pb::IMessage<X509Parameters>
             additionalExtensions_.AddEntriesFrom(input, _repeated_additionalExtensions_codec);
             break;
           }
+          case 50: {
+            if (nameConstraints_ == null) {
+              NameConstraints = new global::Google.Cloud.Security.PrivateCA.V1.X509Parameters.Types.NameConstraints();
+            }
+            input.ReadMessage(NameConstraints);
+            break;
+          }
         }
       }
     #endif
@@ -6844,6 +7072,13 @@ public sealed partial class X509Parameters : pb::IMessage<X509Parameters>
             additionalExtensions_.AddEntriesFrom(ref input, _repeated_additionalExtensions_codec);
             break;
           }
+          case 50: {
+            if (nameConstraints_ == null) {
+              NameConstraints = new global::Google.Cloud.Security.PrivateCA.V1.X509Parameters.Types.NameConstraints();
+            }
+            input.ReadMessage(NameConstraints);
+            break;
+          }
         }
       }
     }
@@ -6908,8 +7143,9 @@ public sealed partial class CaOptions : pb::IMessage<CaOptions>
         public const int IsCaFieldNumber = 1;
         private bool isCa_;
         /// <summary>
-        /// Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this
-        /// value is missing, the extension will be omitted from the CA certificate.
+        /// Optional. Refers to the "CA" X.509 extension, which is a boolean value.
+        /// When this value is missing, the extension will be omitted from the CA
+        /// certificate.
         /// </summary>
         [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
         [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -7123,6 +7359,458 @@ public sealed partial class CaOptions : pb::IMessage<CaOptions>
 
       }
 
+      /// <summary>
+      /// Describes the X.509 name constraints extension, per
+      /// https://tools.ietf.org/html/rfc5280#section-4.2.1.10
+      /// </summary>
+      public sealed partial class NameConstraints : pb::IMessage<NameConstraints>
+      #if !GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE
+          , pb::IBufferMessage
+      #endif
+      {
+        private static readonly pb::MessageParser<NameConstraints> _parser = new pb::MessageParser<NameConstraints>(() => new NameConstraints());
+        private pb::UnknownFieldSet _unknownFields;
+        [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
+        [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
+        public static pb::MessageParser<NameConstraints> Parser { get { return _parser; } }
+
+        [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
+        [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
+        public static pbr::MessageDescriptor Descriptor {
+          get { return global::Google.Cloud.Security.PrivateCA.V1.X509Parameters.Descriptor.NestedTypes[1]; }
+        }
+
+        [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
+        [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
+        pbr::MessageDescriptor pb::IMessage.Descriptor {
+          get { return Descriptor; }
+        }
+
+        [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
+        [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
+        public NameConstraints() {
+          OnConstruction();
+        }
+
+        partial void OnConstruction();
+
+        [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
+        [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
+        public NameConstraints(NameConstraints other) : this() {
+          critical_ = other.critical_;
+          permittedDnsNames_ = other.permittedDnsNames_.Clone();
+          excludedDnsNames_ = other.excludedDnsNames_.Clone();
+          permittedIpRanges_ = other.permittedIpRanges_.Clone();
+          excludedIpRanges_ = other.excludedIpRanges_.Clone();
+          permittedEmailAddresses_ = other.permittedEmailAddresses_.Clone();
+          excludedEmailAddresses_ = other.excludedEmailAddresses_.Clone();
+          permittedUris_ = other.permittedUris_.Clone();
+          excludedUris_ = other.excludedUris_.Clone();
+          _unknownFields = pb::UnknownFieldSet.Clone(other._unknownFields);
+        }
+
+        [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
+        [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
+        public NameConstraints Clone() {
+          return new NameConstraints(this);
+        }
+
+        /// <summary>Field number for the "critical" field.</summary>
+        public const int CriticalFieldNumber = 1;
+        private bool critical_;
+        /// <summary>
+        /// Indicates whether or not the name constraints are marked critical.
+        /// </summary>
+        [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
+        [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
+        public bool Critical {
+          get { return critical_; }
+          set {
+            critical_ = value;
+          }
+        }
+
+        /// <summary>Field number for the "permitted_dns_names" field.</summary>
+        public const int PermittedDnsNamesFieldNumber = 2;
+        private static readonly pb::FieldCodec<string> _repeated_permittedDnsNames_codec
+            = pb::FieldCodec.ForString(18);
+        private readonly pbc::RepeatedField<string> permittedDnsNames_ = new pbc::RepeatedField<string>();
+        /// <summary>
+        /// Contains permitted DNS names. Any DNS name that can be
+        /// constructed by simply adding zero or more labels to
+        /// the left-hand side of the name satisfies the name constraint.
+        /// For example, `example.com`, `www.example.com`, `www.sub.example.com`
+        /// would satisfy `example.com` while `example1.com` does not.
+        /// </summary>
+        [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
+        [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
+        public pbc::RepeatedField<string> PermittedDnsNames {
+          get { return permittedDnsNames_; }
+        }
+
+        /// <summary>Field number for the "excluded_dns_names" field.</summary>
+        public const int ExcludedDnsNamesFieldNumber = 3;
+        private static readonly pb::FieldCodec<string> _repeated_excludedDnsNames_codec
+            = pb::FieldCodec.ForString(26);
+        private readonly pbc::RepeatedField<string> excludedDnsNames_ = new pbc::RepeatedField<string>();
+        /// <summary>
+        /// Contains excluded DNS names. Any DNS name that can be
+        /// constructed by simply adding zero or more labels to
+        /// the left-hand side of the name satisfies the name constraint.
+        /// For example, `example.com`, `www.example.com`, `www.sub.example.com`
+        /// would satisfy `example.com` while `example1.com` does not.
+        /// </summary>
+        [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
+        [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
+        public pbc::RepeatedField<string> ExcludedDnsNames {
+          get { return excludedDnsNames_; }
+        }
+
+        /// <summary>Field number for the "permitted_ip_ranges" field.</summary>
+        public const int PermittedIpRangesFieldNumber = 4;
+        private static readonly pb::FieldCodec<string> _repeated_permittedIpRanges_codec
+            = pb::FieldCodec.ForString(34);
+        private readonly pbc::RepeatedField<string> permittedIpRanges_ = new pbc::RepeatedField<string>();
+        /// <summary>
+        /// Contains the permitted IP ranges. For IPv4 addresses, the ranges
+        /// are expressed using CIDR notation as specified in RFC 4632.
+        /// For IPv6 addresses, the ranges are expressed in similar encoding as IPv4
+        /// addresses.
+        /// </summary>
+        [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
+        [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
+        public pbc::RepeatedField<string> PermittedIpRanges {
+          get { return permittedIpRanges_; }
+        }
+
+        /// <summary>Field number for the "excluded_ip_ranges" field.</summary>
+        public const int ExcludedIpRangesFieldNumber = 5;
+        private static readonly pb::FieldCodec<string> _repeated_excludedIpRanges_codec
+            = pb::FieldCodec.ForString(42);
+        private readonly pbc::RepeatedField<string> excludedIpRanges_ = new pbc::RepeatedField<string>();
+        /// <summary>
+        /// Contains the excluded IP ranges. For IPv4 addresses, the ranges
+        /// are expressed using CIDR notation as specified in RFC 4632.
+        /// For IPv6 addresses, the ranges are expressed in similar encoding as IPv4
+        /// addresses.
+        /// </summary>
+        [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
+        [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
+        public pbc::RepeatedField<string> ExcludedIpRanges {
+          get { return excludedIpRanges_; }
+        }
+
+        /// <summary>Field number for the "permitted_email_addresses" field.</summary>
+        public const int PermittedEmailAddressesFieldNumber = 6;
+        private static readonly pb::FieldCodec<string> _repeated_permittedEmailAddresses_codec
+            = pb::FieldCodec.ForString(50);
+        private readonly pbc::RepeatedField<string> permittedEmailAddresses_ = new pbc::RepeatedField<string>();
+        /// <summary>
+        /// Contains the permitted email addresses. The value can be a particular
+        /// email address, a hostname to indicate all email addresses on that host or
+        /// a domain with a leading period (e.g. `.example.com`) to indicate
+        /// all email addresses in that domain.
+        /// </summary>
+        [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
+        [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
+        public pbc::RepeatedField<string> PermittedEmailAddresses {
+          get { return permittedEmailAddresses_; }
+        }
+
+        /// <summary>Field number for the "excluded_email_addresses" field.</summary>
+        public const int ExcludedEmailAddressesFieldNumber = 7;
+        private static readonly pb::FieldCodec<string> _repeated_excludedEmailAddresses_codec
+            = pb::FieldCodec.ForString(58);
+        private readonly pbc::RepeatedField<string> excludedEmailAddresses_ = new pbc::RepeatedField<string>();
+        /// <summary>
+        /// Contains the excluded email addresses. The value can be a particular
+        /// email address, a hostname to indicate all email addresses on that host or
+        /// a domain with a leading period (e.g. `.example.com`) to indicate
+        /// all email addresses in that domain.
+        /// </summary>
+        [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
+        [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
+        public pbc::RepeatedField<string> ExcludedEmailAddresses {
+          get { return excludedEmailAddresses_; }
+        }
+
+        /// <summary>Field number for the "permitted_uris" field.</summary>
+        public const int PermittedUrisFieldNumber = 8;
+        private static readonly pb::FieldCodec<string> _repeated_permittedUris_codec
+            = pb::FieldCodec.ForString(66);
+        private readonly pbc::RepeatedField<string> permittedUris_ = new pbc::RepeatedField<string>();
+        /// <summary>
+        /// Contains the permitted URIs that apply to the host part of the name.
+        /// The value can be a hostname or a domain with a
+        /// leading period (like `.example.com`)
+        /// </summary>
+        [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
+        [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
+        public pbc::RepeatedField<string> PermittedUris {
+          get { return permittedUris_; }
+        }
+
+        /// <summary>Field number for the "excluded_uris" field.</summary>
+        public const int ExcludedUrisFieldNumber = 9;
+        private static readonly pb::FieldCodec<string> _repeated_excludedUris_codec
+            = pb::FieldCodec.ForString(74);
+        private readonly pbc::RepeatedField<string> excludedUris_ = new pbc::RepeatedField<string>();
+        /// <summary>
+        /// Contains the excluded URIs that apply to the host part of the name.
+        /// The value can be a hostname or a domain with a
+        /// leading period (like `.example.com`)
+        /// </summary>
+        [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
+        [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
+        public pbc::RepeatedField<string> ExcludedUris {
+          get { return excludedUris_; }
+        }
+
+        [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
+        [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
+        public override bool Equals(object other) {
+          return Equals(other as NameConstraints);
+        }
+
+        [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
+        [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
+        public bool Equals(NameConstraints other) {
+          if (ReferenceEquals(other, null)) {
+            return false;
+          }
+          if (ReferenceEquals(other, this)) {
+            return true;
+          }
+          if (Critical != other.Critical) return false;
+          if(!permittedDnsNames_.Equals(other.permittedDnsNames_)) return false;
+          if(!excludedDnsNames_.Equals(other.excludedDnsNames_)) return false;
+          if(!permittedIpRanges_.Equals(other.permittedIpRanges_)) return false;
+          if(!excludedIpRanges_.Equals(other.excludedIpRanges_)) return false;
+          if(!permittedEmailAddresses_.Equals(other.permittedEmailAddresses_)) return false;
+          if(!excludedEmailAddresses_.Equals(other.excludedEmailAddresses_)) return false;
+          if(!permittedUris_.Equals(other.permittedUris_)) return false;
+          if(!excludedUris_.Equals(other.excludedUris_)) return false;
+          return Equals(_unknownFields, other._unknownFields);
+        }
+
+        [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
+        [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
+        public override int GetHashCode() {
+          int hash = 1;
+          if (Critical != false) hash ^= Critical.GetHashCode();
+          hash ^= permittedDnsNames_.GetHashCode();
+          hash ^= excludedDnsNames_.GetHashCode();
+          hash ^= permittedIpRanges_.GetHashCode();
+          hash ^= excludedIpRanges_.GetHashCode();
+          hash ^= permittedEmailAddresses_.GetHashCode();
+          hash ^= excludedEmailAddresses_.GetHashCode();
+          hash ^= permittedUris_.GetHashCode();
+          hash ^= excludedUris_.GetHashCode();
+          if (_unknownFields != null) {
+            hash ^= _unknownFields.GetHashCode();
+          }
+          return hash;
+        }
+
+        [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
+        [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
+        public override string ToString() {
+          return pb::JsonFormatter.ToDiagnosticString(this);
+        }
+
+        [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
+        [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
+        public void WriteTo(pb::CodedOutputStream output) {
+        #if !GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE
+          output.WriteRawMessage(this);
+        #else
+          if (Critical != false) {
+            output.WriteRawTag(8);
+            output.WriteBool(Critical);
+          }
+          permittedDnsNames_.WriteTo(output, _repeated_permittedDnsNames_codec);
+          excludedDnsNames_.WriteTo(output, _repeated_excludedDnsNames_codec);
+          permittedIpRanges_.WriteTo(output, _repeated_permittedIpRanges_codec);
+          excludedIpRanges_.WriteTo(output, _repeated_excludedIpRanges_codec);
+          permittedEmailAddresses_.WriteTo(output, _repeated_permittedEmailAddresses_codec);
+          excludedEmailAddresses_.WriteTo(output, _repeated_excludedEmailAddresses_codec);
+          permittedUris_.WriteTo(output, _repeated_permittedUris_codec);
+          excludedUris_.WriteTo(output, _repeated_excludedUris_codec);
+          if (_unknownFields != null) {
+            _unknownFields.WriteTo(output);
+          }
+        #endif
+        }
+
+        #if !GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE
+        [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
+        [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
+        void pb::IBufferMessage.InternalWriteTo(ref pb::WriteContext output) {
+          if (Critical != false) {
+            output.WriteRawTag(8);
+            output.WriteBool(Critical);
+          }
+          permittedDnsNames_.WriteTo(ref output, _repeated_permittedDnsNames_codec);
+          excludedDnsNames_.WriteTo(ref output, _repeated_excludedDnsNames_codec);
+          permittedIpRanges_.WriteTo(ref output, _repeated_permittedIpRanges_codec);
+          excludedIpRanges_.WriteTo(ref output, _repeated_excludedIpRanges_codec);
+          permittedEmailAddresses_.WriteTo(ref output, _repeated_permittedEmailAddresses_codec);
+          excludedEmailAddresses_.WriteTo(ref output, _repeated_excludedEmailAddresses_codec);
+          permittedUris_.WriteTo(ref output, _repeated_permittedUris_codec);
+          excludedUris_.WriteTo(ref output, _repeated_excludedUris_codec);
+          if (_unknownFields != null) {
+            _unknownFields.WriteTo(ref output);
+          }
+        }
+        #endif
+
+        [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
+        [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
+        public int CalculateSize() {
+          int size = 0;
+          if (Critical != false) {
+            size += 1 + 1;
+          }
+          size += permittedDnsNames_.CalculateSize(_repeated_permittedDnsNames_codec);
+          size += excludedDnsNames_.CalculateSize(_repeated_excludedDnsNames_codec);
+          size += permittedIpRanges_.CalculateSize(_repeated_permittedIpRanges_codec);
+          size += excludedIpRanges_.CalculateSize(_repeated_excludedIpRanges_codec);
+          size += permittedEmailAddresses_.CalculateSize(_repeated_permittedEmailAddresses_codec);
+          size += excludedEmailAddresses_.CalculateSize(_repeated_excludedEmailAddresses_codec);
+          size += permittedUris_.CalculateSize(_repeated_permittedUris_codec);
+          size += excludedUris_.CalculateSize(_repeated_excludedUris_codec);
+          if (_unknownFields != null) {
+            size += _unknownFields.CalculateSize();
+          }
+          return size;
+        }
+
+        [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
+        [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
+        public void MergeFrom(NameConstraints other) {
+          if (other == null) {
+            return;
+          }
+          if (other.Critical != false) {
+            Critical = other.Critical;
+          }
+          permittedDnsNames_.Add(other.permittedDnsNames_);
+          excludedDnsNames_.Add(other.excludedDnsNames_);
+          permittedIpRanges_.Add(other.permittedIpRanges_);
+          excludedIpRanges_.Add(other.excludedIpRanges_);
+          permittedEmailAddresses_.Add(other.permittedEmailAddresses_);
+          excludedEmailAddresses_.Add(other.excludedEmailAddresses_);
+          permittedUris_.Add(other.permittedUris_);
+          excludedUris_.Add(other.excludedUris_);
+          _unknownFields = pb::UnknownFieldSet.MergeFrom(_unknownFields, other._unknownFields);
+        }
+
+        [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
+        [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
+        public void MergeFrom(pb::CodedInputStream input) {
+        #if !GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE
+          input.ReadRawMessage(this);
+        #else
+          uint tag;
+          while ((tag = input.ReadTag()) != 0) {
+            switch(tag) {
+              default:
+                _unknownFields = pb::UnknownFieldSet.MergeFieldFrom(_unknownFields, input);
+                break;
+              case 8: {
+                Critical = input.ReadBool();
+                break;
+              }
+              case 18: {
+                permittedDnsNames_.AddEntriesFrom(input, _repeated_permittedDnsNames_codec);
+                break;
+              }
+              case 26: {
+                excludedDnsNames_.AddEntriesFrom(input, _repeated_excludedDnsNames_codec);
+                break;
+              }
+              case 34: {
+                permittedIpRanges_.AddEntriesFrom(input, _repeated_permittedIpRanges_codec);
+                break;
+              }
+              case 42: {
+                excludedIpRanges_.AddEntriesFrom(input, _repeated_excludedIpRanges_codec);
+                break;
+              }
+              case 50: {
+                permittedEmailAddresses_.AddEntriesFrom(input, _repeated_permittedEmailAddresses_codec);
+                break;
+              }
+              case 58: {
+                excludedEmailAddresses_.AddEntriesFrom(input, _repeated_excludedEmailAddresses_codec);
+                break;
+              }
+              case 66: {
+                permittedUris_.AddEntriesFrom(input, _repeated_permittedUris_codec);
+                break;
+              }
+              case 74: {
+                excludedUris_.AddEntriesFrom(input, _repeated_excludedUris_codec);
+                break;
+              }
+            }
+          }
+        #endif
+        }
+
+        #if !GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE
+        [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
+        [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
+        void pb::IBufferMessage.InternalMergeFrom(ref pb::ParseContext input) {
+          uint tag;
+          while ((tag = input.ReadTag()) != 0) {
+            switch(tag) {
+              default:
+                _unknownFields = pb::UnknownFieldSet.MergeFieldFrom(_unknownFields, ref input);
+                break;
+              case 8: {
+                Critical = input.ReadBool();
+                break;
+              }
+              case 18: {
+                permittedDnsNames_.AddEntriesFrom(ref input, _repeated_permittedDnsNames_codec);
+                break;
+              }
+              case 26: {
+                excludedDnsNames_.AddEntriesFrom(ref input, _repeated_excludedDnsNames_codec);
+                break;
+              }
+              case 34: {
+                permittedIpRanges_.AddEntriesFrom(ref input, _repeated_permittedIpRanges_codec);
+                break;
+              }
+              case 42: {
+                excludedIpRanges_.AddEntriesFrom(ref input, _repeated_excludedIpRanges_codec);
+                break;
+              }
+              case 50: {
+                permittedEmailAddresses_.AddEntriesFrom(ref input, _repeated_permittedEmailAddresses_codec);
+                break;
+              }
+              case 58: {
+                excludedEmailAddresses_.AddEntriesFrom(ref input, _repeated_excludedEmailAddresses_codec);
+                break;
+              }
+              case 66: {
+                permittedUris_.AddEntriesFrom(ref input, _repeated_permittedUris_codec);
+                break;
+              }
+              case 74: {
+                excludedUris_.AddEntriesFrom(ref input, _repeated_excludedUris_codec);
+                break;
+              }
+            }
+          }
+        }
+        #endif
+
+      }
+
     }
     #endregion
 
@@ -7130,7 +7818,9 @@ public sealed partial class CaOptions : pb::IMessage<CaOptions>
 
   /// <summary>
   /// Describes a subordinate CA's issuers. This is either a resource name to a
-  /// known issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], or a PEM issuer certificate chain.
+  /// known issuing
+  /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority],
+  /// or a PEM issuer certificate chain.
   /// </summary>
   public sealed partial class SubordinateConfig : pb::IMessage<SubordinateConfig>
   #if !GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE
@@ -7187,9 +7877,12 @@ public sealed partial class SubordinateConfig : pb::IMessage<SubordinateConfig>
     /// <summary>Field number for the "certificate_authority" field.</summary>
     public const int CertificateAuthorityFieldNumber = 1;
     /// <summary>
-    /// Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that was used to create a
-    /// subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field is used for information
-    /// and usability purposes only. The resource name is in the format
+    /// Required. This can refer to a
+    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+    /// that was used to create a subordinate
+    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+    /// This field is used for information and usability purposes only. The
+    /// resource name is in the format
     /// `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
@@ -7206,7 +7899,8 @@ public sealed partial class SubordinateConfig : pb::IMessage<SubordinateConfig>
     public const int PemIssuerChainFieldNumber = 2;
     /// <summary>
     /// Required. Contains the PEM certificate chain for the issuers of this
-    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], but not pem certificate for this CA itself.
+    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority],
+    /// but not pem certificate for this CA itself.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -7608,7 +8302,8 @@ public sealed partial class SubordinateConfigChain : pb::IMessage<SubordinateCon
   }
 
   /// <summary>
-  /// A [PublicKey][google.cloud.security.privateca.v1.PublicKey] describes a public key.
+  /// A [PublicKey][google.cloud.security.privateca.v1.PublicKey] describes a
+  /// public key.
   /// </summary>
   public sealed partial class PublicKey : pb::IMessage<PublicKey>
   #if !GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE
@@ -7879,8 +8574,9 @@ public enum KeyFormat {
   }
 
   /// <summary>
-  /// A [CertificateConfig][google.cloud.security.privateca.v1.CertificateConfig] describes an X.509 certificate or CSR that is to be
-  /// created, as an alternative to using ASN.1.
+  /// A [CertificateConfig][google.cloud.security.privateca.v1.CertificateConfig]
+  /// describes an X.509 certificate or CSR that is to be created, as an
+  /// alternative to using ASN.1.
   /// </summary>
   public sealed partial class CertificateConfig : pb::IMessage<CertificateConfig>
   #if !GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE
@@ -7932,8 +8628,8 @@ public sealed partial class CertificateConfig : pb::IMessage<CertificateConfig>
     public const int SubjectConfigFieldNumber = 1;
     private global::Google.Cloud.Security.PrivateCA.V1.CertificateConfig.Types.SubjectConfig subjectConfig_;
     /// <summary>
-    /// Required. Specifies some of the values in a certificate that are related to the
-    /// subject.
+    /// Required. Specifies some of the values in a certificate that are related to
+    /// the subject.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -7948,8 +8644,8 @@ public sealed partial class CertificateConfig : pb::IMessage<CertificateConfig>
     public const int X509ConfigFieldNumber = 2;
     private global::Google.Cloud.Security.PrivateCA.V1.X509Parameters x509Config_;
     /// <summary>
-    /// Required. Describes how some of the technical X.509 fields in a certificate should be
-    /// populated.
+    /// Required. Describes how some of the technical X.509 fields in a certificate
+    /// should be populated.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -7964,9 +8660,14 @@ public sealed partial class CertificateConfig : pb::IMessage<CertificateConfig>
     public const int PublicKeyFieldNumber = 3;
     private global::Google.Cloud.Security.PrivateCA.V1.PublicKey publicKey_;
     /// <summary>
-    /// Optional. The public key that corresponds to this config. This is, for example, used
-    /// when issuing [Certificates][google.cloud.security.privateca.v1.Certificate], but not when creating a
-    /// self-signed [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] or [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] CSR.
+    /// Optional. The public key that corresponds to this config. This is, for
+    /// example, used when issuing
+    /// [Certificates][google.cloud.security.privateca.v1.Certificate], but not
+    /// when creating a self-signed
+    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+    /// or
+    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+    /// CSR.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -8241,8 +8942,8 @@ public sealed partial class SubjectConfig : pb::IMessage<SubjectConfig>
         public const int SubjectFieldNumber = 1;
         private global::Google.Cloud.Security.PrivateCA.V1.Subject subject_;
         /// <summary>
-        /// Required. Contains distinguished name fields such as the common name, location and
-        /// organization.
+        /// Required. Contains distinguished name fields such as the common name,
+        /// location and organization.
         /// </summary>
         [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
         [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -8449,8 +9150,10 @@ public sealed partial class SubjectConfig : pb::IMessage<SubjectConfig>
   }
 
   /// <summary>
-  /// A [CertificateDescription][google.cloud.security.privateca.v1.CertificateDescription] describes an X.509 certificate or CSR that has
-  /// been issued, as an alternative to using ASN.1 / X.509.
+  /// A
+  /// [CertificateDescription][google.cloud.security.privateca.v1.CertificateDescription]
+  /// describes an X.509 certificate or CSR that has been issued, as an alternative
+  /// to using ASN.1 / X.509.
   /// </summary>
   public sealed partial class CertificateDescription : pb::IMessage<CertificateDescription>
   #if !GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE
@@ -9462,8 +10165,8 @@ public sealed partial class KeyId : pb::IMessage<KeyId>
         public const int KeyId_FieldNumber = 1;
         private string keyId_ = "";
         /// <summary>
-        /// Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most
-        /// likely the 160 bit SHA-1 hash of the public key.
+        /// Optional. The value of this KeyId encoded in lowercase hexadecimal. This
+        /// is most likely the 160 bit SHA-1 hash of the public key.
         /// </summary>
         [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
         [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -9808,8 +10511,9 @@ public sealed partial class CertificateFingerprint : pb::IMessage<CertificateFin
   }
 
   /// <summary>
-  /// An [ObjectId][google.cloud.security.privateca.v1.ObjectId] specifies an object identifier (OID). These provide context
-  /// and describe types in ASN.1 messages.
+  /// An [ObjectId][google.cloud.security.privateca.v1.ObjectId] specifies an
+  /// object identifier (OID). These provide context and describe types in ASN.1
+  /// messages.
   /// </summary>
   public sealed partial class ObjectId : pb::IMessage<ObjectId>
   #if !GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE
@@ -9861,8 +10565,8 @@ public sealed partial class ObjectId : pb::IMessage<ObjectId>
         = pb::FieldCodec.ForInt32(10);
     private readonly pbc::RepeatedField<int> objectIdPath_ = new pbc::RepeatedField<int>();
     /// <summary>
-    /// Required. The parts of an OID path. The most significant parts of the path come
-    /// first.
+    /// Required. The parts of an OID path. The most significant parts of the path
+    /// come first.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -9996,8 +10700,9 @@ public sealed partial class ObjectId : pb::IMessage<ObjectId>
   }
 
   /// <summary>
-  /// An [X509Extension][google.cloud.security.privateca.v1.X509Extension] specifies an X.509 extension, which may be used in
-  /// different parts of X.509 objects like certificates, CSRs, and CRLs.
+  /// An [X509Extension][google.cloud.security.privateca.v1.X509Extension]
+  /// specifies an X.509 extension, which may be used in different parts of X.509
+  /// objects like certificates, CSRs, and CRLs.
   /// </summary>
   public sealed partial class X509Extension : pb::IMessage<X509Extension>
   #if !GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE
@@ -10064,9 +10769,9 @@ public sealed partial class X509Extension : pb::IMessage<X509Extension>
     public const int CriticalFieldNumber = 2;
     private bool critical_;
     /// <summary>
-    /// Optional. Indicates whether or not this extension is critical (i.e., if the client
-    /// does not know how to handle this extension, the client should consider this
-    /// to be an error).
+    /// Optional. Indicates whether or not this extension is critical (i.e., if the
+    /// client does not know how to handle this extension, the client should
+    /// consider this to be an error).
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -10283,8 +10988,8 @@ public sealed partial class X509Extension : pb::IMessage<X509Extension>
   }
 
   /// <summary>
-  /// A [KeyUsage][google.cloud.security.privateca.v1.KeyUsage] describes key usage values that may appear in an X.509
-  /// certificate.
+  /// A [KeyUsage][google.cloud.security.privateca.v1.KeyUsage] describes key usage
+  /// values that may appear in an X.509 certificate.
   /// </summary>
   public sealed partial class KeyUsage : pb::IMessage<KeyUsage>
   #if !GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE
@@ -10369,7 +11074,8 @@ public sealed partial class KeyUsage : pb::IMessage<KeyUsage>
     private readonly pbc::RepeatedField<global::Google.Cloud.Security.PrivateCA.V1.ObjectId> unknownExtendedKeyUsages_ = new pbc::RepeatedField<global::Google.Cloud.Security.PrivateCA.V1.ObjectId>();
     /// <summary>
     /// Used to describe extended key usages that are not listed in the
-    /// [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions] message.
+    /// [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions]
+    /// message.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -10570,8 +11276,9 @@ public sealed partial class KeyUsage : pb::IMessage<KeyUsage>
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
     public static partial class Types {
       /// <summary>
-      /// [KeyUsage.KeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions] corresponds to the key usage values
-      /// described in https://tools.ietf.org/html/rfc5280#section-4.2.1.3.
+      /// [KeyUsage.KeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions]
+      /// corresponds to the key usage values described in
+      /// https://tools.ietf.org/html/rfc5280#section-4.2.1.3.
       /// </summary>
       public sealed partial class KeyUsageOptions : pb::IMessage<KeyUsageOptions>
       #if !GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE
@@ -11087,8 +11794,9 @@ public sealed partial class KeyUsageOptions : pb::IMessage<KeyUsageOptions>
       }
 
       /// <summary>
-      /// [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions] has fields that correspond to
-      /// certain common OIDs that could be specified as an extended key usage value.
+      /// [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions]
+      /// has fields that correspond to certain common OIDs that could be specified
+      /// as an extended key usage value.
       /// </summary>
       public sealed partial class ExtendedKeyUsageOptions : pb::IMessage<ExtendedKeyUsageOptions>
       #if !GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE
@@ -11494,8 +12202,8 @@ public sealed partial class ExtendedKeyUsageOptions : pb::IMessage<ExtendedKeyUs
   }
 
   /// <summary>
-  /// [Subject][google.cloud.security.privateca.v1.Subject] describes parts of a distinguished name that, in turn,
-  /// describes the subject of the certificate.
+  /// [Subject][google.cloud.security.privateca.v1.Subject] describes parts of a
+  /// distinguished name that, in turn, describes the subject of the certificate.
   /// </summary>
   public sealed partial class Subject : pb::IMessage<Subject>
   #if !GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE
@@ -11970,9 +12678,10 @@ public sealed partial class Subject : pb::IMessage<Subject>
   }
 
   /// <summary>
-  /// [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] corresponds to a more modern way of listing what
-  /// the asserted identity is in a certificate (i.e., compared to the "common
-  /// name" in the distinguished name).
+  /// [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames]
+  /// corresponds to a more modern way of listing what the asserted identity is in
+  /// a certificate (i.e., compared to the "common name" in the distinguished
+  /// name).
   /// </summary>
   public sealed partial class SubjectAltNames : pb::IMessage<SubjectAltNames>
   #if !GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE
@@ -12274,7 +12983,9 @@ public sealed partial class SubjectAltNames : pb::IMessage<SubjectAltNames>
   }
 
   /// <summary>
-  /// Describes constraints on a [Certificate][google.cloud.security.privateca.v1.Certificate]'s [Subject][google.cloud.security.privateca.v1.Subject] and
+  /// Describes constraints on a
+  /// [Certificate][google.cloud.security.privateca.v1.Certificate]'s
+  /// [Subject][google.cloud.security.privateca.v1.Subject] and
   /// [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames].
   /// </summary>
   public sealed partial class CertificateIdentityConstraints : pb::IMessage<CertificateIdentityConstraints>
@@ -12329,9 +13040,9 @@ public sealed partial class CertificateIdentityConstraints : pb::IMessage<Certif
     public const int CelExpressionFieldNumber = 1;
     private global::Google.Type.Expr celExpression_;
     /// <summary>
-    /// Optional. A CEL expression that may be used to validate the resolved X.509 Subject
-    /// and/or Subject Alternative Name before a certificate is signed.
-    /// To see the full allowed syntax and some examples, see
+    /// Optional. A CEL expression that may be used to validate the resolved X.509
+    /// Subject and/or Subject Alternative Name before a certificate is signed. To
+    /// see the full allowed syntax and some examples, see
     /// https://cloud.google.com/certificate-authority-service/docs/using-cel
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
@@ -12347,9 +13058,11 @@ public sealed partial class CertificateIdentityConstraints : pb::IMessage<Certif
     public const int AllowSubjectPassthroughFieldNumber = 2;
     private bool allowSubjectPassthrough_;
     /// <summary>
-    /// Required. If this is true, the [Subject][google.cloud.security.privateca.v1.Subject] field may be copied from a certificate
-    /// request into the signed certificate. Otherwise, the requested [Subject][google.cloud.security.privateca.v1.Subject]
-    /// will be discarded.
+    /// Required. If this is true, the
+    /// [Subject][google.cloud.security.privateca.v1.Subject] field may be copied
+    /// from a certificate request into the signed certificate. Otherwise, the
+    /// requested [Subject][google.cloud.security.privateca.v1.Subject] will be
+    /// discarded.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -12377,9 +13090,12 @@ public sealed partial class CertificateIdentityConstraints : pb::IMessage<Certif
     public const int AllowSubjectAltNamesPassthroughFieldNumber = 3;
     private bool allowSubjectAltNamesPassthrough_;
     /// <summary>
-    /// Required. If this is true, the [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] extension may be copied from a
-    /// certificate request into the signed certificate. Otherwise, the requested
-    /// [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] will be discarded.
+    /// Required. If this is true, the
+    /// [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames]
+    /// extension may be copied from a certificate request into the signed
+    /// certificate. Otherwise, the requested
+    /// [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] will
+    /// be discarded.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -12649,7 +13365,8 @@ public sealed partial class CertificateExtensionConstraints : pb::IMessage<Certi
     private readonly pbc::RepeatedField<global::Google.Cloud.Security.PrivateCA.V1.CertificateExtensionConstraints.Types.KnownCertificateExtension> knownExtensions_ = new pbc::RepeatedField<global::Google.Cloud.Security.PrivateCA.V1.CertificateExtensionConstraints.Types.KnownCertificateExtension>();
     /// <summary>
     /// Optional. A set of named X.509 extensions. Will be combined with
-    /// [additional_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.additional_extensions] to determine the full set of X.509 extensions.
+    /// [additional_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.additional_extensions]
+    /// to determine the full set of X.509 extensions.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -12663,9 +13380,10 @@ public sealed partial class CertificateExtensionConstraints : pb::IMessage<Certi
         = pb::FieldCodec.ForMessage(18, global::Google.Cloud.Security.PrivateCA.V1.ObjectId.Parser);
     private readonly pbc::RepeatedField<global::Google.Cloud.Security.PrivateCA.V1.ObjectId> additionalExtensions_ = new pbc::RepeatedField<global::Google.Cloud.Security.PrivateCA.V1.ObjectId>();
     /// <summary>
-    /// Optional. A set of [ObjectIds][google.cloud.security.privateca.v1.ObjectId] identifying custom X.509 extensions.
-    /// Will be combined with [known_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions] to determine the full set of
-    /// X.509 extensions.
+    /// Optional. A set of [ObjectIds][google.cloud.security.privateca.v1.ObjectId]
+    /// identifying custom X.509 extensions. Will be combined with
+    /// [known_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions]
+    /// to determine the full set of X.509 extensions.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -12816,8 +13534,11 @@ public sealed partial class CertificateExtensionConstraints : pb::IMessage<Certi
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
     public static partial class Types {
       /// <summary>
-      /// Describes well-known X.509 extensions that can appear in a [Certificate][google.cloud.security.privateca.v1.Certificate],
-      /// not including the [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] extension.
+      /// Describes well-known X.509 extensions that can appear in a
+      /// [Certificate][google.cloud.security.privateca.v1.Certificate], not
+      /// including the
+      /// [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames]
+      /// extension.
       /// </summary>
       public enum KnownCertificateExtension {
         /// <summary>
@@ -12827,28 +13548,36 @@ public enum KnownCertificateExtension {
         /// <summary>
         /// Refers to a certificate's Key Usage extension, as described in [RFC 5280
         /// section 4.2.1.3](https://tools.ietf.org/html/rfc5280#section-4.2.1.3).
-        /// This corresponds to the [KeyUsage.base_key_usage][google.cloud.security.privateca.v1.KeyUsage.base_key_usage] field.
+        /// This corresponds to the
+        /// [KeyUsage.base_key_usage][google.cloud.security.privateca.v1.KeyUsage.base_key_usage]
+        /// field.
         /// </summary>
         [pbr::OriginalName("BASE_KEY_USAGE")] BaseKeyUsage = 1,
         /// <summary>
         /// Refers to a certificate's Extended Key Usage extension, as described in
         /// [RFC 5280
         /// section 4.2.1.12](https://tools.ietf.org/html/rfc5280#section-4.2.1.12).
-        /// This corresponds to the [KeyUsage.extended_key_usage][google.cloud.security.privateca.v1.KeyUsage.extended_key_usage] message.
+        /// This corresponds to the
+        /// [KeyUsage.extended_key_usage][google.cloud.security.privateca.v1.KeyUsage.extended_key_usage]
+        /// message.
         /// </summary>
         [pbr::OriginalName("EXTENDED_KEY_USAGE")] ExtendedKeyUsage = 2,
         /// <summary>
         /// Refers to a certificate's Basic Constraints extension, as described in
         /// [RFC 5280
         /// section 4.2.1.9](https://tools.ietf.org/html/rfc5280#section-4.2.1.9).
-        /// This corresponds to the [X509Parameters.ca_options][google.cloud.security.privateca.v1.X509Parameters.ca_options] field.
+        /// This corresponds to the
+        /// [X509Parameters.ca_options][google.cloud.security.privateca.v1.X509Parameters.ca_options]
+        /// field.
         /// </summary>
         [pbr::OriginalName("CA_OPTIONS")] CaOptions = 3,
         /// <summary>
         /// Refers to a certificate's Policy object identifiers, as described in
         /// [RFC 5280
         /// section 4.2.1.4](https://tools.ietf.org/html/rfc5280#section-4.2.1.4).
-        /// This corresponds to the [X509Parameters.policy_ids][google.cloud.security.privateca.v1.X509Parameters.policy_ids] field.
+        /// This corresponds to the
+        /// [X509Parameters.policy_ids][google.cloud.security.privateca.v1.X509Parameters.policy_ids]
+        /// field.
         /// </summary>
         [pbr::OriginalName("POLICY_IDS")] PolicyIds = 4,
         /// <summary>
@@ -12856,9 +13585,17 @@ public enum KnownCertificateExtension {
         /// extension, as described in
         /// [RFC 5280
         /// section 4.2.2.1](https://tools.ietf.org/html/rfc5280#section-4.2.2.1),
-        /// This corresponds to the [X509Parameters.aia_ocsp_servers][google.cloud.security.privateca.v1.X509Parameters.aia_ocsp_servers] field.
+        /// This corresponds to the
+        /// [X509Parameters.aia_ocsp_servers][google.cloud.security.privateca.v1.X509Parameters.aia_ocsp_servers]
+        /// field.
         /// </summary>
         [pbr::OriginalName("AIA_OCSP_SERVERS")] AiaOcspServers = 5,
+        /// <summary>
+        /// Refers to Name Constraints extension as described in
+        /// [RFC 5280
+        /// section 4.2.1.10](https://tools.ietf.org/html/rfc5280#section-4.2.1.10)
+        /// </summary>
+        [pbr::OriginalName("NAME_CONSTRAINTS")] NameConstraints = 6,
       }
 
     }
diff --git a/apis/Google.Cloud.Security.PrivateCA.V1/Google.Cloud.Security.PrivateCA.V1/Service.g.cs b/apis/Google.Cloud.Security.PrivateCA.V1/Google.Cloud.Security.PrivateCA.V1/Service.g.cs
index 81df09ac32a0..ed194ffb592f 100644
--- a/apis/Google.Cloud.Security.PrivateCA.V1/Google.Cloud.Security.PrivateCA.V1/Service.g.cs
+++ b/apis/Google.Cloud.Security.PrivateCA.V1/Google.Cloud.Security.PrivateCA.V1/Service.g.cs
@@ -393,7 +393,8 @@ public static partial class ServiceReflection {
   }
   #region Messages
   /// <summary>
-  /// Request message for [CertificateAuthorityService.CreateCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCertificate].
+  /// Request message for
+  /// [CertificateAuthorityService.CreateCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCertificate].
   /// </summary>
   public sealed partial class CreateCertificateRequest : pb::IMessage<CreateCertificateRequest>
   #if !GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE
@@ -448,8 +449,10 @@ public sealed partial class CreateCertificateRequest : pb::IMessage<CreateCertif
     public const int ParentFieldNumber = 1;
     private string parent_ = "";
     /// <summary>
-    /// Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the [Certificate][google.cloud.security.privateca.v1.Certificate],
-    /// in the format `projects/*/locations/*/caPools/*`.
+    /// Required. The resource name of the
+    /// [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+    /// [Certificate][google.cloud.security.privateca.v1.Certificate], in the
+    /// format `projects/*/locations/*/caPools/*`.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -466,8 +469,9 @@ public sealed partial class CreateCertificateRequest : pb::IMessage<CreateCertif
     /// <summary>
     /// Optional. It must be unique within a location and match the regular
     /// expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a
-    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the Enterprise [CertificateAuthority.Tier][],
-    /// but is optional and its value is ignored otherwise.
+    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+    /// in the Enterprise [CertificateAuthority.Tier][], but is optional and its
+    /// value is ignored otherwise.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -482,7 +486,8 @@ public sealed partial class CreateCertificateRequest : pb::IMessage<CreateCertif
     public const int CertificateFieldNumber = 3;
     private global::Google.Cloud.Security.PrivateCA.V1.Certificate certificate_;
     /// <summary>
-    /// Required. A [Certificate][google.cloud.security.privateca.v1.Certificate] with initial field values.
+    /// Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
+    /// with initial field values.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -497,10 +502,10 @@ public sealed partial class CreateCertificateRequest : pb::IMessage<CreateCertif
     public const int RequestIdFieldNumber = 4;
     private string requestId_ = "";
     /// <summary>
-    /// Optional. An ID to identify requests. Specify a unique request ID so that if you must
-    /// retry your request, the server will know to ignore the request if it has
-    /// already been completed. The server will guarantee that for at least 60
-    /// minutes since the first request.
+    /// Optional. An ID to identify requests. Specify a unique request ID so that
+    /// if you must retry your request, the server will know to ignore the request
+    /// if it has already been completed. The server will guarantee that for at
+    /// least 60 minutes since the first request.
     ///
     /// For example, consider a situation where you make an initial request and the
     /// request times out. If you make the request again with the same request ID,
@@ -524,9 +529,15 @@ public sealed partial class CreateCertificateRequest : pb::IMessage<CreateCertif
     public const int ValidateOnlyFieldNumber = 5;
     private bool validateOnly_;
     /// <summary>
-    /// Optional. If this is true, no [Certificate][google.cloud.security.privateca.v1.Certificate] resource will be persisted regardless
-    /// of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s [tier][google.cloud.security.privateca.v1.CaPool.tier], and the returned [Certificate][google.cloud.security.privateca.v1.Certificate]
-    /// will not contain the [pem_certificate][google.cloud.security.privateca.v1.Certificate.pem_certificate] field.
+    /// Optional. If this is true, no
+    /// [Certificate][google.cloud.security.privateca.v1.Certificate] resource will
+    /// be persisted regardless of the
+    /// [CaPool][google.cloud.security.privateca.v1.CaPool]'s
+    /// [tier][google.cloud.security.privateca.v1.CaPool.tier], and the returned
+    /// [Certificate][google.cloud.security.privateca.v1.Certificate] will not
+    /// contain the
+    /// [pem_certificate][google.cloud.security.privateca.v1.Certificate.pem_certificate]
+    /// field.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -541,17 +552,24 @@ public sealed partial class CreateCertificateRequest : pb::IMessage<CreateCertif
     public const int IssuingCertificateAuthorityIdFieldNumber = 6;
     private string issuingCertificateAuthorityId_ = "";
     /// <summary>
-    /// Optional. The resource ID of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that should issue the
-    /// certificate.  This optional field will ignore the load-balancing scheme of
-    /// the Pool and directly issue the certificate from the CA with the specified
-    /// ID, contained in the same [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`. Per-CA quota
-    /// rules apply. If left empty, a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will be chosen from
-    /// the [CaPool][google.cloud.security.privateca.v1.CaPool] by the service. For example, to issue a [Certificate][google.cloud.security.privateca.v1.Certificate] from
-    /// a Certificate Authority with resource name
+    /// Optional. The resource ID of the
+    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+    /// that should issue the certificate.  This optional field will ignore the
+    /// load-balancing scheme of the Pool and directly issue the certificate from
+    /// the CA with the specified ID, contained in the same
+    /// [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`.
+    /// Per-CA quota rules apply. If left empty, a
+    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+    /// will be chosen from the [CaPool][google.cloud.security.privateca.v1.CaPool]
+    /// by the service. For example, to issue a
+    /// [Certificate][google.cloud.security.privateca.v1.Certificate] from a
+    /// Certificate Authority with resource name
     /// "projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca",
-    /// you can set the [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent] to
-    /// "projects/my-project/locations/us-central1/caPools/my-pool" and the
-    /// [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id] to "my-ca".
+    /// you can set the
+    /// [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent]
+    /// to "projects/my-project/locations/us-central1/caPools/my-pool" and the
+    /// [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id]
+    /// to "my-ca".
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -876,7 +894,9 @@ public sealed partial class GetCertificateRequest : pb::IMessage<GetCertificateR
     public const int NameFieldNumber = 1;
     private string name_ = "";
     /// <summary>
-    /// Required. The [name][google.cloud.security.privateca.v1.Certificate.name] of the [Certificate][google.cloud.security.privateca.v1.Certificate] to get.
+    /// Required. The [name][google.cloud.security.privateca.v1.Certificate.name]
+    /// of the [Certificate][google.cloud.security.privateca.v1.Certificate] to
+    /// get.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -1021,7 +1041,8 @@ public sealed partial class GetCertificateRequest : pb::IMessage<GetCertificateR
   }
 
   /// <summary>
-  /// Request message for [CertificateAuthorityService.ListCertificates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificates].
+  /// Request message for
+  /// [CertificateAuthorityService.ListCertificates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificates].
   /// </summary>
   public sealed partial class ListCertificatesRequest : pb::IMessage<ListCertificatesRequest>
   #if !GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE
@@ -1076,8 +1097,8 @@ public sealed partial class ListCertificatesRequest : pb::IMessage<ListCertifica
     private string parent_ = "";
     /// <summary>
     /// Required. The resource name of the location associated with the
-    /// [Certificates][google.cloud.security.privateca.v1.Certificate], in the format
-    /// `projects/*/locations/*/caPools/*`.
+    /// [Certificates][google.cloud.security.privateca.v1.Certificate], in the
+    /// format `projects/*/locations/*/caPools/*`.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -1093,11 +1114,13 @@ public sealed partial class ListCertificatesRequest : pb::IMessage<ListCertifica
     private int pageSize_;
     /// <summary>
     /// Optional. Limit on the number of
-    /// [Certificates][google.cloud.security.privateca.v1.Certificate] to include in the
-    /// response. Further [Certificates][google.cloud.security.privateca.v1.Certificate] can subsequently be obtained
-    /// by including the
-    /// [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token] in a subsequent
-    /// request. If unspecified, the server will pick an appropriate default.
+    /// [Certificates][google.cloud.security.privateca.v1.Certificate] to include
+    /// in the response. Further
+    /// [Certificates][google.cloud.security.privateca.v1.Certificate] can
+    /// subsequently be obtained by including the
+    /// [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token]
+    /// in a subsequent request. If unspecified, the server will pick an
+    /// appropriate default.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -1128,8 +1151,8 @@ public sealed partial class ListCertificatesRequest : pb::IMessage<ListCertifica
     public const int FilterFieldNumber = 4;
     private string filter_ = "";
     /// <summary>
-    /// Optional. Only include resources that match the filter in the response. For details
-    /// on supported filters and syntax, see [Certificates Filtering
+    /// Optional. Only include resources that match the filter in the response. For
+    /// details on supported filters and syntax, see [Certificates Filtering
     /// documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#filtering_support).
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
@@ -1145,8 +1168,8 @@ public sealed partial class ListCertificatesRequest : pb::IMessage<ListCertifica
     public const int OrderByFieldNumber = 5;
     private string orderBy_ = "";
     /// <summary>
-    /// Optional. Specify how the results should be sorted. For details on supported fields
-    /// and syntax, see [Certificates Sorting
+    /// Optional. Specify how the results should be sorted. For details on
+    /// supported fields and syntax, see [Certificates Sorting
     /// documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#sorting_support).
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
@@ -1388,7 +1411,8 @@ public sealed partial class ListCertificatesRequest : pb::IMessage<ListCertifica
   }
 
   /// <summary>
-  /// Response message for [CertificateAuthorityService.ListCertificates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificates].
+  /// Response message for
+  /// [CertificateAuthorityService.ListCertificates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificates].
   /// </summary>
   public sealed partial class ListCertificatesResponse : pb::IMessage<ListCertificatesResponse>
   #if !GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE
@@ -1696,8 +1720,8 @@ public sealed partial class RevokeCertificateRequest : pb::IMessage<RevokeCertif
     public const int NameFieldNumber = 1;
     private string name_ = "";
     /// <summary>
-    /// Required. The resource name for this [Certificate][google.cloud.security.privateca.v1.Certificate] in the
-    /// format
+    /// Required. The resource name for this
+    /// [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
     /// `projects/*/locations/*/caPools/*/certificates/*`.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
@@ -1713,7 +1737,9 @@ public sealed partial class RevokeCertificateRequest : pb::IMessage<RevokeCertif
     public const int ReasonFieldNumber = 2;
     private global::Google.Cloud.Security.PrivateCA.V1.RevocationReason reason_ = global::Google.Cloud.Security.PrivateCA.V1.RevocationReason.Unspecified;
     /// <summary>
-    /// Required. The [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for revoking this certificate.
+    /// Required. The
+    /// [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for
+    /// revoking this certificate.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -1728,13 +1754,13 @@ public sealed partial class RevokeCertificateRequest : pb::IMessage<RevokeCertif
     public const int RequestIdFieldNumber = 3;
     private string requestId_ = "";
     /// <summary>
-    /// Optional. An ID to identify requests. Specify a unique request ID so that if you must
-    /// retry your request, the server will know to ignore the request if it has
-    /// already been completed. The server will guarantee that for at least 60
-    /// minutes since the first request.
+    /// Optional. An ID to identify requests. Specify a unique request ID so that
+    /// if you must retry your request, the server will know to ignore the request
+    /// if it has already been completed. The server will guarantee that for at
+    /// least 60 minutes since the first request.
     ///
-    /// For example, consider a situation where you make an initial request and t
-    /// he request times out. If you make the request again with the same request
+    /// For example, consider a situation where you make an initial request and
+    /// the request times out. If you make the request again with the same request
     /// ID, the server can check if original operation with the same request ID
     /// was received, and if so, will ignore the second request. This prevents
     /// clients from accidentally creating duplicate commitments.
@@ -1933,7 +1959,8 @@ public sealed partial class RevokeCertificateRequest : pb::IMessage<RevokeCertif
   }
 
   /// <summary>
-  /// Request message for [CertificateAuthorityService.UpdateCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificate].
+  /// Request message for
+  /// [CertificateAuthorityService.UpdateCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificate].
   /// </summary>
   public sealed partial class UpdateCertificateRequest : pb::IMessage<UpdateCertificateRequest>
   #if !GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE
@@ -1985,7 +2012,8 @@ public sealed partial class UpdateCertificateRequest : pb::IMessage<UpdateCertif
     public const int CertificateFieldNumber = 1;
     private global::Google.Cloud.Security.PrivateCA.V1.Certificate certificate_;
     /// <summary>
-    /// Required. [Certificate][google.cloud.security.privateca.v1.Certificate] with updated values.
+    /// Required. [Certificate][google.cloud.security.privateca.v1.Certificate]
+    /// with updated values.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -2015,13 +2043,13 @@ public sealed partial class UpdateCertificateRequest : pb::IMessage<UpdateCertif
     public const int RequestIdFieldNumber = 3;
     private string requestId_ = "";
     /// <summary>
-    /// Optional. An ID to identify requests. Specify a unique request ID so that if you must
-    /// retry your request, the server will know to ignore the request if it has
-    /// already been completed. The server will guarantee that for at least 60
-    /// minutes since the first request.
+    /// Optional. An ID to identify requests. Specify a unique request ID so that
+    /// if you must retry your request, the server will know to ignore the request
+    /// if it has already been completed. The server will guarantee that for at
+    /// least 60 minutes since the first request.
     ///
-    /// For example, consider a situation where you make an initial request and t
-    /// he request times out. If you make the request again with the same request
+    /// For example, consider a situation where you make an initial request and
+    /// the request times out. If you make the request again with the same request
     /// ID, the server can check if original operation with the same request ID
     /// was received, and if so, will ignore the second request. This prevents
     /// clients from accidentally creating duplicate commitments.
@@ -2292,8 +2320,9 @@ public sealed partial class ActivateCertificateAuthorityRequest : pb::IMessage<A
     public const int NameFieldNumber = 1;
     private string name_ = "";
     /// <summary>
-    /// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-    /// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+    /// Required. The resource name for this
+    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+    /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -2324,8 +2353,8 @@ public sealed partial class ActivateCertificateAuthorityRequest : pb::IMessage<A
     public const int SubordinateConfigFieldNumber = 3;
     private global::Google.Cloud.Security.PrivateCA.V1.SubordinateConfig subordinateConfig_;
     /// <summary>
-    /// Required. Must include information about the issuer of 'pem_ca_certificate', and any
-    /// further issuers until the self-signed CA.
+    /// Required. Must include information about the issuer of
+    /// 'pem_ca_certificate', and any further issuers until the self-signed CA.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -2340,13 +2369,13 @@ public sealed partial class ActivateCertificateAuthorityRequest : pb::IMessage<A
     public const int RequestIdFieldNumber = 4;
     private string requestId_ = "";
     /// <summary>
-    /// Optional. An ID to identify requests. Specify a unique request ID so that if you must
-    /// retry your request, the server will know to ignore the request if it has
-    /// already been completed. The server will guarantee that for at least 60
-    /// minutes since the first request.
+    /// Optional. An ID to identify requests. Specify a unique request ID so that
+    /// if you must retry your request, the server will know to ignore the request
+    /// if it has already been completed. The server will guarantee that for at
+    /// least 60 minutes since the first request.
     ///
-    /// For example, consider a situation where you make an initial request and t
-    /// he request times out. If you make the request again with the same request
+    /// For example, consider a situation where you make an initial request and
+    /// the request times out. If you make the request again with the same request
     /// ID, the server can check if original operation with the same request ID
     /// was received, and if so, will ignore the second request. This prevents
     /// clients from accidentally creating duplicate commitments.
@@ -2632,9 +2661,10 @@ public sealed partial class CreateCertificateAuthorityRequest : pb::IMessage<Cre
     public const int ParentFieldNumber = 1;
     private string parent_ = "";
     /// <summary>
-    /// Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-    /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
-    /// `projects/*/locations/*/caPools/*`.
+    /// Required. The resource name of the
+    /// [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+    /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+    /// in the format `projects/*/locations/*/caPools/*`.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -2665,7 +2695,9 @@ public sealed partial class CreateCertificateAuthorityRequest : pb::IMessage<Cre
     public const int CertificateAuthorityFieldNumber = 3;
     private global::Google.Cloud.Security.PrivateCA.V1.CertificateAuthority certificateAuthority_;
     /// <summary>
-    /// Required. A [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with initial field values.
+    /// Required. A
+    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+    /// with initial field values.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -2680,13 +2712,13 @@ public sealed partial class CreateCertificateAuthorityRequest : pb::IMessage<Cre
     public const int RequestIdFieldNumber = 4;
     private string requestId_ = "";
     /// <summary>
-    /// Optional. An ID to identify requests. Specify a unique request ID so that if you must
-    /// retry your request, the server will know to ignore the request if it has
-    /// already been completed. The server will guarantee that for at least 60
-    /// minutes since the first request.
+    /// Optional. An ID to identify requests. Specify a unique request ID so that
+    /// if you must retry your request, the server will know to ignore the request
+    /// if it has already been completed. The server will guarantee that for at
+    /// least 60 minutes since the first request.
     ///
-    /// For example, consider a situation where you make an initial request and t
-    /// he request times out. If you make the request again with the same request
+    /// For example, consider a situation where you make an initial request and
+    /// the request times out. If you make the request again with the same request
     /// ID, the server can check if original operation with the same request ID
     /// was received, and if so, will ignore the second request. This prevents
     /// clients from accidentally creating duplicate commitments.
@@ -2970,8 +3002,9 @@ public sealed partial class DisableCertificateAuthorityRequest : pb::IMessage<Di
     public const int NameFieldNumber = 1;
     private string name_ = "";
     /// <summary>
-    /// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-    /// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+    /// Required. The resource name for this
+    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+    /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -2986,13 +3019,13 @@ public sealed partial class DisableCertificateAuthorityRequest : pb::IMessage<Di
     public const int RequestIdFieldNumber = 2;
     private string requestId_ = "";
     /// <summary>
-    /// Optional. An ID to identify requests. Specify a unique request ID so that if you must
-    /// retry your request, the server will know to ignore the request if it has
-    /// already been completed. The server will guarantee that for at least 60
-    /// minutes since the first request.
+    /// Optional. An ID to identify requests. Specify a unique request ID so that
+    /// if you must retry your request, the server will know to ignore the request
+    /// if it has already been completed. The server will guarantee that for at
+    /// least 60 minutes since the first request.
     ///
-    /// For example, consider a situation where you make an initial request and t
-    /// he request times out. If you make the request again with the same request
+    /// For example, consider a situation where you make an initial request and
+    /// the request times out. If you make the request again with the same request
     /// ID, the server can check if original operation with the same request ID
     /// was received, and if so, will ignore the second request. This prevents
     /// clients from accidentally creating duplicate commitments.
@@ -3219,8 +3252,9 @@ public sealed partial class EnableCertificateAuthorityRequest : pb::IMessage<Ena
     public const int NameFieldNumber = 1;
     private string name_ = "";
     /// <summary>
-    /// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-    /// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+    /// Required. The resource name for this
+    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+    /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -3235,13 +3269,13 @@ public sealed partial class EnableCertificateAuthorityRequest : pb::IMessage<Ena
     public const int RequestIdFieldNumber = 2;
     private string requestId_ = "";
     /// <summary>
-    /// Optional. An ID to identify requests. Specify a unique request ID so that if you must
-    /// retry your request, the server will know to ignore the request if it has
-    /// already been completed. The server will guarantee that for at least 60
-    /// minutes since the first request.
+    /// Optional. An ID to identify requests. Specify a unique request ID so that
+    /// if you must retry your request, the server will know to ignore the request
+    /// if it has already been completed. The server will guarantee that for at
+    /// least 60 minutes since the first request.
     ///
-    /// For example, consider a situation where you make an initial request and t
-    /// he request times out. If you make the request again with the same request
+    /// For example, consider a situation where you make an initial request and
+    /// the request times out. If you make the request again with the same request
     /// ID, the server can check if original operation with the same request ID
     /// was received, and if so, will ignore the second request. This prevents
     /// clients from accidentally creating duplicate commitments.
@@ -3467,8 +3501,9 @@ public sealed partial class FetchCertificateAuthorityCsrRequest : pb::IMessage<F
     public const int NameFieldNumber = 1;
     private string name_ = "";
     /// <summary>
-    /// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-    /// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+    /// Required. The resource name for this
+    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+    /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -3809,7 +3844,8 @@ public sealed partial class FetchCertificateAuthorityCsrResponse : pb::IMessage<
   }
 
   /// <summary>
-  /// Request message for [CertificateAuthorityService.GetCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificateAuthority].
+  /// Request message for
+  /// [CertificateAuthorityService.GetCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificateAuthority].
   /// </summary>
   public sealed partial class GetCertificateAuthorityRequest : pb::IMessage<GetCertificateAuthorityRequest>
   #if !GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE
@@ -3859,8 +3895,10 @@ public sealed partial class GetCertificateAuthorityRequest : pb::IMessage<GetCer
     public const int NameFieldNumber = 1;
     private string name_ = "";
     /// <summary>
-    /// Required. The [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] to
-    /// get.
+    /// Required. The
+    /// [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the
+    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+    /// to get.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -4060,9 +4098,10 @@ public sealed partial class ListCertificateAuthoritiesRequest : pb::IMessage<Lis
     public const int ParentFieldNumber = 1;
     private string parent_ = "";
     /// <summary>
-    /// Required. The resource name of the [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
-    /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the format
-    /// `projects/*/locations/*/caPools/*`.
+    /// Required. The resource name of the
+    /// [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+    /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+    /// in the format `projects/*/locations/*/caPools/*`.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -4077,12 +4116,14 @@ public sealed partial class ListCertificateAuthoritiesRequest : pb::IMessage<Lis
     public const int PageSizeFieldNumber = 2;
     private int pageSize_;
     /// <summary>
-    /// Optional. Limit on the number of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority] to
-    /// include in the response.
-    /// Further [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority] can subsequently be
-    /// obtained by including the
-    /// [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token] in a subsequent
-    /// request. If unspecified, the server will pick an appropriate default.
+    /// Optional. Limit on the number of
+    /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority]
+    /// to include in the response. Further
+    /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority]
+    /// can subsequently be obtained by including the
+    /// [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token]
+    /// in a subsequent request. If unspecified, the server will pick an
+    /// appropriate default.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -4424,7 +4465,8 @@ public sealed partial class ListCertificateAuthoritiesResponse : pb::IMessage<Li
         = pb::FieldCodec.ForMessage(10, global::Google.Cloud.Security.PrivateCA.V1.CertificateAuthority.Parser);
     private readonly pbc::RepeatedField<global::Google.Cloud.Security.PrivateCA.V1.CertificateAuthority> certificateAuthorities_ = new pbc::RepeatedField<global::Google.Cloud.Security.PrivateCA.V1.CertificateAuthority>();
     /// <summary>
-    /// The list of [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+    /// The list of
+    /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -4677,8 +4719,9 @@ public sealed partial class UndeleteCertificateAuthorityRequest : pb::IMessage<U
     public const int NameFieldNumber = 1;
     private string name_ = "";
     /// <summary>
-    /// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-    /// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+    /// Required. The resource name for this
+    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+    /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -4693,13 +4736,13 @@ public sealed partial class UndeleteCertificateAuthorityRequest : pb::IMessage<U
     public const int RequestIdFieldNumber = 2;
     private string requestId_ = "";
     /// <summary>
-    /// Optional. An ID to identify requests. Specify a unique request ID so that if you must
-    /// retry your request, the server will know to ignore the request if it has
-    /// already been completed. The server will guarantee that for at least 60
-    /// minutes since the first request.
+    /// Optional. An ID to identify requests. Specify a unique request ID so that
+    /// if you must retry your request, the server will know to ignore the request
+    /// if it has already been completed. The server will guarantee that for at
+    /// least 60 minutes since the first request.
     ///
-    /// For example, consider a situation where you make an initial request and t
-    /// he request times out. If you make the request again with the same request
+    /// For example, consider a situation where you make an initial request and
+    /// the request times out. If you make the request again with the same request
     /// ID, the server can check if original operation with the same request ID
     /// was received, and if so, will ignore the second request. This prevents
     /// clients from accidentally creating duplicate commitments.
@@ -4928,8 +4971,9 @@ public sealed partial class DeleteCertificateAuthorityRequest : pb::IMessage<Del
     public const int NameFieldNumber = 1;
     private string name_ = "";
     /// <summary>
-    /// Required. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
-    /// format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+    /// Required. The resource name for this
+    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+    /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -4944,13 +4988,13 @@ public sealed partial class DeleteCertificateAuthorityRequest : pb::IMessage<Del
     public const int RequestIdFieldNumber = 2;
     private string requestId_ = "";
     /// <summary>
-    /// Optional. An ID to identify requests. Specify a unique request ID so that if you must
-    /// retry your request, the server will know to ignore the request if it has
-    /// already been completed. The server will guarantee that for at least 60
-    /// minutes since the first request.
+    /// Optional. An ID to identify requests. Specify a unique request ID so that
+    /// if you must retry your request, the server will know to ignore the request
+    /// if it has already been completed. The server will guarantee that for at
+    /// least 60 minutes since the first request.
     ///
-    /// For example, consider a situation where you make an initial request and t
-    /// he request times out. If you make the request again with the same request
+    /// For example, consider a situation where you make an initial request and
+    /// the request times out. If you make the request again with the same request
     /// ID, the server can check if original operation with the same request ID
     /// was received, and if so, will ignore the second request. This prevents
     /// clients from accidentally creating duplicate commitments.
@@ -4987,9 +5031,9 @@ public sealed partial class DeleteCertificateAuthorityRequest : pb::IMessage<Del
     public const int SkipGracePeriodFieldNumber = 5;
     private bool skipGracePeriod_;
     /// <summary>
-    /// Optional. If this flag is set, the Certificate Authority will be deleted as soon as
-    /// possible without a 30-day grace period where undeletion would have been
-    /// allowed. If you proceed, there will be no way to recover this CA.
+    /// Optional. If this flag is set, the Certificate Authority will be deleted as
+    /// soon as possible without a 30-day grace period where undeletion would have
+    /// been allowed. If you proceed, there will be no way to recover this CA.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -5259,7 +5303,9 @@ public sealed partial class UpdateCertificateAuthorityRequest : pb::IMessage<Upd
     public const int CertificateAuthorityFieldNumber = 1;
     private global::Google.Cloud.Security.PrivateCA.V1.CertificateAuthority certificateAuthority_;
     /// <summary>
-    /// Required. [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with updated values.
+    /// Required.
+    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+    /// with updated values.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -5289,13 +5335,13 @@ public sealed partial class UpdateCertificateAuthorityRequest : pb::IMessage<Upd
     public const int RequestIdFieldNumber = 3;
     private string requestId_ = "";
     /// <summary>
-    /// Optional. An ID to identify requests. Specify a unique request ID so that if you must
-    /// retry your request, the server will know to ignore the request if it has
-    /// already been completed. The server will guarantee that for at least 60
-    /// minutes since the first request.
+    /// Optional. An ID to identify requests. Specify a unique request ID so that
+    /// if you must retry your request, the server will know to ignore the request
+    /// if it has already been completed. The server will guarantee that for at
+    /// least 60 minutes since the first request.
     ///
-    /// For example, consider a situation where you make an initial request and t
-    /// he request times out. If you make the request again with the same request
+    /// For example, consider a situation where you make an initial request and
+    /// the request times out. If you make the request again with the same request
     /// ID, the server can check if original operation with the same request ID
     /// was received, and if so, will ignore the second request. This prevents
     /// clients from accidentally creating duplicate commitments.
@@ -5567,7 +5613,8 @@ public sealed partial class CreateCaPoolRequest : pb::IMessage<CreateCaPoolReque
     private string parent_ = "";
     /// <summary>
     /// Required. The resource name of the location associated with the
-    /// [CaPool][google.cloud.security.privateca.v1.CaPool], in the format `projects/*/locations/*`.
+    /// [CaPool][google.cloud.security.privateca.v1.CaPool], in the format
+    /// `projects/*/locations/*`.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -5598,7 +5645,8 @@ public sealed partial class CreateCaPoolRequest : pb::IMessage<CreateCaPoolReque
     public const int CaPoolFieldNumber = 3;
     private global::Google.Cloud.Security.PrivateCA.V1.CaPool caPool_;
     /// <summary>
-    /// Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with initial field values.
+    /// Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
+    /// initial field values.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -5613,13 +5661,13 @@ public sealed partial class CreateCaPoolRequest : pb::IMessage<CreateCaPoolReque
     public const int RequestIdFieldNumber = 4;
     private string requestId_ = "";
     /// <summary>
-    /// Optional. An ID to identify requests. Specify a unique request ID so that if you must
-    /// retry your request, the server will know to ignore the request if it has
-    /// already been completed. The server will guarantee that for at least 60
-    /// minutes since the first request.
+    /// Optional. An ID to identify requests. Specify a unique request ID so that
+    /// if you must retry your request, the server will know to ignore the request
+    /// if it has already been completed. The server will guarantee that for at
+    /// least 60 minutes since the first request.
     ///
-    /// For example, consider a situation where you make an initial request and t
-    /// he request times out. If you make the request again with the same request
+    /// For example, consider a situation where you make an initial request and
+    /// the request times out. If you make the request again with the same request
     /// ID, the server can check if original operation with the same request ID
     /// was received, and if so, will ignore the second request. This prevents
     /// clients from accidentally creating duplicate commitments.
@@ -5904,7 +5952,8 @@ public sealed partial class UpdateCaPoolRequest : pb::IMessage<UpdateCaPoolReque
     public const int CaPoolFieldNumber = 1;
     private global::Google.Cloud.Security.PrivateCA.V1.CaPool caPool_;
     /// <summary>
-    /// Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated values.
+    /// Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated
+    /// values.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -5934,13 +5983,13 @@ public sealed partial class UpdateCaPoolRequest : pb::IMessage<UpdateCaPoolReque
     public const int RequestIdFieldNumber = 3;
     private string requestId_ = "";
     /// <summary>
-    /// Optional. An ID to identify requests. Specify a unique request ID so that if you must
-    /// retry your request, the server will know to ignore the request if it has
-    /// already been completed. The server will guarantee that for at least 60
-    /// minutes since the first request.
+    /// Optional. An ID to identify requests. Specify a unique request ID so that
+    /// if you must retry your request, the server will know to ignore the request
+    /// if it has already been completed. The server will guarantee that for at
+    /// least 60 minutes since the first request.
     ///
-    /// For example, consider a situation where you make an initial request and t
-    /// he request times out. If you make the request again with the same request
+    /// For example, consider a situation where you make an initial request and
+    /// the request times out. If you make the request again with the same request
     /// ID, the server can check if original operation with the same request ID
     /// was received, and if so, will ignore the second request. This prevents
     /// clients from accidentally creating duplicate commitments.
@@ -6209,8 +6258,9 @@ public sealed partial class DeleteCaPoolRequest : pb::IMessage<DeleteCaPoolReque
     public const int NameFieldNumber = 1;
     private string name_ = "";
     /// <summary>
-    /// Required. The resource name for this [CaPool][google.cloud.security.privateca.v1.CaPool] in the
-    /// format `projects/*/locations/*/caPools/*`.
+    /// Required. The resource name for this
+    /// [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+    /// `projects/*/locations/*/caPools/*`.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -6225,13 +6275,13 @@ public sealed partial class DeleteCaPoolRequest : pb::IMessage<DeleteCaPoolReque
     public const int RequestIdFieldNumber = 2;
     private string requestId_ = "";
     /// <summary>
-    /// Optional. An ID to identify requests. Specify a unique request ID so that if you must
-    /// retry your request, the server will know to ignore the request if it has
-    /// already been completed. The server will guarantee that for at least 60
-    /// minutes since the first request.
+    /// Optional. An ID to identify requests. Specify a unique request ID so that
+    /// if you must retry your request, the server will know to ignore the request
+    /// if it has already been completed. The server will guarantee that for at
+    /// least 60 minutes since the first request.
     ///
-    /// For example, consider a situation where you make an initial request and t
-    /// he request times out. If you make the request again with the same request
+    /// For example, consider a situation where you make an initial request and
+    /// the request times out. If you make the request again with the same request
     /// ID, the server can check if original operation with the same request ID
     /// was received, and if so, will ignore the second request. This prevents
     /// clients from accidentally creating duplicate commitments.
@@ -6458,8 +6508,9 @@ public sealed partial class FetchCaCertsRequest : pb::IMessage<FetchCaCertsReque
     public const int CaPoolFieldNumber = 1;
     private string caPool_ = "";
     /// <summary>
-    /// Required. The resource name for the [CaPool][google.cloud.security.privateca.v1.CaPool] in the
-    /// format `projects/*/locations/*/caPools/*`.
+    /// Required. The resource name for the
+    /// [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+    /// `projects/*/locations/*/caPools/*`.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -6474,13 +6525,13 @@ public sealed partial class FetchCaCertsRequest : pb::IMessage<FetchCaCertsReque
     public const int RequestIdFieldNumber = 2;
     private string requestId_ = "";
     /// <summary>
-    /// Optional. An ID to identify requests. Specify a unique request ID so that if you must
-    /// retry your request, the server will know to ignore the request if it has
-    /// already been completed. The server will guarantee that for at least 60
-    /// minutes since the first request.
+    /// Optional. An ID to identify requests. Specify a unique request ID so that
+    /// if you must retry your request, the server will know to ignore the request
+    /// if it has already been completed. The server will guarantee that for at
+    /// least 60 minutes since the first request.
     ///
-    /// For example, consider a situation where you make an initial request and t
-    /// he request times out. If you make the request again with the same request
+    /// For example, consider a situation where you make an initial request and
+    /// the request times out. If you make the request again with the same request
     /// ID, the server can check if original operation with the same request ID
     /// was received, and if so, will ignore the second request. This prevents
     /// clients from accidentally creating duplicate commitments.
@@ -6709,7 +6760,8 @@ public sealed partial class FetchCaCertsResponse : pb::IMessage<FetchCaCertsResp
     private readonly pbc::RepeatedField<global::Google.Cloud.Security.PrivateCA.V1.FetchCaCertsResponse.Types.CertChain> caCerts_ = new pbc::RepeatedField<global::Google.Cloud.Security.PrivateCA.V1.FetchCaCertsResponse.Types.CertChain>();
     /// <summary>
     /// The PEM encoded CA certificate chains of all
-    /// [ACTIVE][CertificateAuthority.State.ACTIVE] [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+    /// [ACTIVE][CertificateAuthority.State.ACTIVE]
+    /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
     /// resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
@@ -7031,7 +7083,8 @@ public sealed partial class CertChain : pb::IMessage<CertChain>
   }
 
   /// <summary>
-  /// Request message for [CertificateAuthorityService.GetCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCaPool].
+  /// Request message for
+  /// [CertificateAuthorityService.GetCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCaPool].
   /// </summary>
   public sealed partial class GetCaPoolRequest : pb::IMessage<GetCaPoolRequest>
   #if !GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE
@@ -7081,7 +7134,8 @@ public sealed partial class GetCaPoolRequest : pb::IMessage<GetCaPoolRequest>
     public const int NameFieldNumber = 1;
     private string name_ = "";
     /// <summary>
-    /// Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
+    /// Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the
+    /// [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -7298,12 +7352,13 @@ public sealed partial class ListCaPoolsRequest : pb::IMessage<ListCaPoolsRequest
     public const int PageSizeFieldNumber = 2;
     private int pageSize_;
     /// <summary>
-    /// Optional. Limit on the number of [CaPools][google.cloud.security.privateca.v1.CaPool] to
-    /// include in the response.
-    /// Further [CaPools][google.cloud.security.privateca.v1.CaPool] can subsequently be
-    /// obtained by including the
-    /// [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token] in a subsequent
-    /// request. If unspecified, the server will pick an appropriate default.
+    /// Optional. Limit on the number of
+    /// [CaPools][google.cloud.security.privateca.v1.CaPool] to include in the
+    /// response. Further [CaPools][google.cloud.security.privateca.v1.CaPool] can
+    /// subsequently be obtained by including the
+    /// [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token]
+    /// in a subsequent request. If unspecified, the server will pick an
+    /// appropriate default.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -7897,8 +7952,11 @@ public sealed partial class GetCertificateRevocationListRequest : pb::IMessage<G
     public const int NameFieldNumber = 1;
     private string name_ = "";
     /// <summary>
-    /// Required. The [name][google.cloud.security.privateca.v1.CertificateRevocationList.name] of the
-    /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] to get.
+    /// Required. The
+    /// [name][google.cloud.security.privateca.v1.CertificateRevocationList.name]
+    /// of the
+    /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+    /// to get.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -8099,8 +8157,8 @@ public sealed partial class ListCertificateRevocationListsRequest : pb::IMessage
     private string parent_ = "";
     /// <summary>
     /// Required. The resource name of the location associated with the
-    /// [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList], in the format
-    /// `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+    /// [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList],
+    /// in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -8116,11 +8174,13 @@ public sealed partial class ListCertificateRevocationListsRequest : pb::IMessage
     private int pageSize_;
     /// <summary>
     /// Optional. Limit on the number of
-    /// [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList] to include in the
-    /// response. Further [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
+    /// [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
+    /// to include in the response. Further
+    /// [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
     /// can subsequently be obtained by including the
-    /// [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token] in a subsequent
-    /// request. If unspecified, the server will pick an appropriate default.
+    /// [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token]
+    /// in a subsequent request. If unspecified, the server will pick an
+    /// appropriate default.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -8462,7 +8522,8 @@ public sealed partial class ListCertificateRevocationListsResponse : pb::IMessag
         = pb::FieldCodec.ForMessage(10, global::Google.Cloud.Security.PrivateCA.V1.CertificateRevocationList.Parser);
     private readonly pbc::RepeatedField<global::Google.Cloud.Security.PrivateCA.V1.CertificateRevocationList> certificateRevocationLists_ = new pbc::RepeatedField<global::Google.Cloud.Security.PrivateCA.V1.CertificateRevocationList>();
     /// <summary>
-    /// The list of [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+    /// The list of
+    /// [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -8716,7 +8777,9 @@ public sealed partial class UpdateCertificateRevocationListRequest : pb::IMessag
     public const int CertificateRevocationListFieldNumber = 1;
     private global::Google.Cloud.Security.PrivateCA.V1.CertificateRevocationList certificateRevocationList_;
     /// <summary>
-    /// Required. [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] with updated values.
+    /// Required.
+    /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+    /// with updated values.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -8746,13 +8809,13 @@ public sealed partial class UpdateCertificateRevocationListRequest : pb::IMessag
     public const int RequestIdFieldNumber = 3;
     private string requestId_ = "";
     /// <summary>
-    /// Optional. An ID to identify requests. Specify a unique request ID so that if you must
-    /// retry your request, the server will know to ignore the request if it has
-    /// already been completed. The server will guarantee that for at least 60
-    /// minutes since the first request.
+    /// Optional. An ID to identify requests. Specify a unique request ID so that
+    /// if you must retry your request, the server will know to ignore the request
+    /// if it has already been completed. The server will guarantee that for at
+    /// least 60 minutes since the first request.
     ///
-    /// For example, consider a situation where you make an initial request and t
-    /// he request times out. If you make the request again with the same request
+    /// For example, consider a situation where you make an initial request and
+    /// the request times out. If you make the request again with the same request
     /// ID, the server can check if original operation with the same request ID
     /// was received, and if so, will ignore the second request. This prevents
     /// clients from accidentally creating duplicate commitments.
@@ -9024,8 +9087,8 @@ public sealed partial class CreateCertificateTemplateRequest : pb::IMessage<Crea
     private string parent_ = "";
     /// <summary>
     /// Required. The resource name of the location associated with the
-    /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate], in the format
-    /// `projects/*/locations/*`.
+    /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate],
+    /// in the format `projects/*/locations/*`.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -9056,7 +9119,9 @@ public sealed partial class CreateCertificateTemplateRequest : pb::IMessage<Crea
     public const int CertificateTemplateFieldNumber = 3;
     private global::Google.Cloud.Security.PrivateCA.V1.CertificateTemplate certificateTemplate_;
     /// <summary>
-    /// Required. A [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with initial field values.
+    /// Required. A
+    /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+    /// with initial field values.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -9071,13 +9136,13 @@ public sealed partial class CreateCertificateTemplateRequest : pb::IMessage<Crea
     public const int RequestIdFieldNumber = 4;
     private string requestId_ = "";
     /// <summary>
-    /// Optional. An ID to identify requests. Specify a unique request ID so that if you must
-    /// retry your request, the server will know to ignore the request if it has
-    /// already been completed. The server will guarantee that for at least 60
-    /// minutes since the first request.
+    /// Optional. An ID to identify requests. Specify a unique request ID so that
+    /// if you must retry your request, the server will know to ignore the request
+    /// if it has already been completed. The server will guarantee that for at
+    /// least 60 minutes since the first request.
     ///
-    /// For example, consider a situation where you make an initial request and t
-    /// he request times out. If you make the request again with the same request
+    /// For example, consider a situation where you make an initial request and
+    /// the request times out. If you make the request again with the same request
     /// ID, the server can check if original operation with the same request ID
     /// was received, and if so, will ignore the second request. This prevents
     /// clients from accidentally creating duplicate commitments.
@@ -9361,8 +9426,9 @@ public sealed partial class DeleteCertificateTemplateRequest : pb::IMessage<Dele
     public const int NameFieldNumber = 1;
     private string name_ = "";
     /// <summary>
-    /// Required. The resource name for this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in the format
-    /// `projects/*/locations/*/certificateTemplates/*`.
+    /// Required. The resource name for this
+    /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+    /// in the format `projects/*/locations/*/certificateTemplates/*`.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -9377,13 +9443,13 @@ public sealed partial class DeleteCertificateTemplateRequest : pb::IMessage<Dele
     public const int RequestIdFieldNumber = 2;
     private string requestId_ = "";
     /// <summary>
-    /// Optional. An ID to identify requests. Specify a unique request ID so that if you must
-    /// retry your request, the server will know to ignore the request if it has
-    /// already been completed. The server will guarantee that for at least 60
-    /// minutes since the first request.
+    /// Optional. An ID to identify requests. Specify a unique request ID so that
+    /// if you must retry your request, the server will know to ignore the request
+    /// if it has already been completed. The server will guarantee that for at
+    /// least 60 minutes since the first request.
     ///
-    /// For example, consider a situation where you make an initial request and t
-    /// he request times out. If you make the request again with the same request
+    /// For example, consider a situation where you make an initial request and
+    /// the request times out. If you make the request again with the same request
     /// ID, the server can check if original operation with the same request ID
     /// was received, and if so, will ignore the second request. This prevents
     /// clients from accidentally creating duplicate commitments.
@@ -9609,8 +9675,10 @@ public sealed partial class GetCertificateTemplateRequest : pb::IMessage<GetCert
     public const int NameFieldNumber = 1;
     private string name_ = "";
     /// <summary>
-    /// Required. The [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] to
-    /// get.
+    /// Required. The
+    /// [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the
+    /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+    /// to get.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -9811,8 +9879,8 @@ public sealed partial class ListCertificateTemplatesRequest : pb::IMessage<ListC
     private string parent_ = "";
     /// <summary>
     /// Required. The resource name of the location associated with the
-    /// [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate], in the format
-    /// `projects/*/locations/*`.
+    /// [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate],
+    /// in the format `projects/*/locations/*`.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -9828,11 +9896,13 @@ public sealed partial class ListCertificateTemplatesRequest : pb::IMessage<ListC
     private int pageSize_;
     /// <summary>
     /// Optional. Limit on the number of
-    /// [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate] to include in the response.
-    /// Further [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate] can subsequently be
-    /// obtained by including the
-    /// [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token] in a subsequent
-    /// request. If unspecified, the server will pick an appropriate default.
+    /// [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate]
+    /// to include in the response. Further
+    /// [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate]
+    /// can subsequently be obtained by including the
+    /// [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token]
+    /// in a subsequent request. If unspecified, the server will pick an
+    /// appropriate default.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -10174,7 +10244,8 @@ public sealed partial class ListCertificateTemplatesResponse : pb::IMessage<List
         = pb::FieldCodec.ForMessage(10, global::Google.Cloud.Security.PrivateCA.V1.CertificateTemplate.Parser);
     private readonly pbc::RepeatedField<global::Google.Cloud.Security.PrivateCA.V1.CertificateTemplate> certificateTemplates_ = new pbc::RepeatedField<global::Google.Cloud.Security.PrivateCA.V1.CertificateTemplate>();
     /// <summary>
-    /// The list of [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+    /// The list of
+    /// [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -10428,7 +10499,9 @@ public sealed partial class UpdateCertificateTemplateRequest : pb::IMessage<Upda
     public const int CertificateTemplateFieldNumber = 1;
     private global::Google.Cloud.Security.PrivateCA.V1.CertificateTemplate certificateTemplate_;
     /// <summary>
-    /// Required. [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with updated values.
+    /// Required.
+    /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+    /// with updated values.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
@@ -10458,13 +10531,13 @@ public sealed partial class UpdateCertificateTemplateRequest : pb::IMessage<Upda
     public const int RequestIdFieldNumber = 3;
     private string requestId_ = "";
     /// <summary>
-    /// Optional. An ID to identify requests. Specify a unique request ID so that if you must
-    /// retry your request, the server will know to ignore the request if it has
-    /// already been completed. The server will guarantee that for at least 60
-    /// minutes since the first request.
+    /// Optional. An ID to identify requests. Specify a unique request ID so that
+    /// if you must retry your request, the server will know to ignore the request
+    /// if it has already been completed. The server will guarantee that for at
+    /// least 60 minutes since the first request.
     ///
-    /// For example, consider a situation where you make an initial request and t
-    /// he request times out. If you make the request again with the same request
+    /// For example, consider a situation where you make an initial request and
+    /// the request times out. If you make the request again with the same request
     /// ID, the server can check if original operation with the same request ID
     /// was received, and if so, will ignore the second request. This prevents
     /// clients from accidentally creating duplicate commitments.
@@ -10814,8 +10887,9 @@ public sealed partial class OperationMetadata : pb::IMessage<OperationMetadata>
     /// <summary>
     /// Output only. Identifies whether the user has requested cancellation
     /// of the operation. Operations that have successfully been cancelled
-    /// have [Operation.error][] value with a [google.rpc.Status.code][google.rpc.Status.code] of 1,
-    /// corresponding to `Code.CANCELLED`.
+    /// have [Operation.error][] value with a
+    /// [google.rpc.Status.code][google.rpc.Status.code] of 1, corresponding to
+    /// `Code.CANCELLED`.
     /// </summary>
     [global::System.Diagnostics.DebuggerNonUserCodeAttribute]
     [global::System.CodeDom.Compiler.GeneratedCode("protoc", null)]
diff --git a/apis/Google.Cloud.Security.PrivateCA.V1/Google.Cloud.Security.PrivateCA.V1/ServiceGrpc.g.cs b/apis/Google.Cloud.Security.PrivateCA.V1/Google.Cloud.Security.PrivateCA.V1/ServiceGrpc.g.cs
index 9f3661e1dfd7..4e4cc0f81674 100644
--- a/apis/Google.Cloud.Security.PrivateCA.V1/Google.Cloud.Security.PrivateCA.V1/ServiceGrpc.g.cs
+++ b/apis/Google.Cloud.Security.PrivateCA.V1/Google.Cloud.Security.PrivateCA.V1/ServiceGrpc.g.cs
@@ -24,8 +24,9 @@
 
 namespace Google.Cloud.Security.PrivateCA.V1 {
   /// <summary>
-  /// [Certificate Authority Service][google.cloud.security.privateca.v1.CertificateAuthorityService] manages private
-  /// certificate authorities and issued certificates.
+  /// [Certificate Authority
+  /// Service][google.cloud.security.privateca.v1.CertificateAuthorityService]
+  /// manages private certificate authorities and issued certificates.
   /// </summary>
   public static partial class CertificateAuthorityService
   {
@@ -392,7 +393,8 @@ static class __Helper_MessageCache<T>
     public abstract partial class CertificateAuthorityServiceBase
     {
       /// <summary>
-      /// Create a new [Certificate][google.cloud.security.privateca.v1.Certificate] in a given Project, Location from a particular
+      /// Create a new [Certificate][google.cloud.security.privateca.v1.Certificate]
+      /// in a given Project, Location from a particular
       /// [CaPool][google.cloud.security.privateca.v1.CaPool].
       /// </summary>
       /// <param name="request">The request received from the client.</param>
@@ -441,7 +443,8 @@ public abstract partial class CertificateAuthorityServiceBase
       }
 
       /// <summary>
-      /// Update a [Certificate][google.cloud.security.privateca.v1.Certificate]. Currently, the only field you can update is the
+      /// Update a [Certificate][google.cloud.security.privateca.v1.Certificate].
+      /// Currently, the only field you can update is the
       /// [labels][google.cloud.security.privateca.v1.Certificate.labels] field.
       /// </summary>
       /// <param name="request">The request received from the client.</param>
@@ -454,12 +457,16 @@ public abstract partial class CertificateAuthorityServiceBase
       }
 
       /// <summary>
-      /// Activate a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that is in state
+      /// Activate a
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+      /// that is in state
       /// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
-      /// and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. After
-      /// the parent Certificate Authority signs a certificate signing request from
-      /// [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr], this method can complete the activation
-      /// process.
+      /// and is of type
+      /// [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+      /// After the parent Certificate Authority signs a certificate signing request
+      /// from
+      /// [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr],
+      /// this method can complete the activation process.
       /// </summary>
       /// <param name="request">The request received from the client.</param>
       /// <param name="context">The context of the server-side call handler being invoked.</param>
@@ -471,7 +478,9 @@ public abstract partial class CertificateAuthorityServiceBase
       }
 
       /// <summary>
-      /// Create a new [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in a given Project and Location.
+      /// Create a new
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+      /// in a given Project and Location.
       /// </summary>
       /// <param name="request">The request received from the client.</param>
       /// <param name="context">The context of the server-side call handler being invoked.</param>
@@ -483,7 +492,8 @@ public abstract partial class CertificateAuthorityServiceBase
       }
 
       /// <summary>
-      /// Disable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+      /// Disable a
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
       /// </summary>
       /// <param name="request">The request received from the client.</param>
       /// <param name="context">The context of the server-side call handler being invoked.</param>
@@ -495,7 +505,8 @@ public abstract partial class CertificateAuthorityServiceBase
       }
 
       /// <summary>
-      /// Enable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+      /// Enable a
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
       /// </summary>
       /// <param name="request">The request received from the client.</param>
       /// <param name="context">The context of the server-side call handler being invoked.</param>
@@ -507,13 +518,17 @@ public abstract partial class CertificateAuthorityServiceBase
       }
 
       /// <summary>
-      /// Fetch a certificate signing request (CSR) from a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+      /// Fetch a certificate signing request (CSR) from a
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
       /// that is in state
       /// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
-      /// and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. The
-      /// CSR must then be signed by the desired parent Certificate Authority, which
-      /// could be another [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] resource, or could be an on-prem
-      /// certificate authority. See also [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
+      /// and is of type
+      /// [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+      /// The CSR must then be signed by the desired parent Certificate Authority,
+      /// which could be another
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+      /// resource, or could be an on-prem certificate authority. See also
+      /// [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
       /// </summary>
       /// <param name="request">The request received from the client.</param>
       /// <param name="context">The context of the server-side call handler being invoked.</param>
@@ -525,7 +540,8 @@ public abstract partial class CertificateAuthorityServiceBase
       }
 
       /// <summary>
-      /// Returns a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+      /// Returns a
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
       /// </summary>
       /// <param name="request">The request received from the client.</param>
       /// <param name="context">The context of the server-side call handler being invoked.</param>
@@ -537,7 +553,8 @@ public abstract partial class CertificateAuthorityServiceBase
       }
 
       /// <summary>
-      /// Lists [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+      /// Lists
+      /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
       /// </summary>
       /// <param name="request">The request received from the client.</param>
       /// <param name="context">The context of the server-side call handler being invoked.</param>
@@ -549,7 +566,9 @@ public abstract partial class CertificateAuthorityServiceBase
       }
 
       /// <summary>
-      /// Undelete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that has been deleted.
+      /// Undelete a
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+      /// that has been deleted.
       /// </summary>
       /// <param name="request">The request received from the client.</param>
       /// <param name="context">The context of the server-side call handler being invoked.</param>
@@ -561,7 +580,8 @@ public abstract partial class CertificateAuthorityServiceBase
       }
 
       /// <summary>
-      /// Delete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+      /// Delete a
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
       /// </summary>
       /// <param name="request">The request received from the client.</param>
       /// <param name="context">The context of the server-side call handler being invoked.</param>
@@ -573,7 +593,8 @@ public abstract partial class CertificateAuthorityServiceBase
       }
 
       /// <summary>
-      /// Update a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+      /// Update a
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
       /// </summary>
       /// <param name="request">The request received from the client.</param>
       /// <param name="context">The context of the server-side call handler being invoked.</param>
@@ -645,8 +666,10 @@ public abstract partial class CertificateAuthorityServiceBase
       }
 
       /// <summary>
-      /// FetchCaCerts returns the current trust anchor for the [CaPool][google.cloud.security.privateca.v1.CaPool]. This will
-      /// include CA certificate chains for all ACTIVE [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+      /// FetchCaCerts returns the current trust anchor for the
+      /// [CaPool][google.cloud.security.privateca.v1.CaPool]. This will include CA
+      /// certificate chains for all ACTIVE
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
       /// resources in the [CaPool][google.cloud.security.privateca.v1.CaPool].
       /// </summary>
       /// <param name="request">The request received from the client.</param>
@@ -659,7 +682,8 @@ public abstract partial class CertificateAuthorityServiceBase
       }
 
       /// <summary>
-      /// Returns a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+      /// Returns a
+      /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
       /// </summary>
       /// <param name="request">The request received from the client.</param>
       /// <param name="context">The context of the server-side call handler being invoked.</param>
@@ -671,7 +695,8 @@ public abstract partial class CertificateAuthorityServiceBase
       }
 
       /// <summary>
-      /// Lists [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+      /// Lists
+      /// [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
       /// </summary>
       /// <param name="request">The request received from the client.</param>
       /// <param name="context">The context of the server-side call handler being invoked.</param>
@@ -683,7 +708,8 @@ public abstract partial class CertificateAuthorityServiceBase
       }
 
       /// <summary>
-      /// Update a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+      /// Update a
+      /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
       /// </summary>
       /// <param name="request">The request received from the client.</param>
       /// <param name="context">The context of the server-side call handler being invoked.</param>
@@ -695,7 +721,9 @@ public abstract partial class CertificateAuthorityServiceBase
       }
 
       /// <summary>
-      /// Create a new [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in a given Project and Location.
+      /// Create a new
+      /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+      /// in a given Project and Location.
       /// </summary>
       /// <param name="request">The request received from the client.</param>
       /// <param name="context">The context of the server-side call handler being invoked.</param>
@@ -707,7 +735,8 @@ public abstract partial class CertificateAuthorityServiceBase
       }
 
       /// <summary>
-      /// DeleteCertificateTemplate deletes a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+      /// DeleteCertificateTemplate deletes a
+      /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
       /// </summary>
       /// <param name="request">The request received from the client.</param>
       /// <param name="context">The context of the server-side call handler being invoked.</param>
@@ -719,7 +748,8 @@ public abstract partial class CertificateAuthorityServiceBase
       }
 
       /// <summary>
-      /// Returns a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+      /// Returns a
+      /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
       /// </summary>
       /// <param name="request">The request received from the client.</param>
       /// <param name="context">The context of the server-side call handler being invoked.</param>
@@ -731,7 +761,8 @@ public abstract partial class CertificateAuthorityServiceBase
       }
 
       /// <summary>
-      /// Lists [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+      /// Lists
+      /// [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
       /// </summary>
       /// <param name="request">The request received from the client.</param>
       /// <param name="context">The context of the server-side call handler being invoked.</param>
@@ -743,7 +774,8 @@ public abstract partial class CertificateAuthorityServiceBase
       }
 
       /// <summary>
-      /// Update a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+      /// Update a
+      /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
       /// </summary>
       /// <param name="request">The request received from the client.</param>
       /// <param name="context">The context of the server-side call handler being invoked.</param>
@@ -784,7 +816,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
       }
 
       /// <summary>
-      /// Create a new [Certificate][google.cloud.security.privateca.v1.Certificate] in a given Project, Location from a particular
+      /// Create a new [Certificate][google.cloud.security.privateca.v1.Certificate]
+      /// in a given Project, Location from a particular
       /// [CaPool][google.cloud.security.privateca.v1.CaPool].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
@@ -798,7 +831,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CreateCertificate(request, new grpc::CallOptions(headers, deadline, cancellationToken));
       }
       /// <summary>
-      /// Create a new [Certificate][google.cloud.security.privateca.v1.Certificate] in a given Project, Location from a particular
+      /// Create a new [Certificate][google.cloud.security.privateca.v1.Certificate]
+      /// in a given Project, Location from a particular
       /// [CaPool][google.cloud.security.privateca.v1.CaPool].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
@@ -810,7 +844,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CallInvoker.BlockingUnaryCall(__Method_CreateCertificate, null, options, request);
       }
       /// <summary>
-      /// Create a new [Certificate][google.cloud.security.privateca.v1.Certificate] in a given Project, Location from a particular
+      /// Create a new [Certificate][google.cloud.security.privateca.v1.Certificate]
+      /// in a given Project, Location from a particular
       /// [CaPool][google.cloud.security.privateca.v1.CaPool].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
@@ -824,7 +859,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CreateCertificateAsync(request, new grpc::CallOptions(headers, deadline, cancellationToken));
       }
       /// <summary>
-      /// Create a new [Certificate][google.cloud.security.privateca.v1.Certificate] in a given Project, Location from a particular
+      /// Create a new [Certificate][google.cloud.security.privateca.v1.Certificate]
+      /// in a given Project, Location from a particular
       /// [CaPool][google.cloud.security.privateca.v1.CaPool].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
@@ -980,7 +1016,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CallInvoker.AsyncUnaryCall(__Method_RevokeCertificate, null, options, request);
       }
       /// <summary>
-      /// Update a [Certificate][google.cloud.security.privateca.v1.Certificate]. Currently, the only field you can update is the
+      /// Update a [Certificate][google.cloud.security.privateca.v1.Certificate].
+      /// Currently, the only field you can update is the
       /// [labels][google.cloud.security.privateca.v1.Certificate.labels] field.
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
@@ -994,7 +1031,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return UpdateCertificate(request, new grpc::CallOptions(headers, deadline, cancellationToken));
       }
       /// <summary>
-      /// Update a [Certificate][google.cloud.security.privateca.v1.Certificate]. Currently, the only field you can update is the
+      /// Update a [Certificate][google.cloud.security.privateca.v1.Certificate].
+      /// Currently, the only field you can update is the
       /// [labels][google.cloud.security.privateca.v1.Certificate.labels] field.
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
@@ -1006,7 +1044,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CallInvoker.BlockingUnaryCall(__Method_UpdateCertificate, null, options, request);
       }
       /// <summary>
-      /// Update a [Certificate][google.cloud.security.privateca.v1.Certificate]. Currently, the only field you can update is the
+      /// Update a [Certificate][google.cloud.security.privateca.v1.Certificate].
+      /// Currently, the only field you can update is the
       /// [labels][google.cloud.security.privateca.v1.Certificate.labels] field.
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
@@ -1020,7 +1059,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return UpdateCertificateAsync(request, new grpc::CallOptions(headers, deadline, cancellationToken));
       }
       /// <summary>
-      /// Update a [Certificate][google.cloud.security.privateca.v1.Certificate]. Currently, the only field you can update is the
+      /// Update a [Certificate][google.cloud.security.privateca.v1.Certificate].
+      /// Currently, the only field you can update is the
       /// [labels][google.cloud.security.privateca.v1.Certificate.labels] field.
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
@@ -1032,12 +1072,16 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CallInvoker.AsyncUnaryCall(__Method_UpdateCertificate, null, options, request);
       }
       /// <summary>
-      /// Activate a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that is in state
+      /// Activate a
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+      /// that is in state
       /// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
-      /// and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. After
-      /// the parent Certificate Authority signs a certificate signing request from
-      /// [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr], this method can complete the activation
-      /// process.
+      /// and is of type
+      /// [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+      /// After the parent Certificate Authority signs a certificate signing request
+      /// from
+      /// [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr],
+      /// this method can complete the activation process.
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="headers">The initial metadata to send with the call. This parameter is optional.</param>
@@ -1050,12 +1094,16 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return ActivateCertificateAuthority(request, new grpc::CallOptions(headers, deadline, cancellationToken));
       }
       /// <summary>
-      /// Activate a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that is in state
+      /// Activate a
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+      /// that is in state
       /// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
-      /// and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. After
-      /// the parent Certificate Authority signs a certificate signing request from
-      /// [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr], this method can complete the activation
-      /// process.
+      /// and is of type
+      /// [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+      /// After the parent Certificate Authority signs a certificate signing request
+      /// from
+      /// [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr],
+      /// this method can complete the activation process.
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="options">The options for the call.</param>
@@ -1066,12 +1114,16 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CallInvoker.BlockingUnaryCall(__Method_ActivateCertificateAuthority, null, options, request);
       }
       /// <summary>
-      /// Activate a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that is in state
+      /// Activate a
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+      /// that is in state
       /// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
-      /// and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. After
-      /// the parent Certificate Authority signs a certificate signing request from
-      /// [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr], this method can complete the activation
-      /// process.
+      /// and is of type
+      /// [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+      /// After the parent Certificate Authority signs a certificate signing request
+      /// from
+      /// [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr],
+      /// this method can complete the activation process.
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="headers">The initial metadata to send with the call. This parameter is optional.</param>
@@ -1084,12 +1136,16 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return ActivateCertificateAuthorityAsync(request, new grpc::CallOptions(headers, deadline, cancellationToken));
       }
       /// <summary>
-      /// Activate a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that is in state
+      /// Activate a
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+      /// that is in state
       /// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
-      /// and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. After
-      /// the parent Certificate Authority signs a certificate signing request from
-      /// [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr], this method can complete the activation
-      /// process.
+      /// and is of type
+      /// [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+      /// After the parent Certificate Authority signs a certificate signing request
+      /// from
+      /// [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr],
+      /// this method can complete the activation process.
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="options">The options for the call.</param>
@@ -1100,7 +1156,9 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CallInvoker.AsyncUnaryCall(__Method_ActivateCertificateAuthority, null, options, request);
       }
       /// <summary>
-      /// Create a new [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in a given Project and Location.
+      /// Create a new
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+      /// in a given Project and Location.
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="headers">The initial metadata to send with the call. This parameter is optional.</param>
@@ -1113,7 +1171,9 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CreateCertificateAuthority(request, new grpc::CallOptions(headers, deadline, cancellationToken));
       }
       /// <summary>
-      /// Create a new [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in a given Project and Location.
+      /// Create a new
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+      /// in a given Project and Location.
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="options">The options for the call.</param>
@@ -1124,7 +1184,9 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CallInvoker.BlockingUnaryCall(__Method_CreateCertificateAuthority, null, options, request);
       }
       /// <summary>
-      /// Create a new [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in a given Project and Location.
+      /// Create a new
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+      /// in a given Project and Location.
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="headers">The initial metadata to send with the call. This parameter is optional.</param>
@@ -1137,7 +1199,9 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CreateCertificateAuthorityAsync(request, new grpc::CallOptions(headers, deadline, cancellationToken));
       }
       /// <summary>
-      /// Create a new [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in a given Project and Location.
+      /// Create a new
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+      /// in a given Project and Location.
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="options">The options for the call.</param>
@@ -1148,7 +1212,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CallInvoker.AsyncUnaryCall(__Method_CreateCertificateAuthority, null, options, request);
       }
       /// <summary>
-      /// Disable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+      /// Disable a
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="headers">The initial metadata to send with the call. This parameter is optional.</param>
@@ -1161,7 +1226,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return DisableCertificateAuthority(request, new grpc::CallOptions(headers, deadline, cancellationToken));
       }
       /// <summary>
-      /// Disable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+      /// Disable a
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="options">The options for the call.</param>
@@ -1172,7 +1238,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CallInvoker.BlockingUnaryCall(__Method_DisableCertificateAuthority, null, options, request);
       }
       /// <summary>
-      /// Disable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+      /// Disable a
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="headers">The initial metadata to send with the call. This parameter is optional.</param>
@@ -1185,7 +1252,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return DisableCertificateAuthorityAsync(request, new grpc::CallOptions(headers, deadline, cancellationToken));
       }
       /// <summary>
-      /// Disable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+      /// Disable a
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="options">The options for the call.</param>
@@ -1196,7 +1264,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CallInvoker.AsyncUnaryCall(__Method_DisableCertificateAuthority, null, options, request);
       }
       /// <summary>
-      /// Enable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+      /// Enable a
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="headers">The initial metadata to send with the call. This parameter is optional.</param>
@@ -1209,7 +1278,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return EnableCertificateAuthority(request, new grpc::CallOptions(headers, deadline, cancellationToken));
       }
       /// <summary>
-      /// Enable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+      /// Enable a
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="options">The options for the call.</param>
@@ -1220,7 +1290,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CallInvoker.BlockingUnaryCall(__Method_EnableCertificateAuthority, null, options, request);
       }
       /// <summary>
-      /// Enable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+      /// Enable a
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="headers">The initial metadata to send with the call. This parameter is optional.</param>
@@ -1233,7 +1304,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return EnableCertificateAuthorityAsync(request, new grpc::CallOptions(headers, deadline, cancellationToken));
       }
       /// <summary>
-      /// Enable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+      /// Enable a
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="options">The options for the call.</param>
@@ -1244,13 +1316,17 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CallInvoker.AsyncUnaryCall(__Method_EnableCertificateAuthority, null, options, request);
       }
       /// <summary>
-      /// Fetch a certificate signing request (CSR) from a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+      /// Fetch a certificate signing request (CSR) from a
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
       /// that is in state
       /// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
-      /// and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. The
-      /// CSR must then be signed by the desired parent Certificate Authority, which
-      /// could be another [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] resource, or could be an on-prem
-      /// certificate authority. See also [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
+      /// and is of type
+      /// [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+      /// The CSR must then be signed by the desired parent Certificate Authority,
+      /// which could be another
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+      /// resource, or could be an on-prem certificate authority. See also
+      /// [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="headers">The initial metadata to send with the call. This parameter is optional.</param>
@@ -1263,13 +1339,17 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return FetchCertificateAuthorityCsr(request, new grpc::CallOptions(headers, deadline, cancellationToken));
       }
       /// <summary>
-      /// Fetch a certificate signing request (CSR) from a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+      /// Fetch a certificate signing request (CSR) from a
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
       /// that is in state
       /// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
-      /// and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. The
-      /// CSR must then be signed by the desired parent Certificate Authority, which
-      /// could be another [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] resource, or could be an on-prem
-      /// certificate authority. See also [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
+      /// and is of type
+      /// [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+      /// The CSR must then be signed by the desired parent Certificate Authority,
+      /// which could be another
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+      /// resource, or could be an on-prem certificate authority. See also
+      /// [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="options">The options for the call.</param>
@@ -1280,13 +1360,17 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CallInvoker.BlockingUnaryCall(__Method_FetchCertificateAuthorityCsr, null, options, request);
       }
       /// <summary>
-      /// Fetch a certificate signing request (CSR) from a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+      /// Fetch a certificate signing request (CSR) from a
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
       /// that is in state
       /// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
-      /// and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. The
-      /// CSR must then be signed by the desired parent Certificate Authority, which
-      /// could be another [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] resource, or could be an on-prem
-      /// certificate authority. See also [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
+      /// and is of type
+      /// [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+      /// The CSR must then be signed by the desired parent Certificate Authority,
+      /// which could be another
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+      /// resource, or could be an on-prem certificate authority. See also
+      /// [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="headers">The initial metadata to send with the call. This parameter is optional.</param>
@@ -1299,13 +1383,17 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return FetchCertificateAuthorityCsrAsync(request, new grpc::CallOptions(headers, deadline, cancellationToken));
       }
       /// <summary>
-      /// Fetch a certificate signing request (CSR) from a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+      /// Fetch a certificate signing request (CSR) from a
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
       /// that is in state
       /// [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
-      /// and is of type [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. The
-      /// CSR must then be signed by the desired parent Certificate Authority, which
-      /// could be another [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] resource, or could be an on-prem
-      /// certificate authority. See also [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
+      /// and is of type
+      /// [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+      /// The CSR must then be signed by the desired parent Certificate Authority,
+      /// which could be another
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+      /// resource, or could be an on-prem certificate authority. See also
+      /// [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="options">The options for the call.</param>
@@ -1316,7 +1404,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CallInvoker.AsyncUnaryCall(__Method_FetchCertificateAuthorityCsr, null, options, request);
       }
       /// <summary>
-      /// Returns a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+      /// Returns a
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="headers">The initial metadata to send with the call. This parameter is optional.</param>
@@ -1329,7 +1418,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return GetCertificateAuthority(request, new grpc::CallOptions(headers, deadline, cancellationToken));
       }
       /// <summary>
-      /// Returns a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+      /// Returns a
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="options">The options for the call.</param>
@@ -1340,7 +1430,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CallInvoker.BlockingUnaryCall(__Method_GetCertificateAuthority, null, options, request);
       }
       /// <summary>
-      /// Returns a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+      /// Returns a
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="headers">The initial metadata to send with the call. This parameter is optional.</param>
@@ -1353,7 +1444,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return GetCertificateAuthorityAsync(request, new grpc::CallOptions(headers, deadline, cancellationToken));
       }
       /// <summary>
-      /// Returns a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+      /// Returns a
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="options">The options for the call.</param>
@@ -1364,7 +1456,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CallInvoker.AsyncUnaryCall(__Method_GetCertificateAuthority, null, options, request);
       }
       /// <summary>
-      /// Lists [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+      /// Lists
+      /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="headers">The initial metadata to send with the call. This parameter is optional.</param>
@@ -1377,7 +1470,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return ListCertificateAuthorities(request, new grpc::CallOptions(headers, deadline, cancellationToken));
       }
       /// <summary>
-      /// Lists [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+      /// Lists
+      /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="options">The options for the call.</param>
@@ -1388,7 +1482,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CallInvoker.BlockingUnaryCall(__Method_ListCertificateAuthorities, null, options, request);
       }
       /// <summary>
-      /// Lists [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+      /// Lists
+      /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="headers">The initial metadata to send with the call. This parameter is optional.</param>
@@ -1401,7 +1496,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return ListCertificateAuthoritiesAsync(request, new grpc::CallOptions(headers, deadline, cancellationToken));
       }
       /// <summary>
-      /// Lists [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+      /// Lists
+      /// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="options">The options for the call.</param>
@@ -1412,7 +1508,9 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CallInvoker.AsyncUnaryCall(__Method_ListCertificateAuthorities, null, options, request);
       }
       /// <summary>
-      /// Undelete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that has been deleted.
+      /// Undelete a
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+      /// that has been deleted.
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="headers">The initial metadata to send with the call. This parameter is optional.</param>
@@ -1425,7 +1523,9 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return UndeleteCertificateAuthority(request, new grpc::CallOptions(headers, deadline, cancellationToken));
       }
       /// <summary>
-      /// Undelete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that has been deleted.
+      /// Undelete a
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+      /// that has been deleted.
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="options">The options for the call.</param>
@@ -1436,7 +1536,9 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CallInvoker.BlockingUnaryCall(__Method_UndeleteCertificateAuthority, null, options, request);
       }
       /// <summary>
-      /// Undelete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that has been deleted.
+      /// Undelete a
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+      /// that has been deleted.
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="headers">The initial metadata to send with the call. This parameter is optional.</param>
@@ -1449,7 +1551,9 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return UndeleteCertificateAuthorityAsync(request, new grpc::CallOptions(headers, deadline, cancellationToken));
       }
       /// <summary>
-      /// Undelete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that has been deleted.
+      /// Undelete a
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+      /// that has been deleted.
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="options">The options for the call.</param>
@@ -1460,7 +1564,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CallInvoker.AsyncUnaryCall(__Method_UndeleteCertificateAuthority, null, options, request);
       }
       /// <summary>
-      /// Delete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+      /// Delete a
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="headers">The initial metadata to send with the call. This parameter is optional.</param>
@@ -1473,7 +1578,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return DeleteCertificateAuthority(request, new grpc::CallOptions(headers, deadline, cancellationToken));
       }
       /// <summary>
-      /// Delete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+      /// Delete a
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="options">The options for the call.</param>
@@ -1484,7 +1590,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CallInvoker.BlockingUnaryCall(__Method_DeleteCertificateAuthority, null, options, request);
       }
       /// <summary>
-      /// Delete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+      /// Delete a
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="headers">The initial metadata to send with the call. This parameter is optional.</param>
@@ -1497,7 +1604,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return DeleteCertificateAuthorityAsync(request, new grpc::CallOptions(headers, deadline, cancellationToken));
       }
       /// <summary>
-      /// Delete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+      /// Delete a
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="options">The options for the call.</param>
@@ -1508,7 +1616,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CallInvoker.AsyncUnaryCall(__Method_DeleteCertificateAuthority, null, options, request);
       }
       /// <summary>
-      /// Update a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+      /// Update a
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="headers">The initial metadata to send with the call. This parameter is optional.</param>
@@ -1521,7 +1630,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return UpdateCertificateAuthority(request, new grpc::CallOptions(headers, deadline, cancellationToken));
       }
       /// <summary>
-      /// Update a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+      /// Update a
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="options">The options for the call.</param>
@@ -1532,7 +1642,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CallInvoker.BlockingUnaryCall(__Method_UpdateCertificateAuthority, null, options, request);
       }
       /// <summary>
-      /// Update a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+      /// Update a
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="headers">The initial metadata to send with the call. This parameter is optional.</param>
@@ -1545,7 +1656,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return UpdateCertificateAuthorityAsync(request, new grpc::CallOptions(headers, deadline, cancellationToken));
       }
       /// <summary>
-      /// Update a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+      /// Update a
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="options">The options for the call.</param>
@@ -1796,8 +1908,10 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CallInvoker.AsyncUnaryCall(__Method_DeleteCaPool, null, options, request);
       }
       /// <summary>
-      /// FetchCaCerts returns the current trust anchor for the [CaPool][google.cloud.security.privateca.v1.CaPool]. This will
-      /// include CA certificate chains for all ACTIVE [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+      /// FetchCaCerts returns the current trust anchor for the
+      /// [CaPool][google.cloud.security.privateca.v1.CaPool]. This will include CA
+      /// certificate chains for all ACTIVE
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
       /// resources in the [CaPool][google.cloud.security.privateca.v1.CaPool].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
@@ -1811,8 +1925,10 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return FetchCaCerts(request, new grpc::CallOptions(headers, deadline, cancellationToken));
       }
       /// <summary>
-      /// FetchCaCerts returns the current trust anchor for the [CaPool][google.cloud.security.privateca.v1.CaPool]. This will
-      /// include CA certificate chains for all ACTIVE [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+      /// FetchCaCerts returns the current trust anchor for the
+      /// [CaPool][google.cloud.security.privateca.v1.CaPool]. This will include CA
+      /// certificate chains for all ACTIVE
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
       /// resources in the [CaPool][google.cloud.security.privateca.v1.CaPool].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
@@ -1824,8 +1940,10 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CallInvoker.BlockingUnaryCall(__Method_FetchCaCerts, null, options, request);
       }
       /// <summary>
-      /// FetchCaCerts returns the current trust anchor for the [CaPool][google.cloud.security.privateca.v1.CaPool]. This will
-      /// include CA certificate chains for all ACTIVE [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+      /// FetchCaCerts returns the current trust anchor for the
+      /// [CaPool][google.cloud.security.privateca.v1.CaPool]. This will include CA
+      /// certificate chains for all ACTIVE
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
       /// resources in the [CaPool][google.cloud.security.privateca.v1.CaPool].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
@@ -1839,8 +1957,10 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return FetchCaCertsAsync(request, new grpc::CallOptions(headers, deadline, cancellationToken));
       }
       /// <summary>
-      /// FetchCaCerts returns the current trust anchor for the [CaPool][google.cloud.security.privateca.v1.CaPool]. This will
-      /// include CA certificate chains for all ACTIVE [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+      /// FetchCaCerts returns the current trust anchor for the
+      /// [CaPool][google.cloud.security.privateca.v1.CaPool]. This will include CA
+      /// certificate chains for all ACTIVE
+      /// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
       /// resources in the [CaPool][google.cloud.security.privateca.v1.CaPool].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
@@ -1852,7 +1972,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CallInvoker.AsyncUnaryCall(__Method_FetchCaCerts, null, options, request);
       }
       /// <summary>
-      /// Returns a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+      /// Returns a
+      /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="headers">The initial metadata to send with the call. This parameter is optional.</param>
@@ -1865,7 +1986,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return GetCertificateRevocationList(request, new grpc::CallOptions(headers, deadline, cancellationToken));
       }
       /// <summary>
-      /// Returns a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+      /// Returns a
+      /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="options">The options for the call.</param>
@@ -1876,7 +1998,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CallInvoker.BlockingUnaryCall(__Method_GetCertificateRevocationList, null, options, request);
       }
       /// <summary>
-      /// Returns a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+      /// Returns a
+      /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="headers">The initial metadata to send with the call. This parameter is optional.</param>
@@ -1889,7 +2012,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return GetCertificateRevocationListAsync(request, new grpc::CallOptions(headers, deadline, cancellationToken));
       }
       /// <summary>
-      /// Returns a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+      /// Returns a
+      /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="options">The options for the call.</param>
@@ -1900,7 +2024,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CallInvoker.AsyncUnaryCall(__Method_GetCertificateRevocationList, null, options, request);
       }
       /// <summary>
-      /// Lists [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+      /// Lists
+      /// [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="headers">The initial metadata to send with the call. This parameter is optional.</param>
@@ -1913,7 +2038,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return ListCertificateRevocationLists(request, new grpc::CallOptions(headers, deadline, cancellationToken));
       }
       /// <summary>
-      /// Lists [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+      /// Lists
+      /// [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="options">The options for the call.</param>
@@ -1924,7 +2050,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CallInvoker.BlockingUnaryCall(__Method_ListCertificateRevocationLists, null, options, request);
       }
       /// <summary>
-      /// Lists [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+      /// Lists
+      /// [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="headers">The initial metadata to send with the call. This parameter is optional.</param>
@@ -1937,7 +2064,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return ListCertificateRevocationListsAsync(request, new grpc::CallOptions(headers, deadline, cancellationToken));
       }
       /// <summary>
-      /// Lists [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+      /// Lists
+      /// [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="options">The options for the call.</param>
@@ -1948,7 +2076,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CallInvoker.AsyncUnaryCall(__Method_ListCertificateRevocationLists, null, options, request);
       }
       /// <summary>
-      /// Update a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+      /// Update a
+      /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="headers">The initial metadata to send with the call. This parameter is optional.</param>
@@ -1961,7 +2090,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return UpdateCertificateRevocationList(request, new grpc::CallOptions(headers, deadline, cancellationToken));
       }
       /// <summary>
-      /// Update a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+      /// Update a
+      /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="options">The options for the call.</param>
@@ -1972,7 +2102,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CallInvoker.BlockingUnaryCall(__Method_UpdateCertificateRevocationList, null, options, request);
       }
       /// <summary>
-      /// Update a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+      /// Update a
+      /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="headers">The initial metadata to send with the call. This parameter is optional.</param>
@@ -1985,7 +2116,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return UpdateCertificateRevocationListAsync(request, new grpc::CallOptions(headers, deadline, cancellationToken));
       }
       /// <summary>
-      /// Update a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+      /// Update a
+      /// [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="options">The options for the call.</param>
@@ -1996,7 +2128,9 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CallInvoker.AsyncUnaryCall(__Method_UpdateCertificateRevocationList, null, options, request);
       }
       /// <summary>
-      /// Create a new [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in a given Project and Location.
+      /// Create a new
+      /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+      /// in a given Project and Location.
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="headers">The initial metadata to send with the call. This parameter is optional.</param>
@@ -2009,7 +2143,9 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CreateCertificateTemplate(request, new grpc::CallOptions(headers, deadline, cancellationToken));
       }
       /// <summary>
-      /// Create a new [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in a given Project and Location.
+      /// Create a new
+      /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+      /// in a given Project and Location.
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="options">The options for the call.</param>
@@ -2020,7 +2156,9 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CallInvoker.BlockingUnaryCall(__Method_CreateCertificateTemplate, null, options, request);
       }
       /// <summary>
-      /// Create a new [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in a given Project and Location.
+      /// Create a new
+      /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+      /// in a given Project and Location.
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="headers">The initial metadata to send with the call. This parameter is optional.</param>
@@ -2033,7 +2171,9 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CreateCertificateTemplateAsync(request, new grpc::CallOptions(headers, deadline, cancellationToken));
       }
       /// <summary>
-      /// Create a new [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in a given Project and Location.
+      /// Create a new
+      /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+      /// in a given Project and Location.
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="options">The options for the call.</param>
@@ -2044,7 +2184,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CallInvoker.AsyncUnaryCall(__Method_CreateCertificateTemplate, null, options, request);
       }
       /// <summary>
-      /// DeleteCertificateTemplate deletes a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+      /// DeleteCertificateTemplate deletes a
+      /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="headers">The initial metadata to send with the call. This parameter is optional.</param>
@@ -2057,7 +2198,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return DeleteCertificateTemplate(request, new grpc::CallOptions(headers, deadline, cancellationToken));
       }
       /// <summary>
-      /// DeleteCertificateTemplate deletes a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+      /// DeleteCertificateTemplate deletes a
+      /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="options">The options for the call.</param>
@@ -2068,7 +2210,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CallInvoker.BlockingUnaryCall(__Method_DeleteCertificateTemplate, null, options, request);
       }
       /// <summary>
-      /// DeleteCertificateTemplate deletes a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+      /// DeleteCertificateTemplate deletes a
+      /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="headers">The initial metadata to send with the call. This parameter is optional.</param>
@@ -2081,7 +2224,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return DeleteCertificateTemplateAsync(request, new grpc::CallOptions(headers, deadline, cancellationToken));
       }
       /// <summary>
-      /// DeleteCertificateTemplate deletes a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+      /// DeleteCertificateTemplate deletes a
+      /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="options">The options for the call.</param>
@@ -2092,7 +2236,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CallInvoker.AsyncUnaryCall(__Method_DeleteCertificateTemplate, null, options, request);
       }
       /// <summary>
-      /// Returns a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+      /// Returns a
+      /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="headers">The initial metadata to send with the call. This parameter is optional.</param>
@@ -2105,7 +2250,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return GetCertificateTemplate(request, new grpc::CallOptions(headers, deadline, cancellationToken));
       }
       /// <summary>
-      /// Returns a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+      /// Returns a
+      /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="options">The options for the call.</param>
@@ -2116,7 +2262,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CallInvoker.BlockingUnaryCall(__Method_GetCertificateTemplate, null, options, request);
       }
       /// <summary>
-      /// Returns a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+      /// Returns a
+      /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="headers">The initial metadata to send with the call. This parameter is optional.</param>
@@ -2129,7 +2276,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return GetCertificateTemplateAsync(request, new grpc::CallOptions(headers, deadline, cancellationToken));
       }
       /// <summary>
-      /// Returns a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+      /// Returns a
+      /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="options">The options for the call.</param>
@@ -2140,7 +2288,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CallInvoker.AsyncUnaryCall(__Method_GetCertificateTemplate, null, options, request);
       }
       /// <summary>
-      /// Lists [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+      /// Lists
+      /// [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="headers">The initial metadata to send with the call. This parameter is optional.</param>
@@ -2153,7 +2302,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return ListCertificateTemplates(request, new grpc::CallOptions(headers, deadline, cancellationToken));
       }
       /// <summary>
-      /// Lists [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+      /// Lists
+      /// [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="options">The options for the call.</param>
@@ -2164,7 +2314,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CallInvoker.BlockingUnaryCall(__Method_ListCertificateTemplates, null, options, request);
       }
       /// <summary>
-      /// Lists [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+      /// Lists
+      /// [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="headers">The initial metadata to send with the call. This parameter is optional.</param>
@@ -2177,7 +2328,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return ListCertificateTemplatesAsync(request, new grpc::CallOptions(headers, deadline, cancellationToken));
       }
       /// <summary>
-      /// Lists [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+      /// Lists
+      /// [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="options">The options for the call.</param>
@@ -2188,7 +2340,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CallInvoker.AsyncUnaryCall(__Method_ListCertificateTemplates, null, options, request);
       }
       /// <summary>
-      /// Update a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+      /// Update a
+      /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="headers">The initial metadata to send with the call. This parameter is optional.</param>
@@ -2201,7 +2354,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return UpdateCertificateTemplate(request, new grpc::CallOptions(headers, deadline, cancellationToken));
       }
       /// <summary>
-      /// Update a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+      /// Update a
+      /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="options">The options for the call.</param>
@@ -2212,7 +2366,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return CallInvoker.BlockingUnaryCall(__Method_UpdateCertificateTemplate, null, options, request);
       }
       /// <summary>
-      /// Update a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+      /// Update a
+      /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="headers">The initial metadata to send with the call. This parameter is optional.</param>
@@ -2225,7 +2380,8 @@ protected CertificateAuthorityServiceClient(ClientBaseConfiguration configuratio
         return UpdateCertificateTemplateAsync(request, new grpc::CallOptions(headers, deadline, cancellationToken));
       }
       /// <summary>
-      /// Update a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+      /// Update a
+      /// [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
       /// </summary>
       /// <param name="request">The request to send to the server.</param>
       /// <param name="options">The options for the call.</param>