diff --git a/README.md b/README.md
index 9d45b6ba..32ca69f6 100644
--- a/README.md
+++ b/README.md
@@ -22,20 +22,20 @@ If you are using Maven, add this to your pom.xml file:
 <dependency>
   <groupId>com.google.cloud</groupId>
   <artifactId>google-cloud-binary-authorization</artifactId>
-  <version>0.3.1</version>
+  <version>0.3.3</version>
 </dependency>
 ```
 
 If you are using Gradle without BOM, add this to your dependencies
 
 ```Groovy
-implementation 'com.google.cloud:google-cloud-binary-authorization:0.3.1'
+implementation 'com.google.cloud:google-cloud-binary-authorization:0.3.3'
 ```
 
 If you are using SBT, add this to your dependencies
 
 ```Scala
-libraryDependencies += "com.google.cloud" % "google-cloud-binary-authorization" % "0.3.1"
+libraryDependencies += "com.google.cloud" % "google-cloud-binary-authorization" % "0.3.3"
 ```
 
 ## Authentication
diff --git a/google-cloud-binary-authorization-bom/pom.xml b/google-cloud-binary-authorization-bom/pom.xml
index 279399fd..b196ce0e 100644
--- a/google-cloud-binary-authorization-bom/pom.xml
+++ b/google-cloud-binary-authorization-bom/pom.xml
@@ -63,11 +63,21 @@
         <artifactId>grpc-google-cloud-binary-authorization-v1beta1</artifactId>
         <version>0.3.4-SNAPSHOT</version><!-- {x-version-update:grpc-google-cloud-binary-authorization-v1beta1:current} -->
       </dependency>
+      <dependency>
+        <groupId>com.google.api.grpc</groupId>
+        <artifactId>grpc-google-cloud-binary-authorization-v1</artifactId>
+        <version>0.3.4-SNAPSHOT</version><!-- {x-version-update:grpc-google-cloud-binary-authorization-v1:current} -->
+      </dependency>
       <dependency>
         <groupId>com.google.api.grpc</groupId>
         <artifactId>proto-google-cloud-binary-authorization-v1beta1</artifactId>
         <version>0.3.4-SNAPSHOT</version><!-- {x-version-update:proto-google-cloud-binary-authorization-v1beta1:current} -->
       </dependency>
+      <dependency>
+        <groupId>com.google.api.grpc</groupId>
+        <artifactId>proto-google-cloud-binary-authorization-v1</artifactId>
+        <version>0.3.4-SNAPSHOT</version><!-- {x-version-update:proto-google-cloud-binary-authorization-v1:current} -->
+      </dependency>
     </dependencies>
   </dependencyManagement>
 
diff --git a/google-cloud-binary-authorization/pom.xml b/google-cloud-binary-authorization/pom.xml
index 06fa9486..215f8e97 100644
--- a/google-cloud-binary-authorization/pom.xml
+++ b/google-cloud-binary-authorization/pom.xml
@@ -42,6 +42,10 @@
       <artifactId>proto-google-common-protos</artifactId>
     </dependency>
 
+    <dependency>
+      <groupId>com.google.api.grpc</groupId>
+      <artifactId>proto-google-cloud-binary-authorization-v1</artifactId>
+    </dependency>
     <dependency>
       <groupId>com.google.api.grpc</groupId>
       <artifactId>proto-google-cloud-binary-authorization-v1beta1</artifactId>
@@ -63,6 +67,11 @@
       <artifactId>threetenbp</artifactId>
     </dependency>
 
+    <dependency>
+      <groupId>io.grafeas</groupId>
+      <artifactId>grafeas</artifactId>
+    </dependency>
+
     <!-- Test dependencies -->
     <dependency>
       <groupId>junit</groupId>
@@ -76,6 +85,11 @@
       <artifactId>grpc-google-cloud-binary-authorization-v1beta1</artifactId>
       <scope>test</scope>
     </dependency>
+    <dependency>
+      <groupId>com.google.api.grpc</groupId>
+      <artifactId>grpc-google-cloud-binary-authorization-v1</artifactId>
+      <scope>test</scope>
+    </dependency>
     <!-- Need testing utility classes for generated gRPC clients tests -->
     <dependency>
       <groupId>com.google.api</groupId>
diff --git a/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/BinauthzManagementServiceV1Client.java b/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/BinauthzManagementServiceV1Client.java
new file mode 100644
index 00000000..bbd24b07
--- /dev/null
+++ b/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/BinauthzManagementServiceV1Client.java
@@ -0,0 +1,1062 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.protos.google.cloud.binaryauthorization.v1;
+
+import com.google.api.core.ApiFuture;
+import com.google.api.core.ApiFutures;
+import com.google.api.core.BetaApi;
+import com.google.api.gax.core.BackgroundResource;
+import com.google.api.gax.paging.AbstractFixedSizeCollection;
+import com.google.api.gax.paging.AbstractPage;
+import com.google.api.gax.paging.AbstractPagedListResponse;
+import com.google.api.gax.rpc.PageContext;
+import com.google.api.gax.rpc.UnaryCallable;
+import com.google.common.util.concurrent.MoreExecutors;
+import com.google.protobuf.Empty;
+import com.google.protos.google.cloud.binaryauthorization.v1.stub.BinauthzManagementServiceV1Stub;
+import com.google.protos.google.cloud.binaryauthorization.v1.stub.BinauthzManagementServiceV1StubSettings;
+import java.io.IOException;
+import java.util.List;
+import java.util.concurrent.TimeUnit;
+import javax.annotation.Generated;
+
+// AUTO-GENERATED DOCUMENTATION AND CLASS.
+/**
+ * Service Description: Google Cloud Management Service for Binary Authorization admission policies
+ * and attestation authorities.
+ *
+ * <p>This API implements a REST model with the following objects:
+ *
+ * <ul>
+ *   <li>[Policy][google.cloud.binaryauthorization.v1.Policy]
+ *   <li>[Attestor][google.cloud.binaryauthorization.v1.Attestor]
+ * </ul>
+ *
+ * <p>This class provides the ability to make remote calls to the backing service through method
+ * calls that map to API methods. Sample code to get started:
+ *
+ * <pre>{@code
+ * try (BinauthzManagementServiceV1Client binauthzManagementServiceV1Client =
+ *     BinauthzManagementServiceV1Client.create()) {
+ *   PolicyName name = PolicyName.ofProjectName("[PROJECT]");
+ *   Resources.Policy response = binauthzManagementServiceV1Client.getPolicy(name);
+ * }
+ * }</pre>
+ *
+ * <p>Note: close() needs to be called on the BinauthzManagementServiceV1Client object to clean up
+ * resources such as threads. In the example above, try-with-resources is used, which automatically
+ * calls close().
+ *
+ * <p>The surface of this class includes several types of Java methods for each of the API's
+ * methods:
+ *
+ * <ol>
+ *   <li>A "flattened" method. With this type of method, the fields of the request type have been
+ *       converted into function parameters. It may be the case that not all fields are available as
+ *       parameters, and not every API method will have a flattened method entry point.
+ *   <li>A "request object" method. This type of method only takes one parameter, a request object,
+ *       which must be constructed before the call. Not every API method will have a request object
+ *       method.
+ *   <li>A "callable" method. This type of method takes no parameters and returns an immutable API
+ *       callable object, which can be used to initiate calls to the service.
+ * </ol>
+ *
+ * <p>See the individual methods for example code.
+ *
+ * <p>Many parameters require resource names to be formatted in a particular way. To assist with
+ * these names, this class includes a format method for each type of name, and additionally a parse
+ * method to extract the individual identifiers contained within names that are returned.
+ *
+ * <p>This class can be customized by passing in a custom instance of
+ * BinauthzManagementServiceV1Settings to create(). For example:
+ *
+ * <p>To customize credentials:
+ *
+ * <pre>{@code
+ * BinauthzManagementServiceV1Settings binauthzManagementServiceV1Settings =
+ *     BinauthzManagementServiceV1Settings.newBuilder()
+ *         .setCredentialsProvider(FixedCredentialsProvider.create(myCredentials))
+ *         .build();
+ * BinauthzManagementServiceV1Client binauthzManagementServiceV1Client =
+ *     BinauthzManagementServiceV1Client.create(binauthzManagementServiceV1Settings);
+ * }</pre>
+ *
+ * <p>To customize the endpoint:
+ *
+ * <pre>{@code
+ * BinauthzManagementServiceV1Settings binauthzManagementServiceV1Settings =
+ *     BinauthzManagementServiceV1Settings.newBuilder().setEndpoint(myEndpoint).build();
+ * BinauthzManagementServiceV1Client binauthzManagementServiceV1Client =
+ *     BinauthzManagementServiceV1Client.create(binauthzManagementServiceV1Settings);
+ * }</pre>
+ *
+ * <p>Please refer to the GitHub repository's samples for more quickstart code snippets.
+ */
+@Generated("by gapic-generator-java")
+public class BinauthzManagementServiceV1Client implements BackgroundResource {
+  private final BinauthzManagementServiceV1Settings settings;
+  private final BinauthzManagementServiceV1Stub stub;
+
+  /** Constructs an instance of BinauthzManagementServiceV1Client with default settings. */
+  public static final BinauthzManagementServiceV1Client create() throws IOException {
+    return create(BinauthzManagementServiceV1Settings.newBuilder().build());
+  }
+
+  /**
+   * Constructs an instance of BinauthzManagementServiceV1Client, using the given settings. The
+   * channels are created based on the settings passed in, or defaults for any settings that are not
+   * set.
+   */
+  public static final BinauthzManagementServiceV1Client create(
+      BinauthzManagementServiceV1Settings settings) throws IOException {
+    return new BinauthzManagementServiceV1Client(settings);
+  }
+
+  /**
+   * Constructs an instance of BinauthzManagementServiceV1Client, using the given stub for making
+   * calls. This is for advanced usage - prefer using create(BinauthzManagementServiceV1Settings).
+   */
+  @BetaApi("A restructuring of stub classes is planned, so this may break in the future")
+  public static final BinauthzManagementServiceV1Client create(
+      BinauthzManagementServiceV1Stub stub) {
+    return new BinauthzManagementServiceV1Client(stub);
+  }
+
+  /**
+   * Constructs an instance of BinauthzManagementServiceV1Client, using the given settings. This is
+   * protected so that it is easy to make a subclass, but otherwise, the static factory methods
+   * should be preferred.
+   */
+  protected BinauthzManagementServiceV1Client(BinauthzManagementServiceV1Settings settings)
+      throws IOException {
+    this.settings = settings;
+    this.stub = ((BinauthzManagementServiceV1StubSettings) settings.getStubSettings()).createStub();
+  }
+
+  @BetaApi("A restructuring of stub classes is planned, so this may break in the future")
+  protected BinauthzManagementServiceV1Client(BinauthzManagementServiceV1Stub stub) {
+    this.settings = null;
+    this.stub = stub;
+  }
+
+  public final BinauthzManagementServiceV1Settings getSettings() {
+    return settings;
+  }
+
+  @BetaApi("A restructuring of stub classes is planned, so this may break in the future")
+  public BinauthzManagementServiceV1Stub getStub() {
+    return stub;
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * A [policy][google.cloud.binaryauthorization.v1.Policy] specifies the
+   * [attestors][google.cloud.binaryauthorization.v1.Attestor] that must attest to a container
+   * image, before the project is allowed to deploy that image. There is at most one policy per
+   * project. All image admission requests are permitted if a project has no policy.
+   *
+   * <p>Gets the [policy][google.cloud.binaryauthorization.v1.Policy] for this project. Returns a
+   * default [policy][google.cloud.binaryauthorization.v1.Policy] if the project does not have one.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (BinauthzManagementServiceV1Client binauthzManagementServiceV1Client =
+   *     BinauthzManagementServiceV1Client.create()) {
+   *   PolicyName name = PolicyName.ofProjectName("[PROJECT]");
+   *   Resources.Policy response = binauthzManagementServiceV1Client.getPolicy(name);
+   * }
+   * }</pre>
+   *
+   * @param name Required. The resource name of the
+   *     [policy][google.cloud.binaryauthorization.v1.Policy] to retrieve, in the format
+   *     `projects/&#42;/policy`.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final Resources.Policy getPolicy(PolicyName name) {
+    Service.GetPolicyRequest request =
+        Service.GetPolicyRequest.newBuilder()
+            .setName(name == null ? null : name.toString())
+            .build();
+    return getPolicy(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * A [policy][google.cloud.binaryauthorization.v1.Policy] specifies the
+   * [attestors][google.cloud.binaryauthorization.v1.Attestor] that must attest to a container
+   * image, before the project is allowed to deploy that image. There is at most one policy per
+   * project. All image admission requests are permitted if a project has no policy.
+   *
+   * <p>Gets the [policy][google.cloud.binaryauthorization.v1.Policy] for this project. Returns a
+   * default [policy][google.cloud.binaryauthorization.v1.Policy] if the project does not have one.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (BinauthzManagementServiceV1Client binauthzManagementServiceV1Client =
+   *     BinauthzManagementServiceV1Client.create()) {
+   *   String name = PolicyName.ofProjectName("[PROJECT]").toString();
+   *   Resources.Policy response = binauthzManagementServiceV1Client.getPolicy(name);
+   * }
+   * }</pre>
+   *
+   * @param name Required. The resource name of the
+   *     [policy][google.cloud.binaryauthorization.v1.Policy] to retrieve, in the format
+   *     `projects/&#42;/policy`.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final Resources.Policy getPolicy(String name) {
+    Service.GetPolicyRequest request = Service.GetPolicyRequest.newBuilder().setName(name).build();
+    return getPolicy(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * A [policy][google.cloud.binaryauthorization.v1.Policy] specifies the
+   * [attestors][google.cloud.binaryauthorization.v1.Attestor] that must attest to a container
+   * image, before the project is allowed to deploy that image. There is at most one policy per
+   * project. All image admission requests are permitted if a project has no policy.
+   *
+   * <p>Gets the [policy][google.cloud.binaryauthorization.v1.Policy] for this project. Returns a
+   * default [policy][google.cloud.binaryauthorization.v1.Policy] if the project does not have one.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (BinauthzManagementServiceV1Client binauthzManagementServiceV1Client =
+   *     BinauthzManagementServiceV1Client.create()) {
+   *   Service.GetPolicyRequest request =
+   *       Service.GetPolicyRequest.newBuilder()
+   *           .setName(PolicyName.ofProjectName("[PROJECT]").toString())
+   *           .build();
+   *   Resources.Policy response = binauthzManagementServiceV1Client.getPolicy(request);
+   * }
+   * }</pre>
+   *
+   * @param request The request object containing all of the parameters for the API call.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final Resources.Policy getPolicy(Service.GetPolicyRequest request) {
+    return getPolicyCallable().call(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * A [policy][google.cloud.binaryauthorization.v1.Policy] specifies the
+   * [attestors][google.cloud.binaryauthorization.v1.Attestor] that must attest to a container
+   * image, before the project is allowed to deploy that image. There is at most one policy per
+   * project. All image admission requests are permitted if a project has no policy.
+   *
+   * <p>Gets the [policy][google.cloud.binaryauthorization.v1.Policy] for this project. Returns a
+   * default [policy][google.cloud.binaryauthorization.v1.Policy] if the project does not have one.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (BinauthzManagementServiceV1Client binauthzManagementServiceV1Client =
+   *     BinauthzManagementServiceV1Client.create()) {
+   *   Service.GetPolicyRequest request =
+   *       Service.GetPolicyRequest.newBuilder()
+   *           .setName(PolicyName.ofProjectName("[PROJECT]").toString())
+   *           .build();
+   *   ApiFuture<Resources.Policy> future =
+   *       binauthzManagementServiceV1Client.getPolicyCallable().futureCall(request);
+   *   // Do something.
+   *   Resources.Policy response = future.get();
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<Service.GetPolicyRequest, Resources.Policy> getPolicyCallable() {
+    return stub.getPolicyCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Creates or updates a project's [policy][google.cloud.binaryauthorization.v1.Policy], and
+   * returns a copy of the new [policy][google.cloud.binaryauthorization.v1.Policy]. A policy is
+   * always updated as a whole, to avoid race conditions with concurrent policy enforcement (or
+   * management!) requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the
+   * request is malformed.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (BinauthzManagementServiceV1Client binauthzManagementServiceV1Client =
+   *     BinauthzManagementServiceV1Client.create()) {
+   *   Resources.Policy policy = Resources.Policy.newBuilder().build();
+   *   Resources.Policy response = binauthzManagementServiceV1Client.updatePolicy(policy);
+   * }
+   * }</pre>
+   *
+   * @param policy Required. A new or updated [policy][google.cloud.binaryauthorization.v1.Policy]
+   *     value. The service will overwrite the [policy
+   *     name][google.cloud.binaryauthorization.v1.Policy.name] field with the resource name in the
+   *     request URL, in the format `projects/&#42;/policy`.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final Resources.Policy updatePolicy(Resources.Policy policy) {
+    Service.UpdatePolicyRequest request =
+        Service.UpdatePolicyRequest.newBuilder().setPolicy(policy).build();
+    return updatePolicy(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Creates or updates a project's [policy][google.cloud.binaryauthorization.v1.Policy], and
+   * returns a copy of the new [policy][google.cloud.binaryauthorization.v1.Policy]. A policy is
+   * always updated as a whole, to avoid race conditions with concurrent policy enforcement (or
+   * management!) requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the
+   * request is malformed.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (BinauthzManagementServiceV1Client binauthzManagementServiceV1Client =
+   *     BinauthzManagementServiceV1Client.create()) {
+   *   Service.UpdatePolicyRequest request =
+   *       Service.UpdatePolicyRequest.newBuilder()
+   *           .setPolicy(Resources.Policy.newBuilder().build())
+   *           .build();
+   *   Resources.Policy response = binauthzManagementServiceV1Client.updatePolicy(request);
+   * }
+   * }</pre>
+   *
+   * @param request The request object containing all of the parameters for the API call.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final Resources.Policy updatePolicy(Service.UpdatePolicyRequest request) {
+    return updatePolicyCallable().call(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Creates or updates a project's [policy][google.cloud.binaryauthorization.v1.Policy], and
+   * returns a copy of the new [policy][google.cloud.binaryauthorization.v1.Policy]. A policy is
+   * always updated as a whole, to avoid race conditions with concurrent policy enforcement (or
+   * management!) requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the
+   * request is malformed.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (BinauthzManagementServiceV1Client binauthzManagementServiceV1Client =
+   *     BinauthzManagementServiceV1Client.create()) {
+   *   Service.UpdatePolicyRequest request =
+   *       Service.UpdatePolicyRequest.newBuilder()
+   *           .setPolicy(Resources.Policy.newBuilder().build())
+   *           .build();
+   *   ApiFuture<Resources.Policy> future =
+   *       binauthzManagementServiceV1Client.updatePolicyCallable().futureCall(request);
+   *   // Do something.
+   *   Resources.Policy response = future.get();
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<Service.UpdatePolicyRequest, Resources.Policy> updatePolicyCallable() {
+    return stub.updatePolicyCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Creates an [attestor][google.cloud.binaryauthorization.v1.Attestor], and returns a copy of the
+   * new [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the project
+   * does not exist, INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the
+   * [attestor][google.cloud.binaryauthorization.v1.Attestor] already exists.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (BinauthzManagementServiceV1Client binauthzManagementServiceV1Client =
+   *     BinauthzManagementServiceV1Client.create()) {
+   *   ProjectName parent = ProjectName.of("[PROJECT]");
+   *   String attestorId = "attestorId2055733027";
+   *   Resources.Attestor attestor = Resources.Attestor.newBuilder().build();
+   *   Resources.Attestor response =
+   *       binauthzManagementServiceV1Client.createAttestor(parent, attestorId, attestor);
+   * }
+   * }</pre>
+   *
+   * @param parent Required. The parent of this
+   *     [attestor][google.cloud.binaryauthorization.v1.Attestor].
+   * @param attestorId Required. The [attestors][google.cloud.binaryauthorization.v1.Attestor] ID.
+   * @param attestor Required. The initial [attestor][google.cloud.binaryauthorization.v1.Attestor]
+   *     value. The service will overwrite the [attestor
+   *     name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name, in
+   *     the format `projects/&#42;/attestors/&#42;`.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final Resources.Attestor createAttestor(
+      ProjectName parent, String attestorId, Resources.Attestor attestor) {
+    Service.CreateAttestorRequest request =
+        Service.CreateAttestorRequest.newBuilder()
+            .setParent(parent == null ? null : parent.toString())
+            .setAttestorId(attestorId)
+            .setAttestor(attestor)
+            .build();
+    return createAttestor(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Creates an [attestor][google.cloud.binaryauthorization.v1.Attestor], and returns a copy of the
+   * new [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the project
+   * does not exist, INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the
+   * [attestor][google.cloud.binaryauthorization.v1.Attestor] already exists.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (BinauthzManagementServiceV1Client binauthzManagementServiceV1Client =
+   *     BinauthzManagementServiceV1Client.create()) {
+   *   String parent = ProjectName.of("[PROJECT]").toString();
+   *   String attestorId = "attestorId2055733027";
+   *   Resources.Attestor attestor = Resources.Attestor.newBuilder().build();
+   *   Resources.Attestor response =
+   *       binauthzManagementServiceV1Client.createAttestor(parent, attestorId, attestor);
+   * }
+   * }</pre>
+   *
+   * @param parent Required. The parent of this
+   *     [attestor][google.cloud.binaryauthorization.v1.Attestor].
+   * @param attestorId Required. The [attestors][google.cloud.binaryauthorization.v1.Attestor] ID.
+   * @param attestor Required. The initial [attestor][google.cloud.binaryauthorization.v1.Attestor]
+   *     value. The service will overwrite the [attestor
+   *     name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name, in
+   *     the format `projects/&#42;/attestors/&#42;`.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final Resources.Attestor createAttestor(
+      String parent, String attestorId, Resources.Attestor attestor) {
+    Service.CreateAttestorRequest request =
+        Service.CreateAttestorRequest.newBuilder()
+            .setParent(parent)
+            .setAttestorId(attestorId)
+            .setAttestor(attestor)
+            .build();
+    return createAttestor(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Creates an [attestor][google.cloud.binaryauthorization.v1.Attestor], and returns a copy of the
+   * new [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the project
+   * does not exist, INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the
+   * [attestor][google.cloud.binaryauthorization.v1.Attestor] already exists.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (BinauthzManagementServiceV1Client binauthzManagementServiceV1Client =
+   *     BinauthzManagementServiceV1Client.create()) {
+   *   Service.CreateAttestorRequest request =
+   *       Service.CreateAttestorRequest.newBuilder()
+   *           .setParent(ProjectName.of("[PROJECT]").toString())
+   *           .setAttestorId("attestorId2055733027")
+   *           .setAttestor(Resources.Attestor.newBuilder().build())
+   *           .build();
+   *   Resources.Attestor response = binauthzManagementServiceV1Client.createAttestor(request);
+   * }
+   * }</pre>
+   *
+   * @param request The request object containing all of the parameters for the API call.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final Resources.Attestor createAttestor(Service.CreateAttestorRequest request) {
+    return createAttestorCallable().call(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Creates an [attestor][google.cloud.binaryauthorization.v1.Attestor], and returns a copy of the
+   * new [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the project
+   * does not exist, INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the
+   * [attestor][google.cloud.binaryauthorization.v1.Attestor] already exists.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (BinauthzManagementServiceV1Client binauthzManagementServiceV1Client =
+   *     BinauthzManagementServiceV1Client.create()) {
+   *   Service.CreateAttestorRequest request =
+   *       Service.CreateAttestorRequest.newBuilder()
+   *           .setParent(ProjectName.of("[PROJECT]").toString())
+   *           .setAttestorId("attestorId2055733027")
+   *           .setAttestor(Resources.Attestor.newBuilder().build())
+   *           .build();
+   *   ApiFuture<Resources.Attestor> future =
+   *       binauthzManagementServiceV1Client.createAttestorCallable().futureCall(request);
+   *   // Do something.
+   *   Resources.Attestor response = future.get();
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<Service.CreateAttestorRequest, Resources.Attestor>
+      createAttestorCallable() {
+    return stub.createAttestorCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Gets an [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the
+   * [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (BinauthzManagementServiceV1Client binauthzManagementServiceV1Client =
+   *     BinauthzManagementServiceV1Client.create()) {
+   *   AttestorName name = AttestorName.of("[PROJECT]", "[ATTESTOR]");
+   *   Resources.Attestor response = binauthzManagementServiceV1Client.getAttestor(name);
+   * }
+   * }</pre>
+   *
+   * @param name Required. The name of the [attestor][google.cloud.binaryauthorization.v1.Attestor]
+   *     to retrieve, in the format `projects/&#42;/attestors/&#42;`.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final Resources.Attestor getAttestor(AttestorName name) {
+    Service.GetAttestorRequest request =
+        Service.GetAttestorRequest.newBuilder()
+            .setName(name == null ? null : name.toString())
+            .build();
+    return getAttestor(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Gets an [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the
+   * [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (BinauthzManagementServiceV1Client binauthzManagementServiceV1Client =
+   *     BinauthzManagementServiceV1Client.create()) {
+   *   String name = AttestorName.of("[PROJECT]", "[ATTESTOR]").toString();
+   *   Resources.Attestor response = binauthzManagementServiceV1Client.getAttestor(name);
+   * }
+   * }</pre>
+   *
+   * @param name Required. The name of the [attestor][google.cloud.binaryauthorization.v1.Attestor]
+   *     to retrieve, in the format `projects/&#42;/attestors/&#42;`.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final Resources.Attestor getAttestor(String name) {
+    Service.GetAttestorRequest request =
+        Service.GetAttestorRequest.newBuilder().setName(name).build();
+    return getAttestor(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Gets an [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the
+   * [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (BinauthzManagementServiceV1Client binauthzManagementServiceV1Client =
+   *     BinauthzManagementServiceV1Client.create()) {
+   *   Service.GetAttestorRequest request =
+   *       Service.GetAttestorRequest.newBuilder()
+   *           .setName(AttestorName.of("[PROJECT]", "[ATTESTOR]").toString())
+   *           .build();
+   *   Resources.Attestor response = binauthzManagementServiceV1Client.getAttestor(request);
+   * }
+   * }</pre>
+   *
+   * @param request The request object containing all of the parameters for the API call.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final Resources.Attestor getAttestor(Service.GetAttestorRequest request) {
+    return getAttestorCallable().call(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Gets an [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the
+   * [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (BinauthzManagementServiceV1Client binauthzManagementServiceV1Client =
+   *     BinauthzManagementServiceV1Client.create()) {
+   *   Service.GetAttestorRequest request =
+   *       Service.GetAttestorRequest.newBuilder()
+   *           .setName(AttestorName.of("[PROJECT]", "[ATTESTOR]").toString())
+   *           .build();
+   *   ApiFuture<Resources.Attestor> future =
+   *       binauthzManagementServiceV1Client.getAttestorCallable().futureCall(request);
+   *   // Do something.
+   *   Resources.Attestor response = future.get();
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<Service.GetAttestorRequest, Resources.Attestor> getAttestorCallable() {
+    return stub.getAttestorCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Updates an [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the
+   * [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (BinauthzManagementServiceV1Client binauthzManagementServiceV1Client =
+   *     BinauthzManagementServiceV1Client.create()) {
+   *   Resources.Attestor attestor = Resources.Attestor.newBuilder().build();
+   *   Resources.Attestor response = binauthzManagementServiceV1Client.updateAttestor(attestor);
+   * }
+   * }</pre>
+   *
+   * @param attestor Required. The updated [attestor][google.cloud.binaryauthorization.v1.Attestor]
+   *     value. The service will overwrite the [attestor
+   *     name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name in
+   *     the request URL, in the format `projects/&#42;/attestors/&#42;`.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final Resources.Attestor updateAttestor(Resources.Attestor attestor) {
+    Service.UpdateAttestorRequest request =
+        Service.UpdateAttestorRequest.newBuilder().setAttestor(attestor).build();
+    return updateAttestor(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Updates an [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the
+   * [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (BinauthzManagementServiceV1Client binauthzManagementServiceV1Client =
+   *     BinauthzManagementServiceV1Client.create()) {
+   *   Service.UpdateAttestorRequest request =
+   *       Service.UpdateAttestorRequest.newBuilder()
+   *           .setAttestor(Resources.Attestor.newBuilder().build())
+   *           .build();
+   *   Resources.Attestor response = binauthzManagementServiceV1Client.updateAttestor(request);
+   * }
+   * }</pre>
+   *
+   * @param request The request object containing all of the parameters for the API call.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final Resources.Attestor updateAttestor(Service.UpdateAttestorRequest request) {
+    return updateAttestorCallable().call(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Updates an [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the
+   * [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (BinauthzManagementServiceV1Client binauthzManagementServiceV1Client =
+   *     BinauthzManagementServiceV1Client.create()) {
+   *   Service.UpdateAttestorRequest request =
+   *       Service.UpdateAttestorRequest.newBuilder()
+   *           .setAttestor(Resources.Attestor.newBuilder().build())
+   *           .build();
+   *   ApiFuture<Resources.Attestor> future =
+   *       binauthzManagementServiceV1Client.updateAttestorCallable().futureCall(request);
+   *   // Do something.
+   *   Resources.Attestor response = future.get();
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<Service.UpdateAttestorRequest, Resources.Attestor>
+      updateAttestorCallable() {
+    return stub.updateAttestorCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Lists [attestors][google.cloud.binaryauthorization.v1.Attestor]. Returns INVALID_ARGUMENT if
+   * the project does not exist.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (BinauthzManagementServiceV1Client binauthzManagementServiceV1Client =
+   *     BinauthzManagementServiceV1Client.create()) {
+   *   ProjectName parent = ProjectName.of("[PROJECT]");
+   *   for (Resources.Attestor element :
+   *       binauthzManagementServiceV1Client.listAttestors(parent).iterateAll()) {
+   *     // doThingsWith(element);
+   *   }
+   * }
+   * }</pre>
+   *
+   * @param parent Required. The resource name of the project associated with the
+   *     [attestors][google.cloud.binaryauthorization.v1.Attestor], in the format `projects/&#42;`.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final ListAttestorsPagedResponse listAttestors(ProjectName parent) {
+    Service.ListAttestorsRequest request =
+        Service.ListAttestorsRequest.newBuilder()
+            .setParent(parent == null ? null : parent.toString())
+            .build();
+    return listAttestors(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Lists [attestors][google.cloud.binaryauthorization.v1.Attestor]. Returns INVALID_ARGUMENT if
+   * the project does not exist.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (BinauthzManagementServiceV1Client binauthzManagementServiceV1Client =
+   *     BinauthzManagementServiceV1Client.create()) {
+   *   String parent = ProjectName.of("[PROJECT]").toString();
+   *   for (Resources.Attestor element :
+   *       binauthzManagementServiceV1Client.listAttestors(parent).iterateAll()) {
+   *     // doThingsWith(element);
+   *   }
+   * }
+   * }</pre>
+   *
+   * @param parent Required. The resource name of the project associated with the
+   *     [attestors][google.cloud.binaryauthorization.v1.Attestor], in the format `projects/&#42;`.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final ListAttestorsPagedResponse listAttestors(String parent) {
+    Service.ListAttestorsRequest request =
+        Service.ListAttestorsRequest.newBuilder().setParent(parent).build();
+    return listAttestors(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Lists [attestors][google.cloud.binaryauthorization.v1.Attestor]. Returns INVALID_ARGUMENT if
+   * the project does not exist.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (BinauthzManagementServiceV1Client binauthzManagementServiceV1Client =
+   *     BinauthzManagementServiceV1Client.create()) {
+   *   Service.ListAttestorsRequest request =
+   *       Service.ListAttestorsRequest.newBuilder()
+   *           .setParent(ProjectName.of("[PROJECT]").toString())
+   *           .setPageSize(883849137)
+   *           .setPageToken("pageToken873572522")
+   *           .build();
+   *   for (Resources.Attestor element :
+   *       binauthzManagementServiceV1Client.listAttestors(request).iterateAll()) {
+   *     // doThingsWith(element);
+   *   }
+   * }
+   * }</pre>
+   *
+   * @param request The request object containing all of the parameters for the API call.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final ListAttestorsPagedResponse listAttestors(Service.ListAttestorsRequest request) {
+    return listAttestorsPagedCallable().call(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Lists [attestors][google.cloud.binaryauthorization.v1.Attestor]. Returns INVALID_ARGUMENT if
+   * the project does not exist.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (BinauthzManagementServiceV1Client binauthzManagementServiceV1Client =
+   *     BinauthzManagementServiceV1Client.create()) {
+   *   Service.ListAttestorsRequest request =
+   *       Service.ListAttestorsRequest.newBuilder()
+   *           .setParent(ProjectName.of("[PROJECT]").toString())
+   *           .setPageSize(883849137)
+   *           .setPageToken("pageToken873572522")
+   *           .build();
+   *   ApiFuture<Resources.Attestor> future =
+   *       binauthzManagementServiceV1Client.listAttestorsPagedCallable().futureCall(request);
+   *   // Do something.
+   *   for (Resources.Attestor element : future.get().iterateAll()) {
+   *     // doThingsWith(element);
+   *   }
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<Service.ListAttestorsRequest, ListAttestorsPagedResponse>
+      listAttestorsPagedCallable() {
+    return stub.listAttestorsPagedCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Lists [attestors][google.cloud.binaryauthorization.v1.Attestor]. Returns INVALID_ARGUMENT if
+   * the project does not exist.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (BinauthzManagementServiceV1Client binauthzManagementServiceV1Client =
+   *     BinauthzManagementServiceV1Client.create()) {
+   *   Service.ListAttestorsRequest request =
+   *       Service.ListAttestorsRequest.newBuilder()
+   *           .setParent(ProjectName.of("[PROJECT]").toString())
+   *           .setPageSize(883849137)
+   *           .setPageToken("pageToken873572522")
+   *           .build();
+   *   while (true) {
+   *     Service.ListAttestorsResponse response =
+   *         binauthzManagementServiceV1Client.listAttestorsCallable().call(request);
+   *     for (Resources.Attestor element : response.getResponsesList()) {
+   *       // doThingsWith(element);
+   *     }
+   *     String nextPageToken = response.getNextPageToken();
+   *     if (!Strings.isNullOrEmpty(nextPageToken)) {
+   *       request = request.toBuilder().setPageToken(nextPageToken).build();
+   *     } else {
+   *       break;
+   *     }
+   *   }
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<Service.ListAttestorsRequest, Service.ListAttestorsResponse>
+      listAttestorsCallable() {
+    return stub.listAttestorsCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Deletes an [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the
+   * [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (BinauthzManagementServiceV1Client binauthzManagementServiceV1Client =
+   *     BinauthzManagementServiceV1Client.create()) {
+   *   AttestorName name = AttestorName.of("[PROJECT]", "[ATTESTOR]");
+   *   binauthzManagementServiceV1Client.deleteAttestor(name);
+   * }
+   * }</pre>
+   *
+   * @param name Required. The name of the [attestors][google.cloud.binaryauthorization.v1.Attestor]
+   *     to delete, in the format `projects/&#42;/attestors/&#42;`.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final void deleteAttestor(AttestorName name) {
+    Service.DeleteAttestorRequest request =
+        Service.DeleteAttestorRequest.newBuilder()
+            .setName(name == null ? null : name.toString())
+            .build();
+    deleteAttestor(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Deletes an [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the
+   * [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (BinauthzManagementServiceV1Client binauthzManagementServiceV1Client =
+   *     BinauthzManagementServiceV1Client.create()) {
+   *   String name = AttestorName.of("[PROJECT]", "[ATTESTOR]").toString();
+   *   binauthzManagementServiceV1Client.deleteAttestor(name);
+   * }
+   * }</pre>
+   *
+   * @param name Required. The name of the [attestors][google.cloud.binaryauthorization.v1.Attestor]
+   *     to delete, in the format `projects/&#42;/attestors/&#42;`.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final void deleteAttestor(String name) {
+    Service.DeleteAttestorRequest request =
+        Service.DeleteAttestorRequest.newBuilder().setName(name).build();
+    deleteAttestor(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Deletes an [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the
+   * [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (BinauthzManagementServiceV1Client binauthzManagementServiceV1Client =
+   *     BinauthzManagementServiceV1Client.create()) {
+   *   Service.DeleteAttestorRequest request =
+   *       Service.DeleteAttestorRequest.newBuilder()
+   *           .setName(AttestorName.of("[PROJECT]", "[ATTESTOR]").toString())
+   *           .build();
+   *   binauthzManagementServiceV1Client.deleteAttestor(request);
+   * }
+   * }</pre>
+   *
+   * @param request The request object containing all of the parameters for the API call.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final void deleteAttestor(Service.DeleteAttestorRequest request) {
+    deleteAttestorCallable().call(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Deletes an [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the
+   * [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (BinauthzManagementServiceV1Client binauthzManagementServiceV1Client =
+   *     BinauthzManagementServiceV1Client.create()) {
+   *   Service.DeleteAttestorRequest request =
+   *       Service.DeleteAttestorRequest.newBuilder()
+   *           .setName(AttestorName.of("[PROJECT]", "[ATTESTOR]").toString())
+   *           .build();
+   *   ApiFuture<Empty> future =
+   *       binauthzManagementServiceV1Client.deleteAttestorCallable().futureCall(request);
+   *   // Do something.
+   *   future.get();
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<Service.DeleteAttestorRequest, Empty> deleteAttestorCallable() {
+    return stub.deleteAttestorCallable();
+  }
+
+  @Override
+  public final void close() {
+    stub.close();
+  }
+
+  @Override
+  public void shutdown() {
+    stub.shutdown();
+  }
+
+  @Override
+  public boolean isShutdown() {
+    return stub.isShutdown();
+  }
+
+  @Override
+  public boolean isTerminated() {
+    return stub.isTerminated();
+  }
+
+  @Override
+  public void shutdownNow() {
+    stub.shutdownNow();
+  }
+
+  @Override
+  public boolean awaitTermination(long duration, TimeUnit unit) throws InterruptedException {
+    return stub.awaitTermination(duration, unit);
+  }
+
+  public static class ListAttestorsPagedResponse
+      extends AbstractPagedListResponse<
+          Service.ListAttestorsRequest,
+          Service.ListAttestorsResponse,
+          Resources.Attestor,
+          ListAttestorsPage,
+          ListAttestorsFixedSizeCollection> {
+
+    public static ApiFuture<ListAttestorsPagedResponse> createAsync(
+        PageContext<Service.ListAttestorsRequest, Service.ListAttestorsResponse, Resources.Attestor>
+            context,
+        ApiFuture<Service.ListAttestorsResponse> futureResponse) {
+      ApiFuture<ListAttestorsPage> futurePage =
+          ListAttestorsPage.createEmptyPage().createPageAsync(context, futureResponse);
+      return ApiFutures.transform(
+          futurePage,
+          input -> new ListAttestorsPagedResponse(input),
+          MoreExecutors.directExecutor());
+    }
+
+    private ListAttestorsPagedResponse(ListAttestorsPage page) {
+      super(page, ListAttestorsFixedSizeCollection.createEmptyCollection());
+    }
+  }
+
+  public static class ListAttestorsPage
+      extends AbstractPage<
+          Service.ListAttestorsRequest,
+          Service.ListAttestorsResponse,
+          Resources.Attestor,
+          ListAttestorsPage> {
+
+    private ListAttestorsPage(
+        PageContext<Service.ListAttestorsRequest, Service.ListAttestorsResponse, Resources.Attestor>
+            context,
+        Service.ListAttestorsResponse response) {
+      super(context, response);
+    }
+
+    private static ListAttestorsPage createEmptyPage() {
+      return new ListAttestorsPage(null, null);
+    }
+
+    @Override
+    protected ListAttestorsPage createPage(
+        PageContext<Service.ListAttestorsRequest, Service.ListAttestorsResponse, Resources.Attestor>
+            context,
+        Service.ListAttestorsResponse response) {
+      return new ListAttestorsPage(context, response);
+    }
+
+    @Override
+    public ApiFuture<ListAttestorsPage> createPageAsync(
+        PageContext<Service.ListAttestorsRequest, Service.ListAttestorsResponse, Resources.Attestor>
+            context,
+        ApiFuture<Service.ListAttestorsResponse> futureResponse) {
+      return super.createPageAsync(context, futureResponse);
+    }
+  }
+
+  public static class ListAttestorsFixedSizeCollection
+      extends AbstractFixedSizeCollection<
+          Service.ListAttestorsRequest,
+          Service.ListAttestorsResponse,
+          Resources.Attestor,
+          ListAttestorsPage,
+          ListAttestorsFixedSizeCollection> {
+
+    private ListAttestorsFixedSizeCollection(List<ListAttestorsPage> pages, int collectionSize) {
+      super(pages, collectionSize);
+    }
+
+    private static ListAttestorsFixedSizeCollection createEmptyCollection() {
+      return new ListAttestorsFixedSizeCollection(null, 0);
+    }
+
+    @Override
+    protected ListAttestorsFixedSizeCollection createCollection(
+        List<ListAttestorsPage> pages, int collectionSize) {
+      return new ListAttestorsFixedSizeCollection(pages, collectionSize);
+    }
+  }
+}
diff --git a/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/BinauthzManagementServiceV1Settings.java b/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/BinauthzManagementServiceV1Settings.java
new file mode 100644
index 00000000..e7a23f93
--- /dev/null
+++ b/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/BinauthzManagementServiceV1Settings.java
@@ -0,0 +1,261 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.protos.google.cloud.binaryauthorization.v1;
+
+import static com.google.protos.google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1Client.ListAttestorsPagedResponse;
+
+import com.google.api.core.ApiFunction;
+import com.google.api.core.BetaApi;
+import com.google.api.gax.core.GoogleCredentialsProvider;
+import com.google.api.gax.core.InstantiatingExecutorProvider;
+import com.google.api.gax.grpc.InstantiatingGrpcChannelProvider;
+import com.google.api.gax.rpc.ApiClientHeaderProvider;
+import com.google.api.gax.rpc.ClientContext;
+import com.google.api.gax.rpc.ClientSettings;
+import com.google.api.gax.rpc.PagedCallSettings;
+import com.google.api.gax.rpc.TransportChannelProvider;
+import com.google.api.gax.rpc.UnaryCallSettings;
+import com.google.protobuf.Empty;
+import com.google.protos.google.cloud.binaryauthorization.v1.stub.BinauthzManagementServiceV1StubSettings;
+import java.io.IOException;
+import java.util.List;
+import javax.annotation.Generated;
+
+// AUTO-GENERATED DOCUMENTATION AND CLASS.
+/**
+ * Settings class to configure an instance of {@link BinauthzManagementServiceV1Client}.
+ *
+ * <p>The default instance has everything set to sensible defaults:
+ *
+ * <ul>
+ *   <li>The default service address (binaryauthorization.googleapis.com) and default port (443) are
+ *       used.
+ *   <li>Credentials are acquired automatically through Application Default Credentials.
+ *   <li>Retries are configured for idempotent methods but not for non-idempotent methods.
+ * </ul>
+ *
+ * <p>The builder of this class is recursive, so contained classes are themselves builders. When
+ * build() is called, the tree of builders is called to create the complete settings object.
+ *
+ * <p>For example, to set the total timeout of getPolicy to 30 seconds:
+ *
+ * <pre>{@code
+ * BinauthzManagementServiceV1Settings.Builder binauthzManagementServiceV1SettingsBuilder =
+ *     BinauthzManagementServiceV1Settings.newBuilder();
+ * binauthzManagementServiceV1SettingsBuilder
+ *     .getPolicySettings()
+ *     .setRetrySettings(
+ *         binauthzManagementServiceV1SettingsBuilder
+ *             .getPolicySettings()
+ *             .getRetrySettings()
+ *             .toBuilder()
+ *             .setTotalTimeout(Duration.ofSeconds(30))
+ *             .build());
+ * BinauthzManagementServiceV1Settings binauthzManagementServiceV1Settings =
+ *     binauthzManagementServiceV1SettingsBuilder.build();
+ * }</pre>
+ */
+@Generated("by gapic-generator-java")
+public class BinauthzManagementServiceV1Settings
+    extends ClientSettings<BinauthzManagementServiceV1Settings> {
+
+  /** Returns the object with the settings used for calls to getPolicy. */
+  public UnaryCallSettings<Service.GetPolicyRequest, Resources.Policy> getPolicySettings() {
+    return ((BinauthzManagementServiceV1StubSettings) getStubSettings()).getPolicySettings();
+  }
+
+  /** Returns the object with the settings used for calls to updatePolicy. */
+  public UnaryCallSettings<Service.UpdatePolicyRequest, Resources.Policy> updatePolicySettings() {
+    return ((BinauthzManagementServiceV1StubSettings) getStubSettings()).updatePolicySettings();
+  }
+
+  /** Returns the object with the settings used for calls to createAttestor. */
+  public UnaryCallSettings<Service.CreateAttestorRequest, Resources.Attestor>
+      createAttestorSettings() {
+    return ((BinauthzManagementServiceV1StubSettings) getStubSettings()).createAttestorSettings();
+  }
+
+  /** Returns the object with the settings used for calls to getAttestor. */
+  public UnaryCallSettings<Service.GetAttestorRequest, Resources.Attestor> getAttestorSettings() {
+    return ((BinauthzManagementServiceV1StubSettings) getStubSettings()).getAttestorSettings();
+  }
+
+  /** Returns the object with the settings used for calls to updateAttestor. */
+  public UnaryCallSettings<Service.UpdateAttestorRequest, Resources.Attestor>
+      updateAttestorSettings() {
+    return ((BinauthzManagementServiceV1StubSettings) getStubSettings()).updateAttestorSettings();
+  }
+
+  /** Returns the object with the settings used for calls to listAttestors. */
+  public PagedCallSettings<
+          Service.ListAttestorsRequest, Service.ListAttestorsResponse, ListAttestorsPagedResponse>
+      listAttestorsSettings() {
+    return ((BinauthzManagementServiceV1StubSettings) getStubSettings()).listAttestorsSettings();
+  }
+
+  /** Returns the object with the settings used for calls to deleteAttestor. */
+  public UnaryCallSettings<Service.DeleteAttestorRequest, Empty> deleteAttestorSettings() {
+    return ((BinauthzManagementServiceV1StubSettings) getStubSettings()).deleteAttestorSettings();
+  }
+
+  public static final BinauthzManagementServiceV1Settings create(
+      BinauthzManagementServiceV1StubSettings stub) throws IOException {
+    return new BinauthzManagementServiceV1Settings.Builder(stub.toBuilder()).build();
+  }
+
+  /** Returns a builder for the default ExecutorProvider for this service. */
+  public static InstantiatingExecutorProvider.Builder defaultExecutorProviderBuilder() {
+    return BinauthzManagementServiceV1StubSettings.defaultExecutorProviderBuilder();
+  }
+
+  /** Returns the default service endpoint. */
+  public static String getDefaultEndpoint() {
+    return BinauthzManagementServiceV1StubSettings.getDefaultEndpoint();
+  }
+
+  /** Returns the default service scopes. */
+  public static List<String> getDefaultServiceScopes() {
+    return BinauthzManagementServiceV1StubSettings.getDefaultServiceScopes();
+  }
+
+  /** Returns a builder for the default credentials for this service. */
+  public static GoogleCredentialsProvider.Builder defaultCredentialsProviderBuilder() {
+    return BinauthzManagementServiceV1StubSettings.defaultCredentialsProviderBuilder();
+  }
+
+  /** Returns a builder for the default ChannelProvider for this service. */
+  public static InstantiatingGrpcChannelProvider.Builder defaultGrpcTransportProviderBuilder() {
+    return BinauthzManagementServiceV1StubSettings.defaultGrpcTransportProviderBuilder();
+  }
+
+  public static TransportChannelProvider defaultTransportChannelProvider() {
+    return BinauthzManagementServiceV1StubSettings.defaultTransportChannelProvider();
+  }
+
+  @BetaApi("The surface for customizing headers is not stable yet and may change in the future.")
+  public static ApiClientHeaderProvider.Builder defaultApiClientHeaderProviderBuilder() {
+    return BinauthzManagementServiceV1StubSettings.defaultApiClientHeaderProviderBuilder();
+  }
+
+  /** Returns a new builder for this class. */
+  public static Builder newBuilder() {
+    return Builder.createDefault();
+  }
+
+  /** Returns a new builder for this class. */
+  public static Builder newBuilder(ClientContext clientContext) {
+    return new Builder(clientContext);
+  }
+
+  /** Returns a builder containing all the values of this settings class. */
+  public Builder toBuilder() {
+    return new Builder(this);
+  }
+
+  protected BinauthzManagementServiceV1Settings(Builder settingsBuilder) throws IOException {
+    super(settingsBuilder);
+  }
+
+  /** Builder for BinauthzManagementServiceV1Settings. */
+  public static class Builder
+      extends ClientSettings.Builder<BinauthzManagementServiceV1Settings, Builder> {
+
+    protected Builder() throws IOException {
+      this(((ClientContext) null));
+    }
+
+    protected Builder(ClientContext clientContext) {
+      super(BinauthzManagementServiceV1StubSettings.newBuilder(clientContext));
+    }
+
+    protected Builder(BinauthzManagementServiceV1Settings settings) {
+      super(settings.getStubSettings().toBuilder());
+    }
+
+    protected Builder(BinauthzManagementServiceV1StubSettings.Builder stubSettings) {
+      super(stubSettings);
+    }
+
+    private static Builder createDefault() {
+      return new Builder(BinauthzManagementServiceV1StubSettings.newBuilder());
+    }
+
+    public BinauthzManagementServiceV1StubSettings.Builder getStubSettingsBuilder() {
+      return ((BinauthzManagementServiceV1StubSettings.Builder) getStubSettings());
+    }
+
+    /**
+     * Applies the given settings updater function to all of the unary API methods in this service.
+     *
+     * <p>Note: This method does not support applying settings to streaming methods.
+     */
+    public Builder applyToAllUnaryMethods(
+        ApiFunction<UnaryCallSettings.Builder<?, ?>, Void> settingsUpdater) {
+      super.applyToAllUnaryMethods(
+          getStubSettingsBuilder().unaryMethodSettingsBuilders(), settingsUpdater);
+      return this;
+    }
+
+    /** Returns the builder for the settings used for calls to getPolicy. */
+    public UnaryCallSettings.Builder<Service.GetPolicyRequest, Resources.Policy>
+        getPolicySettings() {
+      return getStubSettingsBuilder().getPolicySettings();
+    }
+
+    /** Returns the builder for the settings used for calls to updatePolicy. */
+    public UnaryCallSettings.Builder<Service.UpdatePolicyRequest, Resources.Policy>
+        updatePolicySettings() {
+      return getStubSettingsBuilder().updatePolicySettings();
+    }
+
+    /** Returns the builder for the settings used for calls to createAttestor. */
+    public UnaryCallSettings.Builder<Service.CreateAttestorRequest, Resources.Attestor>
+        createAttestorSettings() {
+      return getStubSettingsBuilder().createAttestorSettings();
+    }
+
+    /** Returns the builder for the settings used for calls to getAttestor. */
+    public UnaryCallSettings.Builder<Service.GetAttestorRequest, Resources.Attestor>
+        getAttestorSettings() {
+      return getStubSettingsBuilder().getAttestorSettings();
+    }
+
+    /** Returns the builder for the settings used for calls to updateAttestor. */
+    public UnaryCallSettings.Builder<Service.UpdateAttestorRequest, Resources.Attestor>
+        updateAttestorSettings() {
+      return getStubSettingsBuilder().updateAttestorSettings();
+    }
+
+    /** Returns the builder for the settings used for calls to listAttestors. */
+    public PagedCallSettings.Builder<
+            Service.ListAttestorsRequest, Service.ListAttestorsResponse, ListAttestorsPagedResponse>
+        listAttestorsSettings() {
+      return getStubSettingsBuilder().listAttestorsSettings();
+    }
+
+    /** Returns the builder for the settings used for calls to deleteAttestor. */
+    public UnaryCallSettings.Builder<Service.DeleteAttestorRequest, Empty>
+        deleteAttestorSettings() {
+      return getStubSettingsBuilder().deleteAttestorSettings();
+    }
+
+    @Override
+    public BinauthzManagementServiceV1Settings build() throws IOException {
+      return new BinauthzManagementServiceV1Settings(this);
+    }
+  }
+}
diff --git a/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/SystemPolicyV1Client.java b/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/SystemPolicyV1Client.java
new file mode 100644
index 00000000..a4fe0c1f
--- /dev/null
+++ b/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/SystemPolicyV1Client.java
@@ -0,0 +1,265 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.protos.google.cloud.binaryauthorization.v1;
+
+import com.google.api.core.BetaApi;
+import com.google.api.gax.core.BackgroundResource;
+import com.google.api.gax.rpc.UnaryCallable;
+import com.google.protos.google.cloud.binaryauthorization.v1.stub.SystemPolicyV1Stub;
+import com.google.protos.google.cloud.binaryauthorization.v1.stub.SystemPolicyV1StubSettings;
+import java.io.IOException;
+import java.util.concurrent.TimeUnit;
+import javax.annotation.Generated;
+
+// AUTO-GENERATED DOCUMENTATION AND CLASS.
+/**
+ * Service Description: API for working with the system policy.
+ *
+ * <p>This class provides the ability to make remote calls to the backing service through method
+ * calls that map to API methods. Sample code to get started:
+ *
+ * <pre>{@code
+ * try (SystemPolicyV1Client systemPolicyV1Client = SystemPolicyV1Client.create()) {
+ *   PolicyName name = PolicyName.ofProjectName("[PROJECT]");
+ *   Resources.Policy response = systemPolicyV1Client.getSystemPolicy(name);
+ * }
+ * }</pre>
+ *
+ * <p>Note: close() needs to be called on the SystemPolicyV1Client object to clean up resources such
+ * as threads. In the example above, try-with-resources is used, which automatically calls close().
+ *
+ * <p>The surface of this class includes several types of Java methods for each of the API's
+ * methods:
+ *
+ * <ol>
+ *   <li>A "flattened" method. With this type of method, the fields of the request type have been
+ *       converted into function parameters. It may be the case that not all fields are available as
+ *       parameters, and not every API method will have a flattened method entry point.
+ *   <li>A "request object" method. This type of method only takes one parameter, a request object,
+ *       which must be constructed before the call. Not every API method will have a request object
+ *       method.
+ *   <li>A "callable" method. This type of method takes no parameters and returns an immutable API
+ *       callable object, which can be used to initiate calls to the service.
+ * </ol>
+ *
+ * <p>See the individual methods for example code.
+ *
+ * <p>Many parameters require resource names to be formatted in a particular way. To assist with
+ * these names, this class includes a format method for each type of name, and additionally a parse
+ * method to extract the individual identifiers contained within names that are returned.
+ *
+ * <p>This class can be customized by passing in a custom instance of SystemPolicyV1Settings to
+ * create(). For example:
+ *
+ * <p>To customize credentials:
+ *
+ * <pre>{@code
+ * SystemPolicyV1Settings systemPolicyV1Settings =
+ *     SystemPolicyV1Settings.newBuilder()
+ *         .setCredentialsProvider(FixedCredentialsProvider.create(myCredentials))
+ *         .build();
+ * SystemPolicyV1Client systemPolicyV1Client = SystemPolicyV1Client.create(systemPolicyV1Settings);
+ * }</pre>
+ *
+ * <p>To customize the endpoint:
+ *
+ * <pre>{@code
+ * SystemPolicyV1Settings systemPolicyV1Settings =
+ *     SystemPolicyV1Settings.newBuilder().setEndpoint(myEndpoint).build();
+ * SystemPolicyV1Client systemPolicyV1Client = SystemPolicyV1Client.create(systemPolicyV1Settings);
+ * }</pre>
+ *
+ * <p>Please refer to the GitHub repository's samples for more quickstart code snippets.
+ */
+@Generated("by gapic-generator-java")
+public class SystemPolicyV1Client implements BackgroundResource {
+  private final SystemPolicyV1Settings settings;
+  private final SystemPolicyV1Stub stub;
+
+  /** Constructs an instance of SystemPolicyV1Client with default settings. */
+  public static final SystemPolicyV1Client create() throws IOException {
+    return create(SystemPolicyV1Settings.newBuilder().build());
+  }
+
+  /**
+   * Constructs an instance of SystemPolicyV1Client, using the given settings. The channels are
+   * created based on the settings passed in, or defaults for any settings that are not set.
+   */
+  public static final SystemPolicyV1Client create(SystemPolicyV1Settings settings)
+      throws IOException {
+    return new SystemPolicyV1Client(settings);
+  }
+
+  /**
+   * Constructs an instance of SystemPolicyV1Client, using the given stub for making calls. This is
+   * for advanced usage - prefer using create(SystemPolicyV1Settings).
+   */
+  @BetaApi("A restructuring of stub classes is planned, so this may break in the future")
+  public static final SystemPolicyV1Client create(SystemPolicyV1Stub stub) {
+    return new SystemPolicyV1Client(stub);
+  }
+
+  /**
+   * Constructs an instance of SystemPolicyV1Client, using the given settings. This is protected so
+   * that it is easy to make a subclass, but otherwise, the static factory methods should be
+   * preferred.
+   */
+  protected SystemPolicyV1Client(SystemPolicyV1Settings settings) throws IOException {
+    this.settings = settings;
+    this.stub = ((SystemPolicyV1StubSettings) settings.getStubSettings()).createStub();
+  }
+
+  @BetaApi("A restructuring of stub classes is planned, so this may break in the future")
+  protected SystemPolicyV1Client(SystemPolicyV1Stub stub) {
+    this.settings = null;
+    this.stub = stub;
+  }
+
+  public final SystemPolicyV1Settings getSettings() {
+    return settings;
+  }
+
+  @BetaApi("A restructuring of stub classes is planned, so this may break in the future")
+  public SystemPolicyV1Stub getStub() {
+    return stub;
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Gets the current system policy in the specified location.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (SystemPolicyV1Client systemPolicyV1Client = SystemPolicyV1Client.create()) {
+   *   PolicyName name = PolicyName.ofProjectName("[PROJECT]");
+   *   Resources.Policy response = systemPolicyV1Client.getSystemPolicy(name);
+   * }
+   * }</pre>
+   *
+   * @param name Required. The resource name, in the format `locations/&#42;/policy`. Note that the
+   *     system policy is not associated with a project.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final Resources.Policy getSystemPolicy(PolicyName name) {
+    Service.GetSystemPolicyRequest request =
+        Service.GetSystemPolicyRequest.newBuilder()
+            .setName(name == null ? null : name.toString())
+            .build();
+    return getSystemPolicy(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Gets the current system policy in the specified location.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (SystemPolicyV1Client systemPolicyV1Client = SystemPolicyV1Client.create()) {
+   *   String name = PolicyName.ofProjectName("[PROJECT]").toString();
+   *   Resources.Policy response = systemPolicyV1Client.getSystemPolicy(name);
+   * }
+   * }</pre>
+   *
+   * @param name Required. The resource name, in the format `locations/&#42;/policy`. Note that the
+   *     system policy is not associated with a project.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final Resources.Policy getSystemPolicy(String name) {
+    Service.GetSystemPolicyRequest request =
+        Service.GetSystemPolicyRequest.newBuilder().setName(name).build();
+    return getSystemPolicy(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Gets the current system policy in the specified location.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (SystemPolicyV1Client systemPolicyV1Client = SystemPolicyV1Client.create()) {
+   *   Service.GetSystemPolicyRequest request =
+   *       Service.GetSystemPolicyRequest.newBuilder()
+   *           .setName(PolicyName.ofProjectName("[PROJECT]").toString())
+   *           .build();
+   *   Resources.Policy response = systemPolicyV1Client.getSystemPolicy(request);
+   * }
+   * }</pre>
+   *
+   * @param request The request object containing all of the parameters for the API call.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final Resources.Policy getSystemPolicy(Service.GetSystemPolicyRequest request) {
+    return getSystemPolicyCallable().call(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Gets the current system policy in the specified location.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (SystemPolicyV1Client systemPolicyV1Client = SystemPolicyV1Client.create()) {
+   *   Service.GetSystemPolicyRequest request =
+   *       Service.GetSystemPolicyRequest.newBuilder()
+   *           .setName(PolicyName.ofProjectName("[PROJECT]").toString())
+   *           .build();
+   *   ApiFuture<Resources.Policy> future =
+   *       systemPolicyV1Client.getSystemPolicyCallable().futureCall(request);
+   *   // Do something.
+   *   Resources.Policy response = future.get();
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<Service.GetSystemPolicyRequest, Resources.Policy>
+      getSystemPolicyCallable() {
+    return stub.getSystemPolicyCallable();
+  }
+
+  @Override
+  public final void close() {
+    stub.close();
+  }
+
+  @Override
+  public void shutdown() {
+    stub.shutdown();
+  }
+
+  @Override
+  public boolean isShutdown() {
+    return stub.isShutdown();
+  }
+
+  @Override
+  public boolean isTerminated() {
+    return stub.isTerminated();
+  }
+
+  @Override
+  public void shutdownNow() {
+    stub.shutdownNow();
+  }
+
+  @Override
+  public boolean awaitTermination(long duration, TimeUnit unit) throws InterruptedException {
+    return stub.awaitTermination(duration, unit);
+  }
+}
diff --git a/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/SystemPolicyV1Settings.java b/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/SystemPolicyV1Settings.java
new file mode 100644
index 00000000..1cfd8c98
--- /dev/null
+++ b/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/SystemPolicyV1Settings.java
@@ -0,0 +1,184 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.protos.google.cloud.binaryauthorization.v1;
+
+import com.google.api.core.ApiFunction;
+import com.google.api.core.BetaApi;
+import com.google.api.gax.core.GoogleCredentialsProvider;
+import com.google.api.gax.core.InstantiatingExecutorProvider;
+import com.google.api.gax.grpc.InstantiatingGrpcChannelProvider;
+import com.google.api.gax.rpc.ApiClientHeaderProvider;
+import com.google.api.gax.rpc.ClientContext;
+import com.google.api.gax.rpc.ClientSettings;
+import com.google.api.gax.rpc.TransportChannelProvider;
+import com.google.api.gax.rpc.UnaryCallSettings;
+import com.google.protos.google.cloud.binaryauthorization.v1.stub.SystemPolicyV1StubSettings;
+import java.io.IOException;
+import java.util.List;
+import javax.annotation.Generated;
+
+// AUTO-GENERATED DOCUMENTATION AND CLASS.
+/**
+ * Settings class to configure an instance of {@link SystemPolicyV1Client}.
+ *
+ * <p>The default instance has everything set to sensible defaults:
+ *
+ * <ul>
+ *   <li>The default service address (binaryauthorization.googleapis.com) and default port (443) are
+ *       used.
+ *   <li>Credentials are acquired automatically through Application Default Credentials.
+ *   <li>Retries are configured for idempotent methods but not for non-idempotent methods.
+ * </ul>
+ *
+ * <p>The builder of this class is recursive, so contained classes are themselves builders. When
+ * build() is called, the tree of builders is called to create the complete settings object.
+ *
+ * <p>For example, to set the total timeout of getSystemPolicy to 30 seconds:
+ *
+ * <pre>{@code
+ * SystemPolicyV1Settings.Builder systemPolicyV1SettingsBuilder =
+ *     SystemPolicyV1Settings.newBuilder();
+ * systemPolicyV1SettingsBuilder
+ *     .getSystemPolicySettings()
+ *     .setRetrySettings(
+ *         systemPolicyV1SettingsBuilder
+ *             .getSystemPolicySettings()
+ *             .getRetrySettings()
+ *             .toBuilder()
+ *             .setTotalTimeout(Duration.ofSeconds(30))
+ *             .build());
+ * SystemPolicyV1Settings systemPolicyV1Settings = systemPolicyV1SettingsBuilder.build();
+ * }</pre>
+ */
+@Generated("by gapic-generator-java")
+public class SystemPolicyV1Settings extends ClientSettings<SystemPolicyV1Settings> {
+
+  /** Returns the object with the settings used for calls to getSystemPolicy. */
+  public UnaryCallSettings<Service.GetSystemPolicyRequest, Resources.Policy>
+      getSystemPolicySettings() {
+    return ((SystemPolicyV1StubSettings) getStubSettings()).getSystemPolicySettings();
+  }
+
+  public static final SystemPolicyV1Settings create(SystemPolicyV1StubSettings stub)
+      throws IOException {
+    return new SystemPolicyV1Settings.Builder(stub.toBuilder()).build();
+  }
+
+  /** Returns a builder for the default ExecutorProvider for this service. */
+  public static InstantiatingExecutorProvider.Builder defaultExecutorProviderBuilder() {
+    return SystemPolicyV1StubSettings.defaultExecutorProviderBuilder();
+  }
+
+  /** Returns the default service endpoint. */
+  public static String getDefaultEndpoint() {
+    return SystemPolicyV1StubSettings.getDefaultEndpoint();
+  }
+
+  /** Returns the default service scopes. */
+  public static List<String> getDefaultServiceScopes() {
+    return SystemPolicyV1StubSettings.getDefaultServiceScopes();
+  }
+
+  /** Returns a builder for the default credentials for this service. */
+  public static GoogleCredentialsProvider.Builder defaultCredentialsProviderBuilder() {
+    return SystemPolicyV1StubSettings.defaultCredentialsProviderBuilder();
+  }
+
+  /** Returns a builder for the default ChannelProvider for this service. */
+  public static InstantiatingGrpcChannelProvider.Builder defaultGrpcTransportProviderBuilder() {
+    return SystemPolicyV1StubSettings.defaultGrpcTransportProviderBuilder();
+  }
+
+  public static TransportChannelProvider defaultTransportChannelProvider() {
+    return SystemPolicyV1StubSettings.defaultTransportChannelProvider();
+  }
+
+  @BetaApi("The surface for customizing headers is not stable yet and may change in the future.")
+  public static ApiClientHeaderProvider.Builder defaultApiClientHeaderProviderBuilder() {
+    return SystemPolicyV1StubSettings.defaultApiClientHeaderProviderBuilder();
+  }
+
+  /** Returns a new builder for this class. */
+  public static Builder newBuilder() {
+    return Builder.createDefault();
+  }
+
+  /** Returns a new builder for this class. */
+  public static Builder newBuilder(ClientContext clientContext) {
+    return new Builder(clientContext);
+  }
+
+  /** Returns a builder containing all the values of this settings class. */
+  public Builder toBuilder() {
+    return new Builder(this);
+  }
+
+  protected SystemPolicyV1Settings(Builder settingsBuilder) throws IOException {
+    super(settingsBuilder);
+  }
+
+  /** Builder for SystemPolicyV1Settings. */
+  public static class Builder extends ClientSettings.Builder<SystemPolicyV1Settings, Builder> {
+
+    protected Builder() throws IOException {
+      this(((ClientContext) null));
+    }
+
+    protected Builder(ClientContext clientContext) {
+      super(SystemPolicyV1StubSettings.newBuilder(clientContext));
+    }
+
+    protected Builder(SystemPolicyV1Settings settings) {
+      super(settings.getStubSettings().toBuilder());
+    }
+
+    protected Builder(SystemPolicyV1StubSettings.Builder stubSettings) {
+      super(stubSettings);
+    }
+
+    private static Builder createDefault() {
+      return new Builder(SystemPolicyV1StubSettings.newBuilder());
+    }
+
+    public SystemPolicyV1StubSettings.Builder getStubSettingsBuilder() {
+      return ((SystemPolicyV1StubSettings.Builder) getStubSettings());
+    }
+
+    /**
+     * Applies the given settings updater function to all of the unary API methods in this service.
+     *
+     * <p>Note: This method does not support applying settings to streaming methods.
+     */
+    public Builder applyToAllUnaryMethods(
+        ApiFunction<UnaryCallSettings.Builder<?, ?>, Void> settingsUpdater) {
+      super.applyToAllUnaryMethods(
+          getStubSettingsBuilder().unaryMethodSettingsBuilders(), settingsUpdater);
+      return this;
+    }
+
+    /** Returns the builder for the settings used for calls to getSystemPolicy. */
+    public UnaryCallSettings.Builder<Service.GetSystemPolicyRequest, Resources.Policy>
+        getSystemPolicySettings() {
+      return getStubSettingsBuilder().getSystemPolicySettings();
+    }
+
+    @Override
+    public SystemPolicyV1Settings build() throws IOException {
+      return new SystemPolicyV1Settings(this);
+    }
+  }
+}
diff --git a/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/ValidationHelperV1Client.java b/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/ValidationHelperV1Client.java
new file mode 100644
index 00000000..af4f0634
--- /dev/null
+++ b/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/ValidationHelperV1Client.java
@@ -0,0 +1,237 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.protos.google.cloud.binaryauthorization.v1;
+
+import com.google.api.core.BetaApi;
+import com.google.api.gax.core.BackgroundResource;
+import com.google.api.gax.rpc.UnaryCallable;
+import com.google.protos.google.cloud.binaryauthorization.v1.stub.ValidationHelperV1Stub;
+import com.google.protos.google.cloud.binaryauthorization.v1.stub.ValidationHelperV1StubSettings;
+import java.io.IOException;
+import java.util.concurrent.TimeUnit;
+import javax.annotation.Generated;
+
+// AUTO-GENERATED DOCUMENTATION AND CLASS.
+/**
+ * Service Description: BinAuthz Attestor verification
+ *
+ * <p>This class provides the ability to make remote calls to the backing service through method
+ * calls that map to API methods. Sample code to get started:
+ *
+ * <pre>{@code
+ * try (ValidationHelperV1Client validationHelperV1Client = ValidationHelperV1Client.create()) {
+ *   Service.ValidateAttestationOccurrenceRequest request =
+ *       Service.ValidateAttestationOccurrenceRequest.newBuilder()
+ *           .setAttestor("attestor542920680")
+ *           .setAttestation(AttestationOccurrence.newBuilder().build())
+ *           .setOccurrenceNote("occurrenceNote1722072419")
+ *           .setOccurrenceResourceUri("occurrenceResourceUri1001424877")
+ *           .build();
+ *   Service.ValidateAttestationOccurrenceResponse response =
+ *       validationHelperV1Client.validateAttestationOccurrence(request);
+ * }
+ * }</pre>
+ *
+ * <p>Note: close() needs to be called on the ValidationHelperV1Client object to clean up resources
+ * such as threads. In the example above, try-with-resources is used, which automatically calls
+ * close().
+ *
+ * <p>The surface of this class includes several types of Java methods for each of the API's
+ * methods:
+ *
+ * <ol>
+ *   <li>A "flattened" method. With this type of method, the fields of the request type have been
+ *       converted into function parameters. It may be the case that not all fields are available as
+ *       parameters, and not every API method will have a flattened method entry point.
+ *   <li>A "request object" method. This type of method only takes one parameter, a request object,
+ *       which must be constructed before the call. Not every API method will have a request object
+ *       method.
+ *   <li>A "callable" method. This type of method takes no parameters and returns an immutable API
+ *       callable object, which can be used to initiate calls to the service.
+ * </ol>
+ *
+ * <p>See the individual methods for example code.
+ *
+ * <p>Many parameters require resource names to be formatted in a particular way. To assist with
+ * these names, this class includes a format method for each type of name, and additionally a parse
+ * method to extract the individual identifiers contained within names that are returned.
+ *
+ * <p>This class can be customized by passing in a custom instance of ValidationHelperV1Settings to
+ * create(). For example:
+ *
+ * <p>To customize credentials:
+ *
+ * <pre>{@code
+ * ValidationHelperV1Settings validationHelperV1Settings =
+ *     ValidationHelperV1Settings.newBuilder()
+ *         .setCredentialsProvider(FixedCredentialsProvider.create(myCredentials))
+ *         .build();
+ * ValidationHelperV1Client validationHelperV1Client =
+ *     ValidationHelperV1Client.create(validationHelperV1Settings);
+ * }</pre>
+ *
+ * <p>To customize the endpoint:
+ *
+ * <pre>{@code
+ * ValidationHelperV1Settings validationHelperV1Settings =
+ *     ValidationHelperV1Settings.newBuilder().setEndpoint(myEndpoint).build();
+ * ValidationHelperV1Client validationHelperV1Client =
+ *     ValidationHelperV1Client.create(validationHelperV1Settings);
+ * }</pre>
+ *
+ * <p>Please refer to the GitHub repository's samples for more quickstart code snippets.
+ */
+@Generated("by gapic-generator-java")
+public class ValidationHelperV1Client implements BackgroundResource {
+  private final ValidationHelperV1Settings settings;
+  private final ValidationHelperV1Stub stub;
+
+  /** Constructs an instance of ValidationHelperV1Client with default settings. */
+  public static final ValidationHelperV1Client create() throws IOException {
+    return create(ValidationHelperV1Settings.newBuilder().build());
+  }
+
+  /**
+   * Constructs an instance of ValidationHelperV1Client, using the given settings. The channels are
+   * created based on the settings passed in, or defaults for any settings that are not set.
+   */
+  public static final ValidationHelperV1Client create(ValidationHelperV1Settings settings)
+      throws IOException {
+    return new ValidationHelperV1Client(settings);
+  }
+
+  /**
+   * Constructs an instance of ValidationHelperV1Client, using the given stub for making calls. This
+   * is for advanced usage - prefer using create(ValidationHelperV1Settings).
+   */
+  @BetaApi("A restructuring of stub classes is planned, so this may break in the future")
+  public static final ValidationHelperV1Client create(ValidationHelperV1Stub stub) {
+    return new ValidationHelperV1Client(stub);
+  }
+
+  /**
+   * Constructs an instance of ValidationHelperV1Client, using the given settings. This is protected
+   * so that it is easy to make a subclass, but otherwise, the static factory methods should be
+   * preferred.
+   */
+  protected ValidationHelperV1Client(ValidationHelperV1Settings settings) throws IOException {
+    this.settings = settings;
+    this.stub = ((ValidationHelperV1StubSettings) settings.getStubSettings()).createStub();
+  }
+
+  @BetaApi("A restructuring of stub classes is planned, so this may break in the future")
+  protected ValidationHelperV1Client(ValidationHelperV1Stub stub) {
+    this.settings = null;
+    this.stub = stub;
+  }
+
+  public final ValidationHelperV1Settings getSettings() {
+    return settings;
+  }
+
+  @BetaApi("A restructuring of stub classes is planned, so this may break in the future")
+  public ValidationHelperV1Stub getStub() {
+    return stub;
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Returns whether the given Attestation for the given image URI was signed by the given Attestor
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (ValidationHelperV1Client validationHelperV1Client = ValidationHelperV1Client.create()) {
+   *   Service.ValidateAttestationOccurrenceRequest request =
+   *       Service.ValidateAttestationOccurrenceRequest.newBuilder()
+   *           .setAttestor("attestor542920680")
+   *           .setAttestation(AttestationOccurrence.newBuilder().build())
+   *           .setOccurrenceNote("occurrenceNote1722072419")
+   *           .setOccurrenceResourceUri("occurrenceResourceUri1001424877")
+   *           .build();
+   *   Service.ValidateAttestationOccurrenceResponse response =
+   *       validationHelperV1Client.validateAttestationOccurrence(request);
+   * }
+   * }</pre>
+   *
+   * @param request The request object containing all of the parameters for the API call.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final Service.ValidateAttestationOccurrenceResponse validateAttestationOccurrence(
+      Service.ValidateAttestationOccurrenceRequest request) {
+    return validateAttestationOccurrenceCallable().call(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Returns whether the given Attestation for the given image URI was signed by the given Attestor
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (ValidationHelperV1Client validationHelperV1Client = ValidationHelperV1Client.create()) {
+   *   Service.ValidateAttestationOccurrenceRequest request =
+   *       Service.ValidateAttestationOccurrenceRequest.newBuilder()
+   *           .setAttestor("attestor542920680")
+   *           .setAttestation(AttestationOccurrence.newBuilder().build())
+   *           .setOccurrenceNote("occurrenceNote1722072419")
+   *           .setOccurrenceResourceUri("occurrenceResourceUri1001424877")
+   *           .build();
+   *   ApiFuture<Service.ValidateAttestationOccurrenceResponse> future =
+   *       validationHelperV1Client.validateAttestationOccurrenceCallable().futureCall(request);
+   *   // Do something.
+   *   Service.ValidateAttestationOccurrenceResponse response = future.get();
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<
+          Service.ValidateAttestationOccurrenceRequest,
+          Service.ValidateAttestationOccurrenceResponse>
+      validateAttestationOccurrenceCallable() {
+    return stub.validateAttestationOccurrenceCallable();
+  }
+
+  @Override
+  public final void close() {
+    stub.close();
+  }
+
+  @Override
+  public void shutdown() {
+    stub.shutdown();
+  }
+
+  @Override
+  public boolean isShutdown() {
+    return stub.isShutdown();
+  }
+
+  @Override
+  public boolean isTerminated() {
+    return stub.isTerminated();
+  }
+
+  @Override
+  public void shutdownNow() {
+    stub.shutdownNow();
+  }
+
+  @Override
+  public boolean awaitTermination(long duration, TimeUnit unit) throws InterruptedException {
+    return stub.awaitTermination(duration, unit);
+  }
+}
diff --git a/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/ValidationHelperV1Settings.java b/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/ValidationHelperV1Settings.java
new file mode 100644
index 00000000..b3adada0
--- /dev/null
+++ b/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/ValidationHelperV1Settings.java
@@ -0,0 +1,190 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.protos.google.cloud.binaryauthorization.v1;
+
+import com.google.api.core.ApiFunction;
+import com.google.api.core.BetaApi;
+import com.google.api.gax.core.GoogleCredentialsProvider;
+import com.google.api.gax.core.InstantiatingExecutorProvider;
+import com.google.api.gax.grpc.InstantiatingGrpcChannelProvider;
+import com.google.api.gax.rpc.ApiClientHeaderProvider;
+import com.google.api.gax.rpc.ClientContext;
+import com.google.api.gax.rpc.ClientSettings;
+import com.google.api.gax.rpc.TransportChannelProvider;
+import com.google.api.gax.rpc.UnaryCallSettings;
+import com.google.protos.google.cloud.binaryauthorization.v1.stub.ValidationHelperV1StubSettings;
+import java.io.IOException;
+import java.util.List;
+import javax.annotation.Generated;
+
+// AUTO-GENERATED DOCUMENTATION AND CLASS.
+/**
+ * Settings class to configure an instance of {@link ValidationHelperV1Client}.
+ *
+ * <p>The default instance has everything set to sensible defaults:
+ *
+ * <ul>
+ *   <li>The default service address (binaryauthorization.googleapis.com) and default port (443) are
+ *       used.
+ *   <li>Credentials are acquired automatically through Application Default Credentials.
+ *   <li>Retries are configured for idempotent methods but not for non-idempotent methods.
+ * </ul>
+ *
+ * <p>The builder of this class is recursive, so contained classes are themselves builders. When
+ * build() is called, the tree of builders is called to create the complete settings object.
+ *
+ * <p>For example, to set the total timeout of validateAttestationOccurrence to 30 seconds:
+ *
+ * <pre>{@code
+ * ValidationHelperV1Settings.Builder validationHelperV1SettingsBuilder =
+ *     ValidationHelperV1Settings.newBuilder();
+ * validationHelperV1SettingsBuilder
+ *     .validateAttestationOccurrenceSettings()
+ *     .setRetrySettings(
+ *         validationHelperV1SettingsBuilder
+ *             .validateAttestationOccurrenceSettings()
+ *             .getRetrySettings()
+ *             .toBuilder()
+ *             .setTotalTimeout(Duration.ofSeconds(30))
+ *             .build());
+ * ValidationHelperV1Settings validationHelperV1Settings =
+ *     validationHelperV1SettingsBuilder.build();
+ * }</pre>
+ */
+@Generated("by gapic-generator-java")
+public class ValidationHelperV1Settings extends ClientSettings<ValidationHelperV1Settings> {
+
+  /** Returns the object with the settings used for calls to validateAttestationOccurrence. */
+  public UnaryCallSettings<
+          Service.ValidateAttestationOccurrenceRequest,
+          Service.ValidateAttestationOccurrenceResponse>
+      validateAttestationOccurrenceSettings() {
+    return ((ValidationHelperV1StubSettings) getStubSettings())
+        .validateAttestationOccurrenceSettings();
+  }
+
+  public static final ValidationHelperV1Settings create(ValidationHelperV1StubSettings stub)
+      throws IOException {
+    return new ValidationHelperV1Settings.Builder(stub.toBuilder()).build();
+  }
+
+  /** Returns a builder for the default ExecutorProvider for this service. */
+  public static InstantiatingExecutorProvider.Builder defaultExecutorProviderBuilder() {
+    return ValidationHelperV1StubSettings.defaultExecutorProviderBuilder();
+  }
+
+  /** Returns the default service endpoint. */
+  public static String getDefaultEndpoint() {
+    return ValidationHelperV1StubSettings.getDefaultEndpoint();
+  }
+
+  /** Returns the default service scopes. */
+  public static List<String> getDefaultServiceScopes() {
+    return ValidationHelperV1StubSettings.getDefaultServiceScopes();
+  }
+
+  /** Returns a builder for the default credentials for this service. */
+  public static GoogleCredentialsProvider.Builder defaultCredentialsProviderBuilder() {
+    return ValidationHelperV1StubSettings.defaultCredentialsProviderBuilder();
+  }
+
+  /** Returns a builder for the default ChannelProvider for this service. */
+  public static InstantiatingGrpcChannelProvider.Builder defaultGrpcTransportProviderBuilder() {
+    return ValidationHelperV1StubSettings.defaultGrpcTransportProviderBuilder();
+  }
+
+  public static TransportChannelProvider defaultTransportChannelProvider() {
+    return ValidationHelperV1StubSettings.defaultTransportChannelProvider();
+  }
+
+  @BetaApi("The surface for customizing headers is not stable yet and may change in the future.")
+  public static ApiClientHeaderProvider.Builder defaultApiClientHeaderProviderBuilder() {
+    return ValidationHelperV1StubSettings.defaultApiClientHeaderProviderBuilder();
+  }
+
+  /** Returns a new builder for this class. */
+  public static Builder newBuilder() {
+    return Builder.createDefault();
+  }
+
+  /** Returns a new builder for this class. */
+  public static Builder newBuilder(ClientContext clientContext) {
+    return new Builder(clientContext);
+  }
+
+  /** Returns a builder containing all the values of this settings class. */
+  public Builder toBuilder() {
+    return new Builder(this);
+  }
+
+  protected ValidationHelperV1Settings(Builder settingsBuilder) throws IOException {
+    super(settingsBuilder);
+  }
+
+  /** Builder for ValidationHelperV1Settings. */
+  public static class Builder extends ClientSettings.Builder<ValidationHelperV1Settings, Builder> {
+
+    protected Builder() throws IOException {
+      this(((ClientContext) null));
+    }
+
+    protected Builder(ClientContext clientContext) {
+      super(ValidationHelperV1StubSettings.newBuilder(clientContext));
+    }
+
+    protected Builder(ValidationHelperV1Settings settings) {
+      super(settings.getStubSettings().toBuilder());
+    }
+
+    protected Builder(ValidationHelperV1StubSettings.Builder stubSettings) {
+      super(stubSettings);
+    }
+
+    private static Builder createDefault() {
+      return new Builder(ValidationHelperV1StubSettings.newBuilder());
+    }
+
+    public ValidationHelperV1StubSettings.Builder getStubSettingsBuilder() {
+      return ((ValidationHelperV1StubSettings.Builder) getStubSettings());
+    }
+
+    /**
+     * Applies the given settings updater function to all of the unary API methods in this service.
+     *
+     * <p>Note: This method does not support applying settings to streaming methods.
+     */
+    public Builder applyToAllUnaryMethods(
+        ApiFunction<UnaryCallSettings.Builder<?, ?>, Void> settingsUpdater) {
+      super.applyToAllUnaryMethods(
+          getStubSettingsBuilder().unaryMethodSettingsBuilders(), settingsUpdater);
+      return this;
+    }
+
+    /** Returns the builder for the settings used for calls to validateAttestationOccurrence. */
+    public UnaryCallSettings.Builder<
+            Service.ValidateAttestationOccurrenceRequest,
+            Service.ValidateAttestationOccurrenceResponse>
+        validateAttestationOccurrenceSettings() {
+      return getStubSettingsBuilder().validateAttestationOccurrenceSettings();
+    }
+
+    @Override
+    public ValidationHelperV1Settings build() throws IOException {
+      return new ValidationHelperV1Settings(this);
+    }
+  }
+}
diff --git a/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/gapic_metadata.json b/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/gapic_metadata.json
new file mode 100644
index 00000000..e5c1b6f2
--- /dev/null
+++ b/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/gapic_metadata.json
@@ -0,0 +1,63 @@
+{
+  "schema": "1.0",
+  "comment": "This file maps proto services/RPCs to the corresponding library clients/methods",
+  "language": "java",
+  "protoPackage": "google.cloud.binaryauthorization.v1",
+  "libraryPackage": "com.google.protos.google.cloud.binaryauthorization.v1",
+  "services": {
+    "BinauthzManagementServiceV1": {
+      "clients": {
+        "grpc": {
+          "libraryClient": "BinauthzManagementServiceV1Client",
+          "rpcs": {
+            "CreateAttestor": {
+              "methods": ["createAttestor", "createAttestor", "createAttestor", "createAttestorCallable"]
+            },
+            "DeleteAttestor": {
+              "methods": ["deleteAttestor", "deleteAttestor", "deleteAttestor", "deleteAttestorCallable"]
+            },
+            "GetAttestor": {
+              "methods": ["getAttestor", "getAttestor", "getAttestor", "getAttestorCallable"]
+            },
+            "GetPolicy": {
+              "methods": ["getPolicy", "getPolicy", "getPolicy", "getPolicyCallable"]
+            },
+            "ListAttestors": {
+              "methods": ["listAttestors", "listAttestors", "listAttestors", "listAttestorsPagedCallable", "listAttestorsCallable"]
+            },
+            "UpdateAttestor": {
+              "methods": ["updateAttestor", "updateAttestor", "updateAttestorCallable"]
+            },
+            "UpdatePolicy": {
+              "methods": ["updatePolicy", "updatePolicy", "updatePolicyCallable"]
+            }
+          }
+        }
+      }
+    },
+    "SystemPolicyV1": {
+      "clients": {
+        "grpc": {
+          "libraryClient": "SystemPolicyV1Client",
+          "rpcs": {
+            "GetSystemPolicy": {
+              "methods": ["getSystemPolicy", "getSystemPolicy", "getSystemPolicy", "getSystemPolicyCallable"]
+            }
+          }
+        }
+      }
+    },
+    "ValidationHelperV1": {
+      "clients": {
+        "grpc": {
+          "libraryClient": "ValidationHelperV1Client",
+          "rpcs": {
+            "ValidateAttestationOccurrence": {
+              "methods": ["validateAttestationOccurrence", "validateAttestationOccurrenceCallable"]
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/package-info.java b/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/package-info.java
new file mode 100644
index 00000000..3c020298
--- /dev/null
+++ b/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/package-info.java
@@ -0,0 +1,80 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * A client to Binary Authorization API
+ *
+ * <p>The interfaces provided are listed below, along with usage samples.
+ *
+ * <p>======================= BinauthzManagementServiceV1Client =======================
+ *
+ * <p>Service Description: Google Cloud Management Service for Binary Authorization admission
+ * policies and attestation authorities.
+ *
+ * <p>This API implements a REST model with the following objects:
+ *
+ * <ul>
+ *   <li>[Policy][google.cloud.binaryauthorization.v1.Policy]
+ *   <li>[Attestor][google.cloud.binaryauthorization.v1.Attestor]
+ * </ul>
+ *
+ * <p>Sample for BinauthzManagementServiceV1Client:
+ *
+ * <pre>{@code
+ * try (BinauthzManagementServiceV1Client binauthzManagementServiceV1Client =
+ *     BinauthzManagementServiceV1Client.create()) {
+ *   PolicyName name = PolicyName.ofProjectName("[PROJECT]");
+ *   Resources.Policy response = binauthzManagementServiceV1Client.getPolicy(name);
+ * }
+ * }</pre>
+ *
+ * <p>======================= SystemPolicyV1Client =======================
+ *
+ * <p>Service Description: API for working with the system policy.
+ *
+ * <p>Sample for SystemPolicyV1Client:
+ *
+ * <pre>{@code
+ * try (SystemPolicyV1Client systemPolicyV1Client = SystemPolicyV1Client.create()) {
+ *   PolicyName name = PolicyName.ofProjectName("[PROJECT]");
+ *   Resources.Policy response = systemPolicyV1Client.getSystemPolicy(name);
+ * }
+ * }</pre>
+ *
+ * <p>======================= ValidationHelperV1Client =======================
+ *
+ * <p>Service Description: BinAuthz Attestor verification
+ *
+ * <p>Sample for ValidationHelperV1Client:
+ *
+ * <pre>{@code
+ * try (ValidationHelperV1Client validationHelperV1Client = ValidationHelperV1Client.create()) {
+ *   Service.ValidateAttestationOccurrenceRequest request =
+ *       Service.ValidateAttestationOccurrenceRequest.newBuilder()
+ *           .setAttestor("attestor542920680")
+ *           .setAttestation(AttestationOccurrence.newBuilder().build())
+ *           .setOccurrenceNote("occurrenceNote1722072419")
+ *           .setOccurrenceResourceUri("occurrenceResourceUri1001424877")
+ *           .build();
+ *   Service.ValidateAttestationOccurrenceResponse response =
+ *       validationHelperV1Client.validateAttestationOccurrence(request);
+ * }
+ * }</pre>
+ */
+@Generated("by gapic-generator-java")
+package com.google.protos.google.cloud.binaryauthorization.v1;
+
+import javax.annotation.Generated;
diff --git a/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/stub/BinauthzManagementServiceV1Stub.java b/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/stub/BinauthzManagementServiceV1Stub.java
new file mode 100644
index 00000000..a5f29095
--- /dev/null
+++ b/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/stub/BinauthzManagementServiceV1Stub.java
@@ -0,0 +1,73 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.protos.google.cloud.binaryauthorization.v1.stub;
+
+import static com.google.protos.google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1Client.ListAttestorsPagedResponse;
+
+import com.google.api.gax.core.BackgroundResource;
+import com.google.api.gax.rpc.UnaryCallable;
+import com.google.protobuf.Empty;
+import com.google.protos.google.cloud.binaryauthorization.v1.Resources;
+import com.google.protos.google.cloud.binaryauthorization.v1.Service;
+import javax.annotation.Generated;
+
+// AUTO-GENERATED DOCUMENTATION AND CLASS.
+/**
+ * Base stub class for the BinauthzManagementServiceV1 service API.
+ *
+ * <p>This class is for advanced usage and reflects the underlying API directly.
+ */
+@Generated("by gapic-generator-java")
+public abstract class BinauthzManagementServiceV1Stub implements BackgroundResource {
+
+  public UnaryCallable<Service.GetPolicyRequest, Resources.Policy> getPolicyCallable() {
+    throw new UnsupportedOperationException("Not implemented: getPolicyCallable()");
+  }
+
+  public UnaryCallable<Service.UpdatePolicyRequest, Resources.Policy> updatePolicyCallable() {
+    throw new UnsupportedOperationException("Not implemented: updatePolicyCallable()");
+  }
+
+  public UnaryCallable<Service.CreateAttestorRequest, Resources.Attestor> createAttestorCallable() {
+    throw new UnsupportedOperationException("Not implemented: createAttestorCallable()");
+  }
+
+  public UnaryCallable<Service.GetAttestorRequest, Resources.Attestor> getAttestorCallable() {
+    throw new UnsupportedOperationException("Not implemented: getAttestorCallable()");
+  }
+
+  public UnaryCallable<Service.UpdateAttestorRequest, Resources.Attestor> updateAttestorCallable() {
+    throw new UnsupportedOperationException("Not implemented: updateAttestorCallable()");
+  }
+
+  public UnaryCallable<Service.ListAttestorsRequest, ListAttestorsPagedResponse>
+      listAttestorsPagedCallable() {
+    throw new UnsupportedOperationException("Not implemented: listAttestorsPagedCallable()");
+  }
+
+  public UnaryCallable<Service.ListAttestorsRequest, Service.ListAttestorsResponse>
+      listAttestorsCallable() {
+    throw new UnsupportedOperationException("Not implemented: listAttestorsCallable()");
+  }
+
+  public UnaryCallable<Service.DeleteAttestorRequest, Empty> deleteAttestorCallable() {
+    throw new UnsupportedOperationException("Not implemented: deleteAttestorCallable()");
+  }
+
+  @Override
+  public abstract void close();
+}
diff --git a/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/stub/BinauthzManagementServiceV1StubSettings.java b/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/stub/BinauthzManagementServiceV1StubSettings.java
new file mode 100644
index 00000000..e939c961
--- /dev/null
+++ b/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/stub/BinauthzManagementServiceV1StubSettings.java
@@ -0,0 +1,524 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.protos.google.cloud.binaryauthorization.v1.stub;
+
+import static com.google.protos.google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1Client.ListAttestorsPagedResponse;
+
+import com.google.api.core.ApiFunction;
+import com.google.api.core.ApiFuture;
+import com.google.api.core.BetaApi;
+import com.google.api.gax.core.GaxProperties;
+import com.google.api.gax.core.GoogleCredentialsProvider;
+import com.google.api.gax.core.InstantiatingExecutorProvider;
+import com.google.api.gax.grpc.GaxGrpcProperties;
+import com.google.api.gax.grpc.GrpcTransportChannel;
+import com.google.api.gax.grpc.InstantiatingGrpcChannelProvider;
+import com.google.api.gax.retrying.RetrySettings;
+import com.google.api.gax.rpc.ApiCallContext;
+import com.google.api.gax.rpc.ApiClientHeaderProvider;
+import com.google.api.gax.rpc.ClientContext;
+import com.google.api.gax.rpc.PageContext;
+import com.google.api.gax.rpc.PagedCallSettings;
+import com.google.api.gax.rpc.PagedListDescriptor;
+import com.google.api.gax.rpc.PagedListResponseFactory;
+import com.google.api.gax.rpc.StatusCode;
+import com.google.api.gax.rpc.StubSettings;
+import com.google.api.gax.rpc.TransportChannelProvider;
+import com.google.api.gax.rpc.UnaryCallSettings;
+import com.google.api.gax.rpc.UnaryCallable;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSet;
+import com.google.common.collect.Lists;
+import com.google.protobuf.Empty;
+import com.google.protos.google.cloud.binaryauthorization.v1.Resources;
+import com.google.protos.google.cloud.binaryauthorization.v1.Service;
+import java.io.IOException;
+import java.util.List;
+import javax.annotation.Generated;
+import org.threeten.bp.Duration;
+
+// AUTO-GENERATED DOCUMENTATION AND CLASS.
+/**
+ * Settings class to configure an instance of {@link BinauthzManagementServiceV1Stub}.
+ *
+ * <p>The default instance has everything set to sensible defaults:
+ *
+ * <ul>
+ *   <li>The default service address (binaryauthorization.googleapis.com) and default port (443) are
+ *       used.
+ *   <li>Credentials are acquired automatically through Application Default Credentials.
+ *   <li>Retries are configured for idempotent methods but not for non-idempotent methods.
+ * </ul>
+ *
+ * <p>The builder of this class is recursive, so contained classes are themselves builders. When
+ * build() is called, the tree of builders is called to create the complete settings object.
+ *
+ * <p>For example, to set the total timeout of getPolicy to 30 seconds:
+ *
+ * <pre>{@code
+ * BinauthzManagementServiceV1StubSettings.Builder binauthzManagementServiceV1SettingsBuilder =
+ *     BinauthzManagementServiceV1StubSettings.newBuilder();
+ * binauthzManagementServiceV1SettingsBuilder
+ *     .getPolicySettings()
+ *     .setRetrySettings(
+ *         binauthzManagementServiceV1SettingsBuilder
+ *             .getPolicySettings()
+ *             .getRetrySettings()
+ *             .toBuilder()
+ *             .setTotalTimeout(Duration.ofSeconds(30))
+ *             .build());
+ * BinauthzManagementServiceV1StubSettings binauthzManagementServiceV1Settings =
+ *     binauthzManagementServiceV1SettingsBuilder.build();
+ * }</pre>
+ */
+@Generated("by gapic-generator-java")
+public class BinauthzManagementServiceV1StubSettings
+    extends StubSettings<BinauthzManagementServiceV1StubSettings> {
+  /** The default scopes of the service. */
+  private static final ImmutableList<String> DEFAULT_SERVICE_SCOPES =
+      ImmutableList.<String>builder().add("https://www.googleapis.com/auth/cloud-platform").build();
+
+  private final UnaryCallSettings<Service.GetPolicyRequest, Resources.Policy> getPolicySettings;
+  private final UnaryCallSettings<Service.UpdatePolicyRequest, Resources.Policy>
+      updatePolicySettings;
+  private final UnaryCallSettings<Service.CreateAttestorRequest, Resources.Attestor>
+      createAttestorSettings;
+  private final UnaryCallSettings<Service.GetAttestorRequest, Resources.Attestor>
+      getAttestorSettings;
+  private final UnaryCallSettings<Service.UpdateAttestorRequest, Resources.Attestor>
+      updateAttestorSettings;
+  private final PagedCallSettings<
+          Service.ListAttestorsRequest, Service.ListAttestorsResponse, ListAttestorsPagedResponse>
+      listAttestorsSettings;
+  private final UnaryCallSettings<Service.DeleteAttestorRequest, Empty> deleteAttestorSettings;
+
+  private static final PagedListDescriptor<
+          Service.ListAttestorsRequest, Service.ListAttestorsResponse, Resources.Attestor>
+      LIST_ATTESTORS_PAGE_STR_DESC =
+          new PagedListDescriptor<
+              Service.ListAttestorsRequest, Service.ListAttestorsResponse, Resources.Attestor>() {
+            @Override
+            public String emptyToken() {
+              return "";
+            }
+
+            @Override
+            public Service.ListAttestorsRequest injectToken(
+                Service.ListAttestorsRequest payload, String token) {
+              return Service.ListAttestorsRequest.newBuilder(payload).setPageToken(token).build();
+            }
+
+            @Override
+            public Service.ListAttestorsRequest injectPageSize(
+                Service.ListAttestorsRequest payload, int pageSize) {
+              return Service.ListAttestorsRequest.newBuilder(payload).setPageSize(pageSize).build();
+            }
+
+            @Override
+            public Integer extractPageSize(Service.ListAttestorsRequest payload) {
+              return payload.getPageSize();
+            }
+
+            @Override
+            public String extractNextToken(Service.ListAttestorsResponse payload) {
+              return payload.getNextPageToken();
+            }
+
+            @Override
+            public Iterable<Resources.Attestor> extractResources(
+                Service.ListAttestorsResponse payload) {
+              return payload.getAttestorsList() == null
+                  ? ImmutableList.<Resources.Attestor>of()
+                  : payload.getAttestorsList();
+            }
+          };
+
+  private static final PagedListResponseFactory<
+          Service.ListAttestorsRequest, Service.ListAttestorsResponse, ListAttestorsPagedResponse>
+      LIST_ATTESTORS_PAGE_STR_FACT =
+          new PagedListResponseFactory<
+              Service.ListAttestorsRequest,
+              Service.ListAttestorsResponse,
+              ListAttestorsPagedResponse>() {
+            @Override
+            public ApiFuture<ListAttestorsPagedResponse> getFuturePagedResponse(
+                UnaryCallable<Service.ListAttestorsRequest, Service.ListAttestorsResponse> callable,
+                Service.ListAttestorsRequest request,
+                ApiCallContext context,
+                ApiFuture<Service.ListAttestorsResponse> futureResponse) {
+              PageContext<
+                      Service.ListAttestorsRequest,
+                      Service.ListAttestorsResponse,
+                      Resources.Attestor>
+                  pageContext =
+                      PageContext.create(callable, LIST_ATTESTORS_PAGE_STR_DESC, request, context);
+              return ListAttestorsPagedResponse.createAsync(pageContext, futureResponse);
+            }
+          };
+
+  /** Returns the object with the settings used for calls to getPolicy. */
+  public UnaryCallSettings<Service.GetPolicyRequest, Resources.Policy> getPolicySettings() {
+    return getPolicySettings;
+  }
+
+  /** Returns the object with the settings used for calls to updatePolicy. */
+  public UnaryCallSettings<Service.UpdatePolicyRequest, Resources.Policy> updatePolicySettings() {
+    return updatePolicySettings;
+  }
+
+  /** Returns the object with the settings used for calls to createAttestor. */
+  public UnaryCallSettings<Service.CreateAttestorRequest, Resources.Attestor>
+      createAttestorSettings() {
+    return createAttestorSettings;
+  }
+
+  /** Returns the object with the settings used for calls to getAttestor. */
+  public UnaryCallSettings<Service.GetAttestorRequest, Resources.Attestor> getAttestorSettings() {
+    return getAttestorSettings;
+  }
+
+  /** Returns the object with the settings used for calls to updateAttestor. */
+  public UnaryCallSettings<Service.UpdateAttestorRequest, Resources.Attestor>
+      updateAttestorSettings() {
+    return updateAttestorSettings;
+  }
+
+  /** Returns the object with the settings used for calls to listAttestors. */
+  public PagedCallSettings<
+          Service.ListAttestorsRequest, Service.ListAttestorsResponse, ListAttestorsPagedResponse>
+      listAttestorsSettings() {
+    return listAttestorsSettings;
+  }
+
+  /** Returns the object with the settings used for calls to deleteAttestor. */
+  public UnaryCallSettings<Service.DeleteAttestorRequest, Empty> deleteAttestorSettings() {
+    return deleteAttestorSettings;
+  }
+
+  @BetaApi("A restructuring of stub classes is planned, so this may break in the future")
+  public BinauthzManagementServiceV1Stub createStub() throws IOException {
+    if (getTransportChannelProvider()
+        .getTransportName()
+        .equals(GrpcTransportChannel.getGrpcTransportName())) {
+      return GrpcBinauthzManagementServiceV1Stub.create(this);
+    }
+    throw new UnsupportedOperationException(
+        String.format(
+            "Transport not supported: %s", getTransportChannelProvider().getTransportName()));
+  }
+
+  /** Returns a builder for the default ExecutorProvider for this service. */
+  public static InstantiatingExecutorProvider.Builder defaultExecutorProviderBuilder() {
+    return InstantiatingExecutorProvider.newBuilder();
+  }
+
+  /** Returns the default service endpoint. */
+  public static String getDefaultEndpoint() {
+    return "binaryauthorization.googleapis.com:443";
+  }
+
+  /** Returns the default mTLS service endpoint. */
+  public static String getDefaultMtlsEndpoint() {
+    return "binaryauthorization.mtls.googleapis.com:443";
+  }
+
+  /** Returns the default service scopes. */
+  public static List<String> getDefaultServiceScopes() {
+    return DEFAULT_SERVICE_SCOPES;
+  }
+
+  /** Returns a builder for the default credentials for this service. */
+  public static GoogleCredentialsProvider.Builder defaultCredentialsProviderBuilder() {
+    return GoogleCredentialsProvider.newBuilder()
+        .setScopesToApply(DEFAULT_SERVICE_SCOPES)
+        .setUseJwtAccessWithScope(true);
+  }
+
+  /** Returns a builder for the default ChannelProvider for this service. */
+  public static InstantiatingGrpcChannelProvider.Builder defaultGrpcTransportProviderBuilder() {
+    return InstantiatingGrpcChannelProvider.newBuilder()
+        .setMaxInboundMessageSize(Integer.MAX_VALUE);
+  }
+
+  public static TransportChannelProvider defaultTransportChannelProvider() {
+    return defaultGrpcTransportProviderBuilder().build();
+  }
+
+  @BetaApi("The surface for customizing headers is not stable yet and may change in the future.")
+  public static ApiClientHeaderProvider.Builder defaultApiClientHeaderProviderBuilder() {
+    return ApiClientHeaderProvider.newBuilder()
+        .setGeneratedLibToken(
+            "gapic", GaxProperties.getLibraryVersion(BinauthzManagementServiceV1StubSettings.class))
+        .setTransportToken(
+            GaxGrpcProperties.getGrpcTokenName(), GaxGrpcProperties.getGrpcVersion());
+  }
+
+  /** Returns a new builder for this class. */
+  public static Builder newBuilder() {
+    return Builder.createDefault();
+  }
+
+  /** Returns a new builder for this class. */
+  public static Builder newBuilder(ClientContext clientContext) {
+    return new Builder(clientContext);
+  }
+
+  /** Returns a builder containing all the values of this settings class. */
+  public Builder toBuilder() {
+    return new Builder(this);
+  }
+
+  protected BinauthzManagementServiceV1StubSettings(Builder settingsBuilder) throws IOException {
+    super(settingsBuilder);
+
+    getPolicySettings = settingsBuilder.getPolicySettings().build();
+    updatePolicySettings = settingsBuilder.updatePolicySettings().build();
+    createAttestorSettings = settingsBuilder.createAttestorSettings().build();
+    getAttestorSettings = settingsBuilder.getAttestorSettings().build();
+    updateAttestorSettings = settingsBuilder.updateAttestorSettings().build();
+    listAttestorsSettings = settingsBuilder.listAttestorsSettings().build();
+    deleteAttestorSettings = settingsBuilder.deleteAttestorSettings().build();
+  }
+
+  /** Builder for BinauthzManagementServiceV1StubSettings. */
+  public static class Builder
+      extends StubSettings.Builder<BinauthzManagementServiceV1StubSettings, Builder> {
+    private final ImmutableList<UnaryCallSettings.Builder<?, ?>> unaryMethodSettingsBuilders;
+    private final UnaryCallSettings.Builder<Service.GetPolicyRequest, Resources.Policy>
+        getPolicySettings;
+    private final UnaryCallSettings.Builder<Service.UpdatePolicyRequest, Resources.Policy>
+        updatePolicySettings;
+    private final UnaryCallSettings.Builder<Service.CreateAttestorRequest, Resources.Attestor>
+        createAttestorSettings;
+    private final UnaryCallSettings.Builder<Service.GetAttestorRequest, Resources.Attestor>
+        getAttestorSettings;
+    private final UnaryCallSettings.Builder<Service.UpdateAttestorRequest, Resources.Attestor>
+        updateAttestorSettings;
+    private final PagedCallSettings.Builder<
+            Service.ListAttestorsRequest, Service.ListAttestorsResponse, ListAttestorsPagedResponse>
+        listAttestorsSettings;
+    private final UnaryCallSettings.Builder<Service.DeleteAttestorRequest, Empty>
+        deleteAttestorSettings;
+    private static final ImmutableMap<String, ImmutableSet<StatusCode.Code>>
+        RETRYABLE_CODE_DEFINITIONS;
+
+    static {
+      ImmutableMap.Builder<String, ImmutableSet<StatusCode.Code>> definitions =
+          ImmutableMap.builder();
+      definitions.put(
+          "retry_policy_0_codes",
+          ImmutableSet.copyOf(
+              Lists.<StatusCode.Code>newArrayList(
+                  StatusCode.Code.DEADLINE_EXCEEDED, StatusCode.Code.UNAVAILABLE)));
+      definitions.put(
+          "no_retry_1_codes", ImmutableSet.copyOf(Lists.<StatusCode.Code>newArrayList()));
+      RETRYABLE_CODE_DEFINITIONS = definitions.build();
+    }
+
+    private static final ImmutableMap<String, RetrySettings> RETRY_PARAM_DEFINITIONS;
+
+    static {
+      ImmutableMap.Builder<String, RetrySettings> definitions = ImmutableMap.builder();
+      RetrySettings settings = null;
+      settings =
+          RetrySettings.newBuilder()
+              .setInitialRetryDelay(Duration.ofMillis(100L))
+              .setRetryDelayMultiplier(1.3)
+              .setMaxRetryDelay(Duration.ofMillis(60000L))
+              .setInitialRpcTimeout(Duration.ofMillis(600000L))
+              .setRpcTimeoutMultiplier(1.0)
+              .setMaxRpcTimeout(Duration.ofMillis(600000L))
+              .setTotalTimeout(Duration.ofMillis(600000L))
+              .build();
+      definitions.put("retry_policy_0_params", settings);
+      settings =
+          RetrySettings.newBuilder()
+              .setInitialRpcTimeout(Duration.ofMillis(600000L))
+              .setRpcTimeoutMultiplier(1.0)
+              .setMaxRpcTimeout(Duration.ofMillis(600000L))
+              .setTotalTimeout(Duration.ofMillis(600000L))
+              .build();
+      definitions.put("no_retry_1_params", settings);
+      RETRY_PARAM_DEFINITIONS = definitions.build();
+    }
+
+    protected Builder() {
+      this(((ClientContext) null));
+    }
+
+    protected Builder(ClientContext clientContext) {
+      super(clientContext);
+
+      getPolicySettings = UnaryCallSettings.newUnaryCallSettingsBuilder();
+      updatePolicySettings = UnaryCallSettings.newUnaryCallSettingsBuilder();
+      createAttestorSettings = UnaryCallSettings.newUnaryCallSettingsBuilder();
+      getAttestorSettings = UnaryCallSettings.newUnaryCallSettingsBuilder();
+      updateAttestorSettings = UnaryCallSettings.newUnaryCallSettingsBuilder();
+      listAttestorsSettings = PagedCallSettings.newBuilder(LIST_ATTESTORS_PAGE_STR_FACT);
+      deleteAttestorSettings = UnaryCallSettings.newUnaryCallSettingsBuilder();
+
+      unaryMethodSettingsBuilders =
+          ImmutableList.<UnaryCallSettings.Builder<?, ?>>of(
+              getPolicySettings,
+              updatePolicySettings,
+              createAttestorSettings,
+              getAttestorSettings,
+              updateAttestorSettings,
+              listAttestorsSettings,
+              deleteAttestorSettings);
+      initDefaults(this);
+    }
+
+    protected Builder(BinauthzManagementServiceV1StubSettings settings) {
+      super(settings);
+
+      getPolicySettings = settings.getPolicySettings.toBuilder();
+      updatePolicySettings = settings.updatePolicySettings.toBuilder();
+      createAttestorSettings = settings.createAttestorSettings.toBuilder();
+      getAttestorSettings = settings.getAttestorSettings.toBuilder();
+      updateAttestorSettings = settings.updateAttestorSettings.toBuilder();
+      listAttestorsSettings = settings.listAttestorsSettings.toBuilder();
+      deleteAttestorSettings = settings.deleteAttestorSettings.toBuilder();
+
+      unaryMethodSettingsBuilders =
+          ImmutableList.<UnaryCallSettings.Builder<?, ?>>of(
+              getPolicySettings,
+              updatePolicySettings,
+              createAttestorSettings,
+              getAttestorSettings,
+              updateAttestorSettings,
+              listAttestorsSettings,
+              deleteAttestorSettings);
+    }
+
+    private static Builder createDefault() {
+      Builder builder = new Builder(((ClientContext) null));
+
+      builder.setTransportChannelProvider(defaultTransportChannelProvider());
+      builder.setCredentialsProvider(defaultCredentialsProviderBuilder().build());
+      builder.setInternalHeaderProvider(defaultApiClientHeaderProviderBuilder().build());
+      builder.setEndpoint(getDefaultEndpoint());
+      builder.setMtlsEndpoint(getDefaultMtlsEndpoint());
+      builder.setSwitchToMtlsEndpointAllowed(true);
+
+      return initDefaults(builder);
+    }
+
+    private static Builder initDefaults(Builder builder) {
+      builder
+          .getPolicySettings()
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"));
+
+      builder
+          .updatePolicySettings()
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"));
+
+      builder
+          .createAttestorSettings()
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("no_retry_1_codes"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("no_retry_1_params"));
+
+      builder
+          .getAttestorSettings()
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"));
+
+      builder
+          .updateAttestorSettings()
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"));
+
+      builder
+          .listAttestorsSettings()
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"));
+
+      builder
+          .deleteAttestorSettings()
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"));
+
+      return builder;
+    }
+
+    /**
+     * Applies the given settings updater function to all of the unary API methods in this service.
+     *
+     * <p>Note: This method does not support applying settings to streaming methods.
+     */
+    public Builder applyToAllUnaryMethods(
+        ApiFunction<UnaryCallSettings.Builder<?, ?>, Void> settingsUpdater) {
+      super.applyToAllUnaryMethods(unaryMethodSettingsBuilders, settingsUpdater);
+      return this;
+    }
+
+    public ImmutableList<UnaryCallSettings.Builder<?, ?>> unaryMethodSettingsBuilders() {
+      return unaryMethodSettingsBuilders;
+    }
+
+    /** Returns the builder for the settings used for calls to getPolicy. */
+    public UnaryCallSettings.Builder<Service.GetPolicyRequest, Resources.Policy>
+        getPolicySettings() {
+      return getPolicySettings;
+    }
+
+    /** Returns the builder for the settings used for calls to updatePolicy. */
+    public UnaryCallSettings.Builder<Service.UpdatePolicyRequest, Resources.Policy>
+        updatePolicySettings() {
+      return updatePolicySettings;
+    }
+
+    /** Returns the builder for the settings used for calls to createAttestor. */
+    public UnaryCallSettings.Builder<Service.CreateAttestorRequest, Resources.Attestor>
+        createAttestorSettings() {
+      return createAttestorSettings;
+    }
+
+    /** Returns the builder for the settings used for calls to getAttestor. */
+    public UnaryCallSettings.Builder<Service.GetAttestorRequest, Resources.Attestor>
+        getAttestorSettings() {
+      return getAttestorSettings;
+    }
+
+    /** Returns the builder for the settings used for calls to updateAttestor. */
+    public UnaryCallSettings.Builder<Service.UpdateAttestorRequest, Resources.Attestor>
+        updateAttestorSettings() {
+      return updateAttestorSettings;
+    }
+
+    /** Returns the builder for the settings used for calls to listAttestors. */
+    public PagedCallSettings.Builder<
+            Service.ListAttestorsRequest, Service.ListAttestorsResponse, ListAttestorsPagedResponse>
+        listAttestorsSettings() {
+      return listAttestorsSettings;
+    }
+
+    /** Returns the builder for the settings used for calls to deleteAttestor. */
+    public UnaryCallSettings.Builder<Service.DeleteAttestorRequest, Empty>
+        deleteAttestorSettings() {
+      return deleteAttestorSettings;
+    }
+
+    @Override
+    public BinauthzManagementServiceV1StubSettings build() throws IOException {
+      return new BinauthzManagementServiceV1StubSettings(this);
+    }
+  }
+}
diff --git a/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/stub/GrpcBinauthzManagementServiceV1CallableFactory.java b/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/stub/GrpcBinauthzManagementServiceV1CallableFactory.java
new file mode 100644
index 00000000..5fc1fef3
--- /dev/null
+++ b/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/stub/GrpcBinauthzManagementServiceV1CallableFactory.java
@@ -0,0 +1,113 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.protos.google.cloud.binaryauthorization.v1.stub;
+
+import com.google.api.gax.grpc.GrpcCallSettings;
+import com.google.api.gax.grpc.GrpcCallableFactory;
+import com.google.api.gax.grpc.GrpcStubCallableFactory;
+import com.google.api.gax.rpc.BatchingCallSettings;
+import com.google.api.gax.rpc.BidiStreamingCallable;
+import com.google.api.gax.rpc.ClientContext;
+import com.google.api.gax.rpc.ClientStreamingCallable;
+import com.google.api.gax.rpc.OperationCallSettings;
+import com.google.api.gax.rpc.OperationCallable;
+import com.google.api.gax.rpc.PagedCallSettings;
+import com.google.api.gax.rpc.ServerStreamingCallSettings;
+import com.google.api.gax.rpc.ServerStreamingCallable;
+import com.google.api.gax.rpc.StreamingCallSettings;
+import com.google.api.gax.rpc.UnaryCallSettings;
+import com.google.api.gax.rpc.UnaryCallable;
+import com.google.longrunning.Operation;
+import com.google.longrunning.stub.OperationsStub;
+import javax.annotation.Generated;
+
+// AUTO-GENERATED DOCUMENTATION AND CLASS.
+/**
+ * gRPC callable factory implementation for the BinauthzManagementServiceV1 service API.
+ *
+ * <p>This class is for advanced usage.
+ */
+@Generated("by gapic-generator-java")
+public class GrpcBinauthzManagementServiceV1CallableFactory implements GrpcStubCallableFactory {
+
+  @Override
+  public <RequestT, ResponseT> UnaryCallable<RequestT, ResponseT> createUnaryCallable(
+      GrpcCallSettings<RequestT, ResponseT> grpcCallSettings,
+      UnaryCallSettings<RequestT, ResponseT> callSettings,
+      ClientContext clientContext) {
+    return GrpcCallableFactory.createUnaryCallable(grpcCallSettings, callSettings, clientContext);
+  }
+
+  @Override
+  public <RequestT, ResponseT, PagedListResponseT>
+      UnaryCallable<RequestT, PagedListResponseT> createPagedCallable(
+          GrpcCallSettings<RequestT, ResponseT> grpcCallSettings,
+          PagedCallSettings<RequestT, ResponseT, PagedListResponseT> callSettings,
+          ClientContext clientContext) {
+    return GrpcCallableFactory.createPagedCallable(grpcCallSettings, callSettings, clientContext);
+  }
+
+  @Override
+  public <RequestT, ResponseT> UnaryCallable<RequestT, ResponseT> createBatchingCallable(
+      GrpcCallSettings<RequestT, ResponseT> grpcCallSettings,
+      BatchingCallSettings<RequestT, ResponseT> callSettings,
+      ClientContext clientContext) {
+    return GrpcCallableFactory.createBatchingCallable(
+        grpcCallSettings, callSettings, clientContext);
+  }
+
+  @Override
+  public <RequestT, ResponseT, MetadataT>
+      OperationCallable<RequestT, ResponseT, MetadataT> createOperationCallable(
+          GrpcCallSettings<RequestT, Operation> grpcCallSettings,
+          OperationCallSettings<RequestT, ResponseT, MetadataT> callSettings,
+          ClientContext clientContext,
+          OperationsStub operationsStub) {
+    return GrpcCallableFactory.createOperationCallable(
+        grpcCallSettings, callSettings, clientContext, operationsStub);
+  }
+
+  @Override
+  public <RequestT, ResponseT>
+      BidiStreamingCallable<RequestT, ResponseT> createBidiStreamingCallable(
+          GrpcCallSettings<RequestT, ResponseT> grpcCallSettings,
+          StreamingCallSettings<RequestT, ResponseT> callSettings,
+          ClientContext clientContext) {
+    return GrpcCallableFactory.createBidiStreamingCallable(
+        grpcCallSettings, callSettings, clientContext);
+  }
+
+  @Override
+  public <RequestT, ResponseT>
+      ServerStreamingCallable<RequestT, ResponseT> createServerStreamingCallable(
+          GrpcCallSettings<RequestT, ResponseT> grpcCallSettings,
+          ServerStreamingCallSettings<RequestT, ResponseT> callSettings,
+          ClientContext clientContext) {
+    return GrpcCallableFactory.createServerStreamingCallable(
+        grpcCallSettings, callSettings, clientContext);
+  }
+
+  @Override
+  public <RequestT, ResponseT>
+      ClientStreamingCallable<RequestT, ResponseT> createClientStreamingCallable(
+          GrpcCallSettings<RequestT, ResponseT> grpcCallSettings,
+          StreamingCallSettings<RequestT, ResponseT> callSettings,
+          ClientContext clientContext) {
+    return GrpcCallableFactory.createClientStreamingCallable(
+        grpcCallSettings, callSettings, clientContext);
+  }
+}
diff --git a/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/stub/GrpcBinauthzManagementServiceV1Stub.java b/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/stub/GrpcBinauthzManagementServiceV1Stub.java
new file mode 100644
index 00000000..87b697b2
--- /dev/null
+++ b/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/stub/GrpcBinauthzManagementServiceV1Stub.java
@@ -0,0 +1,369 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.protos.google.cloud.binaryauthorization.v1.stub;
+
+import static com.google.protos.google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1Client.ListAttestorsPagedResponse;
+
+import com.google.api.gax.core.BackgroundResource;
+import com.google.api.gax.core.BackgroundResourceAggregation;
+import com.google.api.gax.grpc.GrpcCallSettings;
+import com.google.api.gax.grpc.GrpcStubCallableFactory;
+import com.google.api.gax.rpc.ClientContext;
+import com.google.api.gax.rpc.UnaryCallable;
+import com.google.common.collect.ImmutableMap;
+import com.google.longrunning.stub.GrpcOperationsStub;
+import com.google.protobuf.Empty;
+import com.google.protos.google.cloud.binaryauthorization.v1.Resources;
+import com.google.protos.google.cloud.binaryauthorization.v1.Service;
+import io.grpc.MethodDescriptor;
+import io.grpc.protobuf.ProtoUtils;
+import java.io.IOException;
+import java.util.concurrent.TimeUnit;
+import javax.annotation.Generated;
+
+// AUTO-GENERATED DOCUMENTATION AND CLASS.
+/**
+ * gRPC stub implementation for the BinauthzManagementServiceV1 service API.
+ *
+ * <p>This class is for advanced usage and reflects the underlying API directly.
+ */
+@Generated("by gapic-generator-java")
+public class GrpcBinauthzManagementServiceV1Stub extends BinauthzManagementServiceV1Stub {
+  private static final MethodDescriptor<Service.GetPolicyRequest, Resources.Policy>
+      getPolicyMethodDescriptor =
+          MethodDescriptor.<Service.GetPolicyRequest, Resources.Policy>newBuilder()
+              .setType(MethodDescriptor.MethodType.UNARY)
+              .setFullMethodName(
+                  "google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1/GetPolicy")
+              .setRequestMarshaller(
+                  ProtoUtils.marshaller(Service.GetPolicyRequest.getDefaultInstance()))
+              .setResponseMarshaller(ProtoUtils.marshaller(Resources.Policy.getDefaultInstance()))
+              .build();
+
+  private static final MethodDescriptor<Service.UpdatePolicyRequest, Resources.Policy>
+      updatePolicyMethodDescriptor =
+          MethodDescriptor.<Service.UpdatePolicyRequest, Resources.Policy>newBuilder()
+              .setType(MethodDescriptor.MethodType.UNARY)
+              .setFullMethodName(
+                  "google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1/UpdatePolicy")
+              .setRequestMarshaller(
+                  ProtoUtils.marshaller(Service.UpdatePolicyRequest.getDefaultInstance()))
+              .setResponseMarshaller(ProtoUtils.marshaller(Resources.Policy.getDefaultInstance()))
+              .build();
+
+  private static final MethodDescriptor<Service.CreateAttestorRequest, Resources.Attestor>
+      createAttestorMethodDescriptor =
+          MethodDescriptor.<Service.CreateAttestorRequest, Resources.Attestor>newBuilder()
+              .setType(MethodDescriptor.MethodType.UNARY)
+              .setFullMethodName(
+                  "google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1/CreateAttestor")
+              .setRequestMarshaller(
+                  ProtoUtils.marshaller(Service.CreateAttestorRequest.getDefaultInstance()))
+              .setResponseMarshaller(ProtoUtils.marshaller(Resources.Attestor.getDefaultInstance()))
+              .build();
+
+  private static final MethodDescriptor<Service.GetAttestorRequest, Resources.Attestor>
+      getAttestorMethodDescriptor =
+          MethodDescriptor.<Service.GetAttestorRequest, Resources.Attestor>newBuilder()
+              .setType(MethodDescriptor.MethodType.UNARY)
+              .setFullMethodName(
+                  "google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1/GetAttestor")
+              .setRequestMarshaller(
+                  ProtoUtils.marshaller(Service.GetAttestorRequest.getDefaultInstance()))
+              .setResponseMarshaller(ProtoUtils.marshaller(Resources.Attestor.getDefaultInstance()))
+              .build();
+
+  private static final MethodDescriptor<Service.UpdateAttestorRequest, Resources.Attestor>
+      updateAttestorMethodDescriptor =
+          MethodDescriptor.<Service.UpdateAttestorRequest, Resources.Attestor>newBuilder()
+              .setType(MethodDescriptor.MethodType.UNARY)
+              .setFullMethodName(
+                  "google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1/UpdateAttestor")
+              .setRequestMarshaller(
+                  ProtoUtils.marshaller(Service.UpdateAttestorRequest.getDefaultInstance()))
+              .setResponseMarshaller(ProtoUtils.marshaller(Resources.Attestor.getDefaultInstance()))
+              .build();
+
+  private static final MethodDescriptor<Service.ListAttestorsRequest, Service.ListAttestorsResponse>
+      listAttestorsMethodDescriptor =
+          MethodDescriptor.<Service.ListAttestorsRequest, Service.ListAttestorsResponse>newBuilder()
+              .setType(MethodDescriptor.MethodType.UNARY)
+              .setFullMethodName(
+                  "google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1/ListAttestors")
+              .setRequestMarshaller(
+                  ProtoUtils.marshaller(Service.ListAttestorsRequest.getDefaultInstance()))
+              .setResponseMarshaller(
+                  ProtoUtils.marshaller(Service.ListAttestorsResponse.getDefaultInstance()))
+              .build();
+
+  private static final MethodDescriptor<Service.DeleteAttestorRequest, Empty>
+      deleteAttestorMethodDescriptor =
+          MethodDescriptor.<Service.DeleteAttestorRequest, Empty>newBuilder()
+              .setType(MethodDescriptor.MethodType.UNARY)
+              .setFullMethodName(
+                  "google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1/DeleteAttestor")
+              .setRequestMarshaller(
+                  ProtoUtils.marshaller(Service.DeleteAttestorRequest.getDefaultInstance()))
+              .setResponseMarshaller(ProtoUtils.marshaller(Empty.getDefaultInstance()))
+              .build();
+
+  private final UnaryCallable<Service.GetPolicyRequest, Resources.Policy> getPolicyCallable;
+  private final UnaryCallable<Service.UpdatePolicyRequest, Resources.Policy> updatePolicyCallable;
+  private final UnaryCallable<Service.CreateAttestorRequest, Resources.Attestor>
+      createAttestorCallable;
+  private final UnaryCallable<Service.GetAttestorRequest, Resources.Attestor> getAttestorCallable;
+  private final UnaryCallable<Service.UpdateAttestorRequest, Resources.Attestor>
+      updateAttestorCallable;
+  private final UnaryCallable<Service.ListAttestorsRequest, Service.ListAttestorsResponse>
+      listAttestorsCallable;
+  private final UnaryCallable<Service.ListAttestorsRequest, ListAttestorsPagedResponse>
+      listAttestorsPagedCallable;
+  private final UnaryCallable<Service.DeleteAttestorRequest, Empty> deleteAttestorCallable;
+
+  private final BackgroundResource backgroundResources;
+  private final GrpcOperationsStub operationsStub;
+  private final GrpcStubCallableFactory callableFactory;
+
+  public static final GrpcBinauthzManagementServiceV1Stub create(
+      BinauthzManagementServiceV1StubSettings settings) throws IOException {
+    return new GrpcBinauthzManagementServiceV1Stub(settings, ClientContext.create(settings));
+  }
+
+  public static final GrpcBinauthzManagementServiceV1Stub create(ClientContext clientContext)
+      throws IOException {
+    return new GrpcBinauthzManagementServiceV1Stub(
+        BinauthzManagementServiceV1StubSettings.newBuilder().build(), clientContext);
+  }
+
+  public static final GrpcBinauthzManagementServiceV1Stub create(
+      ClientContext clientContext, GrpcStubCallableFactory callableFactory) throws IOException {
+    return new GrpcBinauthzManagementServiceV1Stub(
+        BinauthzManagementServiceV1StubSettings.newBuilder().build(),
+        clientContext,
+        callableFactory);
+  }
+
+  /**
+   * Constructs an instance of GrpcBinauthzManagementServiceV1Stub, using the given settings. This
+   * is protected so that it is easy to make a subclass, but otherwise, the static factory methods
+   * should be preferred.
+   */
+  protected GrpcBinauthzManagementServiceV1Stub(
+      BinauthzManagementServiceV1StubSettings settings, ClientContext clientContext)
+      throws IOException {
+    this(settings, clientContext, new GrpcBinauthzManagementServiceV1CallableFactory());
+  }
+
+  /**
+   * Constructs an instance of GrpcBinauthzManagementServiceV1Stub, using the given settings. This
+   * is protected so that it is easy to make a subclass, but otherwise, the static factory methods
+   * should be preferred.
+   */
+  protected GrpcBinauthzManagementServiceV1Stub(
+      BinauthzManagementServiceV1StubSettings settings,
+      ClientContext clientContext,
+      GrpcStubCallableFactory callableFactory)
+      throws IOException {
+    this.callableFactory = callableFactory;
+    this.operationsStub = GrpcOperationsStub.create(clientContext, callableFactory);
+
+    GrpcCallSettings<Service.GetPolicyRequest, Resources.Policy> getPolicyTransportSettings =
+        GrpcCallSettings.<Service.GetPolicyRequest, Resources.Policy>newBuilder()
+            .setMethodDescriptor(getPolicyMethodDescriptor)
+            .setParamsExtractor(
+                request -> {
+                  ImmutableMap.Builder<String, String> params = ImmutableMap.builder();
+                  params.put("name", String.valueOf(request.getName()));
+                  return params.build();
+                })
+            .build();
+    GrpcCallSettings<Service.UpdatePolicyRequest, Resources.Policy> updatePolicyTransportSettings =
+        GrpcCallSettings.<Service.UpdatePolicyRequest, Resources.Policy>newBuilder()
+            .setMethodDescriptor(updatePolicyMethodDescriptor)
+            .setParamsExtractor(
+                request -> {
+                  ImmutableMap.Builder<String, String> params = ImmutableMap.builder();
+                  params.put("policy.name", String.valueOf(request.getPolicy().getName()));
+                  return params.build();
+                })
+            .build();
+    GrpcCallSettings<Service.CreateAttestorRequest, Resources.Attestor>
+        createAttestorTransportSettings =
+            GrpcCallSettings.<Service.CreateAttestorRequest, Resources.Attestor>newBuilder()
+                .setMethodDescriptor(createAttestorMethodDescriptor)
+                .setParamsExtractor(
+                    request -> {
+                      ImmutableMap.Builder<String, String> params = ImmutableMap.builder();
+                      params.put("parent", String.valueOf(request.getParent()));
+                      return params.build();
+                    })
+                .build();
+    GrpcCallSettings<Service.GetAttestorRequest, Resources.Attestor> getAttestorTransportSettings =
+        GrpcCallSettings.<Service.GetAttestorRequest, Resources.Attestor>newBuilder()
+            .setMethodDescriptor(getAttestorMethodDescriptor)
+            .setParamsExtractor(
+                request -> {
+                  ImmutableMap.Builder<String, String> params = ImmutableMap.builder();
+                  params.put("name", String.valueOf(request.getName()));
+                  return params.build();
+                })
+            .build();
+    GrpcCallSettings<Service.UpdateAttestorRequest, Resources.Attestor>
+        updateAttestorTransportSettings =
+            GrpcCallSettings.<Service.UpdateAttestorRequest, Resources.Attestor>newBuilder()
+                .setMethodDescriptor(updateAttestorMethodDescriptor)
+                .setParamsExtractor(
+                    request -> {
+                      ImmutableMap.Builder<String, String> params = ImmutableMap.builder();
+                      params.put("attestor.name", String.valueOf(request.getAttestor().getName()));
+                      return params.build();
+                    })
+                .build();
+    GrpcCallSettings<Service.ListAttestorsRequest, Service.ListAttestorsResponse>
+        listAttestorsTransportSettings =
+            GrpcCallSettings
+                .<Service.ListAttestorsRequest, Service.ListAttestorsResponse>newBuilder()
+                .setMethodDescriptor(listAttestorsMethodDescriptor)
+                .setParamsExtractor(
+                    request -> {
+                      ImmutableMap.Builder<String, String> params = ImmutableMap.builder();
+                      params.put("parent", String.valueOf(request.getParent()));
+                      return params.build();
+                    })
+                .build();
+    GrpcCallSettings<Service.DeleteAttestorRequest, Empty> deleteAttestorTransportSettings =
+        GrpcCallSettings.<Service.DeleteAttestorRequest, Empty>newBuilder()
+            .setMethodDescriptor(deleteAttestorMethodDescriptor)
+            .setParamsExtractor(
+                request -> {
+                  ImmutableMap.Builder<String, String> params = ImmutableMap.builder();
+                  params.put("name", String.valueOf(request.getName()));
+                  return params.build();
+                })
+            .build();
+
+    this.getPolicyCallable =
+        callableFactory.createUnaryCallable(
+            getPolicyTransportSettings, settings.getPolicySettings(), clientContext);
+    this.updatePolicyCallable =
+        callableFactory.createUnaryCallable(
+            updatePolicyTransportSettings, settings.updatePolicySettings(), clientContext);
+    this.createAttestorCallable =
+        callableFactory.createUnaryCallable(
+            createAttestorTransportSettings, settings.createAttestorSettings(), clientContext);
+    this.getAttestorCallable =
+        callableFactory.createUnaryCallable(
+            getAttestorTransportSettings, settings.getAttestorSettings(), clientContext);
+    this.updateAttestorCallable =
+        callableFactory.createUnaryCallable(
+            updateAttestorTransportSettings, settings.updateAttestorSettings(), clientContext);
+    this.listAttestorsCallable =
+        callableFactory.createUnaryCallable(
+            listAttestorsTransportSettings, settings.listAttestorsSettings(), clientContext);
+    this.listAttestorsPagedCallable =
+        callableFactory.createPagedCallable(
+            listAttestorsTransportSettings, settings.listAttestorsSettings(), clientContext);
+    this.deleteAttestorCallable =
+        callableFactory.createUnaryCallable(
+            deleteAttestorTransportSettings, settings.deleteAttestorSettings(), clientContext);
+
+    this.backgroundResources =
+        new BackgroundResourceAggregation(clientContext.getBackgroundResources());
+  }
+
+  public GrpcOperationsStub getOperationsStub() {
+    return operationsStub;
+  }
+
+  @Override
+  public UnaryCallable<Service.GetPolicyRequest, Resources.Policy> getPolicyCallable() {
+    return getPolicyCallable;
+  }
+
+  @Override
+  public UnaryCallable<Service.UpdatePolicyRequest, Resources.Policy> updatePolicyCallable() {
+    return updatePolicyCallable;
+  }
+
+  @Override
+  public UnaryCallable<Service.CreateAttestorRequest, Resources.Attestor> createAttestorCallable() {
+    return createAttestorCallable;
+  }
+
+  @Override
+  public UnaryCallable<Service.GetAttestorRequest, Resources.Attestor> getAttestorCallable() {
+    return getAttestorCallable;
+  }
+
+  @Override
+  public UnaryCallable<Service.UpdateAttestorRequest, Resources.Attestor> updateAttestorCallable() {
+    return updateAttestorCallable;
+  }
+
+  @Override
+  public UnaryCallable<Service.ListAttestorsRequest, Service.ListAttestorsResponse>
+      listAttestorsCallable() {
+    return listAttestorsCallable;
+  }
+
+  @Override
+  public UnaryCallable<Service.ListAttestorsRequest, ListAttestorsPagedResponse>
+      listAttestorsPagedCallable() {
+    return listAttestorsPagedCallable;
+  }
+
+  @Override
+  public UnaryCallable<Service.DeleteAttestorRequest, Empty> deleteAttestorCallable() {
+    return deleteAttestorCallable;
+  }
+
+  @Override
+  public final void close() {
+    try {
+      backgroundResources.close();
+    } catch (RuntimeException e) {
+      throw e;
+    } catch (Exception e) {
+      throw new IllegalStateException("Failed to close resource", e);
+    }
+  }
+
+  @Override
+  public void shutdown() {
+    backgroundResources.shutdown();
+  }
+
+  @Override
+  public boolean isShutdown() {
+    return backgroundResources.isShutdown();
+  }
+
+  @Override
+  public boolean isTerminated() {
+    return backgroundResources.isTerminated();
+  }
+
+  @Override
+  public void shutdownNow() {
+    backgroundResources.shutdownNow();
+  }
+
+  @Override
+  public boolean awaitTermination(long duration, TimeUnit unit) throws InterruptedException {
+    return backgroundResources.awaitTermination(duration, unit);
+  }
+}
diff --git a/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/stub/GrpcSystemPolicyV1CallableFactory.java b/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/stub/GrpcSystemPolicyV1CallableFactory.java
new file mode 100644
index 00000000..ee975437
--- /dev/null
+++ b/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/stub/GrpcSystemPolicyV1CallableFactory.java
@@ -0,0 +1,113 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.protos.google.cloud.binaryauthorization.v1.stub;
+
+import com.google.api.gax.grpc.GrpcCallSettings;
+import com.google.api.gax.grpc.GrpcCallableFactory;
+import com.google.api.gax.grpc.GrpcStubCallableFactory;
+import com.google.api.gax.rpc.BatchingCallSettings;
+import com.google.api.gax.rpc.BidiStreamingCallable;
+import com.google.api.gax.rpc.ClientContext;
+import com.google.api.gax.rpc.ClientStreamingCallable;
+import com.google.api.gax.rpc.OperationCallSettings;
+import com.google.api.gax.rpc.OperationCallable;
+import com.google.api.gax.rpc.PagedCallSettings;
+import com.google.api.gax.rpc.ServerStreamingCallSettings;
+import com.google.api.gax.rpc.ServerStreamingCallable;
+import com.google.api.gax.rpc.StreamingCallSettings;
+import com.google.api.gax.rpc.UnaryCallSettings;
+import com.google.api.gax.rpc.UnaryCallable;
+import com.google.longrunning.Operation;
+import com.google.longrunning.stub.OperationsStub;
+import javax.annotation.Generated;
+
+// AUTO-GENERATED DOCUMENTATION AND CLASS.
+/**
+ * gRPC callable factory implementation for the SystemPolicyV1 service API.
+ *
+ * <p>This class is for advanced usage.
+ */
+@Generated("by gapic-generator-java")
+public class GrpcSystemPolicyV1CallableFactory implements GrpcStubCallableFactory {
+
+  @Override
+  public <RequestT, ResponseT> UnaryCallable<RequestT, ResponseT> createUnaryCallable(
+      GrpcCallSettings<RequestT, ResponseT> grpcCallSettings,
+      UnaryCallSettings<RequestT, ResponseT> callSettings,
+      ClientContext clientContext) {
+    return GrpcCallableFactory.createUnaryCallable(grpcCallSettings, callSettings, clientContext);
+  }
+
+  @Override
+  public <RequestT, ResponseT, PagedListResponseT>
+      UnaryCallable<RequestT, PagedListResponseT> createPagedCallable(
+          GrpcCallSettings<RequestT, ResponseT> grpcCallSettings,
+          PagedCallSettings<RequestT, ResponseT, PagedListResponseT> callSettings,
+          ClientContext clientContext) {
+    return GrpcCallableFactory.createPagedCallable(grpcCallSettings, callSettings, clientContext);
+  }
+
+  @Override
+  public <RequestT, ResponseT> UnaryCallable<RequestT, ResponseT> createBatchingCallable(
+      GrpcCallSettings<RequestT, ResponseT> grpcCallSettings,
+      BatchingCallSettings<RequestT, ResponseT> callSettings,
+      ClientContext clientContext) {
+    return GrpcCallableFactory.createBatchingCallable(
+        grpcCallSettings, callSettings, clientContext);
+  }
+
+  @Override
+  public <RequestT, ResponseT, MetadataT>
+      OperationCallable<RequestT, ResponseT, MetadataT> createOperationCallable(
+          GrpcCallSettings<RequestT, Operation> grpcCallSettings,
+          OperationCallSettings<RequestT, ResponseT, MetadataT> callSettings,
+          ClientContext clientContext,
+          OperationsStub operationsStub) {
+    return GrpcCallableFactory.createOperationCallable(
+        grpcCallSettings, callSettings, clientContext, operationsStub);
+  }
+
+  @Override
+  public <RequestT, ResponseT>
+      BidiStreamingCallable<RequestT, ResponseT> createBidiStreamingCallable(
+          GrpcCallSettings<RequestT, ResponseT> grpcCallSettings,
+          StreamingCallSettings<RequestT, ResponseT> callSettings,
+          ClientContext clientContext) {
+    return GrpcCallableFactory.createBidiStreamingCallable(
+        grpcCallSettings, callSettings, clientContext);
+  }
+
+  @Override
+  public <RequestT, ResponseT>
+      ServerStreamingCallable<RequestT, ResponseT> createServerStreamingCallable(
+          GrpcCallSettings<RequestT, ResponseT> grpcCallSettings,
+          ServerStreamingCallSettings<RequestT, ResponseT> callSettings,
+          ClientContext clientContext) {
+    return GrpcCallableFactory.createServerStreamingCallable(
+        grpcCallSettings, callSettings, clientContext);
+  }
+
+  @Override
+  public <RequestT, ResponseT>
+      ClientStreamingCallable<RequestT, ResponseT> createClientStreamingCallable(
+          GrpcCallSettings<RequestT, ResponseT> grpcCallSettings,
+          StreamingCallSettings<RequestT, ResponseT> callSettings,
+          ClientContext clientContext) {
+    return GrpcCallableFactory.createClientStreamingCallable(
+        grpcCallSettings, callSettings, clientContext);
+  }
+}
diff --git a/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/stub/GrpcSystemPolicyV1Stub.java b/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/stub/GrpcSystemPolicyV1Stub.java
new file mode 100644
index 00000000..d804a683
--- /dev/null
+++ b/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/stub/GrpcSystemPolicyV1Stub.java
@@ -0,0 +1,165 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.protos.google.cloud.binaryauthorization.v1.stub;
+
+import com.google.api.gax.core.BackgroundResource;
+import com.google.api.gax.core.BackgroundResourceAggregation;
+import com.google.api.gax.grpc.GrpcCallSettings;
+import com.google.api.gax.grpc.GrpcStubCallableFactory;
+import com.google.api.gax.rpc.ClientContext;
+import com.google.api.gax.rpc.UnaryCallable;
+import com.google.common.collect.ImmutableMap;
+import com.google.longrunning.stub.GrpcOperationsStub;
+import com.google.protos.google.cloud.binaryauthorization.v1.Resources;
+import com.google.protos.google.cloud.binaryauthorization.v1.Service;
+import io.grpc.MethodDescriptor;
+import io.grpc.protobuf.ProtoUtils;
+import java.io.IOException;
+import java.util.concurrent.TimeUnit;
+import javax.annotation.Generated;
+
+// AUTO-GENERATED DOCUMENTATION AND CLASS.
+/**
+ * gRPC stub implementation for the SystemPolicyV1 service API.
+ *
+ * <p>This class is for advanced usage and reflects the underlying API directly.
+ */
+@Generated("by gapic-generator-java")
+public class GrpcSystemPolicyV1Stub extends SystemPolicyV1Stub {
+  private static final MethodDescriptor<Service.GetSystemPolicyRequest, Resources.Policy>
+      getSystemPolicyMethodDescriptor =
+          MethodDescriptor.<Service.GetSystemPolicyRequest, Resources.Policy>newBuilder()
+              .setType(MethodDescriptor.MethodType.UNARY)
+              .setFullMethodName(
+                  "google.cloud.binaryauthorization.v1.SystemPolicyV1/GetSystemPolicy")
+              .setRequestMarshaller(
+                  ProtoUtils.marshaller(Service.GetSystemPolicyRequest.getDefaultInstance()))
+              .setResponseMarshaller(ProtoUtils.marshaller(Resources.Policy.getDefaultInstance()))
+              .build();
+
+  private final UnaryCallable<Service.GetSystemPolicyRequest, Resources.Policy>
+      getSystemPolicyCallable;
+
+  private final BackgroundResource backgroundResources;
+  private final GrpcOperationsStub operationsStub;
+  private final GrpcStubCallableFactory callableFactory;
+
+  public static final GrpcSystemPolicyV1Stub create(SystemPolicyV1StubSettings settings)
+      throws IOException {
+    return new GrpcSystemPolicyV1Stub(settings, ClientContext.create(settings));
+  }
+
+  public static final GrpcSystemPolicyV1Stub create(ClientContext clientContext)
+      throws IOException {
+    return new GrpcSystemPolicyV1Stub(
+        SystemPolicyV1StubSettings.newBuilder().build(), clientContext);
+  }
+
+  public static final GrpcSystemPolicyV1Stub create(
+      ClientContext clientContext, GrpcStubCallableFactory callableFactory) throws IOException {
+    return new GrpcSystemPolicyV1Stub(
+        SystemPolicyV1StubSettings.newBuilder().build(), clientContext, callableFactory);
+  }
+
+  /**
+   * Constructs an instance of GrpcSystemPolicyV1Stub, using the given settings. This is protected
+   * so that it is easy to make a subclass, but otherwise, the static factory methods should be
+   * preferred.
+   */
+  protected GrpcSystemPolicyV1Stub(SystemPolicyV1StubSettings settings, ClientContext clientContext)
+      throws IOException {
+    this(settings, clientContext, new GrpcSystemPolicyV1CallableFactory());
+  }
+
+  /**
+   * Constructs an instance of GrpcSystemPolicyV1Stub, using the given settings. This is protected
+   * so that it is easy to make a subclass, but otherwise, the static factory methods should be
+   * preferred.
+   */
+  protected GrpcSystemPolicyV1Stub(
+      SystemPolicyV1StubSettings settings,
+      ClientContext clientContext,
+      GrpcStubCallableFactory callableFactory)
+      throws IOException {
+    this.callableFactory = callableFactory;
+    this.operationsStub = GrpcOperationsStub.create(clientContext, callableFactory);
+
+    GrpcCallSettings<Service.GetSystemPolicyRequest, Resources.Policy>
+        getSystemPolicyTransportSettings =
+            GrpcCallSettings.<Service.GetSystemPolicyRequest, Resources.Policy>newBuilder()
+                .setMethodDescriptor(getSystemPolicyMethodDescriptor)
+                .setParamsExtractor(
+                    request -> {
+                      ImmutableMap.Builder<String, String> params = ImmutableMap.builder();
+                      params.put("name", String.valueOf(request.getName()));
+                      return params.build();
+                    })
+                .build();
+
+    this.getSystemPolicyCallable =
+        callableFactory.createUnaryCallable(
+            getSystemPolicyTransportSettings, settings.getSystemPolicySettings(), clientContext);
+
+    this.backgroundResources =
+        new BackgroundResourceAggregation(clientContext.getBackgroundResources());
+  }
+
+  public GrpcOperationsStub getOperationsStub() {
+    return operationsStub;
+  }
+
+  @Override
+  public UnaryCallable<Service.GetSystemPolicyRequest, Resources.Policy> getSystemPolicyCallable() {
+    return getSystemPolicyCallable;
+  }
+
+  @Override
+  public final void close() {
+    try {
+      backgroundResources.close();
+    } catch (RuntimeException e) {
+      throw e;
+    } catch (Exception e) {
+      throw new IllegalStateException("Failed to close resource", e);
+    }
+  }
+
+  @Override
+  public void shutdown() {
+    backgroundResources.shutdown();
+  }
+
+  @Override
+  public boolean isShutdown() {
+    return backgroundResources.isShutdown();
+  }
+
+  @Override
+  public boolean isTerminated() {
+    return backgroundResources.isTerminated();
+  }
+
+  @Override
+  public void shutdownNow() {
+    backgroundResources.shutdownNow();
+  }
+
+  @Override
+  public boolean awaitTermination(long duration, TimeUnit unit) throws InterruptedException {
+    return backgroundResources.awaitTermination(duration, unit);
+  }
+}
diff --git a/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/stub/GrpcValidationHelperV1CallableFactory.java b/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/stub/GrpcValidationHelperV1CallableFactory.java
new file mode 100644
index 00000000..097845f4
--- /dev/null
+++ b/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/stub/GrpcValidationHelperV1CallableFactory.java
@@ -0,0 +1,113 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.protos.google.cloud.binaryauthorization.v1.stub;
+
+import com.google.api.gax.grpc.GrpcCallSettings;
+import com.google.api.gax.grpc.GrpcCallableFactory;
+import com.google.api.gax.grpc.GrpcStubCallableFactory;
+import com.google.api.gax.rpc.BatchingCallSettings;
+import com.google.api.gax.rpc.BidiStreamingCallable;
+import com.google.api.gax.rpc.ClientContext;
+import com.google.api.gax.rpc.ClientStreamingCallable;
+import com.google.api.gax.rpc.OperationCallSettings;
+import com.google.api.gax.rpc.OperationCallable;
+import com.google.api.gax.rpc.PagedCallSettings;
+import com.google.api.gax.rpc.ServerStreamingCallSettings;
+import com.google.api.gax.rpc.ServerStreamingCallable;
+import com.google.api.gax.rpc.StreamingCallSettings;
+import com.google.api.gax.rpc.UnaryCallSettings;
+import com.google.api.gax.rpc.UnaryCallable;
+import com.google.longrunning.Operation;
+import com.google.longrunning.stub.OperationsStub;
+import javax.annotation.Generated;
+
+// AUTO-GENERATED DOCUMENTATION AND CLASS.
+/**
+ * gRPC callable factory implementation for the ValidationHelperV1 service API.
+ *
+ * <p>This class is for advanced usage.
+ */
+@Generated("by gapic-generator-java")
+public class GrpcValidationHelperV1CallableFactory implements GrpcStubCallableFactory {
+
+  @Override
+  public <RequestT, ResponseT> UnaryCallable<RequestT, ResponseT> createUnaryCallable(
+      GrpcCallSettings<RequestT, ResponseT> grpcCallSettings,
+      UnaryCallSettings<RequestT, ResponseT> callSettings,
+      ClientContext clientContext) {
+    return GrpcCallableFactory.createUnaryCallable(grpcCallSettings, callSettings, clientContext);
+  }
+
+  @Override
+  public <RequestT, ResponseT, PagedListResponseT>
+      UnaryCallable<RequestT, PagedListResponseT> createPagedCallable(
+          GrpcCallSettings<RequestT, ResponseT> grpcCallSettings,
+          PagedCallSettings<RequestT, ResponseT, PagedListResponseT> callSettings,
+          ClientContext clientContext) {
+    return GrpcCallableFactory.createPagedCallable(grpcCallSettings, callSettings, clientContext);
+  }
+
+  @Override
+  public <RequestT, ResponseT> UnaryCallable<RequestT, ResponseT> createBatchingCallable(
+      GrpcCallSettings<RequestT, ResponseT> grpcCallSettings,
+      BatchingCallSettings<RequestT, ResponseT> callSettings,
+      ClientContext clientContext) {
+    return GrpcCallableFactory.createBatchingCallable(
+        grpcCallSettings, callSettings, clientContext);
+  }
+
+  @Override
+  public <RequestT, ResponseT, MetadataT>
+      OperationCallable<RequestT, ResponseT, MetadataT> createOperationCallable(
+          GrpcCallSettings<RequestT, Operation> grpcCallSettings,
+          OperationCallSettings<RequestT, ResponseT, MetadataT> callSettings,
+          ClientContext clientContext,
+          OperationsStub operationsStub) {
+    return GrpcCallableFactory.createOperationCallable(
+        grpcCallSettings, callSettings, clientContext, operationsStub);
+  }
+
+  @Override
+  public <RequestT, ResponseT>
+      BidiStreamingCallable<RequestT, ResponseT> createBidiStreamingCallable(
+          GrpcCallSettings<RequestT, ResponseT> grpcCallSettings,
+          StreamingCallSettings<RequestT, ResponseT> callSettings,
+          ClientContext clientContext) {
+    return GrpcCallableFactory.createBidiStreamingCallable(
+        grpcCallSettings, callSettings, clientContext);
+  }
+
+  @Override
+  public <RequestT, ResponseT>
+      ServerStreamingCallable<RequestT, ResponseT> createServerStreamingCallable(
+          GrpcCallSettings<RequestT, ResponseT> grpcCallSettings,
+          ServerStreamingCallSettings<RequestT, ResponseT> callSettings,
+          ClientContext clientContext) {
+    return GrpcCallableFactory.createServerStreamingCallable(
+        grpcCallSettings, callSettings, clientContext);
+  }
+
+  @Override
+  public <RequestT, ResponseT>
+      ClientStreamingCallable<RequestT, ResponseT> createClientStreamingCallable(
+          GrpcCallSettings<RequestT, ResponseT> grpcCallSettings,
+          StreamingCallSettings<RequestT, ResponseT> callSettings,
+          ClientContext clientContext) {
+    return GrpcCallableFactory.createClientStreamingCallable(
+        grpcCallSettings, callSettings, clientContext);
+  }
+}
diff --git a/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/stub/GrpcValidationHelperV1Stub.java b/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/stub/GrpcValidationHelperV1Stub.java
new file mode 100644
index 00000000..c990a23b
--- /dev/null
+++ b/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/stub/GrpcValidationHelperV1Stub.java
@@ -0,0 +1,184 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.protos.google.cloud.binaryauthorization.v1.stub;
+
+import com.google.api.gax.core.BackgroundResource;
+import com.google.api.gax.core.BackgroundResourceAggregation;
+import com.google.api.gax.grpc.GrpcCallSettings;
+import com.google.api.gax.grpc.GrpcStubCallableFactory;
+import com.google.api.gax.rpc.ClientContext;
+import com.google.api.gax.rpc.UnaryCallable;
+import com.google.common.collect.ImmutableMap;
+import com.google.longrunning.stub.GrpcOperationsStub;
+import com.google.protos.google.cloud.binaryauthorization.v1.Service;
+import io.grpc.MethodDescriptor;
+import io.grpc.protobuf.ProtoUtils;
+import java.io.IOException;
+import java.util.concurrent.TimeUnit;
+import javax.annotation.Generated;
+
+// AUTO-GENERATED DOCUMENTATION AND CLASS.
+/**
+ * gRPC stub implementation for the ValidationHelperV1 service API.
+ *
+ * <p>This class is for advanced usage and reflects the underlying API directly.
+ */
+@Generated("by gapic-generator-java")
+public class GrpcValidationHelperV1Stub extends ValidationHelperV1Stub {
+  private static final MethodDescriptor<
+          Service.ValidateAttestationOccurrenceRequest,
+          Service.ValidateAttestationOccurrenceResponse>
+      validateAttestationOccurrenceMethodDescriptor =
+          MethodDescriptor
+              .<Service.ValidateAttestationOccurrenceRequest,
+                  Service.ValidateAttestationOccurrenceResponse>
+                  newBuilder()
+              .setType(MethodDescriptor.MethodType.UNARY)
+              .setFullMethodName(
+                  "google.cloud.binaryauthorization.v1.ValidationHelperV1/ValidateAttestationOccurrence")
+              .setRequestMarshaller(
+                  ProtoUtils.marshaller(
+                      Service.ValidateAttestationOccurrenceRequest.getDefaultInstance()))
+              .setResponseMarshaller(
+                  ProtoUtils.marshaller(
+                      Service.ValidateAttestationOccurrenceResponse.getDefaultInstance()))
+              .build();
+
+  private final UnaryCallable<
+          Service.ValidateAttestationOccurrenceRequest,
+          Service.ValidateAttestationOccurrenceResponse>
+      validateAttestationOccurrenceCallable;
+
+  private final BackgroundResource backgroundResources;
+  private final GrpcOperationsStub operationsStub;
+  private final GrpcStubCallableFactory callableFactory;
+
+  public static final GrpcValidationHelperV1Stub create(ValidationHelperV1StubSettings settings)
+      throws IOException {
+    return new GrpcValidationHelperV1Stub(settings, ClientContext.create(settings));
+  }
+
+  public static final GrpcValidationHelperV1Stub create(ClientContext clientContext)
+      throws IOException {
+    return new GrpcValidationHelperV1Stub(
+        ValidationHelperV1StubSettings.newBuilder().build(), clientContext);
+  }
+
+  public static final GrpcValidationHelperV1Stub create(
+      ClientContext clientContext, GrpcStubCallableFactory callableFactory) throws IOException {
+    return new GrpcValidationHelperV1Stub(
+        ValidationHelperV1StubSettings.newBuilder().build(), clientContext, callableFactory);
+  }
+
+  /**
+   * Constructs an instance of GrpcValidationHelperV1Stub, using the given settings. This is
+   * protected so that it is easy to make a subclass, but otherwise, the static factory methods
+   * should be preferred.
+   */
+  protected GrpcValidationHelperV1Stub(
+      ValidationHelperV1StubSettings settings, ClientContext clientContext) throws IOException {
+    this(settings, clientContext, new GrpcValidationHelperV1CallableFactory());
+  }
+
+  /**
+   * Constructs an instance of GrpcValidationHelperV1Stub, using the given settings. This is
+   * protected so that it is easy to make a subclass, but otherwise, the static factory methods
+   * should be preferred.
+   */
+  protected GrpcValidationHelperV1Stub(
+      ValidationHelperV1StubSettings settings,
+      ClientContext clientContext,
+      GrpcStubCallableFactory callableFactory)
+      throws IOException {
+    this.callableFactory = callableFactory;
+    this.operationsStub = GrpcOperationsStub.create(clientContext, callableFactory);
+
+    GrpcCallSettings<
+            Service.ValidateAttestationOccurrenceRequest,
+            Service.ValidateAttestationOccurrenceResponse>
+        validateAttestationOccurrenceTransportSettings =
+            GrpcCallSettings
+                .<Service.ValidateAttestationOccurrenceRequest,
+                    Service.ValidateAttestationOccurrenceResponse>
+                    newBuilder()
+                .setMethodDescriptor(validateAttestationOccurrenceMethodDescriptor)
+                .setParamsExtractor(
+                    request -> {
+                      ImmutableMap.Builder<String, String> params = ImmutableMap.builder();
+                      params.put("attestor", String.valueOf(request.getAttestor()));
+                      return params.build();
+                    })
+                .build();
+
+    this.validateAttestationOccurrenceCallable =
+        callableFactory.createUnaryCallable(
+            validateAttestationOccurrenceTransportSettings,
+            settings.validateAttestationOccurrenceSettings(),
+            clientContext);
+
+    this.backgroundResources =
+        new BackgroundResourceAggregation(clientContext.getBackgroundResources());
+  }
+
+  public GrpcOperationsStub getOperationsStub() {
+    return operationsStub;
+  }
+
+  @Override
+  public UnaryCallable<
+          Service.ValidateAttestationOccurrenceRequest,
+          Service.ValidateAttestationOccurrenceResponse>
+      validateAttestationOccurrenceCallable() {
+    return validateAttestationOccurrenceCallable;
+  }
+
+  @Override
+  public final void close() {
+    try {
+      backgroundResources.close();
+    } catch (RuntimeException e) {
+      throw e;
+    } catch (Exception e) {
+      throw new IllegalStateException("Failed to close resource", e);
+    }
+  }
+
+  @Override
+  public void shutdown() {
+    backgroundResources.shutdown();
+  }
+
+  @Override
+  public boolean isShutdown() {
+    return backgroundResources.isShutdown();
+  }
+
+  @Override
+  public boolean isTerminated() {
+    return backgroundResources.isTerminated();
+  }
+
+  @Override
+  public void shutdownNow() {
+    backgroundResources.shutdownNow();
+  }
+
+  @Override
+  public boolean awaitTermination(long duration, TimeUnit unit) throws InterruptedException {
+    return backgroundResources.awaitTermination(duration, unit);
+  }
+}
diff --git a/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/stub/SystemPolicyV1Stub.java b/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/stub/SystemPolicyV1Stub.java
new file mode 100644
index 00000000..9d52db96
--- /dev/null
+++ b/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/stub/SystemPolicyV1Stub.java
@@ -0,0 +1,40 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.protos.google.cloud.binaryauthorization.v1.stub;
+
+import com.google.api.gax.core.BackgroundResource;
+import com.google.api.gax.rpc.UnaryCallable;
+import com.google.protos.google.cloud.binaryauthorization.v1.Resources;
+import com.google.protos.google.cloud.binaryauthorization.v1.Service;
+import javax.annotation.Generated;
+
+// AUTO-GENERATED DOCUMENTATION AND CLASS.
+/**
+ * Base stub class for the SystemPolicyV1 service API.
+ *
+ * <p>This class is for advanced usage and reflects the underlying API directly.
+ */
+@Generated("by gapic-generator-java")
+public abstract class SystemPolicyV1Stub implements BackgroundResource {
+
+  public UnaryCallable<Service.GetSystemPolicyRequest, Resources.Policy> getSystemPolicyCallable() {
+    throw new UnsupportedOperationException("Not implemented: getSystemPolicyCallable()");
+  }
+
+  @Override
+  public abstract void close();
+}
diff --git a/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/stub/SystemPolicyV1StubSettings.java b/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/stub/SystemPolicyV1StubSettings.java
new file mode 100644
index 00000000..81a0de06
--- /dev/null
+++ b/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/stub/SystemPolicyV1StubSettings.java
@@ -0,0 +1,267 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.protos.google.cloud.binaryauthorization.v1.stub;
+
+import com.google.api.core.ApiFunction;
+import com.google.api.core.BetaApi;
+import com.google.api.gax.core.GaxProperties;
+import com.google.api.gax.core.GoogleCredentialsProvider;
+import com.google.api.gax.core.InstantiatingExecutorProvider;
+import com.google.api.gax.grpc.GaxGrpcProperties;
+import com.google.api.gax.grpc.GrpcTransportChannel;
+import com.google.api.gax.grpc.InstantiatingGrpcChannelProvider;
+import com.google.api.gax.retrying.RetrySettings;
+import com.google.api.gax.rpc.ApiClientHeaderProvider;
+import com.google.api.gax.rpc.ClientContext;
+import com.google.api.gax.rpc.StatusCode;
+import com.google.api.gax.rpc.StubSettings;
+import com.google.api.gax.rpc.TransportChannelProvider;
+import com.google.api.gax.rpc.UnaryCallSettings;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSet;
+import com.google.common.collect.Lists;
+import com.google.protos.google.cloud.binaryauthorization.v1.Resources;
+import com.google.protos.google.cloud.binaryauthorization.v1.Service;
+import java.io.IOException;
+import java.util.List;
+import javax.annotation.Generated;
+
+// AUTO-GENERATED DOCUMENTATION AND CLASS.
+/**
+ * Settings class to configure an instance of {@link SystemPolicyV1Stub}.
+ *
+ * <p>The default instance has everything set to sensible defaults:
+ *
+ * <ul>
+ *   <li>The default service address (binaryauthorization.googleapis.com) and default port (443) are
+ *       used.
+ *   <li>Credentials are acquired automatically through Application Default Credentials.
+ *   <li>Retries are configured for idempotent methods but not for non-idempotent methods.
+ * </ul>
+ *
+ * <p>The builder of this class is recursive, so contained classes are themselves builders. When
+ * build() is called, the tree of builders is called to create the complete settings object.
+ *
+ * <p>For example, to set the total timeout of getSystemPolicy to 30 seconds:
+ *
+ * <pre>{@code
+ * SystemPolicyV1StubSettings.Builder systemPolicyV1SettingsBuilder =
+ *     SystemPolicyV1StubSettings.newBuilder();
+ * systemPolicyV1SettingsBuilder
+ *     .getSystemPolicySettings()
+ *     .setRetrySettings(
+ *         systemPolicyV1SettingsBuilder
+ *             .getSystemPolicySettings()
+ *             .getRetrySettings()
+ *             .toBuilder()
+ *             .setTotalTimeout(Duration.ofSeconds(30))
+ *             .build());
+ * SystemPolicyV1StubSettings systemPolicyV1Settings = systemPolicyV1SettingsBuilder.build();
+ * }</pre>
+ */
+@Generated("by gapic-generator-java")
+public class SystemPolicyV1StubSettings extends StubSettings<SystemPolicyV1StubSettings> {
+  /** The default scopes of the service. */
+  private static final ImmutableList<String> DEFAULT_SERVICE_SCOPES =
+      ImmutableList.<String>builder().add("https://www.googleapis.com/auth/cloud-platform").build();
+
+  private final UnaryCallSettings<Service.GetSystemPolicyRequest, Resources.Policy>
+      getSystemPolicySettings;
+
+  /** Returns the object with the settings used for calls to getSystemPolicy. */
+  public UnaryCallSettings<Service.GetSystemPolicyRequest, Resources.Policy>
+      getSystemPolicySettings() {
+    return getSystemPolicySettings;
+  }
+
+  @BetaApi("A restructuring of stub classes is planned, so this may break in the future")
+  public SystemPolicyV1Stub createStub() throws IOException {
+    if (getTransportChannelProvider()
+        .getTransportName()
+        .equals(GrpcTransportChannel.getGrpcTransportName())) {
+      return GrpcSystemPolicyV1Stub.create(this);
+    }
+    throw new UnsupportedOperationException(
+        String.format(
+            "Transport not supported: %s", getTransportChannelProvider().getTransportName()));
+  }
+
+  /** Returns a builder for the default ExecutorProvider for this service. */
+  public static InstantiatingExecutorProvider.Builder defaultExecutorProviderBuilder() {
+    return InstantiatingExecutorProvider.newBuilder();
+  }
+
+  /** Returns the default service endpoint. */
+  public static String getDefaultEndpoint() {
+    return "binaryauthorization.googleapis.com:443";
+  }
+
+  /** Returns the default mTLS service endpoint. */
+  public static String getDefaultMtlsEndpoint() {
+    return "binaryauthorization.mtls.googleapis.com:443";
+  }
+
+  /** Returns the default service scopes. */
+  public static List<String> getDefaultServiceScopes() {
+    return DEFAULT_SERVICE_SCOPES;
+  }
+
+  /** Returns a builder for the default credentials for this service. */
+  public static GoogleCredentialsProvider.Builder defaultCredentialsProviderBuilder() {
+    return GoogleCredentialsProvider.newBuilder()
+        .setScopesToApply(DEFAULT_SERVICE_SCOPES)
+        .setUseJwtAccessWithScope(true);
+  }
+
+  /** Returns a builder for the default ChannelProvider for this service. */
+  public static InstantiatingGrpcChannelProvider.Builder defaultGrpcTransportProviderBuilder() {
+    return InstantiatingGrpcChannelProvider.newBuilder()
+        .setMaxInboundMessageSize(Integer.MAX_VALUE);
+  }
+
+  public static TransportChannelProvider defaultTransportChannelProvider() {
+    return defaultGrpcTransportProviderBuilder().build();
+  }
+
+  @BetaApi("The surface for customizing headers is not stable yet and may change in the future.")
+  public static ApiClientHeaderProvider.Builder defaultApiClientHeaderProviderBuilder() {
+    return ApiClientHeaderProvider.newBuilder()
+        .setGeneratedLibToken(
+            "gapic", GaxProperties.getLibraryVersion(SystemPolicyV1StubSettings.class))
+        .setTransportToken(
+            GaxGrpcProperties.getGrpcTokenName(), GaxGrpcProperties.getGrpcVersion());
+  }
+
+  /** Returns a new builder for this class. */
+  public static Builder newBuilder() {
+    return Builder.createDefault();
+  }
+
+  /** Returns a new builder for this class. */
+  public static Builder newBuilder(ClientContext clientContext) {
+    return new Builder(clientContext);
+  }
+
+  /** Returns a builder containing all the values of this settings class. */
+  public Builder toBuilder() {
+    return new Builder(this);
+  }
+
+  protected SystemPolicyV1StubSettings(Builder settingsBuilder) throws IOException {
+    super(settingsBuilder);
+
+    getSystemPolicySettings = settingsBuilder.getSystemPolicySettings().build();
+  }
+
+  /** Builder for SystemPolicyV1StubSettings. */
+  public static class Builder extends StubSettings.Builder<SystemPolicyV1StubSettings, Builder> {
+    private final ImmutableList<UnaryCallSettings.Builder<?, ?>> unaryMethodSettingsBuilders;
+    private final UnaryCallSettings.Builder<Service.GetSystemPolicyRequest, Resources.Policy>
+        getSystemPolicySettings;
+    private static final ImmutableMap<String, ImmutableSet<StatusCode.Code>>
+        RETRYABLE_CODE_DEFINITIONS;
+
+    static {
+      ImmutableMap.Builder<String, ImmutableSet<StatusCode.Code>> definitions =
+          ImmutableMap.builder();
+      definitions.put("no_retry_codes", ImmutableSet.copyOf(Lists.<StatusCode.Code>newArrayList()));
+      RETRYABLE_CODE_DEFINITIONS = definitions.build();
+    }
+
+    private static final ImmutableMap<String, RetrySettings> RETRY_PARAM_DEFINITIONS;
+
+    static {
+      ImmutableMap.Builder<String, RetrySettings> definitions = ImmutableMap.builder();
+      RetrySettings settings = null;
+      settings = RetrySettings.newBuilder().setRpcTimeoutMultiplier(1.0).build();
+      definitions.put("no_retry_params", settings);
+      RETRY_PARAM_DEFINITIONS = definitions.build();
+    }
+
+    protected Builder() {
+      this(((ClientContext) null));
+    }
+
+    protected Builder(ClientContext clientContext) {
+      super(clientContext);
+
+      getSystemPolicySettings = UnaryCallSettings.newUnaryCallSettingsBuilder();
+
+      unaryMethodSettingsBuilders =
+          ImmutableList.<UnaryCallSettings.Builder<?, ?>>of(getSystemPolicySettings);
+      initDefaults(this);
+    }
+
+    protected Builder(SystemPolicyV1StubSettings settings) {
+      super(settings);
+
+      getSystemPolicySettings = settings.getSystemPolicySettings.toBuilder();
+
+      unaryMethodSettingsBuilders =
+          ImmutableList.<UnaryCallSettings.Builder<?, ?>>of(getSystemPolicySettings);
+    }
+
+    private static Builder createDefault() {
+      Builder builder = new Builder(((ClientContext) null));
+
+      builder.setTransportChannelProvider(defaultTransportChannelProvider());
+      builder.setCredentialsProvider(defaultCredentialsProviderBuilder().build());
+      builder.setInternalHeaderProvider(defaultApiClientHeaderProviderBuilder().build());
+      builder.setEndpoint(getDefaultEndpoint());
+      builder.setMtlsEndpoint(getDefaultMtlsEndpoint());
+      builder.setSwitchToMtlsEndpointAllowed(true);
+
+      return initDefaults(builder);
+    }
+
+    private static Builder initDefaults(Builder builder) {
+      builder
+          .getSystemPolicySettings()
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("no_retry_codes"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("no_retry_params"));
+
+      return builder;
+    }
+
+    /**
+     * Applies the given settings updater function to all of the unary API methods in this service.
+     *
+     * <p>Note: This method does not support applying settings to streaming methods.
+     */
+    public Builder applyToAllUnaryMethods(
+        ApiFunction<UnaryCallSettings.Builder<?, ?>, Void> settingsUpdater) {
+      super.applyToAllUnaryMethods(unaryMethodSettingsBuilders, settingsUpdater);
+      return this;
+    }
+
+    public ImmutableList<UnaryCallSettings.Builder<?, ?>> unaryMethodSettingsBuilders() {
+      return unaryMethodSettingsBuilders;
+    }
+
+    /** Returns the builder for the settings used for calls to getSystemPolicy. */
+    public UnaryCallSettings.Builder<Service.GetSystemPolicyRequest, Resources.Policy>
+        getSystemPolicySettings() {
+      return getSystemPolicySettings;
+    }
+
+    @Override
+    public SystemPolicyV1StubSettings build() throws IOException {
+      return new SystemPolicyV1StubSettings(this);
+    }
+  }
+}
diff --git a/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/stub/ValidationHelperV1Stub.java b/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/stub/ValidationHelperV1Stub.java
new file mode 100644
index 00000000..af7b3e0a
--- /dev/null
+++ b/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/stub/ValidationHelperV1Stub.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.protos.google.cloud.binaryauthorization.v1.stub;
+
+import com.google.api.gax.core.BackgroundResource;
+import com.google.api.gax.rpc.UnaryCallable;
+import com.google.protos.google.cloud.binaryauthorization.v1.Service;
+import javax.annotation.Generated;
+
+// AUTO-GENERATED DOCUMENTATION AND CLASS.
+/**
+ * Base stub class for the ValidationHelperV1 service API.
+ *
+ * <p>This class is for advanced usage and reflects the underlying API directly.
+ */
+@Generated("by gapic-generator-java")
+public abstract class ValidationHelperV1Stub implements BackgroundResource {
+
+  public UnaryCallable<
+          Service.ValidateAttestationOccurrenceRequest,
+          Service.ValidateAttestationOccurrenceResponse>
+      validateAttestationOccurrenceCallable() {
+    throw new UnsupportedOperationException(
+        "Not implemented: validateAttestationOccurrenceCallable()");
+  }
+
+  @Override
+  public abstract void close();
+}
diff --git a/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/stub/ValidationHelperV1StubSettings.java b/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/stub/ValidationHelperV1StubSettings.java
new file mode 100644
index 00000000..1e45f510
--- /dev/null
+++ b/google-cloud-binary-authorization/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/stub/ValidationHelperV1StubSettings.java
@@ -0,0 +1,278 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.protos.google.cloud.binaryauthorization.v1.stub;
+
+import com.google.api.core.ApiFunction;
+import com.google.api.core.BetaApi;
+import com.google.api.gax.core.GaxProperties;
+import com.google.api.gax.core.GoogleCredentialsProvider;
+import com.google.api.gax.core.InstantiatingExecutorProvider;
+import com.google.api.gax.grpc.GaxGrpcProperties;
+import com.google.api.gax.grpc.GrpcTransportChannel;
+import com.google.api.gax.grpc.InstantiatingGrpcChannelProvider;
+import com.google.api.gax.retrying.RetrySettings;
+import com.google.api.gax.rpc.ApiClientHeaderProvider;
+import com.google.api.gax.rpc.ClientContext;
+import com.google.api.gax.rpc.StatusCode;
+import com.google.api.gax.rpc.StubSettings;
+import com.google.api.gax.rpc.TransportChannelProvider;
+import com.google.api.gax.rpc.UnaryCallSettings;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSet;
+import com.google.common.collect.Lists;
+import com.google.protos.google.cloud.binaryauthorization.v1.Service;
+import java.io.IOException;
+import java.util.List;
+import javax.annotation.Generated;
+
+// AUTO-GENERATED DOCUMENTATION AND CLASS.
+/**
+ * Settings class to configure an instance of {@link ValidationHelperV1Stub}.
+ *
+ * <p>The default instance has everything set to sensible defaults:
+ *
+ * <ul>
+ *   <li>The default service address (binaryauthorization.googleapis.com) and default port (443) are
+ *       used.
+ *   <li>Credentials are acquired automatically through Application Default Credentials.
+ *   <li>Retries are configured for idempotent methods but not for non-idempotent methods.
+ * </ul>
+ *
+ * <p>The builder of this class is recursive, so contained classes are themselves builders. When
+ * build() is called, the tree of builders is called to create the complete settings object.
+ *
+ * <p>For example, to set the total timeout of validateAttestationOccurrence to 30 seconds:
+ *
+ * <pre>{@code
+ * ValidationHelperV1StubSettings.Builder validationHelperV1SettingsBuilder =
+ *     ValidationHelperV1StubSettings.newBuilder();
+ * validationHelperV1SettingsBuilder
+ *     .validateAttestationOccurrenceSettings()
+ *     .setRetrySettings(
+ *         validationHelperV1SettingsBuilder
+ *             .validateAttestationOccurrenceSettings()
+ *             .getRetrySettings()
+ *             .toBuilder()
+ *             .setTotalTimeout(Duration.ofSeconds(30))
+ *             .build());
+ * ValidationHelperV1StubSettings validationHelperV1Settings =
+ *     validationHelperV1SettingsBuilder.build();
+ * }</pre>
+ */
+@Generated("by gapic-generator-java")
+public class ValidationHelperV1StubSettings extends StubSettings<ValidationHelperV1StubSettings> {
+  /** The default scopes of the service. */
+  private static final ImmutableList<String> DEFAULT_SERVICE_SCOPES =
+      ImmutableList.<String>builder().add("https://www.googleapis.com/auth/cloud-platform").build();
+
+  private final UnaryCallSettings<
+          Service.ValidateAttestationOccurrenceRequest,
+          Service.ValidateAttestationOccurrenceResponse>
+      validateAttestationOccurrenceSettings;
+
+  /** Returns the object with the settings used for calls to validateAttestationOccurrence. */
+  public UnaryCallSettings<
+          Service.ValidateAttestationOccurrenceRequest,
+          Service.ValidateAttestationOccurrenceResponse>
+      validateAttestationOccurrenceSettings() {
+    return validateAttestationOccurrenceSettings;
+  }
+
+  @BetaApi("A restructuring of stub classes is planned, so this may break in the future")
+  public ValidationHelperV1Stub createStub() throws IOException {
+    if (getTransportChannelProvider()
+        .getTransportName()
+        .equals(GrpcTransportChannel.getGrpcTransportName())) {
+      return GrpcValidationHelperV1Stub.create(this);
+    }
+    throw new UnsupportedOperationException(
+        String.format(
+            "Transport not supported: %s", getTransportChannelProvider().getTransportName()));
+  }
+
+  /** Returns a builder for the default ExecutorProvider for this service. */
+  public static InstantiatingExecutorProvider.Builder defaultExecutorProviderBuilder() {
+    return InstantiatingExecutorProvider.newBuilder();
+  }
+
+  /** Returns the default service endpoint. */
+  public static String getDefaultEndpoint() {
+    return "binaryauthorization.googleapis.com:443";
+  }
+
+  /** Returns the default mTLS service endpoint. */
+  public static String getDefaultMtlsEndpoint() {
+    return "binaryauthorization.mtls.googleapis.com:443";
+  }
+
+  /** Returns the default service scopes. */
+  public static List<String> getDefaultServiceScopes() {
+    return DEFAULT_SERVICE_SCOPES;
+  }
+
+  /** Returns a builder for the default credentials for this service. */
+  public static GoogleCredentialsProvider.Builder defaultCredentialsProviderBuilder() {
+    return GoogleCredentialsProvider.newBuilder()
+        .setScopesToApply(DEFAULT_SERVICE_SCOPES)
+        .setUseJwtAccessWithScope(true);
+  }
+
+  /** Returns a builder for the default ChannelProvider for this service. */
+  public static InstantiatingGrpcChannelProvider.Builder defaultGrpcTransportProviderBuilder() {
+    return InstantiatingGrpcChannelProvider.newBuilder()
+        .setMaxInboundMessageSize(Integer.MAX_VALUE);
+  }
+
+  public static TransportChannelProvider defaultTransportChannelProvider() {
+    return defaultGrpcTransportProviderBuilder().build();
+  }
+
+  @BetaApi("The surface for customizing headers is not stable yet and may change in the future.")
+  public static ApiClientHeaderProvider.Builder defaultApiClientHeaderProviderBuilder() {
+    return ApiClientHeaderProvider.newBuilder()
+        .setGeneratedLibToken(
+            "gapic", GaxProperties.getLibraryVersion(ValidationHelperV1StubSettings.class))
+        .setTransportToken(
+            GaxGrpcProperties.getGrpcTokenName(), GaxGrpcProperties.getGrpcVersion());
+  }
+
+  /** Returns a new builder for this class. */
+  public static Builder newBuilder() {
+    return Builder.createDefault();
+  }
+
+  /** Returns a new builder for this class. */
+  public static Builder newBuilder(ClientContext clientContext) {
+    return new Builder(clientContext);
+  }
+
+  /** Returns a builder containing all the values of this settings class. */
+  public Builder toBuilder() {
+    return new Builder(this);
+  }
+
+  protected ValidationHelperV1StubSettings(Builder settingsBuilder) throws IOException {
+    super(settingsBuilder);
+
+    validateAttestationOccurrenceSettings =
+        settingsBuilder.validateAttestationOccurrenceSettings().build();
+  }
+
+  /** Builder for ValidationHelperV1StubSettings. */
+  public static class Builder
+      extends StubSettings.Builder<ValidationHelperV1StubSettings, Builder> {
+    private final ImmutableList<UnaryCallSettings.Builder<?, ?>> unaryMethodSettingsBuilders;
+    private final UnaryCallSettings.Builder<
+            Service.ValidateAttestationOccurrenceRequest,
+            Service.ValidateAttestationOccurrenceResponse>
+        validateAttestationOccurrenceSettings;
+    private static final ImmutableMap<String, ImmutableSet<StatusCode.Code>>
+        RETRYABLE_CODE_DEFINITIONS;
+
+    static {
+      ImmutableMap.Builder<String, ImmutableSet<StatusCode.Code>> definitions =
+          ImmutableMap.builder();
+      definitions.put("no_retry_codes", ImmutableSet.copyOf(Lists.<StatusCode.Code>newArrayList()));
+      RETRYABLE_CODE_DEFINITIONS = definitions.build();
+    }
+
+    private static final ImmutableMap<String, RetrySettings> RETRY_PARAM_DEFINITIONS;
+
+    static {
+      ImmutableMap.Builder<String, RetrySettings> definitions = ImmutableMap.builder();
+      RetrySettings settings = null;
+      settings = RetrySettings.newBuilder().setRpcTimeoutMultiplier(1.0).build();
+      definitions.put("no_retry_params", settings);
+      RETRY_PARAM_DEFINITIONS = definitions.build();
+    }
+
+    protected Builder() {
+      this(((ClientContext) null));
+    }
+
+    protected Builder(ClientContext clientContext) {
+      super(clientContext);
+
+      validateAttestationOccurrenceSettings = UnaryCallSettings.newUnaryCallSettingsBuilder();
+
+      unaryMethodSettingsBuilders =
+          ImmutableList.<UnaryCallSettings.Builder<?, ?>>of(validateAttestationOccurrenceSettings);
+      initDefaults(this);
+    }
+
+    protected Builder(ValidationHelperV1StubSettings settings) {
+      super(settings);
+
+      validateAttestationOccurrenceSettings =
+          settings.validateAttestationOccurrenceSettings.toBuilder();
+
+      unaryMethodSettingsBuilders =
+          ImmutableList.<UnaryCallSettings.Builder<?, ?>>of(validateAttestationOccurrenceSettings);
+    }
+
+    private static Builder createDefault() {
+      Builder builder = new Builder(((ClientContext) null));
+
+      builder.setTransportChannelProvider(defaultTransportChannelProvider());
+      builder.setCredentialsProvider(defaultCredentialsProviderBuilder().build());
+      builder.setInternalHeaderProvider(defaultApiClientHeaderProviderBuilder().build());
+      builder.setEndpoint(getDefaultEndpoint());
+      builder.setMtlsEndpoint(getDefaultMtlsEndpoint());
+      builder.setSwitchToMtlsEndpointAllowed(true);
+
+      return initDefaults(builder);
+    }
+
+    private static Builder initDefaults(Builder builder) {
+      builder
+          .validateAttestationOccurrenceSettings()
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("no_retry_codes"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("no_retry_params"));
+
+      return builder;
+    }
+
+    /**
+     * Applies the given settings updater function to all of the unary API methods in this service.
+     *
+     * <p>Note: This method does not support applying settings to streaming methods.
+     */
+    public Builder applyToAllUnaryMethods(
+        ApiFunction<UnaryCallSettings.Builder<?, ?>, Void> settingsUpdater) {
+      super.applyToAllUnaryMethods(unaryMethodSettingsBuilders, settingsUpdater);
+      return this;
+    }
+
+    public ImmutableList<UnaryCallSettings.Builder<?, ?>> unaryMethodSettingsBuilders() {
+      return unaryMethodSettingsBuilders;
+    }
+
+    /** Returns the builder for the settings used for calls to validateAttestationOccurrence. */
+    public UnaryCallSettings.Builder<
+            Service.ValidateAttestationOccurrenceRequest,
+            Service.ValidateAttestationOccurrenceResponse>
+        validateAttestationOccurrenceSettings() {
+      return validateAttestationOccurrenceSettings;
+    }
+
+    @Override
+    public ValidationHelperV1StubSettings build() throws IOException {
+      return new ValidationHelperV1StubSettings(this);
+    }
+  }
+}
diff --git a/google-cloud-binary-authorization/src/test/java/com/google/protos/google/cloud/binaryauthorization/v1/BinauthzManagementServiceV1ClientTest.java b/google-cloud-binary-authorization/src/test/java/com/google/protos/google/cloud/binaryauthorization/v1/BinauthzManagementServiceV1ClientTest.java
new file mode 100644
index 00000000..f796cf02
--- /dev/null
+++ b/google-cloud-binary-authorization/src/test/java/com/google/protos/google/cloud/binaryauthorization/v1/BinauthzManagementServiceV1ClientTest.java
@@ -0,0 +1,605 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.protos.google.cloud.binaryauthorization.v1;
+
+import static com.google.protos.google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1Client.ListAttestorsPagedResponse;
+
+import com.google.api.gax.core.NoCredentialsProvider;
+import com.google.api.gax.grpc.GaxGrpcProperties;
+import com.google.api.gax.grpc.testing.LocalChannelProvider;
+import com.google.api.gax.grpc.testing.MockGrpcService;
+import com.google.api.gax.grpc.testing.MockServiceHelper;
+import com.google.api.gax.rpc.ApiClientHeaderProvider;
+import com.google.api.gax.rpc.InvalidArgumentException;
+import com.google.common.collect.Lists;
+import com.google.protobuf.AbstractMessage;
+import com.google.protobuf.Empty;
+import com.google.protobuf.Timestamp;
+import io.grpc.StatusRuntimeException;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.UUID;
+import javax.annotation.Generated;
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+@Generated("by gapic-generator-java")
+public class BinauthzManagementServiceV1ClientTest {
+  private static MockBinauthzManagementServiceV1 mockBinauthzManagementServiceV1;
+  private static MockServiceHelper mockServiceHelper;
+  private LocalChannelProvider channelProvider;
+  private BinauthzManagementServiceV1Client client;
+
+  @BeforeClass
+  public static void startStaticServer() {
+    mockBinauthzManagementServiceV1 = new MockBinauthzManagementServiceV1();
+    mockServiceHelper =
+        new MockServiceHelper(
+            UUID.randomUUID().toString(),
+            Arrays.<MockGrpcService>asList(mockBinauthzManagementServiceV1));
+    mockServiceHelper.start();
+  }
+
+  @AfterClass
+  public static void stopServer() {
+    mockServiceHelper.stop();
+  }
+
+  @Before
+  public void setUp() throws IOException {
+    mockServiceHelper.reset();
+    channelProvider = mockServiceHelper.createChannelProvider();
+    BinauthzManagementServiceV1Settings settings =
+        BinauthzManagementServiceV1Settings.newBuilder()
+            .setTransportChannelProvider(channelProvider)
+            .setCredentialsProvider(NoCredentialsProvider.create())
+            .build();
+    client = BinauthzManagementServiceV1Client.create(settings);
+  }
+
+  @After
+  public void tearDown() throws Exception {
+    client.close();
+  }
+
+  @Test
+  public void getPolicyTest() throws Exception {
+    Resources.Policy expectedResponse =
+        Resources.Policy.newBuilder()
+            .setName(PolicyName.ofProjectName("[PROJECT]").toString())
+            .setDescription("description-1724546052")
+            .addAllAdmissionWhitelistPatterns(new ArrayList<Resources.AdmissionWhitelistPattern>())
+            .putAllClusterAdmissionRules(new HashMap<String, Resources.AdmissionRule>())
+            .putAllKubernetesNamespaceAdmissionRules(new HashMap<String, Resources.AdmissionRule>())
+            .putAllKubernetesServiceAccountAdmissionRules(
+                new HashMap<String, Resources.AdmissionRule>())
+            .putAllIstioServiceIdentityAdmissionRules(
+                new HashMap<String, Resources.AdmissionRule>())
+            .setDefaultAdmissionRule(Resources.AdmissionRule.newBuilder().build())
+            .setUpdateTime(Timestamp.newBuilder().build())
+            .build();
+    mockBinauthzManagementServiceV1.addResponse(expectedResponse);
+
+    PolicyName name = PolicyName.ofProjectName("[PROJECT]");
+
+    Resources.Policy actualResponse = client.getPolicy(name);
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockBinauthzManagementServiceV1.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    Service.GetPolicyRequest actualRequest = ((Service.GetPolicyRequest) actualRequests.get(0));
+
+    Assert.assertEquals(name.toString(), actualRequest.getName());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void getPolicyExceptionTest() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockBinauthzManagementServiceV1.addException(exception);
+
+    try {
+      PolicyName name = PolicyName.ofProjectName("[PROJECT]");
+      client.getPolicy(name);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception.
+    }
+  }
+
+  @Test
+  public void getPolicyTest2() throws Exception {
+    Resources.Policy expectedResponse =
+        Resources.Policy.newBuilder()
+            .setName(PolicyName.ofProjectName("[PROJECT]").toString())
+            .setDescription("description-1724546052")
+            .addAllAdmissionWhitelistPatterns(new ArrayList<Resources.AdmissionWhitelistPattern>())
+            .putAllClusterAdmissionRules(new HashMap<String, Resources.AdmissionRule>())
+            .putAllKubernetesNamespaceAdmissionRules(new HashMap<String, Resources.AdmissionRule>())
+            .putAllKubernetesServiceAccountAdmissionRules(
+                new HashMap<String, Resources.AdmissionRule>())
+            .putAllIstioServiceIdentityAdmissionRules(
+                new HashMap<String, Resources.AdmissionRule>())
+            .setDefaultAdmissionRule(Resources.AdmissionRule.newBuilder().build())
+            .setUpdateTime(Timestamp.newBuilder().build())
+            .build();
+    mockBinauthzManagementServiceV1.addResponse(expectedResponse);
+
+    String name = "name3373707";
+
+    Resources.Policy actualResponse = client.getPolicy(name);
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockBinauthzManagementServiceV1.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    Service.GetPolicyRequest actualRequest = ((Service.GetPolicyRequest) actualRequests.get(0));
+
+    Assert.assertEquals(name, actualRequest.getName());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void getPolicyExceptionTest2() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockBinauthzManagementServiceV1.addException(exception);
+
+    try {
+      String name = "name3373707";
+      client.getPolicy(name);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception.
+    }
+  }
+
+  @Test
+  public void updatePolicyTest() throws Exception {
+    Resources.Policy expectedResponse =
+        Resources.Policy.newBuilder()
+            .setName(PolicyName.ofProjectName("[PROJECT]").toString())
+            .setDescription("description-1724546052")
+            .addAllAdmissionWhitelistPatterns(new ArrayList<Resources.AdmissionWhitelistPattern>())
+            .putAllClusterAdmissionRules(new HashMap<String, Resources.AdmissionRule>())
+            .putAllKubernetesNamespaceAdmissionRules(new HashMap<String, Resources.AdmissionRule>())
+            .putAllKubernetesServiceAccountAdmissionRules(
+                new HashMap<String, Resources.AdmissionRule>())
+            .putAllIstioServiceIdentityAdmissionRules(
+                new HashMap<String, Resources.AdmissionRule>())
+            .setDefaultAdmissionRule(Resources.AdmissionRule.newBuilder().build())
+            .setUpdateTime(Timestamp.newBuilder().build())
+            .build();
+    mockBinauthzManagementServiceV1.addResponse(expectedResponse);
+
+    Resources.Policy policy = Resources.Policy.newBuilder().build();
+
+    Resources.Policy actualResponse = client.updatePolicy(policy);
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockBinauthzManagementServiceV1.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    Service.UpdatePolicyRequest actualRequest =
+        ((Service.UpdatePolicyRequest) actualRequests.get(0));
+
+    Assert.assertEquals(policy, actualRequest.getPolicy());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void updatePolicyExceptionTest() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockBinauthzManagementServiceV1.addException(exception);
+
+    try {
+      Resources.Policy policy = Resources.Policy.newBuilder().build();
+      client.updatePolicy(policy);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception.
+    }
+  }
+
+  @Test
+  public void createAttestorTest() throws Exception {
+    Resources.Attestor expectedResponse =
+        Resources.Attestor.newBuilder()
+            .setName(AttestorName.of("[PROJECT]", "[ATTESTOR]").toString())
+            .setDescription("description-1724546052")
+            .setUpdateTime(Timestamp.newBuilder().build())
+            .build();
+    mockBinauthzManagementServiceV1.addResponse(expectedResponse);
+
+    ProjectName parent = ProjectName.of("[PROJECT]");
+    String attestorId = "attestorId2055733027";
+    Resources.Attestor attestor = Resources.Attestor.newBuilder().build();
+
+    Resources.Attestor actualResponse = client.createAttestor(parent, attestorId, attestor);
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockBinauthzManagementServiceV1.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    Service.CreateAttestorRequest actualRequest =
+        ((Service.CreateAttestorRequest) actualRequests.get(0));
+
+    Assert.assertEquals(parent.toString(), actualRequest.getParent());
+    Assert.assertEquals(attestorId, actualRequest.getAttestorId());
+    Assert.assertEquals(attestor, actualRequest.getAttestor());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void createAttestorExceptionTest() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockBinauthzManagementServiceV1.addException(exception);
+
+    try {
+      ProjectName parent = ProjectName.of("[PROJECT]");
+      String attestorId = "attestorId2055733027";
+      Resources.Attestor attestor = Resources.Attestor.newBuilder().build();
+      client.createAttestor(parent, attestorId, attestor);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception.
+    }
+  }
+
+  @Test
+  public void createAttestorTest2() throws Exception {
+    Resources.Attestor expectedResponse =
+        Resources.Attestor.newBuilder()
+            .setName(AttestorName.of("[PROJECT]", "[ATTESTOR]").toString())
+            .setDescription("description-1724546052")
+            .setUpdateTime(Timestamp.newBuilder().build())
+            .build();
+    mockBinauthzManagementServiceV1.addResponse(expectedResponse);
+
+    String parent = "parent-995424086";
+    String attestorId = "attestorId2055733027";
+    Resources.Attestor attestor = Resources.Attestor.newBuilder().build();
+
+    Resources.Attestor actualResponse = client.createAttestor(parent, attestorId, attestor);
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockBinauthzManagementServiceV1.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    Service.CreateAttestorRequest actualRequest =
+        ((Service.CreateAttestorRequest) actualRequests.get(0));
+
+    Assert.assertEquals(parent, actualRequest.getParent());
+    Assert.assertEquals(attestorId, actualRequest.getAttestorId());
+    Assert.assertEquals(attestor, actualRequest.getAttestor());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void createAttestorExceptionTest2() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockBinauthzManagementServiceV1.addException(exception);
+
+    try {
+      String parent = "parent-995424086";
+      String attestorId = "attestorId2055733027";
+      Resources.Attestor attestor = Resources.Attestor.newBuilder().build();
+      client.createAttestor(parent, attestorId, attestor);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception.
+    }
+  }
+
+  @Test
+  public void getAttestorTest() throws Exception {
+    Resources.Attestor expectedResponse =
+        Resources.Attestor.newBuilder()
+            .setName(AttestorName.of("[PROJECT]", "[ATTESTOR]").toString())
+            .setDescription("description-1724546052")
+            .setUpdateTime(Timestamp.newBuilder().build())
+            .build();
+    mockBinauthzManagementServiceV1.addResponse(expectedResponse);
+
+    AttestorName name = AttestorName.of("[PROJECT]", "[ATTESTOR]");
+
+    Resources.Attestor actualResponse = client.getAttestor(name);
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockBinauthzManagementServiceV1.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    Service.GetAttestorRequest actualRequest = ((Service.GetAttestorRequest) actualRequests.get(0));
+
+    Assert.assertEquals(name.toString(), actualRequest.getName());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void getAttestorExceptionTest() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockBinauthzManagementServiceV1.addException(exception);
+
+    try {
+      AttestorName name = AttestorName.of("[PROJECT]", "[ATTESTOR]");
+      client.getAttestor(name);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception.
+    }
+  }
+
+  @Test
+  public void getAttestorTest2() throws Exception {
+    Resources.Attestor expectedResponse =
+        Resources.Attestor.newBuilder()
+            .setName(AttestorName.of("[PROJECT]", "[ATTESTOR]").toString())
+            .setDescription("description-1724546052")
+            .setUpdateTime(Timestamp.newBuilder().build())
+            .build();
+    mockBinauthzManagementServiceV1.addResponse(expectedResponse);
+
+    String name = "name3373707";
+
+    Resources.Attestor actualResponse = client.getAttestor(name);
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockBinauthzManagementServiceV1.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    Service.GetAttestorRequest actualRequest = ((Service.GetAttestorRequest) actualRequests.get(0));
+
+    Assert.assertEquals(name, actualRequest.getName());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void getAttestorExceptionTest2() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockBinauthzManagementServiceV1.addException(exception);
+
+    try {
+      String name = "name3373707";
+      client.getAttestor(name);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception.
+    }
+  }
+
+  @Test
+  public void updateAttestorTest() throws Exception {
+    Resources.Attestor expectedResponse =
+        Resources.Attestor.newBuilder()
+            .setName(AttestorName.of("[PROJECT]", "[ATTESTOR]").toString())
+            .setDescription("description-1724546052")
+            .setUpdateTime(Timestamp.newBuilder().build())
+            .build();
+    mockBinauthzManagementServiceV1.addResponse(expectedResponse);
+
+    Resources.Attestor attestor = Resources.Attestor.newBuilder().build();
+
+    Resources.Attestor actualResponse = client.updateAttestor(attestor);
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockBinauthzManagementServiceV1.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    Service.UpdateAttestorRequest actualRequest =
+        ((Service.UpdateAttestorRequest) actualRequests.get(0));
+
+    Assert.assertEquals(attestor, actualRequest.getAttestor());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void updateAttestorExceptionTest() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockBinauthzManagementServiceV1.addException(exception);
+
+    try {
+      Resources.Attestor attestor = Resources.Attestor.newBuilder().build();
+      client.updateAttestor(attestor);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception.
+    }
+  }
+
+  @Test
+  public void listAttestorsTest() throws Exception {
+    Resources.Attestor responsesElement = Resources.Attestor.newBuilder().build();
+    Service.ListAttestorsResponse expectedResponse =
+        Service.ListAttestorsResponse.newBuilder()
+            .setNextPageToken("")
+            .addAllAttestors(Arrays.asList(responsesElement))
+            .build();
+    mockBinauthzManagementServiceV1.addResponse(expectedResponse);
+
+    ProjectName parent = ProjectName.of("[PROJECT]");
+
+    ListAttestorsPagedResponse pagedListResponse = client.listAttestors(parent);
+
+    List<Resources.Attestor> resources = Lists.newArrayList(pagedListResponse.iterateAll());
+
+    Assert.assertEquals(1, resources.size());
+    Assert.assertEquals(expectedResponse.getAttestorsList().get(0), resources.get(0));
+
+    List<AbstractMessage> actualRequests = mockBinauthzManagementServiceV1.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    Service.ListAttestorsRequest actualRequest =
+        ((Service.ListAttestorsRequest) actualRequests.get(0));
+
+    Assert.assertEquals(parent.toString(), actualRequest.getParent());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void listAttestorsExceptionTest() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockBinauthzManagementServiceV1.addException(exception);
+
+    try {
+      ProjectName parent = ProjectName.of("[PROJECT]");
+      client.listAttestors(parent);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception.
+    }
+  }
+
+  @Test
+  public void listAttestorsTest2() throws Exception {
+    Resources.Attestor responsesElement = Resources.Attestor.newBuilder().build();
+    Service.ListAttestorsResponse expectedResponse =
+        Service.ListAttestorsResponse.newBuilder()
+            .setNextPageToken("")
+            .addAllAttestors(Arrays.asList(responsesElement))
+            .build();
+    mockBinauthzManagementServiceV1.addResponse(expectedResponse);
+
+    String parent = "parent-995424086";
+
+    ListAttestorsPagedResponse pagedListResponse = client.listAttestors(parent);
+
+    List<Resources.Attestor> resources = Lists.newArrayList(pagedListResponse.iterateAll());
+
+    Assert.assertEquals(1, resources.size());
+    Assert.assertEquals(expectedResponse.getAttestorsList().get(0), resources.get(0));
+
+    List<AbstractMessage> actualRequests = mockBinauthzManagementServiceV1.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    Service.ListAttestorsRequest actualRequest =
+        ((Service.ListAttestorsRequest) actualRequests.get(0));
+
+    Assert.assertEquals(parent, actualRequest.getParent());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void listAttestorsExceptionTest2() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockBinauthzManagementServiceV1.addException(exception);
+
+    try {
+      String parent = "parent-995424086";
+      client.listAttestors(parent);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception.
+    }
+  }
+
+  @Test
+  public void deleteAttestorTest() throws Exception {
+    Empty expectedResponse = Empty.newBuilder().build();
+    mockBinauthzManagementServiceV1.addResponse(expectedResponse);
+
+    AttestorName name = AttestorName.of("[PROJECT]", "[ATTESTOR]");
+
+    client.deleteAttestor(name);
+
+    List<AbstractMessage> actualRequests = mockBinauthzManagementServiceV1.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    Service.DeleteAttestorRequest actualRequest =
+        ((Service.DeleteAttestorRequest) actualRequests.get(0));
+
+    Assert.assertEquals(name.toString(), actualRequest.getName());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void deleteAttestorExceptionTest() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockBinauthzManagementServiceV1.addException(exception);
+
+    try {
+      AttestorName name = AttestorName.of("[PROJECT]", "[ATTESTOR]");
+      client.deleteAttestor(name);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception.
+    }
+  }
+
+  @Test
+  public void deleteAttestorTest2() throws Exception {
+    Empty expectedResponse = Empty.newBuilder().build();
+    mockBinauthzManagementServiceV1.addResponse(expectedResponse);
+
+    String name = "name3373707";
+
+    client.deleteAttestor(name);
+
+    List<AbstractMessage> actualRequests = mockBinauthzManagementServiceV1.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    Service.DeleteAttestorRequest actualRequest =
+        ((Service.DeleteAttestorRequest) actualRequests.get(0));
+
+    Assert.assertEquals(name, actualRequest.getName());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void deleteAttestorExceptionTest2() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockBinauthzManagementServiceV1.addException(exception);
+
+    try {
+      String name = "name3373707";
+      client.deleteAttestor(name);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception.
+    }
+  }
+}
diff --git a/google-cloud-binary-authorization/src/test/java/com/google/protos/google/cloud/binaryauthorization/v1/MockBinauthzManagementServiceV1.java b/google-cloud-binary-authorization/src/test/java/com/google/protos/google/cloud/binaryauthorization/v1/MockBinauthzManagementServiceV1.java
new file mode 100644
index 00000000..441abf2e
--- /dev/null
+++ b/google-cloud-binary-authorization/src/test/java/com/google/protos/google/cloud/binaryauthorization/v1/MockBinauthzManagementServiceV1.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.protos.google.cloud.binaryauthorization.v1;
+
+import com.google.api.core.BetaApi;
+import com.google.api.gax.grpc.testing.MockGrpcService;
+import com.google.protobuf.AbstractMessage;
+import io.grpc.ServerServiceDefinition;
+import java.util.List;
+import javax.annotation.Generated;
+
+@BetaApi
+@Generated("by gapic-generator-java")
+public class MockBinauthzManagementServiceV1 implements MockGrpcService {
+  private final MockBinauthzManagementServiceV1Impl serviceImpl;
+
+  public MockBinauthzManagementServiceV1() {
+    serviceImpl = new MockBinauthzManagementServiceV1Impl();
+  }
+
+  @Override
+  public List<AbstractMessage> getRequests() {
+    return serviceImpl.getRequests();
+  }
+
+  @Override
+  public void addResponse(AbstractMessage response) {
+    serviceImpl.addResponse(response);
+  }
+
+  @Override
+  public void addException(Exception exception) {
+    serviceImpl.addException(exception);
+  }
+
+  @Override
+  public ServerServiceDefinition getServiceDefinition() {
+    return serviceImpl.bindService();
+  }
+
+  @Override
+  public void reset() {
+    serviceImpl.reset();
+  }
+}
diff --git a/google-cloud-binary-authorization/src/test/java/com/google/protos/google/cloud/binaryauthorization/v1/MockBinauthzManagementServiceV1Impl.java b/google-cloud-binary-authorization/src/test/java/com/google/protos/google/cloud/binaryauthorization/v1/MockBinauthzManagementServiceV1Impl.java
new file mode 100644
index 00000000..43c5cbd3
--- /dev/null
+++ b/google-cloud-binary-authorization/src/test/java/com/google/protos/google/cloud/binaryauthorization/v1/MockBinauthzManagementServiceV1Impl.java
@@ -0,0 +1,209 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.protos.google.cloud.binaryauthorization.v1;
+
+import com.google.api.core.BetaApi;
+import com.google.protobuf.AbstractMessage;
+import com.google.protobuf.Empty;
+import com.google.protos.google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1Grpc.BinauthzManagementServiceV1ImplBase;
+import io.grpc.stub.StreamObserver;
+import java.util.ArrayList;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Queue;
+import javax.annotation.Generated;
+
+@BetaApi
+@Generated("by gapic-generator-java")
+public class MockBinauthzManagementServiceV1Impl extends BinauthzManagementServiceV1ImplBase {
+  private List<AbstractMessage> requests;
+  private Queue<Object> responses;
+
+  public MockBinauthzManagementServiceV1Impl() {
+    requests = new ArrayList<>();
+    responses = new LinkedList<>();
+  }
+
+  public List<AbstractMessage> getRequests() {
+    return requests;
+  }
+
+  public void addResponse(AbstractMessage response) {
+    responses.add(response);
+  }
+
+  public void setResponses(List<AbstractMessage> responses) {
+    this.responses = new LinkedList<Object>(responses);
+  }
+
+  public void addException(Exception exception) {
+    responses.add(exception);
+  }
+
+  public void reset() {
+    requests = new ArrayList<>();
+    responses = new LinkedList<>();
+  }
+
+  @Override
+  public void getPolicy(
+      Service.GetPolicyRequest request, StreamObserver<Resources.Policy> responseObserver) {
+    Object response = responses.poll();
+    if (response instanceof Resources.Policy) {
+      requests.add(request);
+      responseObserver.onNext(((Resources.Policy) response));
+      responseObserver.onCompleted();
+    } else if (response instanceof Exception) {
+      responseObserver.onError(((Exception) response));
+    } else {
+      responseObserver.onError(
+          new IllegalArgumentException(
+              String.format(
+                  "Unrecognized response type %s for method GetPolicy, expected %s or %s",
+                  response == null ? "null" : response.getClass().getName(),
+                  Resources.Policy.class.getName(),
+                  Exception.class.getName())));
+    }
+  }
+
+  @Override
+  public void updatePolicy(
+      Service.UpdatePolicyRequest request, StreamObserver<Resources.Policy> responseObserver) {
+    Object response = responses.poll();
+    if (response instanceof Resources.Policy) {
+      requests.add(request);
+      responseObserver.onNext(((Resources.Policy) response));
+      responseObserver.onCompleted();
+    } else if (response instanceof Exception) {
+      responseObserver.onError(((Exception) response));
+    } else {
+      responseObserver.onError(
+          new IllegalArgumentException(
+              String.format(
+                  "Unrecognized response type %s for method UpdatePolicy, expected %s or %s",
+                  response == null ? "null" : response.getClass().getName(),
+                  Resources.Policy.class.getName(),
+                  Exception.class.getName())));
+    }
+  }
+
+  @Override
+  public void createAttestor(
+      Service.CreateAttestorRequest request, StreamObserver<Resources.Attestor> responseObserver) {
+    Object response = responses.poll();
+    if (response instanceof Resources.Attestor) {
+      requests.add(request);
+      responseObserver.onNext(((Resources.Attestor) response));
+      responseObserver.onCompleted();
+    } else if (response instanceof Exception) {
+      responseObserver.onError(((Exception) response));
+    } else {
+      responseObserver.onError(
+          new IllegalArgumentException(
+              String.format(
+                  "Unrecognized response type %s for method CreateAttestor, expected %s or %s",
+                  response == null ? "null" : response.getClass().getName(),
+                  Resources.Attestor.class.getName(),
+                  Exception.class.getName())));
+    }
+  }
+
+  @Override
+  public void getAttestor(
+      Service.GetAttestorRequest request, StreamObserver<Resources.Attestor> responseObserver) {
+    Object response = responses.poll();
+    if (response instanceof Resources.Attestor) {
+      requests.add(request);
+      responseObserver.onNext(((Resources.Attestor) response));
+      responseObserver.onCompleted();
+    } else if (response instanceof Exception) {
+      responseObserver.onError(((Exception) response));
+    } else {
+      responseObserver.onError(
+          new IllegalArgumentException(
+              String.format(
+                  "Unrecognized response type %s for method GetAttestor, expected %s or %s",
+                  response == null ? "null" : response.getClass().getName(),
+                  Resources.Attestor.class.getName(),
+                  Exception.class.getName())));
+    }
+  }
+
+  @Override
+  public void updateAttestor(
+      Service.UpdateAttestorRequest request, StreamObserver<Resources.Attestor> responseObserver) {
+    Object response = responses.poll();
+    if (response instanceof Resources.Attestor) {
+      requests.add(request);
+      responseObserver.onNext(((Resources.Attestor) response));
+      responseObserver.onCompleted();
+    } else if (response instanceof Exception) {
+      responseObserver.onError(((Exception) response));
+    } else {
+      responseObserver.onError(
+          new IllegalArgumentException(
+              String.format(
+                  "Unrecognized response type %s for method UpdateAttestor, expected %s or %s",
+                  response == null ? "null" : response.getClass().getName(),
+                  Resources.Attestor.class.getName(),
+                  Exception.class.getName())));
+    }
+  }
+
+  @Override
+  public void listAttestors(
+      Service.ListAttestorsRequest request,
+      StreamObserver<Service.ListAttestorsResponse> responseObserver) {
+    Object response = responses.poll();
+    if (response instanceof Service.ListAttestorsResponse) {
+      requests.add(request);
+      responseObserver.onNext(((Service.ListAttestorsResponse) response));
+      responseObserver.onCompleted();
+    } else if (response instanceof Exception) {
+      responseObserver.onError(((Exception) response));
+    } else {
+      responseObserver.onError(
+          new IllegalArgumentException(
+              String.format(
+                  "Unrecognized response type %s for method ListAttestors, expected %s or %s",
+                  response == null ? "null" : response.getClass().getName(),
+                  Service.ListAttestorsResponse.class.getName(),
+                  Exception.class.getName())));
+    }
+  }
+
+  @Override
+  public void deleteAttestor(
+      Service.DeleteAttestorRequest request, StreamObserver<Empty> responseObserver) {
+    Object response = responses.poll();
+    if (response instanceof Empty) {
+      requests.add(request);
+      responseObserver.onNext(((Empty) response));
+      responseObserver.onCompleted();
+    } else if (response instanceof Exception) {
+      responseObserver.onError(((Exception) response));
+    } else {
+      responseObserver.onError(
+          new IllegalArgumentException(
+              String.format(
+                  "Unrecognized response type %s for method DeleteAttestor, expected %s or %s",
+                  response == null ? "null" : response.getClass().getName(),
+                  Empty.class.getName(),
+                  Exception.class.getName())));
+    }
+  }
+}
diff --git a/google-cloud-binary-authorization/src/test/java/com/google/protos/google/cloud/binaryauthorization/v1/MockSystemPolicyV1.java b/google-cloud-binary-authorization/src/test/java/com/google/protos/google/cloud/binaryauthorization/v1/MockSystemPolicyV1.java
new file mode 100644
index 00000000..eca15998
--- /dev/null
+++ b/google-cloud-binary-authorization/src/test/java/com/google/protos/google/cloud/binaryauthorization/v1/MockSystemPolicyV1.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.protos.google.cloud.binaryauthorization.v1;
+
+import com.google.api.core.BetaApi;
+import com.google.api.gax.grpc.testing.MockGrpcService;
+import com.google.protobuf.AbstractMessage;
+import io.grpc.ServerServiceDefinition;
+import java.util.List;
+import javax.annotation.Generated;
+
+@BetaApi
+@Generated("by gapic-generator-java")
+public class MockSystemPolicyV1 implements MockGrpcService {
+  private final MockSystemPolicyV1Impl serviceImpl;
+
+  public MockSystemPolicyV1() {
+    serviceImpl = new MockSystemPolicyV1Impl();
+  }
+
+  @Override
+  public List<AbstractMessage> getRequests() {
+    return serviceImpl.getRequests();
+  }
+
+  @Override
+  public void addResponse(AbstractMessage response) {
+    serviceImpl.addResponse(response);
+  }
+
+  @Override
+  public void addException(Exception exception) {
+    serviceImpl.addException(exception);
+  }
+
+  @Override
+  public ServerServiceDefinition getServiceDefinition() {
+    return serviceImpl.bindService();
+  }
+
+  @Override
+  public void reset() {
+    serviceImpl.reset();
+  }
+}
diff --git a/google-cloud-binary-authorization/src/test/java/com/google/protos/google/cloud/binaryauthorization/v1/MockSystemPolicyV1Impl.java b/google-cloud-binary-authorization/src/test/java/com/google/protos/google/cloud/binaryauthorization/v1/MockSystemPolicyV1Impl.java
new file mode 100644
index 00000000..b329f628
--- /dev/null
+++ b/google-cloud-binary-authorization/src/test/java/com/google/protos/google/cloud/binaryauthorization/v1/MockSystemPolicyV1Impl.java
@@ -0,0 +1,81 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.protos.google.cloud.binaryauthorization.v1;
+
+import com.google.api.core.BetaApi;
+import com.google.protobuf.AbstractMessage;
+import com.google.protos.google.cloud.binaryauthorization.v1.SystemPolicyV1Grpc.SystemPolicyV1ImplBase;
+import io.grpc.stub.StreamObserver;
+import java.util.ArrayList;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Queue;
+import javax.annotation.Generated;
+
+@BetaApi
+@Generated("by gapic-generator-java")
+public class MockSystemPolicyV1Impl extends SystemPolicyV1ImplBase {
+  private List<AbstractMessage> requests;
+  private Queue<Object> responses;
+
+  public MockSystemPolicyV1Impl() {
+    requests = new ArrayList<>();
+    responses = new LinkedList<>();
+  }
+
+  public List<AbstractMessage> getRequests() {
+    return requests;
+  }
+
+  public void addResponse(AbstractMessage response) {
+    responses.add(response);
+  }
+
+  public void setResponses(List<AbstractMessage> responses) {
+    this.responses = new LinkedList<Object>(responses);
+  }
+
+  public void addException(Exception exception) {
+    responses.add(exception);
+  }
+
+  public void reset() {
+    requests = new ArrayList<>();
+    responses = new LinkedList<>();
+  }
+
+  @Override
+  public void getSystemPolicy(
+      Service.GetSystemPolicyRequest request, StreamObserver<Resources.Policy> responseObserver) {
+    Object response = responses.poll();
+    if (response instanceof Resources.Policy) {
+      requests.add(request);
+      responseObserver.onNext(((Resources.Policy) response));
+      responseObserver.onCompleted();
+    } else if (response instanceof Exception) {
+      responseObserver.onError(((Exception) response));
+    } else {
+      responseObserver.onError(
+          new IllegalArgumentException(
+              String.format(
+                  "Unrecognized response type %s for method GetSystemPolicy, expected %s or %s",
+                  response == null ? "null" : response.getClass().getName(),
+                  Resources.Policy.class.getName(),
+                  Exception.class.getName())));
+    }
+  }
+}
diff --git a/google-cloud-binary-authorization/src/test/java/com/google/protos/google/cloud/binaryauthorization/v1/MockValidationHelperV1.java b/google-cloud-binary-authorization/src/test/java/com/google/protos/google/cloud/binaryauthorization/v1/MockValidationHelperV1.java
new file mode 100644
index 00000000..4c056166
--- /dev/null
+++ b/google-cloud-binary-authorization/src/test/java/com/google/protos/google/cloud/binaryauthorization/v1/MockValidationHelperV1.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.protos.google.cloud.binaryauthorization.v1;
+
+import com.google.api.core.BetaApi;
+import com.google.api.gax.grpc.testing.MockGrpcService;
+import com.google.protobuf.AbstractMessage;
+import io.grpc.ServerServiceDefinition;
+import java.util.List;
+import javax.annotation.Generated;
+
+@BetaApi
+@Generated("by gapic-generator-java")
+public class MockValidationHelperV1 implements MockGrpcService {
+  private final MockValidationHelperV1Impl serviceImpl;
+
+  public MockValidationHelperV1() {
+    serviceImpl = new MockValidationHelperV1Impl();
+  }
+
+  @Override
+  public List<AbstractMessage> getRequests() {
+    return serviceImpl.getRequests();
+  }
+
+  @Override
+  public void addResponse(AbstractMessage response) {
+    serviceImpl.addResponse(response);
+  }
+
+  @Override
+  public void addException(Exception exception) {
+    serviceImpl.addException(exception);
+  }
+
+  @Override
+  public ServerServiceDefinition getServiceDefinition() {
+    return serviceImpl.bindService();
+  }
+
+  @Override
+  public void reset() {
+    serviceImpl.reset();
+  }
+}
diff --git a/google-cloud-binary-authorization/src/test/java/com/google/protos/google/cloud/binaryauthorization/v1/MockValidationHelperV1Impl.java b/google-cloud-binary-authorization/src/test/java/com/google/protos/google/cloud/binaryauthorization/v1/MockValidationHelperV1Impl.java
new file mode 100644
index 00000000..31550b6b
--- /dev/null
+++ b/google-cloud-binary-authorization/src/test/java/com/google/protos/google/cloud/binaryauthorization/v1/MockValidationHelperV1Impl.java
@@ -0,0 +1,82 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.protos.google.cloud.binaryauthorization.v1;
+
+import com.google.api.core.BetaApi;
+import com.google.protobuf.AbstractMessage;
+import com.google.protos.google.cloud.binaryauthorization.v1.ValidationHelperV1Grpc.ValidationHelperV1ImplBase;
+import io.grpc.stub.StreamObserver;
+import java.util.ArrayList;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Queue;
+import javax.annotation.Generated;
+
+@BetaApi
+@Generated("by gapic-generator-java")
+public class MockValidationHelperV1Impl extends ValidationHelperV1ImplBase {
+  private List<AbstractMessage> requests;
+  private Queue<Object> responses;
+
+  public MockValidationHelperV1Impl() {
+    requests = new ArrayList<>();
+    responses = new LinkedList<>();
+  }
+
+  public List<AbstractMessage> getRequests() {
+    return requests;
+  }
+
+  public void addResponse(AbstractMessage response) {
+    responses.add(response);
+  }
+
+  public void setResponses(List<AbstractMessage> responses) {
+    this.responses = new LinkedList<Object>(responses);
+  }
+
+  public void addException(Exception exception) {
+    responses.add(exception);
+  }
+
+  public void reset() {
+    requests = new ArrayList<>();
+    responses = new LinkedList<>();
+  }
+
+  @Override
+  public void validateAttestationOccurrence(
+      Service.ValidateAttestationOccurrenceRequest request,
+      StreamObserver<Service.ValidateAttestationOccurrenceResponse> responseObserver) {
+    Object response = responses.poll();
+    if (response instanceof Service.ValidateAttestationOccurrenceResponse) {
+      requests.add(request);
+      responseObserver.onNext(((Service.ValidateAttestationOccurrenceResponse) response));
+      responseObserver.onCompleted();
+    } else if (response instanceof Exception) {
+      responseObserver.onError(((Exception) response));
+    } else {
+      responseObserver.onError(
+          new IllegalArgumentException(
+              String.format(
+                  "Unrecognized response type %s for method ValidateAttestationOccurrence, expected %s or %s",
+                  response == null ? "null" : response.getClass().getName(),
+                  Service.ValidateAttestationOccurrenceResponse.class.getName(),
+                  Exception.class.getName())));
+    }
+  }
+}
diff --git a/google-cloud-binary-authorization/src/test/java/com/google/protos/google/cloud/binaryauthorization/v1/SystemPolicyV1ClientTest.java b/google-cloud-binary-authorization/src/test/java/com/google/protos/google/cloud/binaryauthorization/v1/SystemPolicyV1ClientTest.java
new file mode 100644
index 00000000..dc4ccef1
--- /dev/null
+++ b/google-cloud-binary-authorization/src/test/java/com/google/protos/google/cloud/binaryauthorization/v1/SystemPolicyV1ClientTest.java
@@ -0,0 +1,178 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.protos.google.cloud.binaryauthorization.v1;
+
+import com.google.api.gax.core.NoCredentialsProvider;
+import com.google.api.gax.grpc.GaxGrpcProperties;
+import com.google.api.gax.grpc.testing.LocalChannelProvider;
+import com.google.api.gax.grpc.testing.MockGrpcService;
+import com.google.api.gax.grpc.testing.MockServiceHelper;
+import com.google.api.gax.rpc.ApiClientHeaderProvider;
+import com.google.api.gax.rpc.InvalidArgumentException;
+import com.google.protobuf.AbstractMessage;
+import com.google.protobuf.Timestamp;
+import io.grpc.StatusRuntimeException;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.UUID;
+import javax.annotation.Generated;
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+@Generated("by gapic-generator-java")
+public class SystemPolicyV1ClientTest {
+  private static MockServiceHelper mockServiceHelper;
+  private static MockSystemPolicyV1 mockSystemPolicyV1;
+  private LocalChannelProvider channelProvider;
+  private SystemPolicyV1Client client;
+
+  @BeforeClass
+  public static void startStaticServer() {
+    mockSystemPolicyV1 = new MockSystemPolicyV1();
+    mockServiceHelper =
+        new MockServiceHelper(
+            UUID.randomUUID().toString(), Arrays.<MockGrpcService>asList(mockSystemPolicyV1));
+    mockServiceHelper.start();
+  }
+
+  @AfterClass
+  public static void stopServer() {
+    mockServiceHelper.stop();
+  }
+
+  @Before
+  public void setUp() throws IOException {
+    mockServiceHelper.reset();
+    channelProvider = mockServiceHelper.createChannelProvider();
+    SystemPolicyV1Settings settings =
+        SystemPolicyV1Settings.newBuilder()
+            .setTransportChannelProvider(channelProvider)
+            .setCredentialsProvider(NoCredentialsProvider.create())
+            .build();
+    client = SystemPolicyV1Client.create(settings);
+  }
+
+  @After
+  public void tearDown() throws Exception {
+    client.close();
+  }
+
+  @Test
+  public void getSystemPolicyTest() throws Exception {
+    Resources.Policy expectedResponse =
+        Resources.Policy.newBuilder()
+            .setName(PolicyName.ofProjectName("[PROJECT]").toString())
+            .setDescription("description-1724546052")
+            .addAllAdmissionWhitelistPatterns(new ArrayList<Resources.AdmissionWhitelistPattern>())
+            .putAllClusterAdmissionRules(new HashMap<String, Resources.AdmissionRule>())
+            .putAllKubernetesNamespaceAdmissionRules(new HashMap<String, Resources.AdmissionRule>())
+            .putAllKubernetesServiceAccountAdmissionRules(
+                new HashMap<String, Resources.AdmissionRule>())
+            .putAllIstioServiceIdentityAdmissionRules(
+                new HashMap<String, Resources.AdmissionRule>())
+            .setDefaultAdmissionRule(Resources.AdmissionRule.newBuilder().build())
+            .setUpdateTime(Timestamp.newBuilder().build())
+            .build();
+    mockSystemPolicyV1.addResponse(expectedResponse);
+
+    PolicyName name = PolicyName.ofProjectName("[PROJECT]");
+
+    Resources.Policy actualResponse = client.getSystemPolicy(name);
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockSystemPolicyV1.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    Service.GetSystemPolicyRequest actualRequest =
+        ((Service.GetSystemPolicyRequest) actualRequests.get(0));
+
+    Assert.assertEquals(name.toString(), actualRequest.getName());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void getSystemPolicyExceptionTest() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockSystemPolicyV1.addException(exception);
+
+    try {
+      PolicyName name = PolicyName.ofProjectName("[PROJECT]");
+      client.getSystemPolicy(name);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception.
+    }
+  }
+
+  @Test
+  public void getSystemPolicyTest2() throws Exception {
+    Resources.Policy expectedResponse =
+        Resources.Policy.newBuilder()
+            .setName(PolicyName.ofProjectName("[PROJECT]").toString())
+            .setDescription("description-1724546052")
+            .addAllAdmissionWhitelistPatterns(new ArrayList<Resources.AdmissionWhitelistPattern>())
+            .putAllClusterAdmissionRules(new HashMap<String, Resources.AdmissionRule>())
+            .putAllKubernetesNamespaceAdmissionRules(new HashMap<String, Resources.AdmissionRule>())
+            .putAllKubernetesServiceAccountAdmissionRules(
+                new HashMap<String, Resources.AdmissionRule>())
+            .putAllIstioServiceIdentityAdmissionRules(
+                new HashMap<String, Resources.AdmissionRule>())
+            .setDefaultAdmissionRule(Resources.AdmissionRule.newBuilder().build())
+            .setUpdateTime(Timestamp.newBuilder().build())
+            .build();
+    mockSystemPolicyV1.addResponse(expectedResponse);
+
+    String name = "name3373707";
+
+    Resources.Policy actualResponse = client.getSystemPolicy(name);
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockSystemPolicyV1.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    Service.GetSystemPolicyRequest actualRequest =
+        ((Service.GetSystemPolicyRequest) actualRequests.get(0));
+
+    Assert.assertEquals(name, actualRequest.getName());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void getSystemPolicyExceptionTest2() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockSystemPolicyV1.addException(exception);
+
+    try {
+      String name = "name3373707";
+      client.getSystemPolicy(name);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception.
+    }
+  }
+}
diff --git a/google-cloud-binary-authorization/src/test/java/com/google/protos/google/cloud/binaryauthorization/v1/ValidationHelperV1ClientTest.java b/google-cloud-binary-authorization/src/test/java/com/google/protos/google/cloud/binaryauthorization/v1/ValidationHelperV1ClientTest.java
new file mode 100644
index 00000000..1b06c6fa
--- /dev/null
+++ b/google-cloud-binary-authorization/src/test/java/com/google/protos/google/cloud/binaryauthorization/v1/ValidationHelperV1ClientTest.java
@@ -0,0 +1,134 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.protos.google.cloud.binaryauthorization.v1;
+
+import com.google.api.gax.core.NoCredentialsProvider;
+import com.google.api.gax.grpc.GaxGrpcProperties;
+import com.google.api.gax.grpc.testing.LocalChannelProvider;
+import com.google.api.gax.grpc.testing.MockGrpcService;
+import com.google.api.gax.grpc.testing.MockServiceHelper;
+import com.google.api.gax.rpc.ApiClientHeaderProvider;
+import com.google.api.gax.rpc.InvalidArgumentException;
+import com.google.protobuf.AbstractMessage;
+import io.grafeas.v1.AttestationOccurrence;
+import io.grpc.StatusRuntimeException;
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.List;
+import java.util.UUID;
+import javax.annotation.Generated;
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+@Generated("by gapic-generator-java")
+public class ValidationHelperV1ClientTest {
+  private static MockServiceHelper mockServiceHelper;
+  private static MockValidationHelperV1 mockValidationHelperV1;
+  private LocalChannelProvider channelProvider;
+  private ValidationHelperV1Client client;
+
+  @BeforeClass
+  public static void startStaticServer() {
+    mockValidationHelperV1 = new MockValidationHelperV1();
+    mockServiceHelper =
+        new MockServiceHelper(
+            UUID.randomUUID().toString(), Arrays.<MockGrpcService>asList(mockValidationHelperV1));
+    mockServiceHelper.start();
+  }
+
+  @AfterClass
+  public static void stopServer() {
+    mockServiceHelper.stop();
+  }
+
+  @Before
+  public void setUp() throws IOException {
+    mockServiceHelper.reset();
+    channelProvider = mockServiceHelper.createChannelProvider();
+    ValidationHelperV1Settings settings =
+        ValidationHelperV1Settings.newBuilder()
+            .setTransportChannelProvider(channelProvider)
+            .setCredentialsProvider(NoCredentialsProvider.create())
+            .build();
+    client = ValidationHelperV1Client.create(settings);
+  }
+
+  @After
+  public void tearDown() throws Exception {
+    client.close();
+  }
+
+  @Test
+  public void validateAttestationOccurrenceTest() throws Exception {
+    Service.ValidateAttestationOccurrenceResponse expectedResponse =
+        Service.ValidateAttestationOccurrenceResponse.newBuilder()
+            .setDenialReason("denialReason-966999989")
+            .build();
+    mockValidationHelperV1.addResponse(expectedResponse);
+
+    Service.ValidateAttestationOccurrenceRequest request =
+        Service.ValidateAttestationOccurrenceRequest.newBuilder()
+            .setAttestor("attestor542920680")
+            .setAttestation(AttestationOccurrence.newBuilder().build())
+            .setOccurrenceNote("occurrenceNote1722072419")
+            .setOccurrenceResourceUri("occurrenceResourceUri1001424877")
+            .build();
+
+    Service.ValidateAttestationOccurrenceResponse actualResponse =
+        client.validateAttestationOccurrence(request);
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockValidationHelperV1.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    Service.ValidateAttestationOccurrenceRequest actualRequest =
+        ((Service.ValidateAttestationOccurrenceRequest) actualRequests.get(0));
+
+    Assert.assertEquals(request.getAttestor(), actualRequest.getAttestor());
+    Assert.assertEquals(request.getAttestation(), actualRequest.getAttestation());
+    Assert.assertEquals(request.getOccurrenceNote(), actualRequest.getOccurrenceNote());
+    Assert.assertEquals(
+        request.getOccurrenceResourceUri(), actualRequest.getOccurrenceResourceUri());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void validateAttestationOccurrenceExceptionTest() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockValidationHelperV1.addException(exception);
+
+    try {
+      Service.ValidateAttestationOccurrenceRequest request =
+          Service.ValidateAttestationOccurrenceRequest.newBuilder()
+              .setAttestor("attestor542920680")
+              .setAttestation(AttestationOccurrence.newBuilder().build())
+              .setOccurrenceNote("occurrenceNote1722072419")
+              .setOccurrenceResourceUri("occurrenceResourceUri1001424877")
+              .build();
+      client.validateAttestationOccurrence(request);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception.
+    }
+  }
+}
diff --git a/grpc-google-cloud-binary-authorization-v1/pom.xml b/grpc-google-cloud-binary-authorization-v1/pom.xml
new file mode 100644
index 00000000..2d0f6f5d
--- /dev/null
+++ b/grpc-google-cloud-binary-authorization-v1/pom.xml
@@ -0,0 +1,65 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>com.google.api.grpc</groupId>
+  <artifactId>grpc-google-cloud-binary-authorization-v1</artifactId>
+  <version>0.3.4-SNAPSHOT</version><!-- {x-version-update:grpc-google-cloud-binary-authorization-v1:current} -->
+  <name>grpc-google-cloud-binary-authorization-v1</name>
+  <description>GRPC library for google-cloud-binary-authorization</description>
+  <parent>
+    <groupId>com.google.cloud</groupId>
+    <artifactId>google-cloud-binary-authorization-parent</artifactId>
+    <version>0.3.4-SNAPSHOT</version><!-- {x-version-update:google-cloud-binary-authorization:current} -->
+  </parent>
+  <dependencies>
+    <dependency>
+      <groupId>io.grpc</groupId>
+      <artifactId>grpc-api</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>io.grpc</groupId>
+      <artifactId>grpc-stub</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>io.grpc</groupId>
+      <artifactId>grpc-protobuf</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>com.google.protobuf</groupId>
+      <artifactId>protobuf-java</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>com.google.api.grpc</groupId>
+      <artifactId>proto-google-cloud-binary-authorization-v1</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>com.google.guava</groupId>
+      <artifactId>guava</artifactId>
+    </dependency>
+  </dependencies>
+
+  <profiles>
+    <profile>
+      <id>java9</id>
+      <activation>
+        <jdk>[9,)</jdk>
+      </activation>
+      <dependencies>
+        <dependency>
+          <groupId>javax.annotation</groupId>
+          <artifactId>javax.annotation-api</artifactId>
+        </dependency>
+      </dependencies>
+    </profile>
+  </profiles>
+
+  <build>
+    <plugins>
+      <plugin>
+          <groupId>org.codehaus.mojo</groupId>
+          <artifactId>flatten-maven-plugin</artifactId>
+        </plugin>
+    </plugins>
+  </build>
+</project>
\ No newline at end of file
diff --git a/grpc-google-cloud-binary-authorization-v1/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/BinauthzManagementServiceV1Grpc.java b/grpc-google-cloud-binary-authorization-v1/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/BinauthzManagementServiceV1Grpc.java
new file mode 100644
index 00000000..fc8523b2
--- /dev/null
+++ b/grpc-google-cloud-binary-authorization-v1/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/BinauthzManagementServiceV1Grpc.java
@@ -0,0 +1,1245 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.google.protos.google.cloud.binaryauthorization.v1;
+
+import static io.grpc.MethodDescriptor.generateFullMethodName;
+
+/**
+ *
+ *
+ * <pre>
+ * Google Cloud Management Service for Binary Authorization admission policies
+ * and attestation authorities.
+ * This API implements a REST model with the following objects:
+ * * [Policy][google.cloud.binaryauthorization.v1.Policy]
+ * * [Attestor][google.cloud.binaryauthorization.v1.Attestor]
+ * </pre>
+ */
+@javax.annotation.Generated(
+    value = "by gRPC proto compiler",
+    comments = "Source: google/cloud/binaryauthorization/v1/service.proto")
+public final class BinauthzManagementServiceV1Grpc {
+
+  private BinauthzManagementServiceV1Grpc() {}
+
+  public static final String SERVICE_NAME =
+      "google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1";
+
+  // Static method descriptors that strictly reflect the proto.
+  private static volatile io.grpc.MethodDescriptor<
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest,
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy>
+      getGetPolicyMethod;
+
+  @io.grpc.stub.annotations.RpcMethod(
+      fullMethodName = SERVICE_NAME + '/' + "GetPolicy",
+      requestType =
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest.class,
+      responseType = com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy.class,
+      methodType = io.grpc.MethodDescriptor.MethodType.UNARY)
+  public static io.grpc.MethodDescriptor<
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest,
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy>
+      getGetPolicyMethod() {
+    io.grpc.MethodDescriptor<
+            com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest,
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy>
+        getGetPolicyMethod;
+    if ((getGetPolicyMethod = BinauthzManagementServiceV1Grpc.getGetPolicyMethod) == null) {
+      synchronized (BinauthzManagementServiceV1Grpc.class) {
+        if ((getGetPolicyMethod = BinauthzManagementServiceV1Grpc.getGetPolicyMethod) == null) {
+          BinauthzManagementServiceV1Grpc.getGetPolicyMethod =
+              getGetPolicyMethod =
+                  io.grpc.MethodDescriptor
+                      .<com.google.protos.google.cloud.binaryauthorization.v1.Service
+                              .GetPolicyRequest,
+                          com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy>
+                          newBuilder()
+                      .setType(io.grpc.MethodDescriptor.MethodType.UNARY)
+                      .setFullMethodName(generateFullMethodName(SERVICE_NAME, "GetPolicy"))
+                      .setSampledToLocalTracing(true)
+                      .setRequestMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.protos.google.cloud.binaryauthorization.v1.Service
+                                  .GetPolicyRequest.getDefaultInstance()))
+                      .setResponseMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy
+                                  .getDefaultInstance()))
+                      .setSchemaDescriptor(
+                          new BinauthzManagementServiceV1MethodDescriptorSupplier("GetPolicy"))
+                      .build();
+        }
+      }
+    }
+    return getGetPolicyMethod;
+  }
+
+  private static volatile io.grpc.MethodDescriptor<
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest,
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy>
+      getUpdatePolicyMethod;
+
+  @io.grpc.stub.annotations.RpcMethod(
+      fullMethodName = SERVICE_NAME + '/' + "UpdatePolicy",
+      requestType =
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest.class,
+      responseType = com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy.class,
+      methodType = io.grpc.MethodDescriptor.MethodType.UNARY)
+  public static io.grpc.MethodDescriptor<
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest,
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy>
+      getUpdatePolicyMethod() {
+    io.grpc.MethodDescriptor<
+            com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest,
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy>
+        getUpdatePolicyMethod;
+    if ((getUpdatePolicyMethod = BinauthzManagementServiceV1Grpc.getUpdatePolicyMethod) == null) {
+      synchronized (BinauthzManagementServiceV1Grpc.class) {
+        if ((getUpdatePolicyMethod = BinauthzManagementServiceV1Grpc.getUpdatePolicyMethod)
+            == null) {
+          BinauthzManagementServiceV1Grpc.getUpdatePolicyMethod =
+              getUpdatePolicyMethod =
+                  io.grpc.MethodDescriptor
+                      .<com.google.protos.google.cloud.binaryauthorization.v1.Service
+                              .UpdatePolicyRequest,
+                          com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy>
+                          newBuilder()
+                      .setType(io.grpc.MethodDescriptor.MethodType.UNARY)
+                      .setFullMethodName(generateFullMethodName(SERVICE_NAME, "UpdatePolicy"))
+                      .setSampledToLocalTracing(true)
+                      .setRequestMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.protos.google.cloud.binaryauthorization.v1.Service
+                                  .UpdatePolicyRequest.getDefaultInstance()))
+                      .setResponseMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy
+                                  .getDefaultInstance()))
+                      .setSchemaDescriptor(
+                          new BinauthzManagementServiceV1MethodDescriptorSupplier("UpdatePolicy"))
+                      .build();
+        }
+      }
+    }
+    return getUpdatePolicyMethod;
+  }
+
+  private static volatile io.grpc.MethodDescriptor<
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.CreateAttestorRequest,
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor>
+      getCreateAttestorMethod;
+
+  @io.grpc.stub.annotations.RpcMethod(
+      fullMethodName = SERVICE_NAME + '/' + "CreateAttestor",
+      requestType =
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.CreateAttestorRequest.class,
+      responseType = com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor.class,
+      methodType = io.grpc.MethodDescriptor.MethodType.UNARY)
+  public static io.grpc.MethodDescriptor<
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.CreateAttestorRequest,
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor>
+      getCreateAttestorMethod() {
+    io.grpc.MethodDescriptor<
+            com.google.protos.google.cloud.binaryauthorization.v1.Service.CreateAttestorRequest,
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor>
+        getCreateAttestorMethod;
+    if ((getCreateAttestorMethod = BinauthzManagementServiceV1Grpc.getCreateAttestorMethod)
+        == null) {
+      synchronized (BinauthzManagementServiceV1Grpc.class) {
+        if ((getCreateAttestorMethod = BinauthzManagementServiceV1Grpc.getCreateAttestorMethod)
+            == null) {
+          BinauthzManagementServiceV1Grpc.getCreateAttestorMethod =
+              getCreateAttestorMethod =
+                  io.grpc.MethodDescriptor
+                      .<com.google.protos.google.cloud.binaryauthorization.v1.Service
+                              .CreateAttestorRequest,
+                          com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor>
+                          newBuilder()
+                      .setType(io.grpc.MethodDescriptor.MethodType.UNARY)
+                      .setFullMethodName(generateFullMethodName(SERVICE_NAME, "CreateAttestor"))
+                      .setSampledToLocalTracing(true)
+                      .setRequestMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.protos.google.cloud.binaryauthorization.v1.Service
+                                  .CreateAttestorRequest.getDefaultInstance()))
+                      .setResponseMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                                  .Attestor.getDefaultInstance()))
+                      .setSchemaDescriptor(
+                          new BinauthzManagementServiceV1MethodDescriptorSupplier("CreateAttestor"))
+                      .build();
+        }
+      }
+    }
+    return getCreateAttestorMethod;
+  }
+
+  private static volatile io.grpc.MethodDescriptor<
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest,
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor>
+      getGetAttestorMethod;
+
+  @io.grpc.stub.annotations.RpcMethod(
+      fullMethodName = SERVICE_NAME + '/' + "GetAttestor",
+      requestType =
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest.class,
+      responseType = com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor.class,
+      methodType = io.grpc.MethodDescriptor.MethodType.UNARY)
+  public static io.grpc.MethodDescriptor<
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest,
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor>
+      getGetAttestorMethod() {
+    io.grpc.MethodDescriptor<
+            com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest,
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor>
+        getGetAttestorMethod;
+    if ((getGetAttestorMethod = BinauthzManagementServiceV1Grpc.getGetAttestorMethod) == null) {
+      synchronized (BinauthzManagementServiceV1Grpc.class) {
+        if ((getGetAttestorMethod = BinauthzManagementServiceV1Grpc.getGetAttestorMethod) == null) {
+          BinauthzManagementServiceV1Grpc.getGetAttestorMethod =
+              getGetAttestorMethod =
+                  io.grpc.MethodDescriptor
+                      .<com.google.protos.google.cloud.binaryauthorization.v1.Service
+                              .GetAttestorRequest,
+                          com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor>
+                          newBuilder()
+                      .setType(io.grpc.MethodDescriptor.MethodType.UNARY)
+                      .setFullMethodName(generateFullMethodName(SERVICE_NAME, "GetAttestor"))
+                      .setSampledToLocalTracing(true)
+                      .setRequestMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.protos.google.cloud.binaryauthorization.v1.Service
+                                  .GetAttestorRequest.getDefaultInstance()))
+                      .setResponseMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                                  .Attestor.getDefaultInstance()))
+                      .setSchemaDescriptor(
+                          new BinauthzManagementServiceV1MethodDescriptorSupplier("GetAttestor"))
+                      .build();
+        }
+      }
+    }
+    return getGetAttestorMethod;
+  }
+
+  private static volatile io.grpc.MethodDescriptor<
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdateAttestorRequest,
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor>
+      getUpdateAttestorMethod;
+
+  @io.grpc.stub.annotations.RpcMethod(
+      fullMethodName = SERVICE_NAME + '/' + "UpdateAttestor",
+      requestType =
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdateAttestorRequest.class,
+      responseType = com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor.class,
+      methodType = io.grpc.MethodDescriptor.MethodType.UNARY)
+  public static io.grpc.MethodDescriptor<
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdateAttestorRequest,
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor>
+      getUpdateAttestorMethod() {
+    io.grpc.MethodDescriptor<
+            com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdateAttestorRequest,
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor>
+        getUpdateAttestorMethod;
+    if ((getUpdateAttestorMethod = BinauthzManagementServiceV1Grpc.getUpdateAttestorMethod)
+        == null) {
+      synchronized (BinauthzManagementServiceV1Grpc.class) {
+        if ((getUpdateAttestorMethod = BinauthzManagementServiceV1Grpc.getUpdateAttestorMethod)
+            == null) {
+          BinauthzManagementServiceV1Grpc.getUpdateAttestorMethod =
+              getUpdateAttestorMethod =
+                  io.grpc.MethodDescriptor
+                      .<com.google.protos.google.cloud.binaryauthorization.v1.Service
+                              .UpdateAttestorRequest,
+                          com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor>
+                          newBuilder()
+                      .setType(io.grpc.MethodDescriptor.MethodType.UNARY)
+                      .setFullMethodName(generateFullMethodName(SERVICE_NAME, "UpdateAttestor"))
+                      .setSampledToLocalTracing(true)
+                      .setRequestMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.protos.google.cloud.binaryauthorization.v1.Service
+                                  .UpdateAttestorRequest.getDefaultInstance()))
+                      .setResponseMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                                  .Attestor.getDefaultInstance()))
+                      .setSchemaDescriptor(
+                          new BinauthzManagementServiceV1MethodDescriptorSupplier("UpdateAttestor"))
+                      .build();
+        }
+      }
+    }
+    return getUpdateAttestorMethod;
+  }
+
+  private static volatile io.grpc.MethodDescriptor<
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest,
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsResponse>
+      getListAttestorsMethod;
+
+  @io.grpc.stub.annotations.RpcMethod(
+      fullMethodName = SERVICE_NAME + '/' + "ListAttestors",
+      requestType =
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest.class,
+      responseType =
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsResponse.class,
+      methodType = io.grpc.MethodDescriptor.MethodType.UNARY)
+  public static io.grpc.MethodDescriptor<
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest,
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsResponse>
+      getListAttestorsMethod() {
+    io.grpc.MethodDescriptor<
+            com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest,
+            com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsResponse>
+        getListAttestorsMethod;
+    if ((getListAttestorsMethod = BinauthzManagementServiceV1Grpc.getListAttestorsMethod) == null) {
+      synchronized (BinauthzManagementServiceV1Grpc.class) {
+        if ((getListAttestorsMethod = BinauthzManagementServiceV1Grpc.getListAttestorsMethod)
+            == null) {
+          BinauthzManagementServiceV1Grpc.getListAttestorsMethod =
+              getListAttestorsMethod =
+                  io.grpc.MethodDescriptor
+                      .<com.google.protos.google.cloud.binaryauthorization.v1.Service
+                              .ListAttestorsRequest,
+                          com.google.protos.google.cloud.binaryauthorization.v1.Service
+                              .ListAttestorsResponse>
+                          newBuilder()
+                      .setType(io.grpc.MethodDescriptor.MethodType.UNARY)
+                      .setFullMethodName(generateFullMethodName(SERVICE_NAME, "ListAttestors"))
+                      .setSampledToLocalTracing(true)
+                      .setRequestMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.protos.google.cloud.binaryauthorization.v1.Service
+                                  .ListAttestorsRequest.getDefaultInstance()))
+                      .setResponseMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.protos.google.cloud.binaryauthorization.v1.Service
+                                  .ListAttestorsResponse.getDefaultInstance()))
+                      .setSchemaDescriptor(
+                          new BinauthzManagementServiceV1MethodDescriptorSupplier("ListAttestors"))
+                      .build();
+        }
+      }
+    }
+    return getListAttestorsMethod;
+  }
+
+  private static volatile io.grpc.MethodDescriptor<
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.DeleteAttestorRequest,
+          com.google.protobuf.Empty>
+      getDeleteAttestorMethod;
+
+  @io.grpc.stub.annotations.RpcMethod(
+      fullMethodName = SERVICE_NAME + '/' + "DeleteAttestor",
+      requestType =
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.DeleteAttestorRequest.class,
+      responseType = com.google.protobuf.Empty.class,
+      methodType = io.grpc.MethodDescriptor.MethodType.UNARY)
+  public static io.grpc.MethodDescriptor<
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.DeleteAttestorRequest,
+          com.google.protobuf.Empty>
+      getDeleteAttestorMethod() {
+    io.grpc.MethodDescriptor<
+            com.google.protos.google.cloud.binaryauthorization.v1.Service.DeleteAttestorRequest,
+            com.google.protobuf.Empty>
+        getDeleteAttestorMethod;
+    if ((getDeleteAttestorMethod = BinauthzManagementServiceV1Grpc.getDeleteAttestorMethod)
+        == null) {
+      synchronized (BinauthzManagementServiceV1Grpc.class) {
+        if ((getDeleteAttestorMethod = BinauthzManagementServiceV1Grpc.getDeleteAttestorMethod)
+            == null) {
+          BinauthzManagementServiceV1Grpc.getDeleteAttestorMethod =
+              getDeleteAttestorMethod =
+                  io.grpc.MethodDescriptor
+                      .<com.google.protos.google.cloud.binaryauthorization.v1.Service
+                              .DeleteAttestorRequest,
+                          com.google.protobuf.Empty>
+                          newBuilder()
+                      .setType(io.grpc.MethodDescriptor.MethodType.UNARY)
+                      .setFullMethodName(generateFullMethodName(SERVICE_NAME, "DeleteAttestor"))
+                      .setSampledToLocalTracing(true)
+                      .setRequestMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.protos.google.cloud.binaryauthorization.v1.Service
+                                  .DeleteAttestorRequest.getDefaultInstance()))
+                      .setResponseMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.protobuf.Empty.getDefaultInstance()))
+                      .setSchemaDescriptor(
+                          new BinauthzManagementServiceV1MethodDescriptorSupplier("DeleteAttestor"))
+                      .build();
+        }
+      }
+    }
+    return getDeleteAttestorMethod;
+  }
+
+  /** Creates a new async stub that supports all call types for the service */
+  public static BinauthzManagementServiceV1Stub newStub(io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<BinauthzManagementServiceV1Stub> factory =
+        new io.grpc.stub.AbstractStub.StubFactory<BinauthzManagementServiceV1Stub>() {
+          @java.lang.Override
+          public BinauthzManagementServiceV1Stub newStub(
+              io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+            return new BinauthzManagementServiceV1Stub(channel, callOptions);
+          }
+        };
+    return BinauthzManagementServiceV1Stub.newStub(factory, channel);
+  }
+
+  /**
+   * Creates a new blocking-style stub that supports unary and streaming output calls on the service
+   */
+  public static BinauthzManagementServiceV1BlockingStub newBlockingStub(io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<BinauthzManagementServiceV1BlockingStub> factory =
+        new io.grpc.stub.AbstractStub.StubFactory<BinauthzManagementServiceV1BlockingStub>() {
+          @java.lang.Override
+          public BinauthzManagementServiceV1BlockingStub newStub(
+              io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+            return new BinauthzManagementServiceV1BlockingStub(channel, callOptions);
+          }
+        };
+    return BinauthzManagementServiceV1BlockingStub.newStub(factory, channel);
+  }
+
+  /** Creates a new ListenableFuture-style stub that supports unary calls on the service */
+  public static BinauthzManagementServiceV1FutureStub newFutureStub(io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<BinauthzManagementServiceV1FutureStub> factory =
+        new io.grpc.stub.AbstractStub.StubFactory<BinauthzManagementServiceV1FutureStub>() {
+          @java.lang.Override
+          public BinauthzManagementServiceV1FutureStub newStub(
+              io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+            return new BinauthzManagementServiceV1FutureStub(channel, callOptions);
+          }
+        };
+    return BinauthzManagementServiceV1FutureStub.newStub(factory, channel);
+  }
+
+  /**
+   *
+   *
+   * <pre>
+   * Google Cloud Management Service for Binary Authorization admission policies
+   * and attestation authorities.
+   * This API implements a REST model with the following objects:
+   * * [Policy][google.cloud.binaryauthorization.v1.Policy]
+   * * [Attestor][google.cloud.binaryauthorization.v1.Attestor]
+   * </pre>
+   */
+  public abstract static class BinauthzManagementServiceV1ImplBase
+      implements io.grpc.BindableService {
+
+    /**
+     *
+     *
+     * <pre>
+     * A [policy][google.cloud.binaryauthorization.v1.Policy] specifies the [attestors][google.cloud.binaryauthorization.v1.Attestor] that must attest to
+     * a container image, before the project is allowed to deploy that
+     * image. There is at most one policy per project. All image admission
+     * requests are permitted if a project has no policy.
+     * Gets the [policy][google.cloud.binaryauthorization.v1.Policy] for this project. Returns a default
+     * [policy][google.cloud.binaryauthorization.v1.Policy] if the project does not have one.
+     * </pre>
+     */
+    public void getPolicy(
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest request,
+        io.grpc.stub.StreamObserver<
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy>
+            responseObserver) {
+      io.grpc.stub.ServerCalls.asyncUnimplementedUnaryCall(getGetPolicyMethod(), responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Creates or updates a project's [policy][google.cloud.binaryauthorization.v1.Policy], and returns a copy of the
+     * new [policy][google.cloud.binaryauthorization.v1.Policy]. A policy is always updated as a whole, to avoid race
+     * conditions with concurrent policy enforcement (or management!)
+     * requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT
+     * if the request is malformed.
+     * </pre>
+     */
+    public void updatePolicy(
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest request,
+        io.grpc.stub.StreamObserver<
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy>
+            responseObserver) {
+      io.grpc.stub.ServerCalls.asyncUnimplementedUnaryCall(
+          getUpdatePolicyMethod(), responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Creates an [attestor][google.cloud.binaryauthorization.v1.Attestor], and returns a copy of the new
+     * [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the project does not exist,
+     * INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the
+     * [attestor][google.cloud.binaryauthorization.v1.Attestor] already exists.
+     * </pre>
+     */
+    public void createAttestor(
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.CreateAttestorRequest request,
+        io.grpc.stub.StreamObserver<
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor>
+            responseObserver) {
+      io.grpc.stub.ServerCalls.asyncUnimplementedUnaryCall(
+          getCreateAttestorMethod(), responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Gets an [attestor][google.cloud.binaryauthorization.v1.Attestor].
+     * Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
+     * </pre>
+     */
+    public void getAttestor(
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest request,
+        io.grpc.stub.StreamObserver<
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor>
+            responseObserver) {
+      io.grpc.stub.ServerCalls.asyncUnimplementedUnaryCall(
+          getGetAttestorMethod(), responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Updates an [attestor][google.cloud.binaryauthorization.v1.Attestor].
+     * Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
+     * </pre>
+     */
+    public void updateAttestor(
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdateAttestorRequest request,
+        io.grpc.stub.StreamObserver<
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor>
+            responseObserver) {
+      io.grpc.stub.ServerCalls.asyncUnimplementedUnaryCall(
+          getUpdateAttestorMethod(), responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Lists [attestors][google.cloud.binaryauthorization.v1.Attestor].
+     * Returns INVALID_ARGUMENT if the project does not exist.
+     * </pre>
+     */
+    public void listAttestors(
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest request,
+        io.grpc.stub.StreamObserver<
+                com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsResponse>
+            responseObserver) {
+      io.grpc.stub.ServerCalls.asyncUnimplementedUnaryCall(
+          getListAttestorsMethod(), responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Deletes an [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the
+     * [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
+     * </pre>
+     */
+    public void deleteAttestor(
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.DeleteAttestorRequest request,
+        io.grpc.stub.StreamObserver<com.google.protobuf.Empty> responseObserver) {
+      io.grpc.stub.ServerCalls.asyncUnimplementedUnaryCall(
+          getDeleteAttestorMethod(), responseObserver);
+    }
+
+    @java.lang.Override
+    public final io.grpc.ServerServiceDefinition bindService() {
+      return io.grpc.ServerServiceDefinition.builder(getServiceDescriptor())
+          .addMethod(
+              getGetPolicyMethod(),
+              io.grpc.stub.ServerCalls.asyncUnaryCall(
+                  new MethodHandlers<
+                      com.google.protos.google.cloud.binaryauthorization.v1.Service
+                          .GetPolicyRequest,
+                      com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy>(
+                      this, METHODID_GET_POLICY)))
+          .addMethod(
+              getUpdatePolicyMethod(),
+              io.grpc.stub.ServerCalls.asyncUnaryCall(
+                  new MethodHandlers<
+                      com.google.protos.google.cloud.binaryauthorization.v1.Service
+                          .UpdatePolicyRequest,
+                      com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy>(
+                      this, METHODID_UPDATE_POLICY)))
+          .addMethod(
+              getCreateAttestorMethod(),
+              io.grpc.stub.ServerCalls.asyncUnaryCall(
+                  new MethodHandlers<
+                      com.google.protos.google.cloud.binaryauthorization.v1.Service
+                          .CreateAttestorRequest,
+                      com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor>(
+                      this, METHODID_CREATE_ATTESTOR)))
+          .addMethod(
+              getGetAttestorMethod(),
+              io.grpc.stub.ServerCalls.asyncUnaryCall(
+                  new MethodHandlers<
+                      com.google.protos.google.cloud.binaryauthorization.v1.Service
+                          .GetAttestorRequest,
+                      com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor>(
+                      this, METHODID_GET_ATTESTOR)))
+          .addMethod(
+              getUpdateAttestorMethod(),
+              io.grpc.stub.ServerCalls.asyncUnaryCall(
+                  new MethodHandlers<
+                      com.google.protos.google.cloud.binaryauthorization.v1.Service
+                          .UpdateAttestorRequest,
+                      com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor>(
+                      this, METHODID_UPDATE_ATTESTOR)))
+          .addMethod(
+              getListAttestorsMethod(),
+              io.grpc.stub.ServerCalls.asyncUnaryCall(
+                  new MethodHandlers<
+                      com.google.protos.google.cloud.binaryauthorization.v1.Service
+                          .ListAttestorsRequest,
+                      com.google.protos.google.cloud.binaryauthorization.v1.Service
+                          .ListAttestorsResponse>(this, METHODID_LIST_ATTESTORS)))
+          .addMethod(
+              getDeleteAttestorMethod(),
+              io.grpc.stub.ServerCalls.asyncUnaryCall(
+                  new MethodHandlers<
+                      com.google.protos.google.cloud.binaryauthorization.v1.Service
+                          .DeleteAttestorRequest,
+                      com.google.protobuf.Empty>(this, METHODID_DELETE_ATTESTOR)))
+          .build();
+    }
+  }
+
+  /**
+   *
+   *
+   * <pre>
+   * Google Cloud Management Service for Binary Authorization admission policies
+   * and attestation authorities.
+   * This API implements a REST model with the following objects:
+   * * [Policy][google.cloud.binaryauthorization.v1.Policy]
+   * * [Attestor][google.cloud.binaryauthorization.v1.Attestor]
+   * </pre>
+   */
+  public static final class BinauthzManagementServiceV1Stub
+      extends io.grpc.stub.AbstractAsyncStub<BinauthzManagementServiceV1Stub> {
+    private BinauthzManagementServiceV1Stub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected BinauthzManagementServiceV1Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new BinauthzManagementServiceV1Stub(channel, callOptions);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * A [policy][google.cloud.binaryauthorization.v1.Policy] specifies the [attestors][google.cloud.binaryauthorization.v1.Attestor] that must attest to
+     * a container image, before the project is allowed to deploy that
+     * image. There is at most one policy per project. All image admission
+     * requests are permitted if a project has no policy.
+     * Gets the [policy][google.cloud.binaryauthorization.v1.Policy] for this project. Returns a default
+     * [policy][google.cloud.binaryauthorization.v1.Policy] if the project does not have one.
+     * </pre>
+     */
+    public void getPolicy(
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest request,
+        io.grpc.stub.StreamObserver<
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy>
+            responseObserver) {
+      io.grpc.stub.ClientCalls.asyncUnaryCall(
+          getChannel().newCall(getGetPolicyMethod(), getCallOptions()), request, responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Creates or updates a project's [policy][google.cloud.binaryauthorization.v1.Policy], and returns a copy of the
+     * new [policy][google.cloud.binaryauthorization.v1.Policy]. A policy is always updated as a whole, to avoid race
+     * conditions with concurrent policy enforcement (or management!)
+     * requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT
+     * if the request is malformed.
+     * </pre>
+     */
+    public void updatePolicy(
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest request,
+        io.grpc.stub.StreamObserver<
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy>
+            responseObserver) {
+      io.grpc.stub.ClientCalls.asyncUnaryCall(
+          getChannel().newCall(getUpdatePolicyMethod(), getCallOptions()),
+          request,
+          responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Creates an [attestor][google.cloud.binaryauthorization.v1.Attestor], and returns a copy of the new
+     * [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the project does not exist,
+     * INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the
+     * [attestor][google.cloud.binaryauthorization.v1.Attestor] already exists.
+     * </pre>
+     */
+    public void createAttestor(
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.CreateAttestorRequest request,
+        io.grpc.stub.StreamObserver<
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor>
+            responseObserver) {
+      io.grpc.stub.ClientCalls.asyncUnaryCall(
+          getChannel().newCall(getCreateAttestorMethod(), getCallOptions()),
+          request,
+          responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Gets an [attestor][google.cloud.binaryauthorization.v1.Attestor].
+     * Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
+     * </pre>
+     */
+    public void getAttestor(
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest request,
+        io.grpc.stub.StreamObserver<
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor>
+            responseObserver) {
+      io.grpc.stub.ClientCalls.asyncUnaryCall(
+          getChannel().newCall(getGetAttestorMethod(), getCallOptions()),
+          request,
+          responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Updates an [attestor][google.cloud.binaryauthorization.v1.Attestor].
+     * Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
+     * </pre>
+     */
+    public void updateAttestor(
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdateAttestorRequest request,
+        io.grpc.stub.StreamObserver<
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor>
+            responseObserver) {
+      io.grpc.stub.ClientCalls.asyncUnaryCall(
+          getChannel().newCall(getUpdateAttestorMethod(), getCallOptions()),
+          request,
+          responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Lists [attestors][google.cloud.binaryauthorization.v1.Attestor].
+     * Returns INVALID_ARGUMENT if the project does not exist.
+     * </pre>
+     */
+    public void listAttestors(
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest request,
+        io.grpc.stub.StreamObserver<
+                com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsResponse>
+            responseObserver) {
+      io.grpc.stub.ClientCalls.asyncUnaryCall(
+          getChannel().newCall(getListAttestorsMethod(), getCallOptions()),
+          request,
+          responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Deletes an [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the
+     * [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
+     * </pre>
+     */
+    public void deleteAttestor(
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.DeleteAttestorRequest request,
+        io.grpc.stub.StreamObserver<com.google.protobuf.Empty> responseObserver) {
+      io.grpc.stub.ClientCalls.asyncUnaryCall(
+          getChannel().newCall(getDeleteAttestorMethod(), getCallOptions()),
+          request,
+          responseObserver);
+    }
+  }
+
+  /**
+   *
+   *
+   * <pre>
+   * Google Cloud Management Service for Binary Authorization admission policies
+   * and attestation authorities.
+   * This API implements a REST model with the following objects:
+   * * [Policy][google.cloud.binaryauthorization.v1.Policy]
+   * * [Attestor][google.cloud.binaryauthorization.v1.Attestor]
+   * </pre>
+   */
+  public static final class BinauthzManagementServiceV1BlockingStub
+      extends io.grpc.stub.AbstractBlockingStub<BinauthzManagementServiceV1BlockingStub> {
+    private BinauthzManagementServiceV1BlockingStub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected BinauthzManagementServiceV1BlockingStub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new BinauthzManagementServiceV1BlockingStub(channel, callOptions);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * A [policy][google.cloud.binaryauthorization.v1.Policy] specifies the [attestors][google.cloud.binaryauthorization.v1.Attestor] that must attest to
+     * a container image, before the project is allowed to deploy that
+     * image. There is at most one policy per project. All image admission
+     * requests are permitted if a project has no policy.
+     * Gets the [policy][google.cloud.binaryauthorization.v1.Policy] for this project. Returns a default
+     * [policy][google.cloud.binaryauthorization.v1.Policy] if the project does not have one.
+     * </pre>
+     */
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy getPolicy(
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getGetPolicyMethod(), getCallOptions(), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Creates or updates a project's [policy][google.cloud.binaryauthorization.v1.Policy], and returns a copy of the
+     * new [policy][google.cloud.binaryauthorization.v1.Policy]. A policy is always updated as a whole, to avoid race
+     * conditions with concurrent policy enforcement (or management!)
+     * requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT
+     * if the request is malformed.
+     * </pre>
+     */
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy updatePolicy(
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getUpdatePolicyMethod(), getCallOptions(), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Creates an [attestor][google.cloud.binaryauthorization.v1.Attestor], and returns a copy of the new
+     * [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the project does not exist,
+     * INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the
+     * [attestor][google.cloud.binaryauthorization.v1.Attestor] already exists.
+     * </pre>
+     */
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor createAttestor(
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.CreateAttestorRequest
+            request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getCreateAttestorMethod(), getCallOptions(), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Gets an [attestor][google.cloud.binaryauthorization.v1.Attestor].
+     * Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
+     * </pre>
+     */
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor getAttestor(
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getGetAttestorMethod(), getCallOptions(), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Updates an [attestor][google.cloud.binaryauthorization.v1.Attestor].
+     * Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
+     * </pre>
+     */
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor updateAttestor(
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdateAttestorRequest
+            request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getUpdateAttestorMethod(), getCallOptions(), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Lists [attestors][google.cloud.binaryauthorization.v1.Attestor].
+     * Returns INVALID_ARGUMENT if the project does not exist.
+     * </pre>
+     */
+    public com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsResponse
+        listAttestors(
+            com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest
+                request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getListAttestorsMethod(), getCallOptions(), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Deletes an [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the
+     * [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
+     * </pre>
+     */
+    public com.google.protobuf.Empty deleteAttestor(
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.DeleteAttestorRequest
+            request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getDeleteAttestorMethod(), getCallOptions(), request);
+    }
+  }
+
+  /**
+   *
+   *
+   * <pre>
+   * Google Cloud Management Service for Binary Authorization admission policies
+   * and attestation authorities.
+   * This API implements a REST model with the following objects:
+   * * [Policy][google.cloud.binaryauthorization.v1.Policy]
+   * * [Attestor][google.cloud.binaryauthorization.v1.Attestor]
+   * </pre>
+   */
+  public static final class BinauthzManagementServiceV1FutureStub
+      extends io.grpc.stub.AbstractFutureStub<BinauthzManagementServiceV1FutureStub> {
+    private BinauthzManagementServiceV1FutureStub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected BinauthzManagementServiceV1FutureStub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new BinauthzManagementServiceV1FutureStub(channel, callOptions);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * A [policy][google.cloud.binaryauthorization.v1.Policy] specifies the [attestors][google.cloud.binaryauthorization.v1.Attestor] that must attest to
+     * a container image, before the project is allowed to deploy that
+     * image. There is at most one policy per project. All image admission
+     * requests are permitted if a project has no policy.
+     * Gets the [policy][google.cloud.binaryauthorization.v1.Policy] for this project. Returns a default
+     * [policy][google.cloud.binaryauthorization.v1.Policy] if the project does not have one.
+     * </pre>
+     */
+    public com.google.common.util.concurrent.ListenableFuture<
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy>
+        getPolicy(
+            com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest
+                request) {
+      return io.grpc.stub.ClientCalls.futureUnaryCall(
+          getChannel().newCall(getGetPolicyMethod(), getCallOptions()), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Creates or updates a project's [policy][google.cloud.binaryauthorization.v1.Policy], and returns a copy of the
+     * new [policy][google.cloud.binaryauthorization.v1.Policy]. A policy is always updated as a whole, to avoid race
+     * conditions with concurrent policy enforcement (or management!)
+     * requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT
+     * if the request is malformed.
+     * </pre>
+     */
+    public com.google.common.util.concurrent.ListenableFuture<
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy>
+        updatePolicy(
+            com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest
+                request) {
+      return io.grpc.stub.ClientCalls.futureUnaryCall(
+          getChannel().newCall(getUpdatePolicyMethod(), getCallOptions()), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Creates an [attestor][google.cloud.binaryauthorization.v1.Attestor], and returns a copy of the new
+     * [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the project does not exist,
+     * INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the
+     * [attestor][google.cloud.binaryauthorization.v1.Attestor] already exists.
+     * </pre>
+     */
+    public com.google.common.util.concurrent.ListenableFuture<
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor>
+        createAttestor(
+            com.google.protos.google.cloud.binaryauthorization.v1.Service.CreateAttestorRequest
+                request) {
+      return io.grpc.stub.ClientCalls.futureUnaryCall(
+          getChannel().newCall(getCreateAttestorMethod(), getCallOptions()), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Gets an [attestor][google.cloud.binaryauthorization.v1.Attestor].
+     * Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
+     * </pre>
+     */
+    public com.google.common.util.concurrent.ListenableFuture<
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor>
+        getAttestor(
+            com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest
+                request) {
+      return io.grpc.stub.ClientCalls.futureUnaryCall(
+          getChannel().newCall(getGetAttestorMethod(), getCallOptions()), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Updates an [attestor][google.cloud.binaryauthorization.v1.Attestor].
+     * Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
+     * </pre>
+     */
+    public com.google.common.util.concurrent.ListenableFuture<
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor>
+        updateAttestor(
+            com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdateAttestorRequest
+                request) {
+      return io.grpc.stub.ClientCalls.futureUnaryCall(
+          getChannel().newCall(getUpdateAttestorMethod(), getCallOptions()), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Lists [attestors][google.cloud.binaryauthorization.v1.Attestor].
+     * Returns INVALID_ARGUMENT if the project does not exist.
+     * </pre>
+     */
+    public com.google.common.util.concurrent.ListenableFuture<
+            com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsResponse>
+        listAttestors(
+            com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest
+                request) {
+      return io.grpc.stub.ClientCalls.futureUnaryCall(
+          getChannel().newCall(getListAttestorsMethod(), getCallOptions()), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Deletes an [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the
+     * [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
+     * </pre>
+     */
+    public com.google.common.util.concurrent.ListenableFuture<com.google.protobuf.Empty>
+        deleteAttestor(
+            com.google.protos.google.cloud.binaryauthorization.v1.Service.DeleteAttestorRequest
+                request) {
+      return io.grpc.stub.ClientCalls.futureUnaryCall(
+          getChannel().newCall(getDeleteAttestorMethod(), getCallOptions()), request);
+    }
+  }
+
+  private static final int METHODID_GET_POLICY = 0;
+  private static final int METHODID_UPDATE_POLICY = 1;
+  private static final int METHODID_CREATE_ATTESTOR = 2;
+  private static final int METHODID_GET_ATTESTOR = 3;
+  private static final int METHODID_UPDATE_ATTESTOR = 4;
+  private static final int METHODID_LIST_ATTESTORS = 5;
+  private static final int METHODID_DELETE_ATTESTOR = 6;
+
+  private static final class MethodHandlers<Req, Resp>
+      implements io.grpc.stub.ServerCalls.UnaryMethod<Req, Resp>,
+          io.grpc.stub.ServerCalls.ServerStreamingMethod<Req, Resp>,
+          io.grpc.stub.ServerCalls.ClientStreamingMethod<Req, Resp>,
+          io.grpc.stub.ServerCalls.BidiStreamingMethod<Req, Resp> {
+    private final BinauthzManagementServiceV1ImplBase serviceImpl;
+    private final int methodId;
+
+    MethodHandlers(BinauthzManagementServiceV1ImplBase serviceImpl, int methodId) {
+      this.serviceImpl = serviceImpl;
+      this.methodId = methodId;
+    }
+
+    @java.lang.Override
+    @java.lang.SuppressWarnings("unchecked")
+    public void invoke(Req request, io.grpc.stub.StreamObserver<Resp> responseObserver) {
+      switch (methodId) {
+        case METHODID_GET_POLICY:
+          serviceImpl.getPolicy(
+              (com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest)
+                  request,
+              (io.grpc.stub.StreamObserver<
+                      com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy>)
+                  responseObserver);
+          break;
+        case METHODID_UPDATE_POLICY:
+          serviceImpl.updatePolicy(
+              (com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest)
+                  request,
+              (io.grpc.stub.StreamObserver<
+                      com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy>)
+                  responseObserver);
+          break;
+        case METHODID_CREATE_ATTESTOR:
+          serviceImpl.createAttestor(
+              (com.google.protos.google.cloud.binaryauthorization.v1.Service.CreateAttestorRequest)
+                  request,
+              (io.grpc.stub.StreamObserver<
+                      com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor>)
+                  responseObserver);
+          break;
+        case METHODID_GET_ATTESTOR:
+          serviceImpl.getAttestor(
+              (com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest)
+                  request,
+              (io.grpc.stub.StreamObserver<
+                      com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor>)
+                  responseObserver);
+          break;
+        case METHODID_UPDATE_ATTESTOR:
+          serviceImpl.updateAttestor(
+              (com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdateAttestorRequest)
+                  request,
+              (io.grpc.stub.StreamObserver<
+                      com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor>)
+                  responseObserver);
+          break;
+        case METHODID_LIST_ATTESTORS:
+          serviceImpl.listAttestors(
+              (com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest)
+                  request,
+              (io.grpc.stub.StreamObserver<
+                      com.google.protos.google.cloud.binaryauthorization.v1.Service
+                          .ListAttestorsResponse>)
+                  responseObserver);
+          break;
+        case METHODID_DELETE_ATTESTOR:
+          serviceImpl.deleteAttestor(
+              (com.google.protos.google.cloud.binaryauthorization.v1.Service.DeleteAttestorRequest)
+                  request,
+              (io.grpc.stub.StreamObserver<com.google.protobuf.Empty>) responseObserver);
+          break;
+        default:
+          throw new AssertionError();
+      }
+    }
+
+    @java.lang.Override
+    @java.lang.SuppressWarnings("unchecked")
+    public io.grpc.stub.StreamObserver<Req> invoke(
+        io.grpc.stub.StreamObserver<Resp> responseObserver) {
+      switch (methodId) {
+        default:
+          throw new AssertionError();
+      }
+    }
+  }
+
+  private abstract static class BinauthzManagementServiceV1BaseDescriptorSupplier
+      implements io.grpc.protobuf.ProtoFileDescriptorSupplier,
+          io.grpc.protobuf.ProtoServiceDescriptorSupplier {
+    BinauthzManagementServiceV1BaseDescriptorSupplier() {}
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.FileDescriptor getFileDescriptor() {
+      return com.google.protos.google.cloud.binaryauthorization.v1.Service.getDescriptor();
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.ServiceDescriptor getServiceDescriptor() {
+      return getFileDescriptor().findServiceByName("BinauthzManagementServiceV1");
+    }
+  }
+
+  private static final class BinauthzManagementServiceV1FileDescriptorSupplier
+      extends BinauthzManagementServiceV1BaseDescriptorSupplier {
+    BinauthzManagementServiceV1FileDescriptorSupplier() {}
+  }
+
+  private static final class BinauthzManagementServiceV1MethodDescriptorSupplier
+      extends BinauthzManagementServiceV1BaseDescriptorSupplier
+      implements io.grpc.protobuf.ProtoMethodDescriptorSupplier {
+    private final String methodName;
+
+    BinauthzManagementServiceV1MethodDescriptorSupplier(String methodName) {
+      this.methodName = methodName;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.MethodDescriptor getMethodDescriptor() {
+      return getServiceDescriptor().findMethodByName(methodName);
+    }
+  }
+
+  private static volatile io.grpc.ServiceDescriptor serviceDescriptor;
+
+  public static io.grpc.ServiceDescriptor getServiceDescriptor() {
+    io.grpc.ServiceDescriptor result = serviceDescriptor;
+    if (result == null) {
+      synchronized (BinauthzManagementServiceV1Grpc.class) {
+        result = serviceDescriptor;
+        if (result == null) {
+          serviceDescriptor =
+              result =
+                  io.grpc.ServiceDescriptor.newBuilder(SERVICE_NAME)
+                      .setSchemaDescriptor(new BinauthzManagementServiceV1FileDescriptorSupplier())
+                      .addMethod(getGetPolicyMethod())
+                      .addMethod(getUpdatePolicyMethod())
+                      .addMethod(getCreateAttestorMethod())
+                      .addMethod(getGetAttestorMethod())
+                      .addMethod(getUpdateAttestorMethod())
+                      .addMethod(getListAttestorsMethod())
+                      .addMethod(getDeleteAttestorMethod())
+                      .build();
+        }
+      }
+    }
+    return result;
+  }
+}
diff --git a/grpc-google-cloud-binary-authorization-v1/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/SystemPolicyV1Grpc.java b/grpc-google-cloud-binary-authorization-v1/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/SystemPolicyV1Grpc.java
new file mode 100644
index 00000000..72939535
--- /dev/null
+++ b/grpc-google-cloud-binary-authorization-v1/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/SystemPolicyV1Grpc.java
@@ -0,0 +1,375 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.google.protos.google.cloud.binaryauthorization.v1;
+
+import static io.grpc.MethodDescriptor.generateFullMethodName;
+
+/**
+ *
+ *
+ * <pre>
+ * API for working with the system policy.
+ * </pre>
+ */
+@javax.annotation.Generated(
+    value = "by gRPC proto compiler",
+    comments = "Source: google/cloud/binaryauthorization/v1/service.proto")
+public final class SystemPolicyV1Grpc {
+
+  private SystemPolicyV1Grpc() {}
+
+  public static final String SERVICE_NAME = "google.cloud.binaryauthorization.v1.SystemPolicyV1";
+
+  // Static method descriptors that strictly reflect the proto.
+  private static volatile io.grpc.MethodDescriptor<
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.GetSystemPolicyRequest,
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy>
+      getGetSystemPolicyMethod;
+
+  @io.grpc.stub.annotations.RpcMethod(
+      fullMethodName = SERVICE_NAME + '/' + "GetSystemPolicy",
+      requestType =
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.GetSystemPolicyRequest
+              .class,
+      responseType = com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy.class,
+      methodType = io.grpc.MethodDescriptor.MethodType.UNARY)
+  public static io.grpc.MethodDescriptor<
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.GetSystemPolicyRequest,
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy>
+      getGetSystemPolicyMethod() {
+    io.grpc.MethodDescriptor<
+            com.google.protos.google.cloud.binaryauthorization.v1.Service.GetSystemPolicyRequest,
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy>
+        getGetSystemPolicyMethod;
+    if ((getGetSystemPolicyMethod = SystemPolicyV1Grpc.getGetSystemPolicyMethod) == null) {
+      synchronized (SystemPolicyV1Grpc.class) {
+        if ((getGetSystemPolicyMethod = SystemPolicyV1Grpc.getGetSystemPolicyMethod) == null) {
+          SystemPolicyV1Grpc.getGetSystemPolicyMethod =
+              getGetSystemPolicyMethod =
+                  io.grpc.MethodDescriptor
+                      .<com.google.protos.google.cloud.binaryauthorization.v1.Service
+                              .GetSystemPolicyRequest,
+                          com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy>
+                          newBuilder()
+                      .setType(io.grpc.MethodDescriptor.MethodType.UNARY)
+                      .setFullMethodName(generateFullMethodName(SERVICE_NAME, "GetSystemPolicy"))
+                      .setSampledToLocalTracing(true)
+                      .setRequestMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.protos.google.cloud.binaryauthorization.v1.Service
+                                  .GetSystemPolicyRequest.getDefaultInstance()))
+                      .setResponseMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy
+                                  .getDefaultInstance()))
+                      .setSchemaDescriptor(
+                          new SystemPolicyV1MethodDescriptorSupplier("GetSystemPolicy"))
+                      .build();
+        }
+      }
+    }
+    return getGetSystemPolicyMethod;
+  }
+
+  /** Creates a new async stub that supports all call types for the service */
+  public static SystemPolicyV1Stub newStub(io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<SystemPolicyV1Stub> factory =
+        new io.grpc.stub.AbstractStub.StubFactory<SystemPolicyV1Stub>() {
+          @java.lang.Override
+          public SystemPolicyV1Stub newStub(
+              io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+            return new SystemPolicyV1Stub(channel, callOptions);
+          }
+        };
+    return SystemPolicyV1Stub.newStub(factory, channel);
+  }
+
+  /**
+   * Creates a new blocking-style stub that supports unary and streaming output calls on the service
+   */
+  public static SystemPolicyV1BlockingStub newBlockingStub(io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<SystemPolicyV1BlockingStub> factory =
+        new io.grpc.stub.AbstractStub.StubFactory<SystemPolicyV1BlockingStub>() {
+          @java.lang.Override
+          public SystemPolicyV1BlockingStub newStub(
+              io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+            return new SystemPolicyV1BlockingStub(channel, callOptions);
+          }
+        };
+    return SystemPolicyV1BlockingStub.newStub(factory, channel);
+  }
+
+  /** Creates a new ListenableFuture-style stub that supports unary calls on the service */
+  public static SystemPolicyV1FutureStub newFutureStub(io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<SystemPolicyV1FutureStub> factory =
+        new io.grpc.stub.AbstractStub.StubFactory<SystemPolicyV1FutureStub>() {
+          @java.lang.Override
+          public SystemPolicyV1FutureStub newStub(
+              io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+            return new SystemPolicyV1FutureStub(channel, callOptions);
+          }
+        };
+    return SystemPolicyV1FutureStub.newStub(factory, channel);
+  }
+
+  /**
+   *
+   *
+   * <pre>
+   * API for working with the system policy.
+   * </pre>
+   */
+  public abstract static class SystemPolicyV1ImplBase implements io.grpc.BindableService {
+
+    /**
+     *
+     *
+     * <pre>
+     * Gets the current system policy in the specified location.
+     * </pre>
+     */
+    public void getSystemPolicy(
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.GetSystemPolicyRequest
+            request,
+        io.grpc.stub.StreamObserver<
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy>
+            responseObserver) {
+      io.grpc.stub.ServerCalls.asyncUnimplementedUnaryCall(
+          getGetSystemPolicyMethod(), responseObserver);
+    }
+
+    @java.lang.Override
+    public final io.grpc.ServerServiceDefinition bindService() {
+      return io.grpc.ServerServiceDefinition.builder(getServiceDescriptor())
+          .addMethod(
+              getGetSystemPolicyMethod(),
+              io.grpc.stub.ServerCalls.asyncUnaryCall(
+                  new MethodHandlers<
+                      com.google.protos.google.cloud.binaryauthorization.v1.Service
+                          .GetSystemPolicyRequest,
+                      com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy>(
+                      this, METHODID_GET_SYSTEM_POLICY)))
+          .build();
+    }
+  }
+
+  /**
+   *
+   *
+   * <pre>
+   * API for working with the system policy.
+   * </pre>
+   */
+  public static final class SystemPolicyV1Stub
+      extends io.grpc.stub.AbstractAsyncStub<SystemPolicyV1Stub> {
+    private SystemPolicyV1Stub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected SystemPolicyV1Stub build(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new SystemPolicyV1Stub(channel, callOptions);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Gets the current system policy in the specified location.
+     * </pre>
+     */
+    public void getSystemPolicy(
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.GetSystemPolicyRequest
+            request,
+        io.grpc.stub.StreamObserver<
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy>
+            responseObserver) {
+      io.grpc.stub.ClientCalls.asyncUnaryCall(
+          getChannel().newCall(getGetSystemPolicyMethod(), getCallOptions()),
+          request,
+          responseObserver);
+    }
+  }
+
+  /**
+   *
+   *
+   * <pre>
+   * API for working with the system policy.
+   * </pre>
+   */
+  public static final class SystemPolicyV1BlockingStub
+      extends io.grpc.stub.AbstractBlockingStub<SystemPolicyV1BlockingStub> {
+    private SystemPolicyV1BlockingStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected SystemPolicyV1BlockingStub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new SystemPolicyV1BlockingStub(channel, callOptions);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Gets the current system policy in the specified location.
+     * </pre>
+     */
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy getSystemPolicy(
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.GetSystemPolicyRequest
+            request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getGetSystemPolicyMethod(), getCallOptions(), request);
+    }
+  }
+
+  /**
+   *
+   *
+   * <pre>
+   * API for working with the system policy.
+   * </pre>
+   */
+  public static final class SystemPolicyV1FutureStub
+      extends io.grpc.stub.AbstractFutureStub<SystemPolicyV1FutureStub> {
+    private SystemPolicyV1FutureStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected SystemPolicyV1FutureStub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new SystemPolicyV1FutureStub(channel, callOptions);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Gets the current system policy in the specified location.
+     * </pre>
+     */
+    public com.google.common.util.concurrent.ListenableFuture<
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy>
+        getSystemPolicy(
+            com.google.protos.google.cloud.binaryauthorization.v1.Service.GetSystemPolicyRequest
+                request) {
+      return io.grpc.stub.ClientCalls.futureUnaryCall(
+          getChannel().newCall(getGetSystemPolicyMethod(), getCallOptions()), request);
+    }
+  }
+
+  private static final int METHODID_GET_SYSTEM_POLICY = 0;
+
+  private static final class MethodHandlers<Req, Resp>
+      implements io.grpc.stub.ServerCalls.UnaryMethod<Req, Resp>,
+          io.grpc.stub.ServerCalls.ServerStreamingMethod<Req, Resp>,
+          io.grpc.stub.ServerCalls.ClientStreamingMethod<Req, Resp>,
+          io.grpc.stub.ServerCalls.BidiStreamingMethod<Req, Resp> {
+    private final SystemPolicyV1ImplBase serviceImpl;
+    private final int methodId;
+
+    MethodHandlers(SystemPolicyV1ImplBase serviceImpl, int methodId) {
+      this.serviceImpl = serviceImpl;
+      this.methodId = methodId;
+    }
+
+    @java.lang.Override
+    @java.lang.SuppressWarnings("unchecked")
+    public void invoke(Req request, io.grpc.stub.StreamObserver<Resp> responseObserver) {
+      switch (methodId) {
+        case METHODID_GET_SYSTEM_POLICY:
+          serviceImpl.getSystemPolicy(
+              (com.google.protos.google.cloud.binaryauthorization.v1.Service.GetSystemPolicyRequest)
+                  request,
+              (io.grpc.stub.StreamObserver<
+                      com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy>)
+                  responseObserver);
+          break;
+        default:
+          throw new AssertionError();
+      }
+    }
+
+    @java.lang.Override
+    @java.lang.SuppressWarnings("unchecked")
+    public io.grpc.stub.StreamObserver<Req> invoke(
+        io.grpc.stub.StreamObserver<Resp> responseObserver) {
+      switch (methodId) {
+        default:
+          throw new AssertionError();
+      }
+    }
+  }
+
+  private abstract static class SystemPolicyV1BaseDescriptorSupplier
+      implements io.grpc.protobuf.ProtoFileDescriptorSupplier,
+          io.grpc.protobuf.ProtoServiceDescriptorSupplier {
+    SystemPolicyV1BaseDescriptorSupplier() {}
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.FileDescriptor getFileDescriptor() {
+      return com.google.protos.google.cloud.binaryauthorization.v1.Service.getDescriptor();
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.ServiceDescriptor getServiceDescriptor() {
+      return getFileDescriptor().findServiceByName("SystemPolicyV1");
+    }
+  }
+
+  private static final class SystemPolicyV1FileDescriptorSupplier
+      extends SystemPolicyV1BaseDescriptorSupplier {
+    SystemPolicyV1FileDescriptorSupplier() {}
+  }
+
+  private static final class SystemPolicyV1MethodDescriptorSupplier
+      extends SystemPolicyV1BaseDescriptorSupplier
+      implements io.grpc.protobuf.ProtoMethodDescriptorSupplier {
+    private final String methodName;
+
+    SystemPolicyV1MethodDescriptorSupplier(String methodName) {
+      this.methodName = methodName;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.MethodDescriptor getMethodDescriptor() {
+      return getServiceDescriptor().findMethodByName(methodName);
+    }
+  }
+
+  private static volatile io.grpc.ServiceDescriptor serviceDescriptor;
+
+  public static io.grpc.ServiceDescriptor getServiceDescriptor() {
+    io.grpc.ServiceDescriptor result = serviceDescriptor;
+    if (result == null) {
+      synchronized (SystemPolicyV1Grpc.class) {
+        result = serviceDescriptor;
+        if (result == null) {
+          serviceDescriptor =
+              result =
+                  io.grpc.ServiceDescriptor.newBuilder(SERVICE_NAME)
+                      .setSchemaDescriptor(new SystemPolicyV1FileDescriptorSupplier())
+                      .addMethod(getGetSystemPolicyMethod())
+                      .build();
+        }
+      }
+    }
+    return result;
+  }
+}
diff --git a/grpc-google-cloud-binary-authorization-v1/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/ValidationHelperV1Grpc.java b/grpc-google-cloud-binary-authorization-v1/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/ValidationHelperV1Grpc.java
new file mode 100644
index 00000000..30e0c3d1
--- /dev/null
+++ b/grpc-google-cloud-binary-authorization-v1/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/ValidationHelperV1Grpc.java
@@ -0,0 +1,410 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.google.protos.google.cloud.binaryauthorization.v1;
+
+import static io.grpc.MethodDescriptor.generateFullMethodName;
+
+/**
+ *
+ *
+ * <pre>
+ * BinAuthz Attestor verification
+ * </pre>
+ */
+@javax.annotation.Generated(
+    value = "by gRPC proto compiler",
+    comments = "Source: google/cloud/binaryauthorization/v1/service.proto")
+public final class ValidationHelperV1Grpc {
+
+  private ValidationHelperV1Grpc() {}
+
+  public static final String SERVICE_NAME =
+      "google.cloud.binaryauthorization.v1.ValidationHelperV1";
+
+  // Static method descriptors that strictly reflect the proto.
+  private static volatile io.grpc.MethodDescriptor<
+          com.google.protos.google.cloud.binaryauthorization.v1.Service
+              .ValidateAttestationOccurrenceRequest,
+          com.google.protos.google.cloud.binaryauthorization.v1.Service
+              .ValidateAttestationOccurrenceResponse>
+      getValidateAttestationOccurrenceMethod;
+
+  @io.grpc.stub.annotations.RpcMethod(
+      fullMethodName = SERVICE_NAME + '/' + "ValidateAttestationOccurrence",
+      requestType =
+          com.google.protos.google.cloud.binaryauthorization.v1.Service
+              .ValidateAttestationOccurrenceRequest.class,
+      responseType =
+          com.google.protos.google.cloud.binaryauthorization.v1.Service
+              .ValidateAttestationOccurrenceResponse.class,
+      methodType = io.grpc.MethodDescriptor.MethodType.UNARY)
+  public static io.grpc.MethodDescriptor<
+          com.google.protos.google.cloud.binaryauthorization.v1.Service
+              .ValidateAttestationOccurrenceRequest,
+          com.google.protos.google.cloud.binaryauthorization.v1.Service
+              .ValidateAttestationOccurrenceResponse>
+      getValidateAttestationOccurrenceMethod() {
+    io.grpc.MethodDescriptor<
+            com.google.protos.google.cloud.binaryauthorization.v1.Service
+                .ValidateAttestationOccurrenceRequest,
+            com.google.protos.google.cloud.binaryauthorization.v1.Service
+                .ValidateAttestationOccurrenceResponse>
+        getValidateAttestationOccurrenceMethod;
+    if ((getValidateAttestationOccurrenceMethod =
+            ValidationHelperV1Grpc.getValidateAttestationOccurrenceMethod)
+        == null) {
+      synchronized (ValidationHelperV1Grpc.class) {
+        if ((getValidateAttestationOccurrenceMethod =
+                ValidationHelperV1Grpc.getValidateAttestationOccurrenceMethod)
+            == null) {
+          ValidationHelperV1Grpc.getValidateAttestationOccurrenceMethod =
+              getValidateAttestationOccurrenceMethod =
+                  io.grpc.MethodDescriptor
+                      .<com.google.protos.google.cloud.binaryauthorization.v1.Service
+                              .ValidateAttestationOccurrenceRequest,
+                          com.google.protos.google.cloud.binaryauthorization.v1.Service
+                              .ValidateAttestationOccurrenceResponse>
+                          newBuilder()
+                      .setType(io.grpc.MethodDescriptor.MethodType.UNARY)
+                      .setFullMethodName(
+                          generateFullMethodName(SERVICE_NAME, "ValidateAttestationOccurrence"))
+                      .setSampledToLocalTracing(true)
+                      .setRequestMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.protos.google.cloud.binaryauthorization.v1.Service
+                                  .ValidateAttestationOccurrenceRequest.getDefaultInstance()))
+                      .setResponseMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.protos.google.cloud.binaryauthorization.v1.Service
+                                  .ValidateAttestationOccurrenceResponse.getDefaultInstance()))
+                      .setSchemaDescriptor(
+                          new ValidationHelperV1MethodDescriptorSupplier(
+                              "ValidateAttestationOccurrence"))
+                      .build();
+        }
+      }
+    }
+    return getValidateAttestationOccurrenceMethod;
+  }
+
+  /** Creates a new async stub that supports all call types for the service */
+  public static ValidationHelperV1Stub newStub(io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<ValidationHelperV1Stub> factory =
+        new io.grpc.stub.AbstractStub.StubFactory<ValidationHelperV1Stub>() {
+          @java.lang.Override
+          public ValidationHelperV1Stub newStub(
+              io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+            return new ValidationHelperV1Stub(channel, callOptions);
+          }
+        };
+    return ValidationHelperV1Stub.newStub(factory, channel);
+  }
+
+  /**
+   * Creates a new blocking-style stub that supports unary and streaming output calls on the service
+   */
+  public static ValidationHelperV1BlockingStub newBlockingStub(io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<ValidationHelperV1BlockingStub> factory =
+        new io.grpc.stub.AbstractStub.StubFactory<ValidationHelperV1BlockingStub>() {
+          @java.lang.Override
+          public ValidationHelperV1BlockingStub newStub(
+              io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+            return new ValidationHelperV1BlockingStub(channel, callOptions);
+          }
+        };
+    return ValidationHelperV1BlockingStub.newStub(factory, channel);
+  }
+
+  /** Creates a new ListenableFuture-style stub that supports unary calls on the service */
+  public static ValidationHelperV1FutureStub newFutureStub(io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<ValidationHelperV1FutureStub> factory =
+        new io.grpc.stub.AbstractStub.StubFactory<ValidationHelperV1FutureStub>() {
+          @java.lang.Override
+          public ValidationHelperV1FutureStub newStub(
+              io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+            return new ValidationHelperV1FutureStub(channel, callOptions);
+          }
+        };
+    return ValidationHelperV1FutureStub.newStub(factory, channel);
+  }
+
+  /**
+   *
+   *
+   * <pre>
+   * BinAuthz Attestor verification
+   * </pre>
+   */
+  public abstract static class ValidationHelperV1ImplBase implements io.grpc.BindableService {
+
+    /**
+     *
+     *
+     * <pre>
+     * Returns whether the given Attestation for the given image URI
+     * was signed by the given Attestor
+     * </pre>
+     */
+    public void validateAttestationOccurrence(
+        com.google.protos.google.cloud.binaryauthorization.v1.Service
+                .ValidateAttestationOccurrenceRequest
+            request,
+        io.grpc.stub.StreamObserver<
+                com.google.protos.google.cloud.binaryauthorization.v1.Service
+                    .ValidateAttestationOccurrenceResponse>
+            responseObserver) {
+      io.grpc.stub.ServerCalls.asyncUnimplementedUnaryCall(
+          getValidateAttestationOccurrenceMethod(), responseObserver);
+    }
+
+    @java.lang.Override
+    public final io.grpc.ServerServiceDefinition bindService() {
+      return io.grpc.ServerServiceDefinition.builder(getServiceDescriptor())
+          .addMethod(
+              getValidateAttestationOccurrenceMethod(),
+              io.grpc.stub.ServerCalls.asyncUnaryCall(
+                  new MethodHandlers<
+                      com.google.protos.google.cloud.binaryauthorization.v1.Service
+                          .ValidateAttestationOccurrenceRequest,
+                      com.google.protos.google.cloud.binaryauthorization.v1.Service
+                          .ValidateAttestationOccurrenceResponse>(
+                      this, METHODID_VALIDATE_ATTESTATION_OCCURRENCE)))
+          .build();
+    }
+  }
+
+  /**
+   *
+   *
+   * <pre>
+   * BinAuthz Attestor verification
+   * </pre>
+   */
+  public static final class ValidationHelperV1Stub
+      extends io.grpc.stub.AbstractAsyncStub<ValidationHelperV1Stub> {
+    private ValidationHelperV1Stub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected ValidationHelperV1Stub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new ValidationHelperV1Stub(channel, callOptions);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Returns whether the given Attestation for the given image URI
+     * was signed by the given Attestor
+     * </pre>
+     */
+    public void validateAttestationOccurrence(
+        com.google.protos.google.cloud.binaryauthorization.v1.Service
+                .ValidateAttestationOccurrenceRequest
+            request,
+        io.grpc.stub.StreamObserver<
+                com.google.protos.google.cloud.binaryauthorization.v1.Service
+                    .ValidateAttestationOccurrenceResponse>
+            responseObserver) {
+      io.grpc.stub.ClientCalls.asyncUnaryCall(
+          getChannel().newCall(getValidateAttestationOccurrenceMethod(), getCallOptions()),
+          request,
+          responseObserver);
+    }
+  }
+
+  /**
+   *
+   *
+   * <pre>
+   * BinAuthz Attestor verification
+   * </pre>
+   */
+  public static final class ValidationHelperV1BlockingStub
+      extends io.grpc.stub.AbstractBlockingStub<ValidationHelperV1BlockingStub> {
+    private ValidationHelperV1BlockingStub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected ValidationHelperV1BlockingStub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new ValidationHelperV1BlockingStub(channel, callOptions);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Returns whether the given Attestation for the given image URI
+     * was signed by the given Attestor
+     * </pre>
+     */
+    public com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ValidateAttestationOccurrenceResponse
+        validateAttestationOccurrence(
+            com.google.protos.google.cloud.binaryauthorization.v1.Service
+                    .ValidateAttestationOccurrenceRequest
+                request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getValidateAttestationOccurrenceMethod(), getCallOptions(), request);
+    }
+  }
+
+  /**
+   *
+   *
+   * <pre>
+   * BinAuthz Attestor verification
+   * </pre>
+   */
+  public static final class ValidationHelperV1FutureStub
+      extends io.grpc.stub.AbstractFutureStub<ValidationHelperV1FutureStub> {
+    private ValidationHelperV1FutureStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected ValidationHelperV1FutureStub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new ValidationHelperV1FutureStub(channel, callOptions);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Returns whether the given Attestation for the given image URI
+     * was signed by the given Attestor
+     * </pre>
+     */
+    public com.google.common.util.concurrent.ListenableFuture<
+            com.google.protos.google.cloud.binaryauthorization.v1.Service
+                .ValidateAttestationOccurrenceResponse>
+        validateAttestationOccurrence(
+            com.google.protos.google.cloud.binaryauthorization.v1.Service
+                    .ValidateAttestationOccurrenceRequest
+                request) {
+      return io.grpc.stub.ClientCalls.futureUnaryCall(
+          getChannel().newCall(getValidateAttestationOccurrenceMethod(), getCallOptions()),
+          request);
+    }
+  }
+
+  private static final int METHODID_VALIDATE_ATTESTATION_OCCURRENCE = 0;
+
+  private static final class MethodHandlers<Req, Resp>
+      implements io.grpc.stub.ServerCalls.UnaryMethod<Req, Resp>,
+          io.grpc.stub.ServerCalls.ServerStreamingMethod<Req, Resp>,
+          io.grpc.stub.ServerCalls.ClientStreamingMethod<Req, Resp>,
+          io.grpc.stub.ServerCalls.BidiStreamingMethod<Req, Resp> {
+    private final ValidationHelperV1ImplBase serviceImpl;
+    private final int methodId;
+
+    MethodHandlers(ValidationHelperV1ImplBase serviceImpl, int methodId) {
+      this.serviceImpl = serviceImpl;
+      this.methodId = methodId;
+    }
+
+    @java.lang.Override
+    @java.lang.SuppressWarnings("unchecked")
+    public void invoke(Req request, io.grpc.stub.StreamObserver<Resp> responseObserver) {
+      switch (methodId) {
+        case METHODID_VALIDATE_ATTESTATION_OCCURRENCE:
+          serviceImpl.validateAttestationOccurrence(
+              (com.google.protos.google.cloud.binaryauthorization.v1.Service
+                      .ValidateAttestationOccurrenceRequest)
+                  request,
+              (io.grpc.stub.StreamObserver<
+                      com.google.protos.google.cloud.binaryauthorization.v1.Service
+                          .ValidateAttestationOccurrenceResponse>)
+                  responseObserver);
+          break;
+        default:
+          throw new AssertionError();
+      }
+    }
+
+    @java.lang.Override
+    @java.lang.SuppressWarnings("unchecked")
+    public io.grpc.stub.StreamObserver<Req> invoke(
+        io.grpc.stub.StreamObserver<Resp> responseObserver) {
+      switch (methodId) {
+        default:
+          throw new AssertionError();
+      }
+    }
+  }
+
+  private abstract static class ValidationHelperV1BaseDescriptorSupplier
+      implements io.grpc.protobuf.ProtoFileDescriptorSupplier,
+          io.grpc.protobuf.ProtoServiceDescriptorSupplier {
+    ValidationHelperV1BaseDescriptorSupplier() {}
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.FileDescriptor getFileDescriptor() {
+      return com.google.protos.google.cloud.binaryauthorization.v1.Service.getDescriptor();
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.ServiceDescriptor getServiceDescriptor() {
+      return getFileDescriptor().findServiceByName("ValidationHelperV1");
+    }
+  }
+
+  private static final class ValidationHelperV1FileDescriptorSupplier
+      extends ValidationHelperV1BaseDescriptorSupplier {
+    ValidationHelperV1FileDescriptorSupplier() {}
+  }
+
+  private static final class ValidationHelperV1MethodDescriptorSupplier
+      extends ValidationHelperV1BaseDescriptorSupplier
+      implements io.grpc.protobuf.ProtoMethodDescriptorSupplier {
+    private final String methodName;
+
+    ValidationHelperV1MethodDescriptorSupplier(String methodName) {
+      this.methodName = methodName;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.MethodDescriptor getMethodDescriptor() {
+      return getServiceDescriptor().findMethodByName(methodName);
+    }
+  }
+
+  private static volatile io.grpc.ServiceDescriptor serviceDescriptor;
+
+  public static io.grpc.ServiceDescriptor getServiceDescriptor() {
+    io.grpc.ServiceDescriptor result = serviceDescriptor;
+    if (result == null) {
+      synchronized (ValidationHelperV1Grpc.class) {
+        result = serviceDescriptor;
+        if (result == null) {
+          serviceDescriptor =
+              result =
+                  io.grpc.ServiceDescriptor.newBuilder(SERVICE_NAME)
+                      .setSchemaDescriptor(new ValidationHelperV1FileDescriptorSupplier())
+                      .addMethod(getValidateAttestationOccurrenceMethod())
+                      .build();
+        }
+      }
+    }
+    return result;
+  }
+}
diff --git a/pom.xml b/pom.xml
index 77b1f900..92ad4cde 100644
--- a/pom.xml
+++ b/pom.xml
@@ -62,6 +62,16 @@
         <artifactId>google-cloud-binary-authorization</artifactId>
         <version>0.3.4-SNAPSHOT</version><!-- {x-version-update:google-cloud-binary-authorization:current} -->
       </dependency>
+      <dependency>
+        <groupId>com.google.api.grpc</groupId>
+        <artifactId>proto-google-cloud-binary-authorization-v1</artifactId>
+        <version>0.3.4-SNAPSHOT</version><!-- {x-version-update:proto-google-cloud-binary-authorization-v1:current} -->
+      </dependency>
+      <dependency>
+        <groupId>com.google.api.grpc</groupId>
+        <artifactId>grpc-google-cloud-binary-authorization-v1</artifactId>
+        <version>0.3.4-SNAPSHOT</version><!-- {x-version-update:grpc-google-cloud-binary-authorization-v1:current} -->
+      </dependency>
       <dependency>
         <groupId>com.google.api.grpc</groupId>
         <artifactId>grpc-google-cloud-binary-authorization-v1beta1</artifactId>
@@ -73,6 +83,12 @@
         <version>0.3.4-SNAPSHOT</version><!-- {x-version-update:proto-google-cloud-binary-authorization-v1beta1:current} -->
       </dependency>
 
+      <dependency>
+        <groupId>io.grafeas</groupId>
+        <artifactId>grafeas</artifactId>
+        <version>2.0.6</version>
+      </dependency>
+
       <dependency>
         <groupId>com.google.cloud</groupId>
         <artifactId>google-cloud-shared-dependencies</artifactId>
@@ -103,7 +119,9 @@
   <modules>
     <module>google-cloud-binary-authorization</module>
     <module>grpc-google-cloud-binary-authorization-v1beta1</module>
+    <module>grpc-google-cloud-binary-authorization-v1</module>
     <module>proto-google-cloud-binary-authorization-v1beta1</module>
+    <module>proto-google-cloud-binary-authorization-v1</module>
     <module>google-cloud-binary-authorization-bom</module>
   </modules>
 
diff --git a/proto-google-cloud-binary-authorization-v1/clirr-ignored-differences.xml b/proto-google-cloud-binary-authorization-v1/clirr-ignored-differences.xml
new file mode 100644
index 00000000..70e35c15
--- /dev/null
+++ b/proto-google-cloud-binary-authorization-v1/clirr-ignored-differences.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- see http://www.mojohaus.org/clirr-maven-plugin/examples/ignored-differences.html -->
+<differences>
+
+</differences>
diff --git a/proto-google-cloud-binary-authorization-v1/pom.xml b/proto-google-cloud-binary-authorization-v1/pom.xml
new file mode 100644
index 00000000..b520f7b3
--- /dev/null
+++ b/proto-google-cloud-binary-authorization-v1/pom.xml
@@ -0,0 +1,46 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>com.google.api.grpc</groupId>
+  <artifactId>proto-google-cloud-binary-authorization-v1</artifactId>
+  <version>0.3.4-SNAPSHOT</version><!-- {x-version-update:proto-google-cloud-binary-authorization-v1:current} -->
+  <name>proto-google-cloud-binary-authorization-v1</name>
+  <description>Proto library for google-cloud-binary-authorization</description>
+  <parent>
+    <groupId>com.google.cloud</groupId>
+    <artifactId>google-cloud-binary-authorization-parent</artifactId>
+    <version>0.3.4-SNAPSHOT</version><!-- {x-version-update:google-cloud-binary-authorization:current} -->
+  </parent>
+  <dependencies>
+    <dependency>
+      <groupId>com.google.protobuf</groupId>
+      <artifactId>protobuf-java</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>com.google.api.grpc</groupId>
+      <artifactId>proto-google-common-protos</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>com.google.api</groupId>
+      <artifactId>api-common</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>com.google.guava</groupId>
+      <artifactId>guava</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>io.grafeas</groupId>
+      <artifactId>grafeas</artifactId>
+    </dependency>
+  </dependencies>
+
+  <build>
+    <plugins>
+      <plugin>
+          <groupId>org.codehaus.mojo</groupId>
+          <artifactId>flatten-maven-plugin</artifactId>
+        </plugin>
+    </plugins>
+  </build>
+</project>
diff --git a/proto-google-cloud-binary-authorization-v1/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/AttestorName.java b/proto-google-cloud-binary-authorization-v1/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/AttestorName.java
new file mode 100644
index 00000000..1281ca73
--- /dev/null
+++ b/proto-google-cloud-binary-authorization-v1/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/AttestorName.java
@@ -0,0 +1,192 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.protos.google.cloud.binaryauthorization.v1;
+
+import com.google.api.pathtemplate.PathTemplate;
+import com.google.api.resourcenames.ResourceName;
+import com.google.common.base.Preconditions;
+import com.google.common.collect.ImmutableMap;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import javax.annotation.Generated;
+
+// AUTO-GENERATED DOCUMENTATION AND CLASS.
+@Generated("by gapic-generator-java")
+public class AttestorName implements ResourceName {
+  private static final PathTemplate PROJECT_ATTESTOR =
+      PathTemplate.createWithoutUrlEncoding("projects/{project}/attestors/{attestor}");
+  private volatile Map<String, String> fieldValuesMap;
+  private final String project;
+  private final String attestor;
+
+  @Deprecated
+  protected AttestorName() {
+    project = null;
+    attestor = null;
+  }
+
+  private AttestorName(Builder builder) {
+    project = Preconditions.checkNotNull(builder.getProject());
+    attestor = Preconditions.checkNotNull(builder.getAttestor());
+  }
+
+  public String getProject() {
+    return project;
+  }
+
+  public String getAttestor() {
+    return attestor;
+  }
+
+  public static Builder newBuilder() {
+    return new Builder();
+  }
+
+  public Builder toBuilder() {
+    return new Builder(this);
+  }
+
+  public static AttestorName of(String project, String attestor) {
+    return newBuilder().setProject(project).setAttestor(attestor).build();
+  }
+
+  public static String format(String project, String attestor) {
+    return newBuilder().setProject(project).setAttestor(attestor).build().toString();
+  }
+
+  public static AttestorName parse(String formattedString) {
+    if (formattedString.isEmpty()) {
+      return null;
+    }
+    Map<String, String> matchMap =
+        PROJECT_ATTESTOR.validatedMatch(
+            formattedString, "AttestorName.parse: formattedString not in valid format");
+    return of(matchMap.get("project"), matchMap.get("attestor"));
+  }
+
+  public static List<AttestorName> parseList(List<String> formattedStrings) {
+    List<AttestorName> list = new ArrayList<>(formattedStrings.size());
+    for (String formattedString : formattedStrings) {
+      list.add(parse(formattedString));
+    }
+    return list;
+  }
+
+  public static List<String> toStringList(List<AttestorName> values) {
+    List<String> list = new ArrayList<>(values.size());
+    for (AttestorName value : values) {
+      if (value == null) {
+        list.add("");
+      } else {
+        list.add(value.toString());
+      }
+    }
+    return list;
+  }
+
+  public static boolean isParsableFrom(String formattedString) {
+    return PROJECT_ATTESTOR.matches(formattedString);
+  }
+
+  @Override
+  public Map<String, String> getFieldValuesMap() {
+    if (fieldValuesMap == null) {
+      synchronized (this) {
+        if (fieldValuesMap == null) {
+          ImmutableMap.Builder<String, String> fieldMapBuilder = ImmutableMap.builder();
+          if (project != null) {
+            fieldMapBuilder.put("project", project);
+          }
+          if (attestor != null) {
+            fieldMapBuilder.put("attestor", attestor);
+          }
+          fieldValuesMap = fieldMapBuilder.build();
+        }
+      }
+    }
+    return fieldValuesMap;
+  }
+
+  public String getFieldValue(String fieldName) {
+    return getFieldValuesMap().get(fieldName);
+  }
+
+  @Override
+  public String toString() {
+    return PROJECT_ATTESTOR.instantiate("project", project, "attestor", attestor);
+  }
+
+  @Override
+  public boolean equals(Object o) {
+    if (o == this) {
+      return true;
+    }
+    if (o != null || getClass() == o.getClass()) {
+      AttestorName that = ((AttestorName) o);
+      return Objects.equals(this.project, that.project)
+          && Objects.equals(this.attestor, that.attestor);
+    }
+    return false;
+  }
+
+  @Override
+  public int hashCode() {
+    int h = 1;
+    h *= 1000003;
+    h ^= Objects.hashCode(project);
+    h *= 1000003;
+    h ^= Objects.hashCode(attestor);
+    return h;
+  }
+
+  /** Builder for projects/{project}/attestors/{attestor}. */
+  public static class Builder {
+    private String project;
+    private String attestor;
+
+    protected Builder() {}
+
+    public String getProject() {
+      return project;
+    }
+
+    public String getAttestor() {
+      return attestor;
+    }
+
+    public Builder setProject(String project) {
+      this.project = project;
+      return this;
+    }
+
+    public Builder setAttestor(String attestor) {
+      this.attestor = attestor;
+      return this;
+    }
+
+    private Builder(AttestorName attestorName) {
+      this.project = attestorName.project;
+      this.attestor = attestorName.attestor;
+    }
+
+    public AttestorName build() {
+      return new AttestorName(this);
+    }
+  }
+}
diff --git a/proto-google-cloud-binary-authorization-v1/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/PolicyName.java b/proto-google-cloud-binary-authorization-v1/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/PolicyName.java
new file mode 100644
index 00000000..19f6f6a3
--- /dev/null
+++ b/proto-google-cloud-binary-authorization-v1/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/PolicyName.java
@@ -0,0 +1,254 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.protos.google.cloud.binaryauthorization.v1;
+
+import com.google.api.core.BetaApi;
+import com.google.api.pathtemplate.PathTemplate;
+import com.google.api.pathtemplate.ValidationException;
+import com.google.api.resourcenames.ResourceName;
+import com.google.common.base.Preconditions;
+import com.google.common.collect.ImmutableMap;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import javax.annotation.Generated;
+
+// AUTO-GENERATED DOCUMENTATION AND CLASS.
+@Generated("by gapic-generator-java")
+public class PolicyName implements ResourceName {
+  private static final PathTemplate PROJECT =
+      PathTemplate.createWithoutUrlEncoding("projects/{project}/policy");
+  private static final PathTemplate LOCATION =
+      PathTemplate.createWithoutUrlEncoding("locations/{location}/policy");
+  private volatile Map<String, String> fieldValuesMap;
+  private PathTemplate pathTemplate;
+  private String fixedValue;
+  private final String project;
+  private final String location;
+
+  @Deprecated
+  protected PolicyName() {
+    project = null;
+    location = null;
+  }
+
+  private PolicyName(Builder builder) {
+    project = Preconditions.checkNotNull(builder.getProject());
+    location = null;
+    pathTemplate = PROJECT;
+  }
+
+  private PolicyName(LocationBuilder builder) {
+    location = Preconditions.checkNotNull(builder.getLocation());
+    project = null;
+    pathTemplate = LOCATION;
+  }
+
+  public String getProject() {
+    return project;
+  }
+
+  public String getLocation() {
+    return location;
+  }
+
+  public static Builder newBuilder() {
+    return new Builder();
+  }
+
+  @BetaApi("The per-pattern Builders are not stable yet and may be changed in the future.")
+  public static Builder newProjectBuilder() {
+    return new Builder();
+  }
+
+  @BetaApi("The per-pattern Builders are not stable yet and may be changed in the future.")
+  public static LocationBuilder newLocationBuilder() {
+    return new LocationBuilder();
+  }
+
+  public Builder toBuilder() {
+    return new Builder(this);
+  }
+
+  public static PolicyName of(String project) {
+    return newBuilder().setProject(project).build();
+  }
+
+  @BetaApi("The static create methods are not stable yet and may be changed in the future.")
+  public static PolicyName ofProjectName(String project) {
+    return newBuilder().setProject(project).build();
+  }
+
+  @BetaApi("The static create methods are not stable yet and may be changed in the future.")
+  public static PolicyName ofLocationName(String location) {
+    return newLocationBuilder().setLocation(location).build();
+  }
+
+  public static String format(String project) {
+    return newBuilder().setProject(project).build().toString();
+  }
+
+  @BetaApi("The static format methods are not stable yet and may be changed in the future.")
+  public static String formatProjectName(String project) {
+    return newBuilder().setProject(project).build().toString();
+  }
+
+  @BetaApi("The static format methods are not stable yet and may be changed in the future.")
+  public static String formatLocationName(String location) {
+    return newLocationBuilder().setLocation(location).build().toString();
+  }
+
+  public static PolicyName parse(String formattedString) {
+    if (formattedString.isEmpty()) {
+      return null;
+    }
+    if (PROJECT.matches(formattedString)) {
+      Map<String, String> matchMap = PROJECT.match(formattedString);
+      return ofProjectName(matchMap.get("project"));
+    } else if (LOCATION.matches(formattedString)) {
+      Map<String, String> matchMap = LOCATION.match(formattedString);
+      return ofLocationName(matchMap.get("location"));
+    }
+    throw new ValidationException("PolicyName.parse: formattedString not in valid format");
+  }
+
+  public static List<PolicyName> parseList(List<String> formattedStrings) {
+    List<PolicyName> list = new ArrayList<>(formattedStrings.size());
+    for (String formattedString : formattedStrings) {
+      list.add(parse(formattedString));
+    }
+    return list;
+  }
+
+  public static List<String> toStringList(List<PolicyName> values) {
+    List<String> list = new ArrayList<>(values.size());
+    for (PolicyName value : values) {
+      if (value == null) {
+        list.add("");
+      } else {
+        list.add(value.toString());
+      }
+    }
+    return list;
+  }
+
+  public static boolean isParsableFrom(String formattedString) {
+    return PROJECT.matches(formattedString) || LOCATION.matches(formattedString);
+  }
+
+  @Override
+  public Map<String, String> getFieldValuesMap() {
+    if (fieldValuesMap == null) {
+      synchronized (this) {
+        if (fieldValuesMap == null) {
+          ImmutableMap.Builder<String, String> fieldMapBuilder = ImmutableMap.builder();
+          if (project != null) {
+            fieldMapBuilder.put("project", project);
+          }
+          if (location != null) {
+            fieldMapBuilder.put("location", location);
+          }
+          fieldValuesMap = fieldMapBuilder.build();
+        }
+      }
+    }
+    return fieldValuesMap;
+  }
+
+  public String getFieldValue(String fieldName) {
+    return getFieldValuesMap().get(fieldName);
+  }
+
+  @Override
+  public String toString() {
+    return fixedValue != null ? fixedValue : pathTemplate.instantiate(getFieldValuesMap());
+  }
+
+  @Override
+  public boolean equals(Object o) {
+    if (o == this) {
+      return true;
+    }
+    if (o != null || getClass() == o.getClass()) {
+      PolicyName that = ((PolicyName) o);
+      return Objects.equals(this.project, that.project)
+          && Objects.equals(this.location, that.location);
+    }
+    return false;
+  }
+
+  @Override
+  public int hashCode() {
+    int h = 1;
+    h *= 1000003;
+    h ^= Objects.hashCode(fixedValue);
+    h *= 1000003;
+    h ^= Objects.hashCode(project);
+    h *= 1000003;
+    h ^= Objects.hashCode(location);
+    return h;
+  }
+
+  /** Builder for projects/{project}/policy. */
+  public static class Builder {
+    private String project;
+
+    protected Builder() {}
+
+    public String getProject() {
+      return project;
+    }
+
+    public Builder setProject(String project) {
+      this.project = project;
+      return this;
+    }
+
+    private Builder(PolicyName policyName) {
+      Preconditions.checkArgument(
+          Objects.equals(policyName.pathTemplate, PROJECT),
+          "toBuilder is only supported when PolicyName has the pattern of projects/{project}/policy");
+      this.project = policyName.project;
+    }
+
+    public PolicyName build() {
+      return new PolicyName(this);
+    }
+  }
+
+  /** Builder for locations/{location}/policy. */
+  @BetaApi("The per-pattern Builders are not stable yet and may be changed in the future.")
+  public static class LocationBuilder {
+    private String location;
+
+    protected LocationBuilder() {}
+
+    public String getLocation() {
+      return location;
+    }
+
+    public LocationBuilder setLocation(String location) {
+      this.location = location;
+      return this;
+    }
+
+    public PolicyName build() {
+      return new PolicyName(this);
+    }
+  }
+}
diff --git a/proto-google-cloud-binary-authorization-v1/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/ProjectName.java b/proto-google-cloud-binary-authorization-v1/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/ProjectName.java
new file mode 100644
index 00000000..c9062d3a
--- /dev/null
+++ b/proto-google-cloud-binary-authorization-v1/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/ProjectName.java
@@ -0,0 +1,168 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.protos.google.cloud.binaryauthorization.v1;
+
+import com.google.api.pathtemplate.PathTemplate;
+import com.google.api.resourcenames.ResourceName;
+import com.google.common.base.Preconditions;
+import com.google.common.collect.ImmutableMap;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import javax.annotation.Generated;
+
+// AUTO-GENERATED DOCUMENTATION AND CLASS.
+@Generated("by gapic-generator-java")
+public class ProjectName implements ResourceName {
+  private static final PathTemplate PROJECT =
+      PathTemplate.createWithoutUrlEncoding("projects/{project}");
+  private volatile Map<String, String> fieldValuesMap;
+  private final String project;
+
+  @Deprecated
+  protected ProjectName() {
+    project = null;
+  }
+
+  private ProjectName(Builder builder) {
+    project = Preconditions.checkNotNull(builder.getProject());
+  }
+
+  public String getProject() {
+    return project;
+  }
+
+  public static Builder newBuilder() {
+    return new Builder();
+  }
+
+  public Builder toBuilder() {
+    return new Builder(this);
+  }
+
+  public static ProjectName of(String project) {
+    return newBuilder().setProject(project).build();
+  }
+
+  public static String format(String project) {
+    return newBuilder().setProject(project).build().toString();
+  }
+
+  public static ProjectName parse(String formattedString) {
+    if (formattedString.isEmpty()) {
+      return null;
+    }
+    Map<String, String> matchMap =
+        PROJECT.validatedMatch(
+            formattedString, "ProjectName.parse: formattedString not in valid format");
+    return of(matchMap.get("project"));
+  }
+
+  public static List<ProjectName> parseList(List<String> formattedStrings) {
+    List<ProjectName> list = new ArrayList<>(formattedStrings.size());
+    for (String formattedString : formattedStrings) {
+      list.add(parse(formattedString));
+    }
+    return list;
+  }
+
+  public static List<String> toStringList(List<ProjectName> values) {
+    List<String> list = new ArrayList<>(values.size());
+    for (ProjectName value : values) {
+      if (value == null) {
+        list.add("");
+      } else {
+        list.add(value.toString());
+      }
+    }
+    return list;
+  }
+
+  public static boolean isParsableFrom(String formattedString) {
+    return PROJECT.matches(formattedString);
+  }
+
+  @Override
+  public Map<String, String> getFieldValuesMap() {
+    if (fieldValuesMap == null) {
+      synchronized (this) {
+        if (fieldValuesMap == null) {
+          ImmutableMap.Builder<String, String> fieldMapBuilder = ImmutableMap.builder();
+          if (project != null) {
+            fieldMapBuilder.put("project", project);
+          }
+          fieldValuesMap = fieldMapBuilder.build();
+        }
+      }
+    }
+    return fieldValuesMap;
+  }
+
+  public String getFieldValue(String fieldName) {
+    return getFieldValuesMap().get(fieldName);
+  }
+
+  @Override
+  public String toString() {
+    return PROJECT.instantiate("project", project);
+  }
+
+  @Override
+  public boolean equals(Object o) {
+    if (o == this) {
+      return true;
+    }
+    if (o != null || getClass() == o.getClass()) {
+      ProjectName that = ((ProjectName) o);
+      return Objects.equals(this.project, that.project);
+    }
+    return false;
+  }
+
+  @Override
+  public int hashCode() {
+    int h = 1;
+    h *= 1000003;
+    h ^= Objects.hashCode(project);
+    return h;
+  }
+
+  /** Builder for projects/{project}. */
+  public static class Builder {
+    private String project;
+
+    protected Builder() {}
+
+    public String getProject() {
+      return project;
+    }
+
+    public Builder setProject(String project) {
+      this.project = project;
+      return this;
+    }
+
+    private Builder(ProjectName projectName) {
+      this.project = projectName.project;
+    }
+
+    public ProjectName build() {
+      return new ProjectName(this);
+    }
+  }
+}
diff --git a/proto-google-cloud-binary-authorization-v1/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/Resources.java b/proto-google-cloud-binary-authorization-v1/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/Resources.java
new file mode 100644
index 00000000..57880167
--- /dev/null
+++ b/proto-google-cloud-binary-authorization-v1/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/Resources.java
@@ -0,0 +1,14548 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/binaryauthorization/v1/resources.proto
+
+package com.google.protos.google.cloud.binaryauthorization.v1;
+
+public final class Resources {
+  private Resources() {}
+
+  public static void registerAllExtensions(com.google.protobuf.ExtensionRegistryLite registry) {}
+
+  public static void registerAllExtensions(com.google.protobuf.ExtensionRegistry registry) {
+    registerAllExtensions((com.google.protobuf.ExtensionRegistryLite) registry);
+  }
+
+  public interface PolicyOrBuilder
+      extends
+      // @@protoc_insertion_point(interface_extends:google.cloud.binaryauthorization.v1.Policy)
+      com.google.protobuf.MessageOrBuilder {
+
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The resource name, in the format `projects/&#42;&#47;policy`. There is
+     * at most one policy per project.
+     * </pre>
+     *
+     * <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return The name.
+     */
+    java.lang.String getName();
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The resource name, in the format `projects/&#42;&#47;policy`. There is
+     * at most one policy per project.
+     * </pre>
+     *
+     * <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return The bytes for name.
+     */
+    com.google.protobuf.ByteString getNameBytes();
+
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A descriptive comment.
+     * </pre>
+     *
+     * <code>string description = 6 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The description.
+     */
+    java.lang.String getDescription();
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A descriptive comment.
+     * </pre>
+     *
+     * <code>string description = 6 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The bytes for description.
+     */
+    com.google.protobuf.ByteString getDescriptionBytes();
+
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Controls the evaluation of a Google-maintained global admission
+     * policy for common system-level images. Images not covered by the global
+     * policy will be subject to the project admission policy. This setting
+     * has no effect when specified inside a global admission policy.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.binaryauthorization.v1.Policy.GlobalPolicyEvaluationMode global_policy_evaluation_mode = 7 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return The enum numeric value on the wire for globalPolicyEvaluationMode.
+     */
+    int getGlobalPolicyEvaluationModeValue();
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Controls the evaluation of a Google-maintained global admission
+     * policy for common system-level images. Images not covered by the global
+     * policy will be subject to the project admission policy. This setting
+     * has no effect when specified inside a global admission policy.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.binaryauthorization.v1.Policy.GlobalPolicyEvaluationMode global_policy_evaluation_mode = 7 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return The globalPolicyEvaluationMode.
+     */
+    com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy
+            .GlobalPolicyEvaluationMode
+        getGlobalPolicyEvaluationMode();
+
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Admission policy allowlisting. A matching admission request will
+     * always be permitted. This feature is typically used to exclude Google or
+     * third-party infrastructure images from Binary Authorization policies.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    java.util.List<
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                .AdmissionWhitelistPattern>
+        getAdmissionWhitelistPatternsList();
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Admission policy allowlisting. A matching admission request will
+     * always be permitted. This feature is typically used to exclude Google or
+     * third-party infrastructure images from Binary Authorization policies.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionWhitelistPattern
+        getAdmissionWhitelistPatterns(int index);
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Admission policy allowlisting. A matching admission request will
+     * always be permitted. This feature is typically used to exclude Google or
+     * third-party infrastructure images from Binary Authorization policies.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    int getAdmissionWhitelistPatternsCount();
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Admission policy allowlisting. A matching admission request will
+     * always be permitted. This feature is typically used to exclude Google or
+     * third-party infrastructure images from Binary Authorization policies.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    java.util.List<
+            ? extends
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                    .AdmissionWhitelistPatternOrBuilder>
+        getAdmissionWhitelistPatternsOrBuilderList();
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Admission policy allowlisting. A matching admission request will
+     * always be permitted. This feature is typically used to exclude Google or
+     * third-party infrastructure images from Binary Authorization policies.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .AdmissionWhitelistPatternOrBuilder
+        getAdmissionWhitelistPatternsOrBuilder(int index);
+
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Per-cluster admission rules. Cluster spec format:
+     * `location.clusterId`. There can be at most one admission rule per cluster
+     * spec.
+     * A `location` is either a compute zone (e.g. us-central1-a) or a region
+     * (e.g. us-central1).
+     * For `clusterId` syntax restrictions see
+     * https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
+     * </pre>
+     *
+     * <code>
+     * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    int getClusterAdmissionRulesCount();
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Per-cluster admission rules. Cluster spec format:
+     * `location.clusterId`. There can be at most one admission rule per cluster
+     * spec.
+     * A `location` is either a compute zone (e.g. us-central1-a) or a region
+     * (e.g. us-central1).
+     * For `clusterId` syntax restrictions see
+     * https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
+     * </pre>
+     *
+     * <code>
+     * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    boolean containsClusterAdmissionRules(java.lang.String key);
+    /** Use {@link #getClusterAdmissionRulesMap()} instead. */
+    @java.lang.Deprecated
+    java.util.Map<
+            java.lang.String,
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+        getClusterAdmissionRules();
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Per-cluster admission rules. Cluster spec format:
+     * `location.clusterId`. There can be at most one admission rule per cluster
+     * spec.
+     * A `location` is either a compute zone (e.g. us-central1-a) or a region
+     * (e.g. us-central1).
+     * For `clusterId` syntax restrictions see
+     * https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
+     * </pre>
+     *
+     * <code>
+     * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    java.util.Map<
+            java.lang.String,
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+        getClusterAdmissionRulesMap();
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Per-cluster admission rules. Cluster spec format:
+     * `location.clusterId`. There can be at most one admission rule per cluster
+     * spec.
+     * A `location` is either a compute zone (e.g. us-central1-a) or a region
+     * (e.g. us-central1).
+     * For `clusterId` syntax restrictions see
+     * https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
+     * </pre>
+     *
+     * <code>
+     * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+        getClusterAdmissionRulesOrDefault(
+            java.lang.String key,
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+                defaultValue);
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Per-cluster admission rules. Cluster spec format:
+     * `location.clusterId`. There can be at most one admission rule per cluster
+     * spec.
+     * A `location` is either a compute zone (e.g. us-central1-a) or a region
+     * (e.g. us-central1).
+     * For `clusterId` syntax restrictions see
+     * https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
+     * </pre>
+     *
+     * <code>
+     * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+        getClusterAdmissionRulesOrThrow(java.lang.String key);
+
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
+     * [a-z.-]+, e.g. 'some-namespace'
+     * </pre>
+     *
+     * <code>
+     * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    int getKubernetesNamespaceAdmissionRulesCount();
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
+     * [a-z.-]+, e.g. 'some-namespace'
+     * </pre>
+     *
+     * <code>
+     * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    boolean containsKubernetesNamespaceAdmissionRules(java.lang.String key);
+    /** Use {@link #getKubernetesNamespaceAdmissionRulesMap()} instead. */
+    @java.lang.Deprecated
+    java.util.Map<
+            java.lang.String,
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+        getKubernetesNamespaceAdmissionRules();
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
+     * [a-z.-]+, e.g. 'some-namespace'
+     * </pre>
+     *
+     * <code>
+     * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    java.util.Map<
+            java.lang.String,
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+        getKubernetesNamespaceAdmissionRulesMap();
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
+     * [a-z.-]+, e.g. 'some-namespace'
+     * </pre>
+     *
+     * <code>
+     * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+        getKubernetesNamespaceAdmissionRulesOrDefault(
+            java.lang.String key,
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+                defaultValue);
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
+     * [a-z.-]+, e.g. 'some-namespace'
+     * </pre>
+     *
+     * <code>
+     * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+        getKubernetesNamespaceAdmissionRulesOrThrow(java.lang.String key);
+
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Per-kubernetes-service-account admission rules. Service account
+     * spec format: `namespace:serviceaccount`. e.g. 'test-ns:default'
+     * </pre>
+     *
+     * <code>
+     * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    int getKubernetesServiceAccountAdmissionRulesCount();
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Per-kubernetes-service-account admission rules. Service account
+     * spec format: `namespace:serviceaccount`. e.g. 'test-ns:default'
+     * </pre>
+     *
+     * <code>
+     * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    boolean containsKubernetesServiceAccountAdmissionRules(java.lang.String key);
+    /** Use {@link #getKubernetesServiceAccountAdmissionRulesMap()} instead. */
+    @java.lang.Deprecated
+    java.util.Map<
+            java.lang.String,
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+        getKubernetesServiceAccountAdmissionRules();
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Per-kubernetes-service-account admission rules. Service account
+     * spec format: `namespace:serviceaccount`. e.g. 'test-ns:default'
+     * </pre>
+     *
+     * <code>
+     * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    java.util.Map<
+            java.lang.String,
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+        getKubernetesServiceAccountAdmissionRulesMap();
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Per-kubernetes-service-account admission rules. Service account
+     * spec format: `namespace:serviceaccount`. e.g. 'test-ns:default'
+     * </pre>
+     *
+     * <code>
+     * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+        getKubernetesServiceAccountAdmissionRulesOrDefault(
+            java.lang.String key,
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+                defaultValue);
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Per-kubernetes-service-account admission rules. Service account
+     * spec format: `namespace:serviceaccount`. e.g. 'test-ns:default'
+     * </pre>
+     *
+     * <code>
+     * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+        getKubernetesServiceAccountAdmissionRulesOrThrow(java.lang.String key);
+
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Per-istio-service-identity admission rules. Istio service
+     * identity spec format:
+     * spiffe://&lt;domain&gt;/ns/&lt;namespace&gt;/sa/&lt;serviceaccount&gt; or
+     * &lt;domain&gt;/ns/&lt;namespace&gt;/sa/&lt;serviceaccount&gt;
+     * e.g. spiffe://example.com/ns/test-ns/sa/default
+     * </pre>
+     *
+     * <code>
+     * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    int getIstioServiceIdentityAdmissionRulesCount();
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Per-istio-service-identity admission rules. Istio service
+     * identity spec format:
+     * spiffe://&lt;domain&gt;/ns/&lt;namespace&gt;/sa/&lt;serviceaccount&gt; or
+     * &lt;domain&gt;/ns/&lt;namespace&gt;/sa/&lt;serviceaccount&gt;
+     * e.g. spiffe://example.com/ns/test-ns/sa/default
+     * </pre>
+     *
+     * <code>
+     * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    boolean containsIstioServiceIdentityAdmissionRules(java.lang.String key);
+    /** Use {@link #getIstioServiceIdentityAdmissionRulesMap()} instead. */
+    @java.lang.Deprecated
+    java.util.Map<
+            java.lang.String,
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+        getIstioServiceIdentityAdmissionRules();
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Per-istio-service-identity admission rules. Istio service
+     * identity spec format:
+     * spiffe://&lt;domain&gt;/ns/&lt;namespace&gt;/sa/&lt;serviceaccount&gt; or
+     * &lt;domain&gt;/ns/&lt;namespace&gt;/sa/&lt;serviceaccount&gt;
+     * e.g. spiffe://example.com/ns/test-ns/sa/default
+     * </pre>
+     *
+     * <code>
+     * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    java.util.Map<
+            java.lang.String,
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+        getIstioServiceIdentityAdmissionRulesMap();
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Per-istio-service-identity admission rules. Istio service
+     * identity spec format:
+     * spiffe://&lt;domain&gt;/ns/&lt;namespace&gt;/sa/&lt;serviceaccount&gt; or
+     * &lt;domain&gt;/ns/&lt;namespace&gt;/sa/&lt;serviceaccount&gt;
+     * e.g. spiffe://example.com/ns/test-ns/sa/default
+     * </pre>
+     *
+     * <code>
+     * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+        getIstioServiceIdentityAdmissionRulesOrDefault(
+            java.lang.String key,
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+                defaultValue);
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Per-istio-service-identity admission rules. Istio service
+     * identity spec format:
+     * spiffe://&lt;domain&gt;/ns/&lt;namespace&gt;/sa/&lt;serviceaccount&gt; or
+     * &lt;domain&gt;/ns/&lt;namespace&gt;/sa/&lt;serviceaccount&gt;
+     * e.g. spiffe://example.com/ns/test-ns/sa/default
+     * </pre>
+     *
+     * <code>
+     * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+        getIstioServiceIdentityAdmissionRulesOrThrow(java.lang.String key);
+
+    /**
+     *
+     *
+     * <pre>
+     * Required. Default admission rule for a cluster without a per-cluster, per-
+     * kubernetes-service-account, or per-istio-service-identity admission rule.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.binaryauthorization.v1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return Whether the defaultAdmissionRule field is set.
+     */
+    boolean hasDefaultAdmissionRule();
+    /**
+     *
+     *
+     * <pre>
+     * Required. Default admission rule for a cluster without a per-cluster, per-
+     * kubernetes-service-account, or per-istio-service-identity admission rule.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.binaryauthorization.v1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return The defaultAdmissionRule.
+     */
+    com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+        getDefaultAdmissionRule();
+    /**
+     *
+     *
+     * <pre>
+     * Required. Default admission rule for a cluster without a per-cluster, per-
+     * kubernetes-service-account, or per-istio-service-identity admission rule.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.binaryauthorization.v1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRuleOrBuilder
+        getDefaultAdmissionRuleOrBuilder();
+
+    /**
+     *
+     *
+     * <pre>
+     * Output only. Time when the policy was last updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return Whether the updateTime field is set.
+     */
+    boolean hasUpdateTime();
+    /**
+     *
+     *
+     * <pre>
+     * Output only. Time when the policy was last updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return The updateTime.
+     */
+    com.google.protobuf.Timestamp getUpdateTime();
+    /**
+     *
+     *
+     * <pre>
+     * Output only. Time when the policy was last updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    com.google.protobuf.TimestampOrBuilder getUpdateTimeOrBuilder();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * A [policy][google.cloud.binaryauthorization.v1.Policy] for container image binary authorization.
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.binaryauthorization.v1.Policy}
+   */
+  public static final class Policy extends com.google.protobuf.GeneratedMessageV3
+      implements
+      // @@protoc_insertion_point(message_implements:google.cloud.binaryauthorization.v1.Policy)
+      PolicyOrBuilder {
+    private static final long serialVersionUID = 0L;
+    // Use Policy.newBuilder() to construct.
+    private Policy(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+      super(builder);
+    }
+
+    private Policy() {
+      name_ = "";
+      description_ = "";
+      globalPolicyEvaluationMode_ = 0;
+      admissionWhitelistPatterns_ = java.util.Collections.emptyList();
+    }
+
+    @java.lang.Override
+    @SuppressWarnings({"unused"})
+    protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+      return new Policy();
+    }
+
+    @java.lang.Override
+    public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+      return this.unknownFields;
+    }
+
+    private Policy(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      this();
+      if (extensionRegistry == null) {
+        throw new java.lang.NullPointerException();
+      }
+      int mutable_bitField0_ = 0;
+      com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+          com.google.protobuf.UnknownFieldSet.newBuilder();
+      try {
+        boolean done = false;
+        while (!done) {
+          int tag = input.readTag();
+          switch (tag) {
+            case 0:
+              done = true;
+              break;
+            case 10:
+              {
+                java.lang.String s = input.readStringRequireUtf8();
+
+                name_ = s;
+                break;
+              }
+            case 18:
+              {
+                if (!((mutable_bitField0_ & 0x00000001) != 0)) {
+                  admissionWhitelistPatterns_ =
+                      new java.util.ArrayList<
+                          com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                              .AdmissionWhitelistPattern>();
+                  mutable_bitField0_ |= 0x00000001;
+                }
+                admissionWhitelistPatterns_.add(
+                    input.readMessage(
+                        com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                            .AdmissionWhitelistPattern.parser(),
+                        extensionRegistry));
+                break;
+              }
+            case 26:
+              {
+                if (!((mutable_bitField0_ & 0x00000002) != 0)) {
+                  clusterAdmissionRules_ =
+                      com.google.protobuf.MapField.newMapField(
+                          ClusterAdmissionRulesDefaultEntryHolder.defaultEntry);
+                  mutable_bitField0_ |= 0x00000002;
+                }
+                com.google.protobuf.MapEntry<
+                        java.lang.String,
+                        com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                            .AdmissionRule>
+                    clusterAdmissionRules__ =
+                        input.readMessage(
+                            ClusterAdmissionRulesDefaultEntryHolder.defaultEntry.getParserForType(),
+                            extensionRegistry);
+                clusterAdmissionRules_
+                    .getMutableMap()
+                    .put(clusterAdmissionRules__.getKey(), clusterAdmissionRules__.getValue());
+                break;
+              }
+            case 34:
+              {
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+                        .Builder
+                    subBuilder = null;
+                if (defaultAdmissionRule_ != null) {
+                  subBuilder = defaultAdmissionRule_.toBuilder();
+                }
+                defaultAdmissionRule_ =
+                    input.readMessage(
+                        com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                            .AdmissionRule.parser(),
+                        extensionRegistry);
+                if (subBuilder != null) {
+                  subBuilder.mergeFrom(defaultAdmissionRule_);
+                  defaultAdmissionRule_ = subBuilder.buildPartial();
+                }
+
+                break;
+              }
+            case 42:
+              {
+                com.google.protobuf.Timestamp.Builder subBuilder = null;
+                if (updateTime_ != null) {
+                  subBuilder = updateTime_.toBuilder();
+                }
+                updateTime_ =
+                    input.readMessage(com.google.protobuf.Timestamp.parser(), extensionRegistry);
+                if (subBuilder != null) {
+                  subBuilder.mergeFrom(updateTime_);
+                  updateTime_ = subBuilder.buildPartial();
+                }
+
+                break;
+              }
+            case 50:
+              {
+                java.lang.String s = input.readStringRequireUtf8();
+
+                description_ = s;
+                break;
+              }
+            case 56:
+              {
+                int rawValue = input.readEnum();
+
+                globalPolicyEvaluationMode_ = rawValue;
+                break;
+              }
+            case 66:
+              {
+                if (!((mutable_bitField0_ & 0x00000008) != 0)) {
+                  kubernetesServiceAccountAdmissionRules_ =
+                      com.google.protobuf.MapField.newMapField(
+                          KubernetesServiceAccountAdmissionRulesDefaultEntryHolder.defaultEntry);
+                  mutable_bitField0_ |= 0x00000008;
+                }
+                com.google.protobuf.MapEntry<
+                        java.lang.String,
+                        com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                            .AdmissionRule>
+                    kubernetesServiceAccountAdmissionRules__ =
+                        input.readMessage(
+                            KubernetesServiceAccountAdmissionRulesDefaultEntryHolder.defaultEntry
+                                .getParserForType(),
+                            extensionRegistry);
+                kubernetesServiceAccountAdmissionRules_
+                    .getMutableMap()
+                    .put(
+                        kubernetesServiceAccountAdmissionRules__.getKey(),
+                        kubernetesServiceAccountAdmissionRules__.getValue());
+                break;
+              }
+            case 74:
+              {
+                if (!((mutable_bitField0_ & 0x00000010) != 0)) {
+                  istioServiceIdentityAdmissionRules_ =
+                      com.google.protobuf.MapField.newMapField(
+                          IstioServiceIdentityAdmissionRulesDefaultEntryHolder.defaultEntry);
+                  mutable_bitField0_ |= 0x00000010;
+                }
+                com.google.protobuf.MapEntry<
+                        java.lang.String,
+                        com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                            .AdmissionRule>
+                    istioServiceIdentityAdmissionRules__ =
+                        input.readMessage(
+                            IstioServiceIdentityAdmissionRulesDefaultEntryHolder.defaultEntry
+                                .getParserForType(),
+                            extensionRegistry);
+                istioServiceIdentityAdmissionRules_
+                    .getMutableMap()
+                    .put(
+                        istioServiceIdentityAdmissionRules__.getKey(),
+                        istioServiceIdentityAdmissionRules__.getValue());
+                break;
+              }
+            case 82:
+              {
+                if (!((mutable_bitField0_ & 0x00000004) != 0)) {
+                  kubernetesNamespaceAdmissionRules_ =
+                      com.google.protobuf.MapField.newMapField(
+                          KubernetesNamespaceAdmissionRulesDefaultEntryHolder.defaultEntry);
+                  mutable_bitField0_ |= 0x00000004;
+                }
+                com.google.protobuf.MapEntry<
+                        java.lang.String,
+                        com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                            .AdmissionRule>
+                    kubernetesNamespaceAdmissionRules__ =
+                        input.readMessage(
+                            KubernetesNamespaceAdmissionRulesDefaultEntryHolder.defaultEntry
+                                .getParserForType(),
+                            extensionRegistry);
+                kubernetesNamespaceAdmissionRules_
+                    .getMutableMap()
+                    .put(
+                        kubernetesNamespaceAdmissionRules__.getKey(),
+                        kubernetesNamespaceAdmissionRules__.getValue());
+                break;
+              }
+            default:
+              {
+                if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                  done = true;
+                }
+                break;
+              }
+          }
+        }
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        throw e.setUnfinishedMessage(this);
+      } catch (java.io.IOException e) {
+        throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+      } finally {
+        if (((mutable_bitField0_ & 0x00000001) != 0)) {
+          admissionWhitelistPatterns_ =
+              java.util.Collections.unmodifiableList(admissionWhitelistPatterns_);
+        }
+        this.unknownFields = unknownFields.build();
+        makeExtensionsImmutable();
+      }
+    }
+
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.protos.google.cloud.binaryauthorization.v1.Resources
+          .internal_static_google_cloud_binaryauthorization_v1_Policy_descriptor;
+    }
+
+    @SuppressWarnings({"rawtypes"})
+    @java.lang.Override
+    protected com.google.protobuf.MapField internalGetMapField(int number) {
+      switch (number) {
+        case 3:
+          return internalGetClusterAdmissionRules();
+        case 10:
+          return internalGetKubernetesNamespaceAdmissionRules();
+        case 8:
+          return internalGetKubernetesServiceAccountAdmissionRules();
+        case 9:
+          return internalGetIstioServiceIdentityAdmissionRules();
+        default:
+          throw new RuntimeException("Invalid map field number: " + number);
+      }
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.protos.google.cloud.binaryauthorization.v1.Resources
+          .internal_static_google_cloud_binaryauthorization_v1_Policy_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy.class,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy.Builder.class);
+    }
+
+    /**
+     * Protobuf enum {@code google.cloud.binaryauthorization.v1.Policy.GlobalPolicyEvaluationMode}
+     */
+    public enum GlobalPolicyEvaluationMode implements com.google.protobuf.ProtocolMessageEnum {
+      /**
+       *
+       *
+       * <pre>
+       * Not specified: DISABLE is assumed.
+       * </pre>
+       *
+       * <code>GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED = 0;</code>
+       */
+      GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED(0),
+      /**
+       *
+       *
+       * <pre>
+       * Enables system policy evaluation.
+       * </pre>
+       *
+       * <code>ENABLE = 1;</code>
+       */
+      ENABLE(1),
+      /**
+       *
+       *
+       * <pre>
+       * Disables system policy evaluation.
+       * </pre>
+       *
+       * <code>DISABLE = 2;</code>
+       */
+      DISABLE(2),
+      UNRECOGNIZED(-1),
+      ;
+
+      /**
+       *
+       *
+       * <pre>
+       * Not specified: DISABLE is assumed.
+       * </pre>
+       *
+       * <code>GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED = 0;</code>
+       */
+      public static final int GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED_VALUE = 0;
+      /**
+       *
+       *
+       * <pre>
+       * Enables system policy evaluation.
+       * </pre>
+       *
+       * <code>ENABLE = 1;</code>
+       */
+      public static final int ENABLE_VALUE = 1;
+      /**
+       *
+       *
+       * <pre>
+       * Disables system policy evaluation.
+       * </pre>
+       *
+       * <code>DISABLE = 2;</code>
+       */
+      public static final int DISABLE_VALUE = 2;
+
+      public final int getNumber() {
+        if (this == UNRECOGNIZED) {
+          throw new java.lang.IllegalArgumentException(
+              "Can't get the number of an unknown enum value.");
+        }
+        return value;
+      }
+
+      /**
+       * @param value The numeric wire value of the corresponding enum entry.
+       * @return The enum associated with the given numeric wire value.
+       * @deprecated Use {@link #forNumber(int)} instead.
+       */
+      @java.lang.Deprecated
+      public static GlobalPolicyEvaluationMode valueOf(int value) {
+        return forNumber(value);
+      }
+
+      /**
+       * @param value The numeric wire value of the corresponding enum entry.
+       * @return The enum associated with the given numeric wire value.
+       */
+      public static GlobalPolicyEvaluationMode forNumber(int value) {
+        switch (value) {
+          case 0:
+            return GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED;
+          case 1:
+            return ENABLE;
+          case 2:
+            return DISABLE;
+          default:
+            return null;
+        }
+      }
+
+      public static com.google.protobuf.Internal.EnumLiteMap<GlobalPolicyEvaluationMode>
+          internalGetValueMap() {
+        return internalValueMap;
+      }
+
+      private static final com.google.protobuf.Internal.EnumLiteMap<GlobalPolicyEvaluationMode>
+          internalValueMap =
+              new com.google.protobuf.Internal.EnumLiteMap<GlobalPolicyEvaluationMode>() {
+                public GlobalPolicyEvaluationMode findValueByNumber(int number) {
+                  return GlobalPolicyEvaluationMode.forNumber(number);
+                }
+              };
+
+      public final com.google.protobuf.Descriptors.EnumValueDescriptor getValueDescriptor() {
+        if (this == UNRECOGNIZED) {
+          throw new java.lang.IllegalStateException(
+              "Can't get the descriptor of an unrecognized enum value.");
+        }
+        return getDescriptor().getValues().get(ordinal());
+      }
+
+      public final com.google.protobuf.Descriptors.EnumDescriptor getDescriptorForType() {
+        return getDescriptor();
+      }
+
+      public static final com.google.protobuf.Descriptors.EnumDescriptor getDescriptor() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy
+            .getDescriptor()
+            .getEnumTypes()
+            .get(0);
+      }
+
+      private static final GlobalPolicyEvaluationMode[] VALUES = values();
+
+      public static GlobalPolicyEvaluationMode valueOf(
+          com.google.protobuf.Descriptors.EnumValueDescriptor desc) {
+        if (desc.getType() != getDescriptor()) {
+          throw new java.lang.IllegalArgumentException("EnumValueDescriptor is not for this type.");
+        }
+        if (desc.getIndex() == -1) {
+          return UNRECOGNIZED;
+        }
+        return VALUES[desc.getIndex()];
+      }
+
+      private final int value;
+
+      private GlobalPolicyEvaluationMode(int value) {
+        this.value = value;
+      }
+
+      // @@protoc_insertion_point(enum_scope:google.cloud.binaryauthorization.v1.Policy.GlobalPolicyEvaluationMode)
+    }
+
+    public static final int NAME_FIELD_NUMBER = 1;
+    private volatile java.lang.Object name_;
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The resource name, in the format `projects/&#42;&#47;policy`. There is
+     * at most one policy per project.
+     * </pre>
+     *
+     * <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return The name.
+     */
+    @java.lang.Override
+    public java.lang.String getName() {
+      java.lang.Object ref = name_;
+      if (ref instanceof java.lang.String) {
+        return (java.lang.String) ref;
+      } else {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        name_ = s;
+        return s;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The resource name, in the format `projects/&#42;&#47;policy`. There is
+     * at most one policy per project.
+     * </pre>
+     *
+     * <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return The bytes for name.
+     */
+    @java.lang.Override
+    public com.google.protobuf.ByteString getNameBytes() {
+      java.lang.Object ref = name_;
+      if (ref instanceof java.lang.String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        name_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+
+    public static final int DESCRIPTION_FIELD_NUMBER = 6;
+    private volatile java.lang.Object description_;
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A descriptive comment.
+     * </pre>
+     *
+     * <code>string description = 6 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The description.
+     */
+    @java.lang.Override
+    public java.lang.String getDescription() {
+      java.lang.Object ref = description_;
+      if (ref instanceof java.lang.String) {
+        return (java.lang.String) ref;
+      } else {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        description_ = s;
+        return s;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A descriptive comment.
+     * </pre>
+     *
+     * <code>string description = 6 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The bytes for description.
+     */
+    @java.lang.Override
+    public com.google.protobuf.ByteString getDescriptionBytes() {
+      java.lang.Object ref = description_;
+      if (ref instanceof java.lang.String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        description_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+
+    public static final int GLOBAL_POLICY_EVALUATION_MODE_FIELD_NUMBER = 7;
+    private int globalPolicyEvaluationMode_;
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Controls the evaluation of a Google-maintained global admission
+     * policy for common system-level images. Images not covered by the global
+     * policy will be subject to the project admission policy. This setting
+     * has no effect when specified inside a global admission policy.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.binaryauthorization.v1.Policy.GlobalPolicyEvaluationMode global_policy_evaluation_mode = 7 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return The enum numeric value on the wire for globalPolicyEvaluationMode.
+     */
+    @java.lang.Override
+    public int getGlobalPolicyEvaluationModeValue() {
+      return globalPolicyEvaluationMode_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Controls the evaluation of a Google-maintained global admission
+     * policy for common system-level images. Images not covered by the global
+     * policy will be subject to the project admission policy. This setting
+     * has no effect when specified inside a global admission policy.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.binaryauthorization.v1.Policy.GlobalPolicyEvaluationMode global_policy_evaluation_mode = 7 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return The globalPolicyEvaluationMode.
+     */
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy
+            .GlobalPolicyEvaluationMode
+        getGlobalPolicyEvaluationMode() {
+      @SuppressWarnings("deprecation")
+      com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy
+              .GlobalPolicyEvaluationMode
+          result =
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy
+                  .GlobalPolicyEvaluationMode.valueOf(globalPolicyEvaluationMode_);
+      return result == null
+          ? com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy
+              .GlobalPolicyEvaluationMode.UNRECOGNIZED
+          : result;
+    }
+
+    public static final int ADMISSION_WHITELIST_PATTERNS_FIELD_NUMBER = 2;
+    private java.util.List<
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                .AdmissionWhitelistPattern>
+        admissionWhitelistPatterns_;
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Admission policy allowlisting. A matching admission request will
+     * always be permitted. This feature is typically used to exclude Google or
+     * third-party infrastructure images from Binary Authorization policies.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    @java.lang.Override
+    public java.util.List<
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                .AdmissionWhitelistPattern>
+        getAdmissionWhitelistPatternsList() {
+      return admissionWhitelistPatterns_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Admission policy allowlisting. A matching admission request will
+     * always be permitted. This feature is typically used to exclude Google or
+     * third-party infrastructure images from Binary Authorization policies.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    @java.lang.Override
+    public java.util.List<
+            ? extends
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                    .AdmissionWhitelistPatternOrBuilder>
+        getAdmissionWhitelistPatternsOrBuilderList() {
+      return admissionWhitelistPatterns_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Admission policy allowlisting. A matching admission request will
+     * always be permitted. This feature is typically used to exclude Google or
+     * third-party infrastructure images from Binary Authorization policies.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    @java.lang.Override
+    public int getAdmissionWhitelistPatternsCount() {
+      return admissionWhitelistPatterns_.size();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Admission policy allowlisting. A matching admission request will
+     * always be permitted. This feature is typically used to exclude Google or
+     * third-party infrastructure images from Binary Authorization policies.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionWhitelistPattern
+        getAdmissionWhitelistPatterns(int index) {
+      return admissionWhitelistPatterns_.get(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Admission policy allowlisting. A matching admission request will
+     * always be permitted. This feature is typically used to exclude Google or
+     * third-party infrastructure images from Binary Authorization policies.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .AdmissionWhitelistPatternOrBuilder
+        getAdmissionWhitelistPatternsOrBuilder(int index) {
+      return admissionWhitelistPatterns_.get(index);
+    }
+
+    public static final int CLUSTER_ADMISSION_RULES_FIELD_NUMBER = 3;
+
+    private static final class ClusterAdmissionRulesDefaultEntryHolder {
+      static final com.google.protobuf.MapEntry<
+              java.lang.String,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+          defaultEntry =
+              com.google.protobuf.MapEntry
+                  .<java.lang.String,
+                      com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+                      newDefaultInstance(
+                          com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                              .internal_static_google_cloud_binaryauthorization_v1_Policy_ClusterAdmissionRulesEntry_descriptor,
+                          com.google.protobuf.WireFormat.FieldType.STRING,
+                          "",
+                          com.google.protobuf.WireFormat.FieldType.MESSAGE,
+                          com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                              .AdmissionRule.getDefaultInstance());
+    }
+
+    private com.google.protobuf.MapField<
+            java.lang.String,
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+        clusterAdmissionRules_;
+
+    private com.google.protobuf.MapField<
+            java.lang.String,
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+        internalGetClusterAdmissionRules() {
+      if (clusterAdmissionRules_ == null) {
+        return com.google.protobuf.MapField.emptyMapField(
+            ClusterAdmissionRulesDefaultEntryHolder.defaultEntry);
+      }
+      return clusterAdmissionRules_;
+    }
+
+    public int getClusterAdmissionRulesCount() {
+      return internalGetClusterAdmissionRules().getMap().size();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Per-cluster admission rules. Cluster spec format:
+     * `location.clusterId`. There can be at most one admission rule per cluster
+     * spec.
+     * A `location` is either a compute zone (e.g. us-central1-a) or a region
+     * (e.g. us-central1).
+     * For `clusterId` syntax restrictions see
+     * https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
+     * </pre>
+     *
+     * <code>
+     * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    @java.lang.Override
+    public boolean containsClusterAdmissionRules(java.lang.String key) {
+      if (key == null) {
+        throw new java.lang.NullPointerException();
+      }
+      return internalGetClusterAdmissionRules().getMap().containsKey(key);
+    }
+    /** Use {@link #getClusterAdmissionRulesMap()} instead. */
+    @java.lang.Override
+    @java.lang.Deprecated
+    public java.util.Map<
+            java.lang.String,
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+        getClusterAdmissionRules() {
+      return getClusterAdmissionRulesMap();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Per-cluster admission rules. Cluster spec format:
+     * `location.clusterId`. There can be at most one admission rule per cluster
+     * spec.
+     * A `location` is either a compute zone (e.g. us-central1-a) or a region
+     * (e.g. us-central1).
+     * For `clusterId` syntax restrictions see
+     * https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
+     * </pre>
+     *
+     * <code>
+     * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    @java.lang.Override
+    public java.util.Map<
+            java.lang.String,
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+        getClusterAdmissionRulesMap() {
+      return internalGetClusterAdmissionRules().getMap();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Per-cluster admission rules. Cluster spec format:
+     * `location.clusterId`. There can be at most one admission rule per cluster
+     * spec.
+     * A `location` is either a compute zone (e.g. us-central1-a) or a region
+     * (e.g. us-central1).
+     * For `clusterId` syntax restrictions see
+     * https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
+     * </pre>
+     *
+     * <code>
+     * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+        getClusterAdmissionRulesOrDefault(
+            java.lang.String key,
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+                defaultValue) {
+      if (key == null) {
+        throw new java.lang.NullPointerException();
+      }
+      java.util.Map<
+              java.lang.String,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+          map = internalGetClusterAdmissionRules().getMap();
+      return map.containsKey(key) ? map.get(key) : defaultValue;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Per-cluster admission rules. Cluster spec format:
+     * `location.clusterId`. There can be at most one admission rule per cluster
+     * spec.
+     * A `location` is either a compute zone (e.g. us-central1-a) or a region
+     * (e.g. us-central1).
+     * For `clusterId` syntax restrictions see
+     * https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
+     * </pre>
+     *
+     * <code>
+     * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+        getClusterAdmissionRulesOrThrow(java.lang.String key) {
+      if (key == null) {
+        throw new java.lang.NullPointerException();
+      }
+      java.util.Map<
+              java.lang.String,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+          map = internalGetClusterAdmissionRules().getMap();
+      if (!map.containsKey(key)) {
+        throw new java.lang.IllegalArgumentException();
+      }
+      return map.get(key);
+    }
+
+    public static final int KUBERNETES_NAMESPACE_ADMISSION_RULES_FIELD_NUMBER = 10;
+
+    private static final class KubernetesNamespaceAdmissionRulesDefaultEntryHolder {
+      static final com.google.protobuf.MapEntry<
+              java.lang.String,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+          defaultEntry =
+              com.google.protobuf.MapEntry
+                  .<java.lang.String,
+                      com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+                      newDefaultInstance(
+                          com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                              .internal_static_google_cloud_binaryauthorization_v1_Policy_KubernetesNamespaceAdmissionRulesEntry_descriptor,
+                          com.google.protobuf.WireFormat.FieldType.STRING,
+                          "",
+                          com.google.protobuf.WireFormat.FieldType.MESSAGE,
+                          com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                              .AdmissionRule.getDefaultInstance());
+    }
+
+    private com.google.protobuf.MapField<
+            java.lang.String,
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+        kubernetesNamespaceAdmissionRules_;
+
+    private com.google.protobuf.MapField<
+            java.lang.String,
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+        internalGetKubernetesNamespaceAdmissionRules() {
+      if (kubernetesNamespaceAdmissionRules_ == null) {
+        return com.google.protobuf.MapField.emptyMapField(
+            KubernetesNamespaceAdmissionRulesDefaultEntryHolder.defaultEntry);
+      }
+      return kubernetesNamespaceAdmissionRules_;
+    }
+
+    public int getKubernetesNamespaceAdmissionRulesCount() {
+      return internalGetKubernetesNamespaceAdmissionRules().getMap().size();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
+     * [a-z.-]+, e.g. 'some-namespace'
+     * </pre>
+     *
+     * <code>
+     * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    @java.lang.Override
+    public boolean containsKubernetesNamespaceAdmissionRules(java.lang.String key) {
+      if (key == null) {
+        throw new java.lang.NullPointerException();
+      }
+      return internalGetKubernetesNamespaceAdmissionRules().getMap().containsKey(key);
+    }
+    /** Use {@link #getKubernetesNamespaceAdmissionRulesMap()} instead. */
+    @java.lang.Override
+    @java.lang.Deprecated
+    public java.util.Map<
+            java.lang.String,
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+        getKubernetesNamespaceAdmissionRules() {
+      return getKubernetesNamespaceAdmissionRulesMap();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
+     * [a-z.-]+, e.g. 'some-namespace'
+     * </pre>
+     *
+     * <code>
+     * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    @java.lang.Override
+    public java.util.Map<
+            java.lang.String,
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+        getKubernetesNamespaceAdmissionRulesMap() {
+      return internalGetKubernetesNamespaceAdmissionRules().getMap();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
+     * [a-z.-]+, e.g. 'some-namespace'
+     * </pre>
+     *
+     * <code>
+     * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+        getKubernetesNamespaceAdmissionRulesOrDefault(
+            java.lang.String key,
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+                defaultValue) {
+      if (key == null) {
+        throw new java.lang.NullPointerException();
+      }
+      java.util.Map<
+              java.lang.String,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+          map = internalGetKubernetesNamespaceAdmissionRules().getMap();
+      return map.containsKey(key) ? map.get(key) : defaultValue;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
+     * [a-z.-]+, e.g. 'some-namespace'
+     * </pre>
+     *
+     * <code>
+     * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+        getKubernetesNamespaceAdmissionRulesOrThrow(java.lang.String key) {
+      if (key == null) {
+        throw new java.lang.NullPointerException();
+      }
+      java.util.Map<
+              java.lang.String,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+          map = internalGetKubernetesNamespaceAdmissionRules().getMap();
+      if (!map.containsKey(key)) {
+        throw new java.lang.IllegalArgumentException();
+      }
+      return map.get(key);
+    }
+
+    public static final int KUBERNETES_SERVICE_ACCOUNT_ADMISSION_RULES_FIELD_NUMBER = 8;
+
+    private static final class KubernetesServiceAccountAdmissionRulesDefaultEntryHolder {
+      static final com.google.protobuf.MapEntry<
+              java.lang.String,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+          defaultEntry =
+              com.google.protobuf.MapEntry
+                  .<java.lang.String,
+                      com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+                      newDefaultInstance(
+                          com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                              .internal_static_google_cloud_binaryauthorization_v1_Policy_KubernetesServiceAccountAdmissionRulesEntry_descriptor,
+                          com.google.protobuf.WireFormat.FieldType.STRING,
+                          "",
+                          com.google.protobuf.WireFormat.FieldType.MESSAGE,
+                          com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                              .AdmissionRule.getDefaultInstance());
+    }
+
+    private com.google.protobuf.MapField<
+            java.lang.String,
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+        kubernetesServiceAccountAdmissionRules_;
+
+    private com.google.protobuf.MapField<
+            java.lang.String,
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+        internalGetKubernetesServiceAccountAdmissionRules() {
+      if (kubernetesServiceAccountAdmissionRules_ == null) {
+        return com.google.protobuf.MapField.emptyMapField(
+            KubernetesServiceAccountAdmissionRulesDefaultEntryHolder.defaultEntry);
+      }
+      return kubernetesServiceAccountAdmissionRules_;
+    }
+
+    public int getKubernetesServiceAccountAdmissionRulesCount() {
+      return internalGetKubernetesServiceAccountAdmissionRules().getMap().size();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Per-kubernetes-service-account admission rules. Service account
+     * spec format: `namespace:serviceaccount`. e.g. 'test-ns:default'
+     * </pre>
+     *
+     * <code>
+     * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    @java.lang.Override
+    public boolean containsKubernetesServiceAccountAdmissionRules(java.lang.String key) {
+      if (key == null) {
+        throw new java.lang.NullPointerException();
+      }
+      return internalGetKubernetesServiceAccountAdmissionRules().getMap().containsKey(key);
+    }
+    /** Use {@link #getKubernetesServiceAccountAdmissionRulesMap()} instead. */
+    @java.lang.Override
+    @java.lang.Deprecated
+    public java.util.Map<
+            java.lang.String,
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+        getKubernetesServiceAccountAdmissionRules() {
+      return getKubernetesServiceAccountAdmissionRulesMap();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Per-kubernetes-service-account admission rules. Service account
+     * spec format: `namespace:serviceaccount`. e.g. 'test-ns:default'
+     * </pre>
+     *
+     * <code>
+     * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    @java.lang.Override
+    public java.util.Map<
+            java.lang.String,
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+        getKubernetesServiceAccountAdmissionRulesMap() {
+      return internalGetKubernetesServiceAccountAdmissionRules().getMap();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Per-kubernetes-service-account admission rules. Service account
+     * spec format: `namespace:serviceaccount`. e.g. 'test-ns:default'
+     * </pre>
+     *
+     * <code>
+     * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+        getKubernetesServiceAccountAdmissionRulesOrDefault(
+            java.lang.String key,
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+                defaultValue) {
+      if (key == null) {
+        throw new java.lang.NullPointerException();
+      }
+      java.util.Map<
+              java.lang.String,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+          map = internalGetKubernetesServiceAccountAdmissionRules().getMap();
+      return map.containsKey(key) ? map.get(key) : defaultValue;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Per-kubernetes-service-account admission rules. Service account
+     * spec format: `namespace:serviceaccount`. e.g. 'test-ns:default'
+     * </pre>
+     *
+     * <code>
+     * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+        getKubernetesServiceAccountAdmissionRulesOrThrow(java.lang.String key) {
+      if (key == null) {
+        throw new java.lang.NullPointerException();
+      }
+      java.util.Map<
+              java.lang.String,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+          map = internalGetKubernetesServiceAccountAdmissionRules().getMap();
+      if (!map.containsKey(key)) {
+        throw new java.lang.IllegalArgumentException();
+      }
+      return map.get(key);
+    }
+
+    public static final int ISTIO_SERVICE_IDENTITY_ADMISSION_RULES_FIELD_NUMBER = 9;
+
+    private static final class IstioServiceIdentityAdmissionRulesDefaultEntryHolder {
+      static final com.google.protobuf.MapEntry<
+              java.lang.String,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+          defaultEntry =
+              com.google.protobuf.MapEntry
+                  .<java.lang.String,
+                      com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+                      newDefaultInstance(
+                          com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                              .internal_static_google_cloud_binaryauthorization_v1_Policy_IstioServiceIdentityAdmissionRulesEntry_descriptor,
+                          com.google.protobuf.WireFormat.FieldType.STRING,
+                          "",
+                          com.google.protobuf.WireFormat.FieldType.MESSAGE,
+                          com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                              .AdmissionRule.getDefaultInstance());
+    }
+
+    private com.google.protobuf.MapField<
+            java.lang.String,
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+        istioServiceIdentityAdmissionRules_;
+
+    private com.google.protobuf.MapField<
+            java.lang.String,
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+        internalGetIstioServiceIdentityAdmissionRules() {
+      if (istioServiceIdentityAdmissionRules_ == null) {
+        return com.google.protobuf.MapField.emptyMapField(
+            IstioServiceIdentityAdmissionRulesDefaultEntryHolder.defaultEntry);
+      }
+      return istioServiceIdentityAdmissionRules_;
+    }
+
+    public int getIstioServiceIdentityAdmissionRulesCount() {
+      return internalGetIstioServiceIdentityAdmissionRules().getMap().size();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Per-istio-service-identity admission rules. Istio service
+     * identity spec format:
+     * spiffe://&lt;domain&gt;/ns/&lt;namespace&gt;/sa/&lt;serviceaccount&gt; or
+     * &lt;domain&gt;/ns/&lt;namespace&gt;/sa/&lt;serviceaccount&gt;
+     * e.g. spiffe://example.com/ns/test-ns/sa/default
+     * </pre>
+     *
+     * <code>
+     * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    @java.lang.Override
+    public boolean containsIstioServiceIdentityAdmissionRules(java.lang.String key) {
+      if (key == null) {
+        throw new java.lang.NullPointerException();
+      }
+      return internalGetIstioServiceIdentityAdmissionRules().getMap().containsKey(key);
+    }
+    /** Use {@link #getIstioServiceIdentityAdmissionRulesMap()} instead. */
+    @java.lang.Override
+    @java.lang.Deprecated
+    public java.util.Map<
+            java.lang.String,
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+        getIstioServiceIdentityAdmissionRules() {
+      return getIstioServiceIdentityAdmissionRulesMap();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Per-istio-service-identity admission rules. Istio service
+     * identity spec format:
+     * spiffe://&lt;domain&gt;/ns/&lt;namespace&gt;/sa/&lt;serviceaccount&gt; or
+     * &lt;domain&gt;/ns/&lt;namespace&gt;/sa/&lt;serviceaccount&gt;
+     * e.g. spiffe://example.com/ns/test-ns/sa/default
+     * </pre>
+     *
+     * <code>
+     * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    @java.lang.Override
+    public java.util.Map<
+            java.lang.String,
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+        getIstioServiceIdentityAdmissionRulesMap() {
+      return internalGetIstioServiceIdentityAdmissionRules().getMap();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Per-istio-service-identity admission rules. Istio service
+     * identity spec format:
+     * spiffe://&lt;domain&gt;/ns/&lt;namespace&gt;/sa/&lt;serviceaccount&gt; or
+     * &lt;domain&gt;/ns/&lt;namespace&gt;/sa/&lt;serviceaccount&gt;
+     * e.g. spiffe://example.com/ns/test-ns/sa/default
+     * </pre>
+     *
+     * <code>
+     * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+        getIstioServiceIdentityAdmissionRulesOrDefault(
+            java.lang.String key,
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+                defaultValue) {
+      if (key == null) {
+        throw new java.lang.NullPointerException();
+      }
+      java.util.Map<
+              java.lang.String,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+          map = internalGetIstioServiceIdentityAdmissionRules().getMap();
+      return map.containsKey(key) ? map.get(key) : defaultValue;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Per-istio-service-identity admission rules. Istio service
+     * identity spec format:
+     * spiffe://&lt;domain&gt;/ns/&lt;namespace&gt;/sa/&lt;serviceaccount&gt; or
+     * &lt;domain&gt;/ns/&lt;namespace&gt;/sa/&lt;serviceaccount&gt;
+     * e.g. spiffe://example.com/ns/test-ns/sa/default
+     * </pre>
+     *
+     * <code>
+     * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+        getIstioServiceIdentityAdmissionRulesOrThrow(java.lang.String key) {
+      if (key == null) {
+        throw new java.lang.NullPointerException();
+      }
+      java.util.Map<
+              java.lang.String,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+          map = internalGetIstioServiceIdentityAdmissionRules().getMap();
+      if (!map.containsKey(key)) {
+        throw new java.lang.IllegalArgumentException();
+      }
+      return map.get(key);
+    }
+
+    public static final int DEFAULT_ADMISSION_RULE_FIELD_NUMBER = 4;
+    private com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+        defaultAdmissionRule_;
+    /**
+     *
+     *
+     * <pre>
+     * Required. Default admission rule for a cluster without a per-cluster, per-
+     * kubernetes-service-account, or per-istio-service-identity admission rule.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.binaryauthorization.v1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return Whether the defaultAdmissionRule field is set.
+     */
+    @java.lang.Override
+    public boolean hasDefaultAdmissionRule() {
+      return defaultAdmissionRule_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Default admission rule for a cluster without a per-cluster, per-
+     * kubernetes-service-account, or per-istio-service-identity admission rule.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.binaryauthorization.v1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return The defaultAdmissionRule.
+     */
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+        getDefaultAdmissionRule() {
+      return defaultAdmissionRule_ == null
+          ? com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+              .getDefaultInstance()
+          : defaultAdmissionRule_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Default admission rule for a cluster without a per-cluster, per-
+     * kubernetes-service-account, or per-istio-service-identity admission rule.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.binaryauthorization.v1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRuleOrBuilder
+        getDefaultAdmissionRuleOrBuilder() {
+      return getDefaultAdmissionRule();
+    }
+
+    public static final int UPDATE_TIME_FIELD_NUMBER = 5;
+    private com.google.protobuf.Timestamp updateTime_;
+    /**
+     *
+     *
+     * <pre>
+     * Output only. Time when the policy was last updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return Whether the updateTime field is set.
+     */
+    @java.lang.Override
+    public boolean hasUpdateTime() {
+      return updateTime_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. Time when the policy was last updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return The updateTime.
+     */
+    @java.lang.Override
+    public com.google.protobuf.Timestamp getUpdateTime() {
+      return updateTime_ == null ? com.google.protobuf.Timestamp.getDefaultInstance() : updateTime_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. Time when the policy was last updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    @java.lang.Override
+    public com.google.protobuf.TimestampOrBuilder getUpdateTimeOrBuilder() {
+      return getUpdateTime();
+    }
+
+    private byte memoizedIsInitialized = -1;
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      byte isInitialized = memoizedIsInitialized;
+      if (isInitialized == 1) return true;
+      if (isInitialized == 0) return false;
+
+      memoizedIsInitialized = 1;
+      return true;
+    }
+
+    @java.lang.Override
+    public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+      if (!getNameBytes().isEmpty()) {
+        com.google.protobuf.GeneratedMessageV3.writeString(output, 1, name_);
+      }
+      for (int i = 0; i < admissionWhitelistPatterns_.size(); i++) {
+        output.writeMessage(2, admissionWhitelistPatterns_.get(i));
+      }
+      com.google.protobuf.GeneratedMessageV3.serializeStringMapTo(
+          output,
+          internalGetClusterAdmissionRules(),
+          ClusterAdmissionRulesDefaultEntryHolder.defaultEntry,
+          3);
+      if (defaultAdmissionRule_ != null) {
+        output.writeMessage(4, getDefaultAdmissionRule());
+      }
+      if (updateTime_ != null) {
+        output.writeMessage(5, getUpdateTime());
+      }
+      if (!getDescriptionBytes().isEmpty()) {
+        com.google.protobuf.GeneratedMessageV3.writeString(output, 6, description_);
+      }
+      if (globalPolicyEvaluationMode_
+          != com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy
+              .GlobalPolicyEvaluationMode.GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED
+              .getNumber()) {
+        output.writeEnum(7, globalPolicyEvaluationMode_);
+      }
+      com.google.protobuf.GeneratedMessageV3.serializeStringMapTo(
+          output,
+          internalGetKubernetesServiceAccountAdmissionRules(),
+          KubernetesServiceAccountAdmissionRulesDefaultEntryHolder.defaultEntry,
+          8);
+      com.google.protobuf.GeneratedMessageV3.serializeStringMapTo(
+          output,
+          internalGetIstioServiceIdentityAdmissionRules(),
+          IstioServiceIdentityAdmissionRulesDefaultEntryHolder.defaultEntry,
+          9);
+      com.google.protobuf.GeneratedMessageV3.serializeStringMapTo(
+          output,
+          internalGetKubernetesNamespaceAdmissionRules(),
+          KubernetesNamespaceAdmissionRulesDefaultEntryHolder.defaultEntry,
+          10);
+      unknownFields.writeTo(output);
+    }
+
+    @java.lang.Override
+    public int getSerializedSize() {
+      int size = memoizedSize;
+      if (size != -1) return size;
+
+      size = 0;
+      if (!getNameBytes().isEmpty()) {
+        size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, name_);
+      }
+      for (int i = 0; i < admissionWhitelistPatterns_.size(); i++) {
+        size +=
+            com.google.protobuf.CodedOutputStream.computeMessageSize(
+                2, admissionWhitelistPatterns_.get(i));
+      }
+      for (java.util.Map.Entry<
+              java.lang.String,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+          entry : internalGetClusterAdmissionRules().getMap().entrySet()) {
+        com.google.protobuf.MapEntry<
+                java.lang.String,
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+            clusterAdmissionRules__ =
+                ClusterAdmissionRulesDefaultEntryHolder.defaultEntry
+                    .newBuilderForType()
+                    .setKey(entry.getKey())
+                    .setValue(entry.getValue())
+                    .build();
+        size +=
+            com.google.protobuf.CodedOutputStream.computeMessageSize(3, clusterAdmissionRules__);
+      }
+      if (defaultAdmissionRule_ != null) {
+        size +=
+            com.google.protobuf.CodedOutputStream.computeMessageSize(4, getDefaultAdmissionRule());
+      }
+      if (updateTime_ != null) {
+        size += com.google.protobuf.CodedOutputStream.computeMessageSize(5, getUpdateTime());
+      }
+      if (!getDescriptionBytes().isEmpty()) {
+        size += com.google.protobuf.GeneratedMessageV3.computeStringSize(6, description_);
+      }
+      if (globalPolicyEvaluationMode_
+          != com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy
+              .GlobalPolicyEvaluationMode.GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED
+              .getNumber()) {
+        size +=
+            com.google.protobuf.CodedOutputStream.computeEnumSize(7, globalPolicyEvaluationMode_);
+      }
+      for (java.util.Map.Entry<
+              java.lang.String,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+          entry : internalGetKubernetesServiceAccountAdmissionRules().getMap().entrySet()) {
+        com.google.protobuf.MapEntry<
+                java.lang.String,
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+            kubernetesServiceAccountAdmissionRules__ =
+                KubernetesServiceAccountAdmissionRulesDefaultEntryHolder.defaultEntry
+                    .newBuilderForType()
+                    .setKey(entry.getKey())
+                    .setValue(entry.getValue())
+                    .build();
+        size +=
+            com.google.protobuf.CodedOutputStream.computeMessageSize(
+                8, kubernetesServiceAccountAdmissionRules__);
+      }
+      for (java.util.Map.Entry<
+              java.lang.String,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+          entry : internalGetIstioServiceIdentityAdmissionRules().getMap().entrySet()) {
+        com.google.protobuf.MapEntry<
+                java.lang.String,
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+            istioServiceIdentityAdmissionRules__ =
+                IstioServiceIdentityAdmissionRulesDefaultEntryHolder.defaultEntry
+                    .newBuilderForType()
+                    .setKey(entry.getKey())
+                    .setValue(entry.getValue())
+                    .build();
+        size +=
+            com.google.protobuf.CodedOutputStream.computeMessageSize(
+                9, istioServiceIdentityAdmissionRules__);
+      }
+      for (java.util.Map.Entry<
+              java.lang.String,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+          entry : internalGetKubernetesNamespaceAdmissionRules().getMap().entrySet()) {
+        com.google.protobuf.MapEntry<
+                java.lang.String,
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+            kubernetesNamespaceAdmissionRules__ =
+                KubernetesNamespaceAdmissionRulesDefaultEntryHolder.defaultEntry
+                    .newBuilderForType()
+                    .setKey(entry.getKey())
+                    .setValue(entry.getValue())
+                    .build();
+        size +=
+            com.google.protobuf.CodedOutputStream.computeMessageSize(
+                10, kubernetesNamespaceAdmissionRules__);
+      }
+      size += unknownFields.getSerializedSize();
+      memoizedSize = size;
+      return size;
+    }
+
+    @java.lang.Override
+    public boolean equals(final java.lang.Object obj) {
+      if (obj == this) {
+        return true;
+      }
+      if (!(obj
+          instanceof com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy)) {
+        return super.equals(obj);
+      }
+      com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy other =
+          (com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy) obj;
+
+      if (!getName().equals(other.getName())) return false;
+      if (!getDescription().equals(other.getDescription())) return false;
+      if (globalPolicyEvaluationMode_ != other.globalPolicyEvaluationMode_) return false;
+      if (!getAdmissionWhitelistPatternsList().equals(other.getAdmissionWhitelistPatternsList()))
+        return false;
+      if (!internalGetClusterAdmissionRules().equals(other.internalGetClusterAdmissionRules()))
+        return false;
+      if (!internalGetKubernetesNamespaceAdmissionRules()
+          .equals(other.internalGetKubernetesNamespaceAdmissionRules())) return false;
+      if (!internalGetKubernetesServiceAccountAdmissionRules()
+          .equals(other.internalGetKubernetesServiceAccountAdmissionRules())) return false;
+      if (!internalGetIstioServiceIdentityAdmissionRules()
+          .equals(other.internalGetIstioServiceIdentityAdmissionRules())) return false;
+      if (hasDefaultAdmissionRule() != other.hasDefaultAdmissionRule()) return false;
+      if (hasDefaultAdmissionRule()) {
+        if (!getDefaultAdmissionRule().equals(other.getDefaultAdmissionRule())) return false;
+      }
+      if (hasUpdateTime() != other.hasUpdateTime()) return false;
+      if (hasUpdateTime()) {
+        if (!getUpdateTime().equals(other.getUpdateTime())) return false;
+      }
+      if (!unknownFields.equals(other.unknownFields)) return false;
+      return true;
+    }
+
+    @java.lang.Override
+    public int hashCode() {
+      if (memoizedHashCode != 0) {
+        return memoizedHashCode;
+      }
+      int hash = 41;
+      hash = (19 * hash) + getDescriptor().hashCode();
+      hash = (37 * hash) + NAME_FIELD_NUMBER;
+      hash = (53 * hash) + getName().hashCode();
+      hash = (37 * hash) + DESCRIPTION_FIELD_NUMBER;
+      hash = (53 * hash) + getDescription().hashCode();
+      hash = (37 * hash) + GLOBAL_POLICY_EVALUATION_MODE_FIELD_NUMBER;
+      hash = (53 * hash) + globalPolicyEvaluationMode_;
+      if (getAdmissionWhitelistPatternsCount() > 0) {
+        hash = (37 * hash) + ADMISSION_WHITELIST_PATTERNS_FIELD_NUMBER;
+        hash = (53 * hash) + getAdmissionWhitelistPatternsList().hashCode();
+      }
+      if (!internalGetClusterAdmissionRules().getMap().isEmpty()) {
+        hash = (37 * hash) + CLUSTER_ADMISSION_RULES_FIELD_NUMBER;
+        hash = (53 * hash) + internalGetClusterAdmissionRules().hashCode();
+      }
+      if (!internalGetKubernetesNamespaceAdmissionRules().getMap().isEmpty()) {
+        hash = (37 * hash) + KUBERNETES_NAMESPACE_ADMISSION_RULES_FIELD_NUMBER;
+        hash = (53 * hash) + internalGetKubernetesNamespaceAdmissionRules().hashCode();
+      }
+      if (!internalGetKubernetesServiceAccountAdmissionRules().getMap().isEmpty()) {
+        hash = (37 * hash) + KUBERNETES_SERVICE_ACCOUNT_ADMISSION_RULES_FIELD_NUMBER;
+        hash = (53 * hash) + internalGetKubernetesServiceAccountAdmissionRules().hashCode();
+      }
+      if (!internalGetIstioServiceIdentityAdmissionRules().getMap().isEmpty()) {
+        hash = (37 * hash) + ISTIO_SERVICE_IDENTITY_ADMISSION_RULES_FIELD_NUMBER;
+        hash = (53 * hash) + internalGetIstioServiceIdentityAdmissionRules().hashCode();
+      }
+      if (hasDefaultAdmissionRule()) {
+        hash = (37 * hash) + DEFAULT_ADMISSION_RULE_FIELD_NUMBER;
+        hash = (53 * hash) + getDefaultAdmissionRule().hashCode();
+      }
+      if (hasUpdateTime()) {
+        hash = (37 * hash) + UPDATE_TIME_FIELD_NUMBER;
+        hash = (53 * hash) + getUpdateTime().hashCode();
+      }
+      hash = (29 * hash) + unknownFields.hashCode();
+      memoizedHashCode = hash;
+      return hash;
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy parseFrom(
+        java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy parseFrom(
+        java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy parseFrom(
+        com.google.protobuf.ByteString data)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy parseFrom(
+        com.google.protobuf.ByteString data,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy parseFrom(
+        byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy parseFrom(
+        byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy parseFrom(
+        java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy parseFrom(
+        java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy
+        parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy
+        parseDelimitedFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy parseFrom(
+        com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy parseFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    @java.lang.Override
+    public Builder newBuilderForType() {
+      return newBuilder();
+    }
+
+    public static Builder newBuilder() {
+      return DEFAULT_INSTANCE.toBuilder();
+    }
+
+    public static Builder newBuilder(
+        com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy prototype) {
+      return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+    }
+
+    @java.lang.Override
+    public Builder toBuilder() {
+      return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+    }
+
+    @java.lang.Override
+    protected Builder newBuilderForType(
+        com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      Builder builder = new Builder(parent);
+      return builder;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A [policy][google.cloud.binaryauthorization.v1.Policy] for container image binary authorization.
+     * </pre>
+     *
+     * Protobuf type {@code google.cloud.binaryauthorization.v1.Policy}
+     */
+    public static final class Builder
+        extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+        implements
+        // @@protoc_insertion_point(builder_implements:google.cloud.binaryauthorization.v1.Policy)
+        com.google.protos.google.cloud.binaryauthorization.v1.Resources.PolicyOrBuilder {
+      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .internal_static_google_cloud_binaryauthorization_v1_Policy_descriptor;
+      }
+
+      @SuppressWarnings({"rawtypes"})
+      protected com.google.protobuf.MapField internalGetMapField(int number) {
+        switch (number) {
+          case 3:
+            return internalGetClusterAdmissionRules();
+          case 10:
+            return internalGetKubernetesNamespaceAdmissionRules();
+          case 8:
+            return internalGetKubernetesServiceAccountAdmissionRules();
+          case 9:
+            return internalGetIstioServiceIdentityAdmissionRules();
+          default:
+            throw new RuntimeException("Invalid map field number: " + number);
+        }
+      }
+
+      @SuppressWarnings({"rawtypes"})
+      protected com.google.protobuf.MapField internalGetMutableMapField(int number) {
+        switch (number) {
+          case 3:
+            return internalGetMutableClusterAdmissionRules();
+          case 10:
+            return internalGetMutableKubernetesNamespaceAdmissionRules();
+          case 8:
+            return internalGetMutableKubernetesServiceAccountAdmissionRules();
+          case 9:
+            return internalGetMutableIstioServiceIdentityAdmissionRules();
+          default:
+            throw new RuntimeException("Invalid map field number: " + number);
+        }
+      }
+
+      @java.lang.Override
+      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+          internalGetFieldAccessorTable() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .internal_static_google_cloud_binaryauthorization_v1_Policy_fieldAccessorTable
+            .ensureFieldAccessorsInitialized(
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy.class,
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy.Builder
+                    .class);
+      }
+
+      // Construct using
+      // com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy.newBuilder()
+      private Builder() {
+        maybeForceBuilderInitialization();
+      }
+
+      private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+        super(parent);
+        maybeForceBuilderInitialization();
+      }
+
+      private void maybeForceBuilderInitialization() {
+        if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {
+          getAdmissionWhitelistPatternsFieldBuilder();
+        }
+      }
+
+      @java.lang.Override
+      public Builder clear() {
+        super.clear();
+        name_ = "";
+
+        description_ = "";
+
+        globalPolicyEvaluationMode_ = 0;
+
+        if (admissionWhitelistPatternsBuilder_ == null) {
+          admissionWhitelistPatterns_ = java.util.Collections.emptyList();
+          bitField0_ = (bitField0_ & ~0x00000001);
+        } else {
+          admissionWhitelistPatternsBuilder_.clear();
+        }
+        internalGetMutableClusterAdmissionRules().clear();
+        internalGetMutableKubernetesNamespaceAdmissionRules().clear();
+        internalGetMutableKubernetesServiceAccountAdmissionRules().clear();
+        internalGetMutableIstioServiceIdentityAdmissionRules().clear();
+        if (defaultAdmissionRuleBuilder_ == null) {
+          defaultAdmissionRule_ = null;
+        } else {
+          defaultAdmissionRule_ = null;
+          defaultAdmissionRuleBuilder_ = null;
+        }
+        if (updateTimeBuilder_ == null) {
+          updateTime_ = null;
+        } else {
+          updateTime_ = null;
+          updateTimeBuilder_ = null;
+        }
+        return this;
+      }
+
+      @java.lang.Override
+      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .internal_static_google_cloud_binaryauthorization_v1_Policy_descriptor;
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy
+          getDefaultInstanceForType() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy
+            .getDefaultInstance();
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy build() {
+        com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy result =
+            buildPartial();
+        if (!result.isInitialized()) {
+          throw newUninitializedMessageException(result);
+        }
+        return result;
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy buildPartial() {
+        com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy result =
+            new com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy(this);
+        int from_bitField0_ = bitField0_;
+        result.name_ = name_;
+        result.description_ = description_;
+        result.globalPolicyEvaluationMode_ = globalPolicyEvaluationMode_;
+        if (admissionWhitelistPatternsBuilder_ == null) {
+          if (((bitField0_ & 0x00000001) != 0)) {
+            admissionWhitelistPatterns_ =
+                java.util.Collections.unmodifiableList(admissionWhitelistPatterns_);
+            bitField0_ = (bitField0_ & ~0x00000001);
+          }
+          result.admissionWhitelistPatterns_ = admissionWhitelistPatterns_;
+        } else {
+          result.admissionWhitelistPatterns_ = admissionWhitelistPatternsBuilder_.build();
+        }
+        result.clusterAdmissionRules_ = internalGetClusterAdmissionRules();
+        result.clusterAdmissionRules_.makeImmutable();
+        result.kubernetesNamespaceAdmissionRules_ = internalGetKubernetesNamespaceAdmissionRules();
+        result.kubernetesNamespaceAdmissionRules_.makeImmutable();
+        result.kubernetesServiceAccountAdmissionRules_ =
+            internalGetKubernetesServiceAccountAdmissionRules();
+        result.kubernetesServiceAccountAdmissionRules_.makeImmutable();
+        result.istioServiceIdentityAdmissionRules_ =
+            internalGetIstioServiceIdentityAdmissionRules();
+        result.istioServiceIdentityAdmissionRules_.makeImmutable();
+        if (defaultAdmissionRuleBuilder_ == null) {
+          result.defaultAdmissionRule_ = defaultAdmissionRule_;
+        } else {
+          result.defaultAdmissionRule_ = defaultAdmissionRuleBuilder_.build();
+        }
+        if (updateTimeBuilder_ == null) {
+          result.updateTime_ = updateTime_;
+        } else {
+          result.updateTime_ = updateTimeBuilder_.build();
+        }
+        onBuilt();
+        return result;
+      }
+
+      @java.lang.Override
+      public Builder clone() {
+        return super.clone();
+      }
+
+      @java.lang.Override
+      public Builder setField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.setField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+        return super.clearField(field);
+      }
+
+      @java.lang.Override
+      public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+        return super.clearOneof(oneof);
+      }
+
+      @java.lang.Override
+      public Builder setRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field,
+          int index,
+          java.lang.Object value) {
+        return super.setRepeatedField(field, index, value);
+      }
+
+      @java.lang.Override
+      public Builder addRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.addRepeatedField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(com.google.protobuf.Message other) {
+        if (other
+            instanceof com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy) {
+          return mergeFrom(
+              (com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy) other);
+        } else {
+          super.mergeFrom(other);
+          return this;
+        }
+      }
+
+      public Builder mergeFrom(
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy other) {
+        if (other
+            == com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy
+                .getDefaultInstance()) return this;
+        if (!other.getName().isEmpty()) {
+          name_ = other.name_;
+          onChanged();
+        }
+        if (!other.getDescription().isEmpty()) {
+          description_ = other.description_;
+          onChanged();
+        }
+        if (other.globalPolicyEvaluationMode_ != 0) {
+          setGlobalPolicyEvaluationModeValue(other.getGlobalPolicyEvaluationModeValue());
+        }
+        if (admissionWhitelistPatternsBuilder_ == null) {
+          if (!other.admissionWhitelistPatterns_.isEmpty()) {
+            if (admissionWhitelistPatterns_.isEmpty()) {
+              admissionWhitelistPatterns_ = other.admissionWhitelistPatterns_;
+              bitField0_ = (bitField0_ & ~0x00000001);
+            } else {
+              ensureAdmissionWhitelistPatternsIsMutable();
+              admissionWhitelistPatterns_.addAll(other.admissionWhitelistPatterns_);
+            }
+            onChanged();
+          }
+        } else {
+          if (!other.admissionWhitelistPatterns_.isEmpty()) {
+            if (admissionWhitelistPatternsBuilder_.isEmpty()) {
+              admissionWhitelistPatternsBuilder_.dispose();
+              admissionWhitelistPatternsBuilder_ = null;
+              admissionWhitelistPatterns_ = other.admissionWhitelistPatterns_;
+              bitField0_ = (bitField0_ & ~0x00000001);
+              admissionWhitelistPatternsBuilder_ =
+                  com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders
+                      ? getAdmissionWhitelistPatternsFieldBuilder()
+                      : null;
+            } else {
+              admissionWhitelistPatternsBuilder_.addAllMessages(other.admissionWhitelistPatterns_);
+            }
+          }
+        }
+        internalGetMutableClusterAdmissionRules()
+            .mergeFrom(other.internalGetClusterAdmissionRules());
+        internalGetMutableKubernetesNamespaceAdmissionRules()
+            .mergeFrom(other.internalGetKubernetesNamespaceAdmissionRules());
+        internalGetMutableKubernetesServiceAccountAdmissionRules()
+            .mergeFrom(other.internalGetKubernetesServiceAccountAdmissionRules());
+        internalGetMutableIstioServiceIdentityAdmissionRules()
+            .mergeFrom(other.internalGetIstioServiceIdentityAdmissionRules());
+        if (other.hasDefaultAdmissionRule()) {
+          mergeDefaultAdmissionRule(other.getDefaultAdmissionRule());
+        }
+        if (other.hasUpdateTime()) {
+          mergeUpdateTime(other.getUpdateTime());
+        }
+        this.mergeUnknownFields(other.unknownFields);
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final boolean isInitialized() {
+        return true;
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+        com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy parsedMessage = null;
+        try {
+          parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+        } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+          parsedMessage =
+              (com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy)
+                  e.getUnfinishedMessage();
+          throw e.unwrapIOException();
+        } finally {
+          if (parsedMessage != null) {
+            mergeFrom(parsedMessage);
+          }
+        }
+        return this;
+      }
+
+      private int bitField0_;
+
+      private java.lang.Object name_ = "";
+      /**
+       *
+       *
+       * <pre>
+       * Output only. The resource name, in the format `projects/&#42;&#47;policy`. There is
+       * at most one policy per project.
+       * </pre>
+       *
+       * <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+       *
+       * @return The name.
+       */
+      public java.lang.String getName() {
+        java.lang.Object ref = name_;
+        if (!(ref instanceof java.lang.String)) {
+          com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+          java.lang.String s = bs.toStringUtf8();
+          name_ = s;
+          return s;
+        } else {
+          return (java.lang.String) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Output only. The resource name, in the format `projects/&#42;&#47;policy`. There is
+       * at most one policy per project.
+       * </pre>
+       *
+       * <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+       *
+       * @return The bytes for name.
+       */
+      public com.google.protobuf.ByteString getNameBytes() {
+        java.lang.Object ref = name_;
+        if (ref instanceof String) {
+          com.google.protobuf.ByteString b =
+              com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+          name_ = b;
+          return b;
+        } else {
+          return (com.google.protobuf.ByteString) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Output only. The resource name, in the format `projects/&#42;&#47;policy`. There is
+       * at most one policy per project.
+       * </pre>
+       *
+       * <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+       *
+       * @param value The name to set.
+       * @return This builder for chaining.
+       */
+      public Builder setName(java.lang.String value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+
+        name_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Output only. The resource name, in the format `projects/&#42;&#47;policy`. There is
+       * at most one policy per project.
+       * </pre>
+       *
+       * <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearName() {
+
+        name_ = getDefaultInstance().getName();
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Output only. The resource name, in the format `projects/&#42;&#47;policy`. There is
+       * at most one policy per project.
+       * </pre>
+       *
+       * <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+       *
+       * @param value The bytes for name to set.
+       * @return This builder for chaining.
+       */
+      public Builder setNameBytes(com.google.protobuf.ByteString value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        checkByteStringIsUtf8(value);
+
+        name_ = value;
+        onChanged();
+        return this;
+      }
+
+      private java.lang.Object description_ = "";
+      /**
+       *
+       *
+       * <pre>
+       * Optional. A descriptive comment.
+       * </pre>
+       *
+       * <code>string description = 6 [(.google.api.field_behavior) = OPTIONAL];</code>
+       *
+       * @return The description.
+       */
+      public java.lang.String getDescription() {
+        java.lang.Object ref = description_;
+        if (!(ref instanceof java.lang.String)) {
+          com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+          java.lang.String s = bs.toStringUtf8();
+          description_ = s;
+          return s;
+        } else {
+          return (java.lang.String) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. A descriptive comment.
+       * </pre>
+       *
+       * <code>string description = 6 [(.google.api.field_behavior) = OPTIONAL];</code>
+       *
+       * @return The bytes for description.
+       */
+      public com.google.protobuf.ByteString getDescriptionBytes() {
+        java.lang.Object ref = description_;
+        if (ref instanceof String) {
+          com.google.protobuf.ByteString b =
+              com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+          description_ = b;
+          return b;
+        } else {
+          return (com.google.protobuf.ByteString) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. A descriptive comment.
+       * </pre>
+       *
+       * <code>string description = 6 [(.google.api.field_behavior) = OPTIONAL];</code>
+       *
+       * @param value The description to set.
+       * @return This builder for chaining.
+       */
+      public Builder setDescription(java.lang.String value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+
+        description_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. A descriptive comment.
+       * </pre>
+       *
+       * <code>string description = 6 [(.google.api.field_behavior) = OPTIONAL];</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearDescription() {
+
+        description_ = getDefaultInstance().getDescription();
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. A descriptive comment.
+       * </pre>
+       *
+       * <code>string description = 6 [(.google.api.field_behavior) = OPTIONAL];</code>
+       *
+       * @param value The bytes for description to set.
+       * @return This builder for chaining.
+       */
+      public Builder setDescriptionBytes(com.google.protobuf.ByteString value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        checkByteStringIsUtf8(value);
+
+        description_ = value;
+        onChanged();
+        return this;
+      }
+
+      private int globalPolicyEvaluationMode_ = 0;
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Controls the evaluation of a Google-maintained global admission
+       * policy for common system-level images. Images not covered by the global
+       * policy will be subject to the project admission policy. This setting
+       * has no effect when specified inside a global admission policy.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.Policy.GlobalPolicyEvaluationMode global_policy_evaluation_mode = 7 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       *
+       * @return The enum numeric value on the wire for globalPolicyEvaluationMode.
+       */
+      @java.lang.Override
+      public int getGlobalPolicyEvaluationModeValue() {
+        return globalPolicyEvaluationMode_;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Controls the evaluation of a Google-maintained global admission
+       * policy for common system-level images. Images not covered by the global
+       * policy will be subject to the project admission policy. This setting
+       * has no effect when specified inside a global admission policy.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.Policy.GlobalPolicyEvaluationMode global_policy_evaluation_mode = 7 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       *
+       * @param value The enum numeric value on the wire for globalPolicyEvaluationMode to set.
+       * @return This builder for chaining.
+       */
+      public Builder setGlobalPolicyEvaluationModeValue(int value) {
+
+        globalPolicyEvaluationMode_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Controls the evaluation of a Google-maintained global admission
+       * policy for common system-level images. Images not covered by the global
+       * policy will be subject to the project admission policy. This setting
+       * has no effect when specified inside a global admission policy.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.Policy.GlobalPolicyEvaluationMode global_policy_evaluation_mode = 7 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       *
+       * @return The globalPolicyEvaluationMode.
+       */
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy
+              .GlobalPolicyEvaluationMode
+          getGlobalPolicyEvaluationMode() {
+        @SuppressWarnings("deprecation")
+        com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy
+                .GlobalPolicyEvaluationMode
+            result =
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy
+                    .GlobalPolicyEvaluationMode.valueOf(globalPolicyEvaluationMode_);
+        return result == null
+            ? com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy
+                .GlobalPolicyEvaluationMode.UNRECOGNIZED
+            : result;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Controls the evaluation of a Google-maintained global admission
+       * policy for common system-level images. Images not covered by the global
+       * policy will be subject to the project admission policy. This setting
+       * has no effect when specified inside a global admission policy.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.Policy.GlobalPolicyEvaluationMode global_policy_evaluation_mode = 7 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       *
+       * @param value The globalPolicyEvaluationMode to set.
+       * @return This builder for chaining.
+       */
+      public Builder setGlobalPolicyEvaluationMode(
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy
+                  .GlobalPolicyEvaluationMode
+              value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+
+        globalPolicyEvaluationMode_ = value.getNumber();
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Controls the evaluation of a Google-maintained global admission
+       * policy for common system-level images. Images not covered by the global
+       * policy will be subject to the project admission policy. This setting
+       * has no effect when specified inside a global admission policy.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.Policy.GlobalPolicyEvaluationMode global_policy_evaluation_mode = 7 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearGlobalPolicyEvaluationMode() {
+
+        globalPolicyEvaluationMode_ = 0;
+        onChanged();
+        return this;
+      }
+
+      private java.util.List<
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                  .AdmissionWhitelistPattern>
+          admissionWhitelistPatterns_ = java.util.Collections.emptyList();
+
+      private void ensureAdmissionWhitelistPatternsIsMutable() {
+        if (!((bitField0_ & 0x00000001) != 0)) {
+          admissionWhitelistPatterns_ =
+              new java.util.ArrayList<
+                  com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                      .AdmissionWhitelistPattern>(admissionWhitelistPatterns_);
+          bitField0_ |= 0x00000001;
+        }
+      }
+
+      private com.google.protobuf.RepeatedFieldBuilderV3<
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                  .AdmissionWhitelistPattern,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                  .AdmissionWhitelistPattern.Builder,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                  .AdmissionWhitelistPatternOrBuilder>
+          admissionWhitelistPatternsBuilder_;
+
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Admission policy allowlisting. A matching admission request will
+       * always be permitted. This feature is typically used to exclude Google or
+       * third-party infrastructure images from Binary Authorization policies.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public java.util.List<
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                  .AdmissionWhitelistPattern>
+          getAdmissionWhitelistPatternsList() {
+        if (admissionWhitelistPatternsBuilder_ == null) {
+          return java.util.Collections.unmodifiableList(admissionWhitelistPatterns_);
+        } else {
+          return admissionWhitelistPatternsBuilder_.getMessageList();
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Admission policy allowlisting. A matching admission request will
+       * always be permitted. This feature is typically used to exclude Google or
+       * third-party infrastructure images from Binary Authorization policies.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public int getAdmissionWhitelistPatternsCount() {
+        if (admissionWhitelistPatternsBuilder_ == null) {
+          return admissionWhitelistPatterns_.size();
+        } else {
+          return admissionWhitelistPatternsBuilder_.getCount();
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Admission policy allowlisting. A matching admission request will
+       * always be permitted. This feature is typically used to exclude Google or
+       * third-party infrastructure images from Binary Authorization policies.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources
+              .AdmissionWhitelistPattern
+          getAdmissionWhitelistPatterns(int index) {
+        if (admissionWhitelistPatternsBuilder_ == null) {
+          return admissionWhitelistPatterns_.get(index);
+        } else {
+          return admissionWhitelistPatternsBuilder_.getMessage(index);
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Admission policy allowlisting. A matching admission request will
+       * always be permitted. This feature is typically used to exclude Google or
+       * third-party infrastructure images from Binary Authorization policies.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder setAdmissionWhitelistPatterns(
+          int index,
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionWhitelistPattern
+              value) {
+        if (admissionWhitelistPatternsBuilder_ == null) {
+          if (value == null) {
+            throw new NullPointerException();
+          }
+          ensureAdmissionWhitelistPatternsIsMutable();
+          admissionWhitelistPatterns_.set(index, value);
+          onChanged();
+        } else {
+          admissionWhitelistPatternsBuilder_.setMessage(index, value);
+        }
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Admission policy allowlisting. A matching admission request will
+       * always be permitted. This feature is typically used to exclude Google or
+       * third-party infrastructure images from Binary Authorization policies.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder setAdmissionWhitelistPatterns(
+          int index,
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionWhitelistPattern
+                  .Builder
+              builderForValue) {
+        if (admissionWhitelistPatternsBuilder_ == null) {
+          ensureAdmissionWhitelistPatternsIsMutable();
+          admissionWhitelistPatterns_.set(index, builderForValue.build());
+          onChanged();
+        } else {
+          admissionWhitelistPatternsBuilder_.setMessage(index, builderForValue.build());
+        }
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Admission policy allowlisting. A matching admission request will
+       * always be permitted. This feature is typically used to exclude Google or
+       * third-party infrastructure images from Binary Authorization policies.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder addAdmissionWhitelistPatterns(
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionWhitelistPattern
+              value) {
+        if (admissionWhitelistPatternsBuilder_ == null) {
+          if (value == null) {
+            throw new NullPointerException();
+          }
+          ensureAdmissionWhitelistPatternsIsMutable();
+          admissionWhitelistPatterns_.add(value);
+          onChanged();
+        } else {
+          admissionWhitelistPatternsBuilder_.addMessage(value);
+        }
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Admission policy allowlisting. A matching admission request will
+       * always be permitted. This feature is typically used to exclude Google or
+       * third-party infrastructure images from Binary Authorization policies.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder addAdmissionWhitelistPatterns(
+          int index,
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionWhitelistPattern
+              value) {
+        if (admissionWhitelistPatternsBuilder_ == null) {
+          if (value == null) {
+            throw new NullPointerException();
+          }
+          ensureAdmissionWhitelistPatternsIsMutable();
+          admissionWhitelistPatterns_.add(index, value);
+          onChanged();
+        } else {
+          admissionWhitelistPatternsBuilder_.addMessage(index, value);
+        }
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Admission policy allowlisting. A matching admission request will
+       * always be permitted. This feature is typically used to exclude Google or
+       * third-party infrastructure images from Binary Authorization policies.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder addAdmissionWhitelistPatterns(
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionWhitelistPattern
+                  .Builder
+              builderForValue) {
+        if (admissionWhitelistPatternsBuilder_ == null) {
+          ensureAdmissionWhitelistPatternsIsMutable();
+          admissionWhitelistPatterns_.add(builderForValue.build());
+          onChanged();
+        } else {
+          admissionWhitelistPatternsBuilder_.addMessage(builderForValue.build());
+        }
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Admission policy allowlisting. A matching admission request will
+       * always be permitted. This feature is typically used to exclude Google or
+       * third-party infrastructure images from Binary Authorization policies.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder addAdmissionWhitelistPatterns(
+          int index,
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionWhitelistPattern
+                  .Builder
+              builderForValue) {
+        if (admissionWhitelistPatternsBuilder_ == null) {
+          ensureAdmissionWhitelistPatternsIsMutable();
+          admissionWhitelistPatterns_.add(index, builderForValue.build());
+          onChanged();
+        } else {
+          admissionWhitelistPatternsBuilder_.addMessage(index, builderForValue.build());
+        }
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Admission policy allowlisting. A matching admission request will
+       * always be permitted. This feature is typically used to exclude Google or
+       * third-party infrastructure images from Binary Authorization policies.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder addAllAdmissionWhitelistPatterns(
+          java.lang.Iterable<
+                  ? extends
+                      com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                          .AdmissionWhitelistPattern>
+              values) {
+        if (admissionWhitelistPatternsBuilder_ == null) {
+          ensureAdmissionWhitelistPatternsIsMutable();
+          com.google.protobuf.AbstractMessageLite.Builder.addAll(
+              values, admissionWhitelistPatterns_);
+          onChanged();
+        } else {
+          admissionWhitelistPatternsBuilder_.addAllMessages(values);
+        }
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Admission policy allowlisting. A matching admission request will
+       * always be permitted. This feature is typically used to exclude Google or
+       * third-party infrastructure images from Binary Authorization policies.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder clearAdmissionWhitelistPatterns() {
+        if (admissionWhitelistPatternsBuilder_ == null) {
+          admissionWhitelistPatterns_ = java.util.Collections.emptyList();
+          bitField0_ = (bitField0_ & ~0x00000001);
+          onChanged();
+        } else {
+          admissionWhitelistPatternsBuilder_.clear();
+        }
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Admission policy allowlisting. A matching admission request will
+       * always be permitted. This feature is typically used to exclude Google or
+       * third-party infrastructure images from Binary Authorization policies.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder removeAdmissionWhitelistPatterns(int index) {
+        if (admissionWhitelistPatternsBuilder_ == null) {
+          ensureAdmissionWhitelistPatternsIsMutable();
+          admissionWhitelistPatterns_.remove(index);
+          onChanged();
+        } else {
+          admissionWhitelistPatternsBuilder_.remove(index);
+        }
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Admission policy allowlisting. A matching admission request will
+       * always be permitted. This feature is typically used to exclude Google or
+       * third-party infrastructure images from Binary Authorization policies.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources
+              .AdmissionWhitelistPattern.Builder
+          getAdmissionWhitelistPatternsBuilder(int index) {
+        return getAdmissionWhitelistPatternsFieldBuilder().getBuilder(index);
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Admission policy allowlisting. A matching admission request will
+       * always be permitted. This feature is typically used to exclude Google or
+       * third-party infrastructure images from Binary Authorization policies.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources
+              .AdmissionWhitelistPatternOrBuilder
+          getAdmissionWhitelistPatternsOrBuilder(int index) {
+        if (admissionWhitelistPatternsBuilder_ == null) {
+          return admissionWhitelistPatterns_.get(index);
+        } else {
+          return admissionWhitelistPatternsBuilder_.getMessageOrBuilder(index);
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Admission policy allowlisting. A matching admission request will
+       * always be permitted. This feature is typically used to exclude Google or
+       * third-party infrastructure images from Binary Authorization policies.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public java.util.List<
+              ? extends
+                  com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                      .AdmissionWhitelistPatternOrBuilder>
+          getAdmissionWhitelistPatternsOrBuilderList() {
+        if (admissionWhitelistPatternsBuilder_ != null) {
+          return admissionWhitelistPatternsBuilder_.getMessageOrBuilderList();
+        } else {
+          return java.util.Collections.unmodifiableList(admissionWhitelistPatterns_);
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Admission policy allowlisting. A matching admission request will
+       * always be permitted. This feature is typically used to exclude Google or
+       * third-party infrastructure images from Binary Authorization policies.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources
+              .AdmissionWhitelistPattern.Builder
+          addAdmissionWhitelistPatternsBuilder() {
+        return getAdmissionWhitelistPatternsFieldBuilder()
+            .addBuilder(
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                    .AdmissionWhitelistPattern.getDefaultInstance());
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Admission policy allowlisting. A matching admission request will
+       * always be permitted. This feature is typically used to exclude Google or
+       * third-party infrastructure images from Binary Authorization policies.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources
+              .AdmissionWhitelistPattern.Builder
+          addAdmissionWhitelistPatternsBuilder(int index) {
+        return getAdmissionWhitelistPatternsFieldBuilder()
+            .addBuilder(
+                index,
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                    .AdmissionWhitelistPattern.getDefaultInstance());
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Admission policy allowlisting. A matching admission request will
+       * always be permitted. This feature is typically used to exclude Google or
+       * third-party infrastructure images from Binary Authorization policies.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public java.util.List<
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                  .AdmissionWhitelistPattern.Builder>
+          getAdmissionWhitelistPatternsBuilderList() {
+        return getAdmissionWhitelistPatternsFieldBuilder().getBuilderList();
+      }
+
+      private com.google.protobuf.RepeatedFieldBuilderV3<
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                  .AdmissionWhitelistPattern,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                  .AdmissionWhitelistPattern.Builder,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                  .AdmissionWhitelistPatternOrBuilder>
+          getAdmissionWhitelistPatternsFieldBuilder() {
+        if (admissionWhitelistPatternsBuilder_ == null) {
+          admissionWhitelistPatternsBuilder_ =
+              new com.google.protobuf.RepeatedFieldBuilderV3<
+                  com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                      .AdmissionWhitelistPattern,
+                  com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                      .AdmissionWhitelistPattern.Builder,
+                  com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                      .AdmissionWhitelistPatternOrBuilder>(
+                  admissionWhitelistPatterns_,
+                  ((bitField0_ & 0x00000001) != 0),
+                  getParentForChildren(),
+                  isClean());
+          admissionWhitelistPatterns_ = null;
+        }
+        return admissionWhitelistPatternsBuilder_;
+      }
+
+      private com.google.protobuf.MapField<
+              java.lang.String,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+          clusterAdmissionRules_;
+
+      private com.google.protobuf.MapField<
+              java.lang.String,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+          internalGetClusterAdmissionRules() {
+        if (clusterAdmissionRules_ == null) {
+          return com.google.protobuf.MapField.emptyMapField(
+              ClusterAdmissionRulesDefaultEntryHolder.defaultEntry);
+        }
+        return clusterAdmissionRules_;
+      }
+
+      private com.google.protobuf.MapField<
+              java.lang.String,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+          internalGetMutableClusterAdmissionRules() {
+        onChanged();
+        ;
+        if (clusterAdmissionRules_ == null) {
+          clusterAdmissionRules_ =
+              com.google.protobuf.MapField.newMapField(
+                  ClusterAdmissionRulesDefaultEntryHolder.defaultEntry);
+        }
+        if (!clusterAdmissionRules_.isMutable()) {
+          clusterAdmissionRules_ = clusterAdmissionRules_.copy();
+        }
+        return clusterAdmissionRules_;
+      }
+
+      public int getClusterAdmissionRulesCount() {
+        return internalGetClusterAdmissionRules().getMap().size();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Per-cluster admission rules. Cluster spec format:
+       * `location.clusterId`. There can be at most one admission rule per cluster
+       * spec.
+       * A `location` is either a compute zone (e.g. us-central1-a) or a region
+       * (e.g. us-central1).
+       * For `clusterId` syntax restrictions see
+       * https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
+       * </pre>
+       *
+       * <code>
+       * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      @java.lang.Override
+      public boolean containsClusterAdmissionRules(java.lang.String key) {
+        if (key == null) {
+          throw new java.lang.NullPointerException();
+        }
+        return internalGetClusterAdmissionRules().getMap().containsKey(key);
+      }
+      /** Use {@link #getClusterAdmissionRulesMap()} instead. */
+      @java.lang.Override
+      @java.lang.Deprecated
+      public java.util.Map<
+              java.lang.String,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+          getClusterAdmissionRules() {
+        return getClusterAdmissionRulesMap();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Per-cluster admission rules. Cluster spec format:
+       * `location.clusterId`. There can be at most one admission rule per cluster
+       * spec.
+       * A `location` is either a compute zone (e.g. us-central1-a) or a region
+       * (e.g. us-central1).
+       * For `clusterId` syntax restrictions see
+       * https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
+       * </pre>
+       *
+       * <code>
+       * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      @java.lang.Override
+      public java.util.Map<
+              java.lang.String,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+          getClusterAdmissionRulesMap() {
+        return internalGetClusterAdmissionRules().getMap();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Per-cluster admission rules. Cluster spec format:
+       * `location.clusterId`. There can be at most one admission rule per cluster
+       * spec.
+       * A `location` is either a compute zone (e.g. us-central1-a) or a region
+       * (e.g. us-central1).
+       * For `clusterId` syntax restrictions see
+       * https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
+       * </pre>
+       *
+       * <code>
+       * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+          getClusterAdmissionRulesOrDefault(
+              java.lang.String key,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+                  defaultValue) {
+        if (key == null) {
+          throw new java.lang.NullPointerException();
+        }
+        java.util.Map<
+                java.lang.String,
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+            map = internalGetClusterAdmissionRules().getMap();
+        return map.containsKey(key) ? map.get(key) : defaultValue;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Per-cluster admission rules. Cluster spec format:
+       * `location.clusterId`. There can be at most one admission rule per cluster
+       * spec.
+       * A `location` is either a compute zone (e.g. us-central1-a) or a region
+       * (e.g. us-central1).
+       * For `clusterId` syntax restrictions see
+       * https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
+       * </pre>
+       *
+       * <code>
+       * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+          getClusterAdmissionRulesOrThrow(java.lang.String key) {
+        if (key == null) {
+          throw new java.lang.NullPointerException();
+        }
+        java.util.Map<
+                java.lang.String,
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+            map = internalGetClusterAdmissionRules().getMap();
+        if (!map.containsKey(key)) {
+          throw new java.lang.IllegalArgumentException();
+        }
+        return map.get(key);
+      }
+
+      public Builder clearClusterAdmissionRules() {
+        internalGetMutableClusterAdmissionRules().getMutableMap().clear();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Per-cluster admission rules. Cluster spec format:
+       * `location.clusterId`. There can be at most one admission rule per cluster
+       * spec.
+       * A `location` is either a compute zone (e.g. us-central1-a) or a region
+       * (e.g. us-central1).
+       * For `clusterId` syntax restrictions see
+       * https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
+       * </pre>
+       *
+       * <code>
+       * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder removeClusterAdmissionRules(java.lang.String key) {
+        if (key == null) {
+          throw new java.lang.NullPointerException();
+        }
+        internalGetMutableClusterAdmissionRules().getMutableMap().remove(key);
+        return this;
+      }
+      /** Use alternate mutation accessors instead. */
+      @java.lang.Deprecated
+      public java.util.Map<
+              java.lang.String,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+          getMutableClusterAdmissionRules() {
+        return internalGetMutableClusterAdmissionRules().getMutableMap();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Per-cluster admission rules. Cluster spec format:
+       * `location.clusterId`. There can be at most one admission rule per cluster
+       * spec.
+       * A `location` is either a compute zone (e.g. us-central1-a) or a region
+       * (e.g. us-central1).
+       * For `clusterId` syntax restrictions see
+       * https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
+       * </pre>
+       *
+       * <code>
+       * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder putClusterAdmissionRules(
+          java.lang.String key,
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule value) {
+        if (key == null) {
+          throw new java.lang.NullPointerException();
+        }
+        if (value == null) {
+          throw new java.lang.NullPointerException();
+        }
+        internalGetMutableClusterAdmissionRules().getMutableMap().put(key, value);
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Per-cluster admission rules. Cluster spec format:
+       * `location.clusterId`. There can be at most one admission rule per cluster
+       * spec.
+       * A `location` is either a compute zone (e.g. us-central1-a) or a region
+       * (e.g. us-central1).
+       * For `clusterId` syntax restrictions see
+       * https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
+       * </pre>
+       *
+       * <code>
+       * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder putAllClusterAdmissionRules(
+          java.util.Map<
+                  java.lang.String,
+                  com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+              values) {
+        internalGetMutableClusterAdmissionRules().getMutableMap().putAll(values);
+        return this;
+      }
+
+      private com.google.protobuf.MapField<
+              java.lang.String,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+          kubernetesNamespaceAdmissionRules_;
+
+      private com.google.protobuf.MapField<
+              java.lang.String,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+          internalGetKubernetesNamespaceAdmissionRules() {
+        if (kubernetesNamespaceAdmissionRules_ == null) {
+          return com.google.protobuf.MapField.emptyMapField(
+              KubernetesNamespaceAdmissionRulesDefaultEntryHolder.defaultEntry);
+        }
+        return kubernetesNamespaceAdmissionRules_;
+      }
+
+      private com.google.protobuf.MapField<
+              java.lang.String,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+          internalGetMutableKubernetesNamespaceAdmissionRules() {
+        onChanged();
+        ;
+        if (kubernetesNamespaceAdmissionRules_ == null) {
+          kubernetesNamespaceAdmissionRules_ =
+              com.google.protobuf.MapField.newMapField(
+                  KubernetesNamespaceAdmissionRulesDefaultEntryHolder.defaultEntry);
+        }
+        if (!kubernetesNamespaceAdmissionRules_.isMutable()) {
+          kubernetesNamespaceAdmissionRules_ = kubernetesNamespaceAdmissionRules_.copy();
+        }
+        return kubernetesNamespaceAdmissionRules_;
+      }
+
+      public int getKubernetesNamespaceAdmissionRulesCount() {
+        return internalGetKubernetesNamespaceAdmissionRules().getMap().size();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
+       * [a-z.-]+, e.g. 'some-namespace'
+       * </pre>
+       *
+       * <code>
+       * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      @java.lang.Override
+      public boolean containsKubernetesNamespaceAdmissionRules(java.lang.String key) {
+        if (key == null) {
+          throw new java.lang.NullPointerException();
+        }
+        return internalGetKubernetesNamespaceAdmissionRules().getMap().containsKey(key);
+      }
+      /** Use {@link #getKubernetesNamespaceAdmissionRulesMap()} instead. */
+      @java.lang.Override
+      @java.lang.Deprecated
+      public java.util.Map<
+              java.lang.String,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+          getKubernetesNamespaceAdmissionRules() {
+        return getKubernetesNamespaceAdmissionRulesMap();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
+       * [a-z.-]+, e.g. 'some-namespace'
+       * </pre>
+       *
+       * <code>
+       * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      @java.lang.Override
+      public java.util.Map<
+              java.lang.String,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+          getKubernetesNamespaceAdmissionRulesMap() {
+        return internalGetKubernetesNamespaceAdmissionRules().getMap();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
+       * [a-z.-]+, e.g. 'some-namespace'
+       * </pre>
+       *
+       * <code>
+       * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+          getKubernetesNamespaceAdmissionRulesOrDefault(
+              java.lang.String key,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+                  defaultValue) {
+        if (key == null) {
+          throw new java.lang.NullPointerException();
+        }
+        java.util.Map<
+                java.lang.String,
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+            map = internalGetKubernetesNamespaceAdmissionRules().getMap();
+        return map.containsKey(key) ? map.get(key) : defaultValue;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
+       * [a-z.-]+, e.g. 'some-namespace'
+       * </pre>
+       *
+       * <code>
+       * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+          getKubernetesNamespaceAdmissionRulesOrThrow(java.lang.String key) {
+        if (key == null) {
+          throw new java.lang.NullPointerException();
+        }
+        java.util.Map<
+                java.lang.String,
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+            map = internalGetKubernetesNamespaceAdmissionRules().getMap();
+        if (!map.containsKey(key)) {
+          throw new java.lang.IllegalArgumentException();
+        }
+        return map.get(key);
+      }
+
+      public Builder clearKubernetesNamespaceAdmissionRules() {
+        internalGetMutableKubernetesNamespaceAdmissionRules().getMutableMap().clear();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
+       * [a-z.-]+, e.g. 'some-namespace'
+       * </pre>
+       *
+       * <code>
+       * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder removeKubernetesNamespaceAdmissionRules(java.lang.String key) {
+        if (key == null) {
+          throw new java.lang.NullPointerException();
+        }
+        internalGetMutableKubernetesNamespaceAdmissionRules().getMutableMap().remove(key);
+        return this;
+      }
+      /** Use alternate mutation accessors instead. */
+      @java.lang.Deprecated
+      public java.util.Map<
+              java.lang.String,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+          getMutableKubernetesNamespaceAdmissionRules() {
+        return internalGetMutableKubernetesNamespaceAdmissionRules().getMutableMap();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
+       * [a-z.-]+, e.g. 'some-namespace'
+       * </pre>
+       *
+       * <code>
+       * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder putKubernetesNamespaceAdmissionRules(
+          java.lang.String key,
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule value) {
+        if (key == null) {
+          throw new java.lang.NullPointerException();
+        }
+        if (value == null) {
+          throw new java.lang.NullPointerException();
+        }
+        internalGetMutableKubernetesNamespaceAdmissionRules().getMutableMap().put(key, value);
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
+       * [a-z.-]+, e.g. 'some-namespace'
+       * </pre>
+       *
+       * <code>
+       * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder putAllKubernetesNamespaceAdmissionRules(
+          java.util.Map<
+                  java.lang.String,
+                  com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+              values) {
+        internalGetMutableKubernetesNamespaceAdmissionRules().getMutableMap().putAll(values);
+        return this;
+      }
+
+      private com.google.protobuf.MapField<
+              java.lang.String,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+          kubernetesServiceAccountAdmissionRules_;
+
+      private com.google.protobuf.MapField<
+              java.lang.String,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+          internalGetKubernetesServiceAccountAdmissionRules() {
+        if (kubernetesServiceAccountAdmissionRules_ == null) {
+          return com.google.protobuf.MapField.emptyMapField(
+              KubernetesServiceAccountAdmissionRulesDefaultEntryHolder.defaultEntry);
+        }
+        return kubernetesServiceAccountAdmissionRules_;
+      }
+
+      private com.google.protobuf.MapField<
+              java.lang.String,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+          internalGetMutableKubernetesServiceAccountAdmissionRules() {
+        onChanged();
+        ;
+        if (kubernetesServiceAccountAdmissionRules_ == null) {
+          kubernetesServiceAccountAdmissionRules_ =
+              com.google.protobuf.MapField.newMapField(
+                  KubernetesServiceAccountAdmissionRulesDefaultEntryHolder.defaultEntry);
+        }
+        if (!kubernetesServiceAccountAdmissionRules_.isMutable()) {
+          kubernetesServiceAccountAdmissionRules_ = kubernetesServiceAccountAdmissionRules_.copy();
+        }
+        return kubernetesServiceAccountAdmissionRules_;
+      }
+
+      public int getKubernetesServiceAccountAdmissionRulesCount() {
+        return internalGetKubernetesServiceAccountAdmissionRules().getMap().size();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Per-kubernetes-service-account admission rules. Service account
+       * spec format: `namespace:serviceaccount`. e.g. 'test-ns:default'
+       * </pre>
+       *
+       * <code>
+       * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      @java.lang.Override
+      public boolean containsKubernetesServiceAccountAdmissionRules(java.lang.String key) {
+        if (key == null) {
+          throw new java.lang.NullPointerException();
+        }
+        return internalGetKubernetesServiceAccountAdmissionRules().getMap().containsKey(key);
+      }
+      /** Use {@link #getKubernetesServiceAccountAdmissionRulesMap()} instead. */
+      @java.lang.Override
+      @java.lang.Deprecated
+      public java.util.Map<
+              java.lang.String,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+          getKubernetesServiceAccountAdmissionRules() {
+        return getKubernetesServiceAccountAdmissionRulesMap();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Per-kubernetes-service-account admission rules. Service account
+       * spec format: `namespace:serviceaccount`. e.g. 'test-ns:default'
+       * </pre>
+       *
+       * <code>
+       * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      @java.lang.Override
+      public java.util.Map<
+              java.lang.String,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+          getKubernetesServiceAccountAdmissionRulesMap() {
+        return internalGetKubernetesServiceAccountAdmissionRules().getMap();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Per-kubernetes-service-account admission rules. Service account
+       * spec format: `namespace:serviceaccount`. e.g. 'test-ns:default'
+       * </pre>
+       *
+       * <code>
+       * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+          getKubernetesServiceAccountAdmissionRulesOrDefault(
+              java.lang.String key,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+                  defaultValue) {
+        if (key == null) {
+          throw new java.lang.NullPointerException();
+        }
+        java.util.Map<
+                java.lang.String,
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+            map = internalGetKubernetesServiceAccountAdmissionRules().getMap();
+        return map.containsKey(key) ? map.get(key) : defaultValue;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Per-kubernetes-service-account admission rules. Service account
+       * spec format: `namespace:serviceaccount`. e.g. 'test-ns:default'
+       * </pre>
+       *
+       * <code>
+       * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+          getKubernetesServiceAccountAdmissionRulesOrThrow(java.lang.String key) {
+        if (key == null) {
+          throw new java.lang.NullPointerException();
+        }
+        java.util.Map<
+                java.lang.String,
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+            map = internalGetKubernetesServiceAccountAdmissionRules().getMap();
+        if (!map.containsKey(key)) {
+          throw new java.lang.IllegalArgumentException();
+        }
+        return map.get(key);
+      }
+
+      public Builder clearKubernetesServiceAccountAdmissionRules() {
+        internalGetMutableKubernetesServiceAccountAdmissionRules().getMutableMap().clear();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Per-kubernetes-service-account admission rules. Service account
+       * spec format: `namespace:serviceaccount`. e.g. 'test-ns:default'
+       * </pre>
+       *
+       * <code>
+       * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder removeKubernetesServiceAccountAdmissionRules(java.lang.String key) {
+        if (key == null) {
+          throw new java.lang.NullPointerException();
+        }
+        internalGetMutableKubernetesServiceAccountAdmissionRules().getMutableMap().remove(key);
+        return this;
+      }
+      /** Use alternate mutation accessors instead. */
+      @java.lang.Deprecated
+      public java.util.Map<
+              java.lang.String,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+          getMutableKubernetesServiceAccountAdmissionRules() {
+        return internalGetMutableKubernetesServiceAccountAdmissionRules().getMutableMap();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Per-kubernetes-service-account admission rules. Service account
+       * spec format: `namespace:serviceaccount`. e.g. 'test-ns:default'
+       * </pre>
+       *
+       * <code>
+       * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder putKubernetesServiceAccountAdmissionRules(
+          java.lang.String key,
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule value) {
+        if (key == null) {
+          throw new java.lang.NullPointerException();
+        }
+        if (value == null) {
+          throw new java.lang.NullPointerException();
+        }
+        internalGetMutableKubernetesServiceAccountAdmissionRules().getMutableMap().put(key, value);
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Per-kubernetes-service-account admission rules. Service account
+       * spec format: `namespace:serviceaccount`. e.g. 'test-ns:default'
+       * </pre>
+       *
+       * <code>
+       * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder putAllKubernetesServiceAccountAdmissionRules(
+          java.util.Map<
+                  java.lang.String,
+                  com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+              values) {
+        internalGetMutableKubernetesServiceAccountAdmissionRules().getMutableMap().putAll(values);
+        return this;
+      }
+
+      private com.google.protobuf.MapField<
+              java.lang.String,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+          istioServiceIdentityAdmissionRules_;
+
+      private com.google.protobuf.MapField<
+              java.lang.String,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+          internalGetIstioServiceIdentityAdmissionRules() {
+        if (istioServiceIdentityAdmissionRules_ == null) {
+          return com.google.protobuf.MapField.emptyMapField(
+              IstioServiceIdentityAdmissionRulesDefaultEntryHolder.defaultEntry);
+        }
+        return istioServiceIdentityAdmissionRules_;
+      }
+
+      private com.google.protobuf.MapField<
+              java.lang.String,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+          internalGetMutableIstioServiceIdentityAdmissionRules() {
+        onChanged();
+        ;
+        if (istioServiceIdentityAdmissionRules_ == null) {
+          istioServiceIdentityAdmissionRules_ =
+              com.google.protobuf.MapField.newMapField(
+                  IstioServiceIdentityAdmissionRulesDefaultEntryHolder.defaultEntry);
+        }
+        if (!istioServiceIdentityAdmissionRules_.isMutable()) {
+          istioServiceIdentityAdmissionRules_ = istioServiceIdentityAdmissionRules_.copy();
+        }
+        return istioServiceIdentityAdmissionRules_;
+      }
+
+      public int getIstioServiceIdentityAdmissionRulesCount() {
+        return internalGetIstioServiceIdentityAdmissionRules().getMap().size();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Per-istio-service-identity admission rules. Istio service
+       * identity spec format:
+       * spiffe://&lt;domain&gt;/ns/&lt;namespace&gt;/sa/&lt;serviceaccount&gt; or
+       * &lt;domain&gt;/ns/&lt;namespace&gt;/sa/&lt;serviceaccount&gt;
+       * e.g. spiffe://example.com/ns/test-ns/sa/default
+       * </pre>
+       *
+       * <code>
+       * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      @java.lang.Override
+      public boolean containsIstioServiceIdentityAdmissionRules(java.lang.String key) {
+        if (key == null) {
+          throw new java.lang.NullPointerException();
+        }
+        return internalGetIstioServiceIdentityAdmissionRules().getMap().containsKey(key);
+      }
+      /** Use {@link #getIstioServiceIdentityAdmissionRulesMap()} instead. */
+      @java.lang.Override
+      @java.lang.Deprecated
+      public java.util.Map<
+              java.lang.String,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+          getIstioServiceIdentityAdmissionRules() {
+        return getIstioServiceIdentityAdmissionRulesMap();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Per-istio-service-identity admission rules. Istio service
+       * identity spec format:
+       * spiffe://&lt;domain&gt;/ns/&lt;namespace&gt;/sa/&lt;serviceaccount&gt; or
+       * &lt;domain&gt;/ns/&lt;namespace&gt;/sa/&lt;serviceaccount&gt;
+       * e.g. spiffe://example.com/ns/test-ns/sa/default
+       * </pre>
+       *
+       * <code>
+       * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      @java.lang.Override
+      public java.util.Map<
+              java.lang.String,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+          getIstioServiceIdentityAdmissionRulesMap() {
+        return internalGetIstioServiceIdentityAdmissionRules().getMap();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Per-istio-service-identity admission rules. Istio service
+       * identity spec format:
+       * spiffe://&lt;domain&gt;/ns/&lt;namespace&gt;/sa/&lt;serviceaccount&gt; or
+       * &lt;domain&gt;/ns/&lt;namespace&gt;/sa/&lt;serviceaccount&gt;
+       * e.g. spiffe://example.com/ns/test-ns/sa/default
+       * </pre>
+       *
+       * <code>
+       * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+          getIstioServiceIdentityAdmissionRulesOrDefault(
+              java.lang.String key,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+                  defaultValue) {
+        if (key == null) {
+          throw new java.lang.NullPointerException();
+        }
+        java.util.Map<
+                java.lang.String,
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+            map = internalGetIstioServiceIdentityAdmissionRules().getMap();
+        return map.containsKey(key) ? map.get(key) : defaultValue;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Per-istio-service-identity admission rules. Istio service
+       * identity spec format:
+       * spiffe://&lt;domain&gt;/ns/&lt;namespace&gt;/sa/&lt;serviceaccount&gt; or
+       * &lt;domain&gt;/ns/&lt;namespace&gt;/sa/&lt;serviceaccount&gt;
+       * e.g. spiffe://example.com/ns/test-ns/sa/default
+       * </pre>
+       *
+       * <code>
+       * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+          getIstioServiceIdentityAdmissionRulesOrThrow(java.lang.String key) {
+        if (key == null) {
+          throw new java.lang.NullPointerException();
+        }
+        java.util.Map<
+                java.lang.String,
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+            map = internalGetIstioServiceIdentityAdmissionRules().getMap();
+        if (!map.containsKey(key)) {
+          throw new java.lang.IllegalArgumentException();
+        }
+        return map.get(key);
+      }
+
+      public Builder clearIstioServiceIdentityAdmissionRules() {
+        internalGetMutableIstioServiceIdentityAdmissionRules().getMutableMap().clear();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Per-istio-service-identity admission rules. Istio service
+       * identity spec format:
+       * spiffe://&lt;domain&gt;/ns/&lt;namespace&gt;/sa/&lt;serviceaccount&gt; or
+       * &lt;domain&gt;/ns/&lt;namespace&gt;/sa/&lt;serviceaccount&gt;
+       * e.g. spiffe://example.com/ns/test-ns/sa/default
+       * </pre>
+       *
+       * <code>
+       * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder removeIstioServiceIdentityAdmissionRules(java.lang.String key) {
+        if (key == null) {
+          throw new java.lang.NullPointerException();
+        }
+        internalGetMutableIstioServiceIdentityAdmissionRules().getMutableMap().remove(key);
+        return this;
+      }
+      /** Use alternate mutation accessors instead. */
+      @java.lang.Deprecated
+      public java.util.Map<
+              java.lang.String,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+          getMutableIstioServiceIdentityAdmissionRules() {
+        return internalGetMutableIstioServiceIdentityAdmissionRules().getMutableMap();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Per-istio-service-identity admission rules. Istio service
+       * identity spec format:
+       * spiffe://&lt;domain&gt;/ns/&lt;namespace&gt;/sa/&lt;serviceaccount&gt; or
+       * &lt;domain&gt;/ns/&lt;namespace&gt;/sa/&lt;serviceaccount&gt;
+       * e.g. spiffe://example.com/ns/test-ns/sa/default
+       * </pre>
+       *
+       * <code>
+       * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder putIstioServiceIdentityAdmissionRules(
+          java.lang.String key,
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule value) {
+        if (key == null) {
+          throw new java.lang.NullPointerException();
+        }
+        if (value == null) {
+          throw new java.lang.NullPointerException();
+        }
+        internalGetMutableIstioServiceIdentityAdmissionRules().getMutableMap().put(key, value);
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Per-istio-service-identity admission rules. Istio service
+       * identity spec format:
+       * spiffe://&lt;domain&gt;/ns/&lt;namespace&gt;/sa/&lt;serviceaccount&gt; or
+       * &lt;domain&gt;/ns/&lt;namespace&gt;/sa/&lt;serviceaccount&gt;
+       * e.g. spiffe://example.com/ns/test-ns/sa/default
+       * </pre>
+       *
+       * <code>
+       * map&lt;string, .google.cloud.binaryauthorization.v1.AdmissionRule&gt; istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder putAllIstioServiceIdentityAdmissionRules(
+          java.util.Map<
+                  java.lang.String,
+                  com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule>
+              values) {
+        internalGetMutableIstioServiceIdentityAdmissionRules().getMutableMap().putAll(values);
+        return this;
+      }
+
+      private com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+          defaultAdmissionRule_;
+      private com.google.protobuf.SingleFieldBuilderV3<
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule.Builder,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                  .AdmissionRuleOrBuilder>
+          defaultAdmissionRuleBuilder_;
+      /**
+       *
+       *
+       * <pre>
+       * Required. Default admission rule for a cluster without a per-cluster, per-
+       * kubernetes-service-account, or per-istio-service-identity admission rule.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       *
+       * @return Whether the defaultAdmissionRule field is set.
+       */
+      public boolean hasDefaultAdmissionRule() {
+        return defaultAdmissionRuleBuilder_ != null || defaultAdmissionRule_ != null;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. Default admission rule for a cluster without a per-cluster, per-
+       * kubernetes-service-account, or per-istio-service-identity admission rule.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       *
+       * @return The defaultAdmissionRule.
+       */
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+          getDefaultAdmissionRule() {
+        if (defaultAdmissionRuleBuilder_ == null) {
+          return defaultAdmissionRule_ == null
+              ? com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+                  .getDefaultInstance()
+              : defaultAdmissionRule_;
+        } else {
+          return defaultAdmissionRuleBuilder_.getMessage();
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. Default admission rule for a cluster without a per-cluster, per-
+       * kubernetes-service-account, or per-istio-service-identity admission rule.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       */
+      public Builder setDefaultAdmissionRule(
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule value) {
+        if (defaultAdmissionRuleBuilder_ == null) {
+          if (value == null) {
+            throw new NullPointerException();
+          }
+          defaultAdmissionRule_ = value;
+          onChanged();
+        } else {
+          defaultAdmissionRuleBuilder_.setMessage(value);
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. Default admission rule for a cluster without a per-cluster, per-
+       * kubernetes-service-account, or per-istio-service-identity admission rule.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       */
+      public Builder setDefaultAdmissionRule(
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule.Builder
+              builderForValue) {
+        if (defaultAdmissionRuleBuilder_ == null) {
+          defaultAdmissionRule_ = builderForValue.build();
+          onChanged();
+        } else {
+          defaultAdmissionRuleBuilder_.setMessage(builderForValue.build());
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. Default admission rule for a cluster without a per-cluster, per-
+       * kubernetes-service-account, or per-istio-service-identity admission rule.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       */
+      public Builder mergeDefaultAdmissionRule(
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule value) {
+        if (defaultAdmissionRuleBuilder_ == null) {
+          if (defaultAdmissionRule_ != null) {
+            defaultAdmissionRule_ =
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+                    .newBuilder(defaultAdmissionRule_)
+                    .mergeFrom(value)
+                    .buildPartial();
+          } else {
+            defaultAdmissionRule_ = value;
+          }
+          onChanged();
+        } else {
+          defaultAdmissionRuleBuilder_.mergeFrom(value);
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. Default admission rule for a cluster without a per-cluster, per-
+       * kubernetes-service-account, or per-istio-service-identity admission rule.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       */
+      public Builder clearDefaultAdmissionRule() {
+        if (defaultAdmissionRuleBuilder_ == null) {
+          defaultAdmissionRule_ = null;
+          onChanged();
+        } else {
+          defaultAdmissionRule_ = null;
+          defaultAdmissionRuleBuilder_ = null;
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. Default admission rule for a cluster without a per-cluster, per-
+       * kubernetes-service-account, or per-istio-service-identity admission rule.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       */
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule.Builder
+          getDefaultAdmissionRuleBuilder() {
+
+        onChanged();
+        return getDefaultAdmissionRuleFieldBuilder().getBuilder();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. Default admission rule for a cluster without a per-cluster, per-
+       * kubernetes-service-account, or per-istio-service-identity admission rule.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       */
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRuleOrBuilder
+          getDefaultAdmissionRuleOrBuilder() {
+        if (defaultAdmissionRuleBuilder_ != null) {
+          return defaultAdmissionRuleBuilder_.getMessageOrBuilder();
+        } else {
+          return defaultAdmissionRule_ == null
+              ? com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+                  .getDefaultInstance()
+              : defaultAdmissionRule_;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. Default admission rule for a cluster without a per-cluster, per-
+       * kubernetes-service-account, or per-istio-service-identity admission rule.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       */
+      private com.google.protobuf.SingleFieldBuilderV3<
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule.Builder,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                  .AdmissionRuleOrBuilder>
+          getDefaultAdmissionRuleFieldBuilder() {
+        if (defaultAdmissionRuleBuilder_ == null) {
+          defaultAdmissionRuleBuilder_ =
+              new com.google.protobuf.SingleFieldBuilderV3<
+                  com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule,
+                  com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+                      .Builder,
+                  com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                      .AdmissionRuleOrBuilder>(
+                  getDefaultAdmissionRule(), getParentForChildren(), isClean());
+          defaultAdmissionRule_ = null;
+        }
+        return defaultAdmissionRuleBuilder_;
+      }
+
+      private com.google.protobuf.Timestamp updateTime_;
+      private com.google.protobuf.SingleFieldBuilderV3<
+              com.google.protobuf.Timestamp,
+              com.google.protobuf.Timestamp.Builder,
+              com.google.protobuf.TimestampOrBuilder>
+          updateTimeBuilder_;
+      /**
+       *
+       *
+       * <pre>
+       * Output only. Time when the policy was last updated.
+       * </pre>
+       *
+       * <code>
+       * .google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];
+       * </code>
+       *
+       * @return Whether the updateTime field is set.
+       */
+      public boolean hasUpdateTime() {
+        return updateTimeBuilder_ != null || updateTime_ != null;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Output only. Time when the policy was last updated.
+       * </pre>
+       *
+       * <code>
+       * .google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];
+       * </code>
+       *
+       * @return The updateTime.
+       */
+      public com.google.protobuf.Timestamp getUpdateTime() {
+        if (updateTimeBuilder_ == null) {
+          return updateTime_ == null
+              ? com.google.protobuf.Timestamp.getDefaultInstance()
+              : updateTime_;
+        } else {
+          return updateTimeBuilder_.getMessage();
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Output only. Time when the policy was last updated.
+       * </pre>
+       *
+       * <code>
+       * .google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];
+       * </code>
+       */
+      public Builder setUpdateTime(com.google.protobuf.Timestamp value) {
+        if (updateTimeBuilder_ == null) {
+          if (value == null) {
+            throw new NullPointerException();
+          }
+          updateTime_ = value;
+          onChanged();
+        } else {
+          updateTimeBuilder_.setMessage(value);
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Output only. Time when the policy was last updated.
+       * </pre>
+       *
+       * <code>
+       * .google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];
+       * </code>
+       */
+      public Builder setUpdateTime(com.google.protobuf.Timestamp.Builder builderForValue) {
+        if (updateTimeBuilder_ == null) {
+          updateTime_ = builderForValue.build();
+          onChanged();
+        } else {
+          updateTimeBuilder_.setMessage(builderForValue.build());
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Output only. Time when the policy was last updated.
+       * </pre>
+       *
+       * <code>
+       * .google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];
+       * </code>
+       */
+      public Builder mergeUpdateTime(com.google.protobuf.Timestamp value) {
+        if (updateTimeBuilder_ == null) {
+          if (updateTime_ != null) {
+            updateTime_ =
+                com.google.protobuf.Timestamp.newBuilder(updateTime_)
+                    .mergeFrom(value)
+                    .buildPartial();
+          } else {
+            updateTime_ = value;
+          }
+          onChanged();
+        } else {
+          updateTimeBuilder_.mergeFrom(value);
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Output only. Time when the policy was last updated.
+       * </pre>
+       *
+       * <code>
+       * .google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];
+       * </code>
+       */
+      public Builder clearUpdateTime() {
+        if (updateTimeBuilder_ == null) {
+          updateTime_ = null;
+          onChanged();
+        } else {
+          updateTime_ = null;
+          updateTimeBuilder_ = null;
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Output only. Time when the policy was last updated.
+       * </pre>
+       *
+       * <code>
+       * .google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];
+       * </code>
+       */
+      public com.google.protobuf.Timestamp.Builder getUpdateTimeBuilder() {
+
+        onChanged();
+        return getUpdateTimeFieldBuilder().getBuilder();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Output only. Time when the policy was last updated.
+       * </pre>
+       *
+       * <code>
+       * .google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];
+       * </code>
+       */
+      public com.google.protobuf.TimestampOrBuilder getUpdateTimeOrBuilder() {
+        if (updateTimeBuilder_ != null) {
+          return updateTimeBuilder_.getMessageOrBuilder();
+        } else {
+          return updateTime_ == null
+              ? com.google.protobuf.Timestamp.getDefaultInstance()
+              : updateTime_;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Output only. Time when the policy was last updated.
+       * </pre>
+       *
+       * <code>
+       * .google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];
+       * </code>
+       */
+      private com.google.protobuf.SingleFieldBuilderV3<
+              com.google.protobuf.Timestamp,
+              com.google.protobuf.Timestamp.Builder,
+              com.google.protobuf.TimestampOrBuilder>
+          getUpdateTimeFieldBuilder() {
+        if (updateTimeBuilder_ == null) {
+          updateTimeBuilder_ =
+              new com.google.protobuf.SingleFieldBuilderV3<
+                  com.google.protobuf.Timestamp,
+                  com.google.protobuf.Timestamp.Builder,
+                  com.google.protobuf.TimestampOrBuilder>(
+                  getUpdateTime(), getParentForChildren(), isClean());
+          updateTime_ = null;
+        }
+        return updateTimeBuilder_;
+      }
+
+      @java.lang.Override
+      public final Builder setUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.setUnknownFields(unknownFields);
+      }
+
+      @java.lang.Override
+      public final Builder mergeUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.mergeUnknownFields(unknownFields);
+      }
+
+      // @@protoc_insertion_point(builder_scope:google.cloud.binaryauthorization.v1.Policy)
+    }
+
+    // @@protoc_insertion_point(class_scope:google.cloud.binaryauthorization.v1.Policy)
+    private static final com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy
+        DEFAULT_INSTANCE;
+
+    static {
+      DEFAULT_INSTANCE =
+          new com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy();
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy
+        getDefaultInstance() {
+      return DEFAULT_INSTANCE;
+    }
+
+    private static final com.google.protobuf.Parser<Policy> PARSER =
+        new com.google.protobuf.AbstractParser<Policy>() {
+          @java.lang.Override
+          public Policy parsePartialFrom(
+              com.google.protobuf.CodedInputStream input,
+              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws com.google.protobuf.InvalidProtocolBufferException {
+            return new Policy(input, extensionRegistry);
+          }
+        };
+
+    public static com.google.protobuf.Parser<Policy> parser() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Parser<Policy> getParserForType() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy
+        getDefaultInstanceForType() {
+      return DEFAULT_INSTANCE;
+    }
+  }
+
+  public interface AdmissionWhitelistPatternOrBuilder
+      extends
+      // @@protoc_insertion_point(interface_extends:google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern)
+      com.google.protobuf.MessageOrBuilder {
+
+    /**
+     *
+     *
+     * <pre>
+     * An image name pattern to allowlist, in the form `registry/path/to/image`.
+     * This supports a trailing `*` wildcard, but this is allowed only in
+     * text after the `registry/` part. This also supports a trailing `**`
+     * wildcard which matches subdirectories of a given entry.
+     * </pre>
+     *
+     * <code>string name_pattern = 1;</code>
+     *
+     * @return The namePattern.
+     */
+    java.lang.String getNamePattern();
+    /**
+     *
+     *
+     * <pre>
+     * An image name pattern to allowlist, in the form `registry/path/to/image`.
+     * This supports a trailing `*` wildcard, but this is allowed only in
+     * text after the `registry/` part. This also supports a trailing `**`
+     * wildcard which matches subdirectories of a given entry.
+     * </pre>
+     *
+     * <code>string name_pattern = 1;</code>
+     *
+     * @return The bytes for namePattern.
+     */
+    com.google.protobuf.ByteString getNamePatternBytes();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * An [admission allowlist pattern][google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern] exempts images
+   * from checks by [admission rules][google.cloud.binaryauthorization.v1.AdmissionRule].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern}
+   */
+  public static final class AdmissionWhitelistPattern extends com.google.protobuf.GeneratedMessageV3
+      implements
+      // @@protoc_insertion_point(message_implements:google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern)
+      AdmissionWhitelistPatternOrBuilder {
+    private static final long serialVersionUID = 0L;
+    // Use AdmissionWhitelistPattern.newBuilder() to construct.
+    private AdmissionWhitelistPattern(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+      super(builder);
+    }
+
+    private AdmissionWhitelistPattern() {
+      namePattern_ = "";
+    }
+
+    @java.lang.Override
+    @SuppressWarnings({"unused"})
+    protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+      return new AdmissionWhitelistPattern();
+    }
+
+    @java.lang.Override
+    public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+      return this.unknownFields;
+    }
+
+    private AdmissionWhitelistPattern(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      this();
+      if (extensionRegistry == null) {
+        throw new java.lang.NullPointerException();
+      }
+      com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+          com.google.protobuf.UnknownFieldSet.newBuilder();
+      try {
+        boolean done = false;
+        while (!done) {
+          int tag = input.readTag();
+          switch (tag) {
+            case 0:
+              done = true;
+              break;
+            case 10:
+              {
+                java.lang.String s = input.readStringRequireUtf8();
+
+                namePattern_ = s;
+                break;
+              }
+            default:
+              {
+                if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                  done = true;
+                }
+                break;
+              }
+          }
+        }
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        throw e.setUnfinishedMessage(this);
+      } catch (java.io.IOException e) {
+        throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+      } finally {
+        this.unknownFields = unknownFields.build();
+        makeExtensionsImmutable();
+      }
+    }
+
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.protos.google.cloud.binaryauthorization.v1.Resources
+          .internal_static_google_cloud_binaryauthorization_v1_AdmissionWhitelistPattern_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.protos.google.cloud.binaryauthorization.v1.Resources
+          .internal_static_google_cloud_binaryauthorization_v1_AdmissionWhitelistPattern_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                  .AdmissionWhitelistPattern.class,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                  .AdmissionWhitelistPattern.Builder.class);
+    }
+
+    public static final int NAME_PATTERN_FIELD_NUMBER = 1;
+    private volatile java.lang.Object namePattern_;
+    /**
+     *
+     *
+     * <pre>
+     * An image name pattern to allowlist, in the form `registry/path/to/image`.
+     * This supports a trailing `*` wildcard, but this is allowed only in
+     * text after the `registry/` part. This also supports a trailing `**`
+     * wildcard which matches subdirectories of a given entry.
+     * </pre>
+     *
+     * <code>string name_pattern = 1;</code>
+     *
+     * @return The namePattern.
+     */
+    @java.lang.Override
+    public java.lang.String getNamePattern() {
+      java.lang.Object ref = namePattern_;
+      if (ref instanceof java.lang.String) {
+        return (java.lang.String) ref;
+      } else {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        namePattern_ = s;
+        return s;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * An image name pattern to allowlist, in the form `registry/path/to/image`.
+     * This supports a trailing `*` wildcard, but this is allowed only in
+     * text after the `registry/` part. This also supports a trailing `**`
+     * wildcard which matches subdirectories of a given entry.
+     * </pre>
+     *
+     * <code>string name_pattern = 1;</code>
+     *
+     * @return The bytes for namePattern.
+     */
+    @java.lang.Override
+    public com.google.protobuf.ByteString getNamePatternBytes() {
+      java.lang.Object ref = namePattern_;
+      if (ref instanceof java.lang.String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        namePattern_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+
+    private byte memoizedIsInitialized = -1;
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      byte isInitialized = memoizedIsInitialized;
+      if (isInitialized == 1) return true;
+      if (isInitialized == 0) return false;
+
+      memoizedIsInitialized = 1;
+      return true;
+    }
+
+    @java.lang.Override
+    public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+      if (!getNamePatternBytes().isEmpty()) {
+        com.google.protobuf.GeneratedMessageV3.writeString(output, 1, namePattern_);
+      }
+      unknownFields.writeTo(output);
+    }
+
+    @java.lang.Override
+    public int getSerializedSize() {
+      int size = memoizedSize;
+      if (size != -1) return size;
+
+      size = 0;
+      if (!getNamePatternBytes().isEmpty()) {
+        size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, namePattern_);
+      }
+      size += unknownFields.getSerializedSize();
+      memoizedSize = size;
+      return size;
+    }
+
+    @java.lang.Override
+    public boolean equals(final java.lang.Object obj) {
+      if (obj == this) {
+        return true;
+      }
+      if (!(obj
+          instanceof
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources
+              .AdmissionWhitelistPattern)) {
+        return super.equals(obj);
+      }
+      com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionWhitelistPattern
+          other =
+              (com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                      .AdmissionWhitelistPattern)
+                  obj;
+
+      if (!getNamePattern().equals(other.getNamePattern())) return false;
+      if (!unknownFields.equals(other.unknownFields)) return false;
+      return true;
+    }
+
+    @java.lang.Override
+    public int hashCode() {
+      if (memoizedHashCode != 0) {
+        return memoizedHashCode;
+      }
+      int hash = 41;
+      hash = (19 * hash) + getDescriptor().hashCode();
+      hash = (37 * hash) + NAME_PATTERN_FIELD_NUMBER;
+      hash = (53 * hash) + getNamePattern().hashCode();
+      hash = (29 * hash) + unknownFields.hashCode();
+      memoizedHashCode = hash;
+      return hash;
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .AdmissionWhitelistPattern
+        parseFrom(java.nio.ByteBuffer data)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .AdmissionWhitelistPattern
+        parseFrom(
+            java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .AdmissionWhitelistPattern
+        parseFrom(com.google.protobuf.ByteString data)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .AdmissionWhitelistPattern
+        parseFrom(
+            com.google.protobuf.ByteString data,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .AdmissionWhitelistPattern
+        parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .AdmissionWhitelistPattern
+        parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .AdmissionWhitelistPattern
+        parseFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .AdmissionWhitelistPattern
+        parseFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .AdmissionWhitelistPattern
+        parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .AdmissionWhitelistPattern
+        parseDelimitedFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .AdmissionWhitelistPattern
+        parseFrom(com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .AdmissionWhitelistPattern
+        parseFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    @java.lang.Override
+    public Builder newBuilderForType() {
+      return newBuilder();
+    }
+
+    public static Builder newBuilder() {
+      return DEFAULT_INSTANCE.toBuilder();
+    }
+
+    public static Builder newBuilder(
+        com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionWhitelistPattern
+            prototype) {
+      return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+    }
+
+    @java.lang.Override
+    public Builder toBuilder() {
+      return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+    }
+
+    @java.lang.Override
+    protected Builder newBuilderForType(
+        com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      Builder builder = new Builder(parent);
+      return builder;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * An [admission allowlist pattern][google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern] exempts images
+     * from checks by [admission rules][google.cloud.binaryauthorization.v1.AdmissionRule].
+     * </pre>
+     *
+     * Protobuf type {@code google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern}
+     */
+    public static final class Builder
+        extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+        implements
+        // @@protoc_insertion_point(builder_implements:google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern)
+        com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .AdmissionWhitelistPatternOrBuilder {
+      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .internal_static_google_cloud_binaryauthorization_v1_AdmissionWhitelistPattern_descriptor;
+      }
+
+      @java.lang.Override
+      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+          internalGetFieldAccessorTable() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .internal_static_google_cloud_binaryauthorization_v1_AdmissionWhitelistPattern_fieldAccessorTable
+            .ensureFieldAccessorsInitialized(
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                    .AdmissionWhitelistPattern.class,
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                    .AdmissionWhitelistPattern.Builder.class);
+      }
+
+      // Construct using
+      // com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionWhitelistPattern.newBuilder()
+      private Builder() {
+        maybeForceBuilderInitialization();
+      }
+
+      private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+        super(parent);
+        maybeForceBuilderInitialization();
+      }
+
+      private void maybeForceBuilderInitialization() {
+        if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+      }
+
+      @java.lang.Override
+      public Builder clear() {
+        super.clear();
+        namePattern_ = "";
+
+        return this;
+      }
+
+      @java.lang.Override
+      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .internal_static_google_cloud_binaryauthorization_v1_AdmissionWhitelistPattern_descriptor;
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources
+              .AdmissionWhitelistPattern
+          getDefaultInstanceForType() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .AdmissionWhitelistPattern.getDefaultInstance();
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources
+              .AdmissionWhitelistPattern
+          build() {
+        com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionWhitelistPattern
+            result = buildPartial();
+        if (!result.isInitialized()) {
+          throw newUninitializedMessageException(result);
+        }
+        return result;
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources
+              .AdmissionWhitelistPattern
+          buildPartial() {
+        com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionWhitelistPattern
+            result =
+                new com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                    .AdmissionWhitelistPattern(this);
+        result.namePattern_ = namePattern_;
+        onBuilt();
+        return result;
+      }
+
+      @java.lang.Override
+      public Builder clone() {
+        return super.clone();
+      }
+
+      @java.lang.Override
+      public Builder setField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.setField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+        return super.clearField(field);
+      }
+
+      @java.lang.Override
+      public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+        return super.clearOneof(oneof);
+      }
+
+      @java.lang.Override
+      public Builder setRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field,
+          int index,
+          java.lang.Object value) {
+        return super.setRepeatedField(field, index, value);
+      }
+
+      @java.lang.Override
+      public Builder addRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.addRepeatedField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(com.google.protobuf.Message other) {
+        if (other
+            instanceof
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                .AdmissionWhitelistPattern) {
+          return mergeFrom(
+              (com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                      .AdmissionWhitelistPattern)
+                  other);
+        } else {
+          super.mergeFrom(other);
+          return this;
+        }
+      }
+
+      public Builder mergeFrom(
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionWhitelistPattern
+              other) {
+        if (other
+            == com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                .AdmissionWhitelistPattern.getDefaultInstance()) return this;
+        if (!other.getNamePattern().isEmpty()) {
+          namePattern_ = other.namePattern_;
+          onChanged();
+        }
+        this.mergeUnknownFields(other.unknownFields);
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final boolean isInitialized() {
+        return true;
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+        com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionWhitelistPattern
+            parsedMessage = null;
+        try {
+          parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+        } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+          parsedMessage =
+              (com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                      .AdmissionWhitelistPattern)
+                  e.getUnfinishedMessage();
+          throw e.unwrapIOException();
+        } finally {
+          if (parsedMessage != null) {
+            mergeFrom(parsedMessage);
+          }
+        }
+        return this;
+      }
+
+      private java.lang.Object namePattern_ = "";
+      /**
+       *
+       *
+       * <pre>
+       * An image name pattern to allowlist, in the form `registry/path/to/image`.
+       * This supports a trailing `*` wildcard, but this is allowed only in
+       * text after the `registry/` part. This also supports a trailing `**`
+       * wildcard which matches subdirectories of a given entry.
+       * </pre>
+       *
+       * <code>string name_pattern = 1;</code>
+       *
+       * @return The namePattern.
+       */
+      public java.lang.String getNamePattern() {
+        java.lang.Object ref = namePattern_;
+        if (!(ref instanceof java.lang.String)) {
+          com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+          java.lang.String s = bs.toStringUtf8();
+          namePattern_ = s;
+          return s;
+        } else {
+          return (java.lang.String) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * An image name pattern to allowlist, in the form `registry/path/to/image`.
+       * This supports a trailing `*` wildcard, but this is allowed only in
+       * text after the `registry/` part. This also supports a trailing `**`
+       * wildcard which matches subdirectories of a given entry.
+       * </pre>
+       *
+       * <code>string name_pattern = 1;</code>
+       *
+       * @return The bytes for namePattern.
+       */
+      public com.google.protobuf.ByteString getNamePatternBytes() {
+        java.lang.Object ref = namePattern_;
+        if (ref instanceof String) {
+          com.google.protobuf.ByteString b =
+              com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+          namePattern_ = b;
+          return b;
+        } else {
+          return (com.google.protobuf.ByteString) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * An image name pattern to allowlist, in the form `registry/path/to/image`.
+       * This supports a trailing `*` wildcard, but this is allowed only in
+       * text after the `registry/` part. This also supports a trailing `**`
+       * wildcard which matches subdirectories of a given entry.
+       * </pre>
+       *
+       * <code>string name_pattern = 1;</code>
+       *
+       * @param value The namePattern to set.
+       * @return This builder for chaining.
+       */
+      public Builder setNamePattern(java.lang.String value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+
+        namePattern_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * An image name pattern to allowlist, in the form `registry/path/to/image`.
+       * This supports a trailing `*` wildcard, but this is allowed only in
+       * text after the `registry/` part. This also supports a trailing `**`
+       * wildcard which matches subdirectories of a given entry.
+       * </pre>
+       *
+       * <code>string name_pattern = 1;</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearNamePattern() {
+
+        namePattern_ = getDefaultInstance().getNamePattern();
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * An image name pattern to allowlist, in the form `registry/path/to/image`.
+       * This supports a trailing `*` wildcard, but this is allowed only in
+       * text after the `registry/` part. This also supports a trailing `**`
+       * wildcard which matches subdirectories of a given entry.
+       * </pre>
+       *
+       * <code>string name_pattern = 1;</code>
+       *
+       * @param value The bytes for namePattern to set.
+       * @return This builder for chaining.
+       */
+      public Builder setNamePatternBytes(com.google.protobuf.ByteString value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        checkByteStringIsUtf8(value);
+
+        namePattern_ = value;
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final Builder setUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.setUnknownFields(unknownFields);
+      }
+
+      @java.lang.Override
+      public final Builder mergeUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.mergeUnknownFields(unknownFields);
+      }
+
+      // @@protoc_insertion_point(builder_scope:google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern)
+    }
+
+    // @@protoc_insertion_point(class_scope:google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern)
+    private static final com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .AdmissionWhitelistPattern
+        DEFAULT_INSTANCE;
+
+    static {
+      DEFAULT_INSTANCE =
+          new com.google.protos.google.cloud.binaryauthorization.v1.Resources
+              .AdmissionWhitelistPattern();
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .AdmissionWhitelistPattern
+        getDefaultInstance() {
+      return DEFAULT_INSTANCE;
+    }
+
+    private static final com.google.protobuf.Parser<AdmissionWhitelistPattern> PARSER =
+        new com.google.protobuf.AbstractParser<AdmissionWhitelistPattern>() {
+          @java.lang.Override
+          public AdmissionWhitelistPattern parsePartialFrom(
+              com.google.protobuf.CodedInputStream input,
+              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws com.google.protobuf.InvalidProtocolBufferException {
+            return new AdmissionWhitelistPattern(input, extensionRegistry);
+          }
+        };
+
+    public static com.google.protobuf.Parser<AdmissionWhitelistPattern> parser() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Parser<AdmissionWhitelistPattern> getParserForType() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionWhitelistPattern
+        getDefaultInstanceForType() {
+      return DEFAULT_INSTANCE;
+    }
+  }
+
+  public interface AdmissionRuleOrBuilder
+      extends
+      // @@protoc_insertion_point(interface_extends:google.cloud.binaryauthorization.v1.AdmissionRule)
+      com.google.protobuf.MessageOrBuilder {
+
+    /**
+     *
+     *
+     * <pre>
+     * Required. How this admission rule will be evaluated.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.binaryauthorization.v1.AdmissionRule.EvaluationMode evaluation_mode = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return The enum numeric value on the wire for evaluationMode.
+     */
+    int getEvaluationModeValue();
+    /**
+     *
+     *
+     * <pre>
+     * Required. How this admission rule will be evaluated.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.binaryauthorization.v1.AdmissionRule.EvaluationMode evaluation_mode = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return The evaluationMode.
+     */
+    com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule.EvaluationMode
+        getEvaluationMode();
+
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The resource names of the attestors that must attest to
+     * a container image, in the format `projects/&#42;&#47;attestors/&#42;`. Each
+     * attestor must exist before a policy can reference it.  To add an attestor
+     * to a policy the principal issuing the policy change request must be able
+     * to read the attestor resource.
+     * Note: this field must be non-empty when the evaluation_mode field specifies
+     * REQUIRE_ATTESTATION, otherwise it must be empty.
+     * </pre>
+     *
+     * <code>repeated string require_attestations_by = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return A list containing the requireAttestationsBy.
+     */
+    java.util.List<java.lang.String> getRequireAttestationsByList();
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The resource names of the attestors that must attest to
+     * a container image, in the format `projects/&#42;&#47;attestors/&#42;`. Each
+     * attestor must exist before a policy can reference it.  To add an attestor
+     * to a policy the principal issuing the policy change request must be able
+     * to read the attestor resource.
+     * Note: this field must be non-empty when the evaluation_mode field specifies
+     * REQUIRE_ATTESTATION, otherwise it must be empty.
+     * </pre>
+     *
+     * <code>repeated string require_attestations_by = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return The count of requireAttestationsBy.
+     */
+    int getRequireAttestationsByCount();
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The resource names of the attestors that must attest to
+     * a container image, in the format `projects/&#42;&#47;attestors/&#42;`. Each
+     * attestor must exist before a policy can reference it.  To add an attestor
+     * to a policy the principal issuing the policy change request must be able
+     * to read the attestor resource.
+     * Note: this field must be non-empty when the evaluation_mode field specifies
+     * REQUIRE_ATTESTATION, otherwise it must be empty.
+     * </pre>
+     *
+     * <code>repeated string require_attestations_by = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @param index The index of the element to return.
+     * @return The requireAttestationsBy at the given index.
+     */
+    java.lang.String getRequireAttestationsBy(int index);
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The resource names of the attestors that must attest to
+     * a container image, in the format `projects/&#42;&#47;attestors/&#42;`. Each
+     * attestor must exist before a policy can reference it.  To add an attestor
+     * to a policy the principal issuing the policy change request must be able
+     * to read the attestor resource.
+     * Note: this field must be non-empty when the evaluation_mode field specifies
+     * REQUIRE_ATTESTATION, otherwise it must be empty.
+     * </pre>
+     *
+     * <code>repeated string require_attestations_by = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @param index The index of the value to return.
+     * @return The bytes of the requireAttestationsBy at the given index.
+     */
+    com.google.protobuf.ByteString getRequireAttestationsByBytes(int index);
+
+    /**
+     *
+     *
+     * <pre>
+     * Required. The action when a pod creation is denied by the admission rule.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.binaryauthorization.v1.AdmissionRule.EnforcementMode enforcement_mode = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return The enum numeric value on the wire for enforcementMode.
+     */
+    int getEnforcementModeValue();
+    /**
+     *
+     *
+     * <pre>
+     * Required. The action when a pod creation is denied by the admission rule.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.binaryauthorization.v1.AdmissionRule.EnforcementMode enforcement_mode = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return The enforcementMode.
+     */
+    com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule.EnforcementMode
+        getEnforcementMode();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * An [admission rule][google.cloud.binaryauthorization.v1.AdmissionRule] specifies either that all container images
+   * used in a pod creation request must be attested to by one or more
+   * [attestors][google.cloud.binaryauthorization.v1.Attestor], that all pod creations will be allowed, or that all
+   * pod creations will be denied.
+   * Images matching an [admission allowlist pattern][google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern]
+   * are exempted from admission rules and will never block a pod creation.
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.binaryauthorization.v1.AdmissionRule}
+   */
+  public static final class AdmissionRule extends com.google.protobuf.GeneratedMessageV3
+      implements
+      // @@protoc_insertion_point(message_implements:google.cloud.binaryauthorization.v1.AdmissionRule)
+      AdmissionRuleOrBuilder {
+    private static final long serialVersionUID = 0L;
+    // Use AdmissionRule.newBuilder() to construct.
+    private AdmissionRule(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+      super(builder);
+    }
+
+    private AdmissionRule() {
+      evaluationMode_ = 0;
+      requireAttestationsBy_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      enforcementMode_ = 0;
+    }
+
+    @java.lang.Override
+    @SuppressWarnings({"unused"})
+    protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+      return new AdmissionRule();
+    }
+
+    @java.lang.Override
+    public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+      return this.unknownFields;
+    }
+
+    private AdmissionRule(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      this();
+      if (extensionRegistry == null) {
+        throw new java.lang.NullPointerException();
+      }
+      int mutable_bitField0_ = 0;
+      com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+          com.google.protobuf.UnknownFieldSet.newBuilder();
+      try {
+        boolean done = false;
+        while (!done) {
+          int tag = input.readTag();
+          switch (tag) {
+            case 0:
+              done = true;
+              break;
+            case 8:
+              {
+                int rawValue = input.readEnum();
+
+                evaluationMode_ = rawValue;
+                break;
+              }
+            case 18:
+              {
+                java.lang.String s = input.readStringRequireUtf8();
+                if (!((mutable_bitField0_ & 0x00000001) != 0)) {
+                  requireAttestationsBy_ = new com.google.protobuf.LazyStringArrayList();
+                  mutable_bitField0_ |= 0x00000001;
+                }
+                requireAttestationsBy_.add(s);
+                break;
+              }
+            case 24:
+              {
+                int rawValue = input.readEnum();
+
+                enforcementMode_ = rawValue;
+                break;
+              }
+            default:
+              {
+                if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                  done = true;
+                }
+                break;
+              }
+          }
+        }
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        throw e.setUnfinishedMessage(this);
+      } catch (java.io.IOException e) {
+        throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+      } finally {
+        if (((mutable_bitField0_ & 0x00000001) != 0)) {
+          requireAttestationsBy_ = requireAttestationsBy_.getUnmodifiableView();
+        }
+        this.unknownFields = unknownFields.build();
+        makeExtensionsImmutable();
+      }
+    }
+
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.protos.google.cloud.binaryauthorization.v1.Resources
+          .internal_static_google_cloud_binaryauthorization_v1_AdmissionRule_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.protos.google.cloud.binaryauthorization.v1.Resources
+          .internal_static_google_cloud_binaryauthorization_v1_AdmissionRule_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule.class,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule.Builder
+                  .class);
+    }
+
+    /** Protobuf enum {@code google.cloud.binaryauthorization.v1.AdmissionRule.EvaluationMode} */
+    public enum EvaluationMode implements com.google.protobuf.ProtocolMessageEnum {
+      /**
+       *
+       *
+       * <pre>
+       * Do not use.
+       * </pre>
+       *
+       * <code>EVALUATION_MODE_UNSPECIFIED = 0;</code>
+       */
+      EVALUATION_MODE_UNSPECIFIED(0),
+      /**
+       *
+       *
+       * <pre>
+       * This rule allows all all pod creations.
+       * </pre>
+       *
+       * <code>ALWAYS_ALLOW = 1;</code>
+       */
+      ALWAYS_ALLOW(1),
+      /**
+       *
+       *
+       * <pre>
+       * This rule allows a pod creation if all the attestors listed in
+       * 'require_attestations_by' have valid attestations for all of the
+       * images in the pod spec.
+       * </pre>
+       *
+       * <code>REQUIRE_ATTESTATION = 2;</code>
+       */
+      REQUIRE_ATTESTATION(2),
+      /**
+       *
+       *
+       * <pre>
+       * This rule denies all pod creations.
+       * </pre>
+       *
+       * <code>ALWAYS_DENY = 3;</code>
+       */
+      ALWAYS_DENY(3),
+      UNRECOGNIZED(-1),
+      ;
+
+      /**
+       *
+       *
+       * <pre>
+       * Do not use.
+       * </pre>
+       *
+       * <code>EVALUATION_MODE_UNSPECIFIED = 0;</code>
+       */
+      public static final int EVALUATION_MODE_UNSPECIFIED_VALUE = 0;
+      /**
+       *
+       *
+       * <pre>
+       * This rule allows all all pod creations.
+       * </pre>
+       *
+       * <code>ALWAYS_ALLOW = 1;</code>
+       */
+      public static final int ALWAYS_ALLOW_VALUE = 1;
+      /**
+       *
+       *
+       * <pre>
+       * This rule allows a pod creation if all the attestors listed in
+       * 'require_attestations_by' have valid attestations for all of the
+       * images in the pod spec.
+       * </pre>
+       *
+       * <code>REQUIRE_ATTESTATION = 2;</code>
+       */
+      public static final int REQUIRE_ATTESTATION_VALUE = 2;
+      /**
+       *
+       *
+       * <pre>
+       * This rule denies all pod creations.
+       * </pre>
+       *
+       * <code>ALWAYS_DENY = 3;</code>
+       */
+      public static final int ALWAYS_DENY_VALUE = 3;
+
+      public final int getNumber() {
+        if (this == UNRECOGNIZED) {
+          throw new java.lang.IllegalArgumentException(
+              "Can't get the number of an unknown enum value.");
+        }
+        return value;
+      }
+
+      /**
+       * @param value The numeric wire value of the corresponding enum entry.
+       * @return The enum associated with the given numeric wire value.
+       * @deprecated Use {@link #forNumber(int)} instead.
+       */
+      @java.lang.Deprecated
+      public static EvaluationMode valueOf(int value) {
+        return forNumber(value);
+      }
+
+      /**
+       * @param value The numeric wire value of the corresponding enum entry.
+       * @return The enum associated with the given numeric wire value.
+       */
+      public static EvaluationMode forNumber(int value) {
+        switch (value) {
+          case 0:
+            return EVALUATION_MODE_UNSPECIFIED;
+          case 1:
+            return ALWAYS_ALLOW;
+          case 2:
+            return REQUIRE_ATTESTATION;
+          case 3:
+            return ALWAYS_DENY;
+          default:
+            return null;
+        }
+      }
+
+      public static com.google.protobuf.Internal.EnumLiteMap<EvaluationMode> internalGetValueMap() {
+        return internalValueMap;
+      }
+
+      private static final com.google.protobuf.Internal.EnumLiteMap<EvaluationMode>
+          internalValueMap =
+              new com.google.protobuf.Internal.EnumLiteMap<EvaluationMode>() {
+                public EvaluationMode findValueByNumber(int number) {
+                  return EvaluationMode.forNumber(number);
+                }
+              };
+
+      public final com.google.protobuf.Descriptors.EnumValueDescriptor getValueDescriptor() {
+        if (this == UNRECOGNIZED) {
+          throw new java.lang.IllegalStateException(
+              "Can't get the descriptor of an unrecognized enum value.");
+        }
+        return getDescriptor().getValues().get(ordinal());
+      }
+
+      public final com.google.protobuf.Descriptors.EnumDescriptor getDescriptorForType() {
+        return getDescriptor();
+      }
+
+      public static final com.google.protobuf.Descriptors.EnumDescriptor getDescriptor() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+            .getDescriptor()
+            .getEnumTypes()
+            .get(0);
+      }
+
+      private static final EvaluationMode[] VALUES = values();
+
+      public static EvaluationMode valueOf(
+          com.google.protobuf.Descriptors.EnumValueDescriptor desc) {
+        if (desc.getType() != getDescriptor()) {
+          throw new java.lang.IllegalArgumentException("EnumValueDescriptor is not for this type.");
+        }
+        if (desc.getIndex() == -1) {
+          return UNRECOGNIZED;
+        }
+        return VALUES[desc.getIndex()];
+      }
+
+      private final int value;
+
+      private EvaluationMode(int value) {
+        this.value = value;
+      }
+
+      // @@protoc_insertion_point(enum_scope:google.cloud.binaryauthorization.v1.AdmissionRule.EvaluationMode)
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Defines the possible actions when a pod creation is denied by an admission
+     * rule.
+     * </pre>
+     *
+     * Protobuf enum {@code google.cloud.binaryauthorization.v1.AdmissionRule.EnforcementMode}
+     */
+    public enum EnforcementMode implements com.google.protobuf.ProtocolMessageEnum {
+      /**
+       *
+       *
+       * <pre>
+       * Do not use.
+       * </pre>
+       *
+       * <code>ENFORCEMENT_MODE_UNSPECIFIED = 0;</code>
+       */
+      ENFORCEMENT_MODE_UNSPECIFIED(0),
+      /**
+       *
+       *
+       * <pre>
+       * Enforce the admission rule by blocking the pod creation.
+       * </pre>
+       *
+       * <code>ENFORCED_BLOCK_AND_AUDIT_LOG = 1;</code>
+       */
+      ENFORCED_BLOCK_AND_AUDIT_LOG(1),
+      /**
+       *
+       *
+       * <pre>
+       * Dryrun mode: Audit logging only.  This will allow the pod creation as if
+       * the admission request had specified break-glass.
+       * </pre>
+       *
+       * <code>DRYRUN_AUDIT_LOG_ONLY = 2;</code>
+       */
+      DRYRUN_AUDIT_LOG_ONLY(2),
+      UNRECOGNIZED(-1),
+      ;
+
+      /**
+       *
+       *
+       * <pre>
+       * Do not use.
+       * </pre>
+       *
+       * <code>ENFORCEMENT_MODE_UNSPECIFIED = 0;</code>
+       */
+      public static final int ENFORCEMENT_MODE_UNSPECIFIED_VALUE = 0;
+      /**
+       *
+       *
+       * <pre>
+       * Enforce the admission rule by blocking the pod creation.
+       * </pre>
+       *
+       * <code>ENFORCED_BLOCK_AND_AUDIT_LOG = 1;</code>
+       */
+      public static final int ENFORCED_BLOCK_AND_AUDIT_LOG_VALUE = 1;
+      /**
+       *
+       *
+       * <pre>
+       * Dryrun mode: Audit logging only.  This will allow the pod creation as if
+       * the admission request had specified break-glass.
+       * </pre>
+       *
+       * <code>DRYRUN_AUDIT_LOG_ONLY = 2;</code>
+       */
+      public static final int DRYRUN_AUDIT_LOG_ONLY_VALUE = 2;
+
+      public final int getNumber() {
+        if (this == UNRECOGNIZED) {
+          throw new java.lang.IllegalArgumentException(
+              "Can't get the number of an unknown enum value.");
+        }
+        return value;
+      }
+
+      /**
+       * @param value The numeric wire value of the corresponding enum entry.
+       * @return The enum associated with the given numeric wire value.
+       * @deprecated Use {@link #forNumber(int)} instead.
+       */
+      @java.lang.Deprecated
+      public static EnforcementMode valueOf(int value) {
+        return forNumber(value);
+      }
+
+      /**
+       * @param value The numeric wire value of the corresponding enum entry.
+       * @return The enum associated with the given numeric wire value.
+       */
+      public static EnforcementMode forNumber(int value) {
+        switch (value) {
+          case 0:
+            return ENFORCEMENT_MODE_UNSPECIFIED;
+          case 1:
+            return ENFORCED_BLOCK_AND_AUDIT_LOG;
+          case 2:
+            return DRYRUN_AUDIT_LOG_ONLY;
+          default:
+            return null;
+        }
+      }
+
+      public static com.google.protobuf.Internal.EnumLiteMap<EnforcementMode>
+          internalGetValueMap() {
+        return internalValueMap;
+      }
+
+      private static final com.google.protobuf.Internal.EnumLiteMap<EnforcementMode>
+          internalValueMap =
+              new com.google.protobuf.Internal.EnumLiteMap<EnforcementMode>() {
+                public EnforcementMode findValueByNumber(int number) {
+                  return EnforcementMode.forNumber(number);
+                }
+              };
+
+      public final com.google.protobuf.Descriptors.EnumValueDescriptor getValueDescriptor() {
+        if (this == UNRECOGNIZED) {
+          throw new java.lang.IllegalStateException(
+              "Can't get the descriptor of an unrecognized enum value.");
+        }
+        return getDescriptor().getValues().get(ordinal());
+      }
+
+      public final com.google.protobuf.Descriptors.EnumDescriptor getDescriptorForType() {
+        return getDescriptor();
+      }
+
+      public static final com.google.protobuf.Descriptors.EnumDescriptor getDescriptor() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+            .getDescriptor()
+            .getEnumTypes()
+            .get(1);
+      }
+
+      private static final EnforcementMode[] VALUES = values();
+
+      public static EnforcementMode valueOf(
+          com.google.protobuf.Descriptors.EnumValueDescriptor desc) {
+        if (desc.getType() != getDescriptor()) {
+          throw new java.lang.IllegalArgumentException("EnumValueDescriptor is not for this type.");
+        }
+        if (desc.getIndex() == -1) {
+          return UNRECOGNIZED;
+        }
+        return VALUES[desc.getIndex()];
+      }
+
+      private final int value;
+
+      private EnforcementMode(int value) {
+        this.value = value;
+      }
+
+      // @@protoc_insertion_point(enum_scope:google.cloud.binaryauthorization.v1.AdmissionRule.EnforcementMode)
+    }
+
+    public static final int EVALUATION_MODE_FIELD_NUMBER = 1;
+    private int evaluationMode_;
+    /**
+     *
+     *
+     * <pre>
+     * Required. How this admission rule will be evaluated.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.binaryauthorization.v1.AdmissionRule.EvaluationMode evaluation_mode = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return The enum numeric value on the wire for evaluationMode.
+     */
+    @java.lang.Override
+    public int getEvaluationModeValue() {
+      return evaluationMode_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. How this admission rule will be evaluated.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.binaryauthorization.v1.AdmissionRule.EvaluationMode evaluation_mode = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return The evaluationMode.
+     */
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+            .EvaluationMode
+        getEvaluationMode() {
+      @SuppressWarnings("deprecation")
+      com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule.EvaluationMode
+          result =
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+                  .EvaluationMode.valueOf(evaluationMode_);
+      return result == null
+          ? com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+              .EvaluationMode.UNRECOGNIZED
+          : result;
+    }
+
+    public static final int REQUIRE_ATTESTATIONS_BY_FIELD_NUMBER = 2;
+    private com.google.protobuf.LazyStringList requireAttestationsBy_;
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The resource names of the attestors that must attest to
+     * a container image, in the format `projects/&#42;&#47;attestors/&#42;`. Each
+     * attestor must exist before a policy can reference it.  To add an attestor
+     * to a policy the principal issuing the policy change request must be able
+     * to read the attestor resource.
+     * Note: this field must be non-empty when the evaluation_mode field specifies
+     * REQUIRE_ATTESTATION, otherwise it must be empty.
+     * </pre>
+     *
+     * <code>repeated string require_attestations_by = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return A list containing the requireAttestationsBy.
+     */
+    public com.google.protobuf.ProtocolStringList getRequireAttestationsByList() {
+      return requireAttestationsBy_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The resource names of the attestors that must attest to
+     * a container image, in the format `projects/&#42;&#47;attestors/&#42;`. Each
+     * attestor must exist before a policy can reference it.  To add an attestor
+     * to a policy the principal issuing the policy change request must be able
+     * to read the attestor resource.
+     * Note: this field must be non-empty when the evaluation_mode field specifies
+     * REQUIRE_ATTESTATION, otherwise it must be empty.
+     * </pre>
+     *
+     * <code>repeated string require_attestations_by = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return The count of requireAttestationsBy.
+     */
+    public int getRequireAttestationsByCount() {
+      return requireAttestationsBy_.size();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The resource names of the attestors that must attest to
+     * a container image, in the format `projects/&#42;&#47;attestors/&#42;`. Each
+     * attestor must exist before a policy can reference it.  To add an attestor
+     * to a policy the principal issuing the policy change request must be able
+     * to read the attestor resource.
+     * Note: this field must be non-empty when the evaluation_mode field specifies
+     * REQUIRE_ATTESTATION, otherwise it must be empty.
+     * </pre>
+     *
+     * <code>repeated string require_attestations_by = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @param index The index of the element to return.
+     * @return The requireAttestationsBy at the given index.
+     */
+    public java.lang.String getRequireAttestationsBy(int index) {
+      return requireAttestationsBy_.get(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The resource names of the attestors that must attest to
+     * a container image, in the format `projects/&#42;&#47;attestors/&#42;`. Each
+     * attestor must exist before a policy can reference it.  To add an attestor
+     * to a policy the principal issuing the policy change request must be able
+     * to read the attestor resource.
+     * Note: this field must be non-empty when the evaluation_mode field specifies
+     * REQUIRE_ATTESTATION, otherwise it must be empty.
+     * </pre>
+     *
+     * <code>repeated string require_attestations_by = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @param index The index of the value to return.
+     * @return The bytes of the requireAttestationsBy at the given index.
+     */
+    public com.google.protobuf.ByteString getRequireAttestationsByBytes(int index) {
+      return requireAttestationsBy_.getByteString(index);
+    }
+
+    public static final int ENFORCEMENT_MODE_FIELD_NUMBER = 3;
+    private int enforcementMode_;
+    /**
+     *
+     *
+     * <pre>
+     * Required. The action when a pod creation is denied by the admission rule.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.binaryauthorization.v1.AdmissionRule.EnforcementMode enforcement_mode = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return The enum numeric value on the wire for enforcementMode.
+     */
+    @java.lang.Override
+    public int getEnforcementModeValue() {
+      return enforcementMode_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The action when a pod creation is denied by the admission rule.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.binaryauthorization.v1.AdmissionRule.EnforcementMode enforcement_mode = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return The enforcementMode.
+     */
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+            .EnforcementMode
+        getEnforcementMode() {
+      @SuppressWarnings("deprecation")
+      com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule.EnforcementMode
+          result =
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+                  .EnforcementMode.valueOf(enforcementMode_);
+      return result == null
+          ? com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+              .EnforcementMode.UNRECOGNIZED
+          : result;
+    }
+
+    private byte memoizedIsInitialized = -1;
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      byte isInitialized = memoizedIsInitialized;
+      if (isInitialized == 1) return true;
+      if (isInitialized == 0) return false;
+
+      memoizedIsInitialized = 1;
+      return true;
+    }
+
+    @java.lang.Override
+    public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+      if (evaluationMode_
+          != com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+              .EvaluationMode.EVALUATION_MODE_UNSPECIFIED
+              .getNumber()) {
+        output.writeEnum(1, evaluationMode_);
+      }
+      for (int i = 0; i < requireAttestationsBy_.size(); i++) {
+        com.google.protobuf.GeneratedMessageV3.writeString(
+            output, 2, requireAttestationsBy_.getRaw(i));
+      }
+      if (enforcementMode_
+          != com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+              .EnforcementMode.ENFORCEMENT_MODE_UNSPECIFIED
+              .getNumber()) {
+        output.writeEnum(3, enforcementMode_);
+      }
+      unknownFields.writeTo(output);
+    }
+
+    @java.lang.Override
+    public int getSerializedSize() {
+      int size = memoizedSize;
+      if (size != -1) return size;
+
+      size = 0;
+      if (evaluationMode_
+          != com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+              .EvaluationMode.EVALUATION_MODE_UNSPECIFIED
+              .getNumber()) {
+        size += com.google.protobuf.CodedOutputStream.computeEnumSize(1, evaluationMode_);
+      }
+      {
+        int dataSize = 0;
+        for (int i = 0; i < requireAttestationsBy_.size(); i++) {
+          dataSize += computeStringSizeNoTag(requireAttestationsBy_.getRaw(i));
+        }
+        size += dataSize;
+        size += 1 * getRequireAttestationsByList().size();
+      }
+      if (enforcementMode_
+          != com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+              .EnforcementMode.ENFORCEMENT_MODE_UNSPECIFIED
+              .getNumber()) {
+        size += com.google.protobuf.CodedOutputStream.computeEnumSize(3, enforcementMode_);
+      }
+      size += unknownFields.getSerializedSize();
+      memoizedSize = size;
+      return size;
+    }
+
+    @java.lang.Override
+    public boolean equals(final java.lang.Object obj) {
+      if (obj == this) {
+        return true;
+      }
+      if (!(obj
+          instanceof
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule)) {
+        return super.equals(obj);
+      }
+      com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule other =
+          (com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule) obj;
+
+      if (evaluationMode_ != other.evaluationMode_) return false;
+      if (!getRequireAttestationsByList().equals(other.getRequireAttestationsByList()))
+        return false;
+      if (enforcementMode_ != other.enforcementMode_) return false;
+      if (!unknownFields.equals(other.unknownFields)) return false;
+      return true;
+    }
+
+    @java.lang.Override
+    public int hashCode() {
+      if (memoizedHashCode != 0) {
+        return memoizedHashCode;
+      }
+      int hash = 41;
+      hash = (19 * hash) + getDescriptor().hashCode();
+      hash = (37 * hash) + EVALUATION_MODE_FIELD_NUMBER;
+      hash = (53 * hash) + evaluationMode_;
+      if (getRequireAttestationsByCount() > 0) {
+        hash = (37 * hash) + REQUIRE_ATTESTATIONS_BY_FIELD_NUMBER;
+        hash = (53 * hash) + getRequireAttestationsByList().hashCode();
+      }
+      hash = (37 * hash) + ENFORCEMENT_MODE_FIELD_NUMBER;
+      hash = (53 * hash) + enforcementMode_;
+      hash = (29 * hash) + unknownFields.hashCode();
+      memoizedHashCode = hash;
+      return hash;
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+        parseFrom(java.nio.ByteBuffer data)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+        parseFrom(
+            java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+        parseFrom(com.google.protobuf.ByteString data)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+        parseFrom(
+            com.google.protobuf.ByteString data,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+        parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+        parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+        parseFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+        parseFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+        parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+        parseDelimitedFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+        parseFrom(com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+        parseFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    @java.lang.Override
+    public Builder newBuilderForType() {
+      return newBuilder();
+    }
+
+    public static Builder newBuilder() {
+      return DEFAULT_INSTANCE.toBuilder();
+    }
+
+    public static Builder newBuilder(
+        com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule prototype) {
+      return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+    }
+
+    @java.lang.Override
+    public Builder toBuilder() {
+      return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+    }
+
+    @java.lang.Override
+    protected Builder newBuilderForType(
+        com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      Builder builder = new Builder(parent);
+      return builder;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * An [admission rule][google.cloud.binaryauthorization.v1.AdmissionRule] specifies either that all container images
+     * used in a pod creation request must be attested to by one or more
+     * [attestors][google.cloud.binaryauthorization.v1.Attestor], that all pod creations will be allowed, or that all
+     * pod creations will be denied.
+     * Images matching an [admission allowlist pattern][google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern]
+     * are exempted from admission rules and will never block a pod creation.
+     * </pre>
+     *
+     * Protobuf type {@code google.cloud.binaryauthorization.v1.AdmissionRule}
+     */
+    public static final class Builder
+        extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+        implements
+        // @@protoc_insertion_point(builder_implements:google.cloud.binaryauthorization.v1.AdmissionRule)
+        com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRuleOrBuilder {
+      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .internal_static_google_cloud_binaryauthorization_v1_AdmissionRule_descriptor;
+      }
+
+      @java.lang.Override
+      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+          internalGetFieldAccessorTable() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .internal_static_google_cloud_binaryauthorization_v1_AdmissionRule_fieldAccessorTable
+            .ensureFieldAccessorsInitialized(
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule.class,
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+                    .Builder.class);
+      }
+
+      // Construct using
+      // com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule.newBuilder()
+      private Builder() {
+        maybeForceBuilderInitialization();
+      }
+
+      private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+        super(parent);
+        maybeForceBuilderInitialization();
+      }
+
+      private void maybeForceBuilderInitialization() {
+        if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+      }
+
+      @java.lang.Override
+      public Builder clear() {
+        super.clear();
+        evaluationMode_ = 0;
+
+        requireAttestationsBy_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+        bitField0_ = (bitField0_ & ~0x00000001);
+        enforcementMode_ = 0;
+
+        return this;
+      }
+
+      @java.lang.Override
+      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .internal_static_google_cloud_binaryauthorization_v1_AdmissionRule_descriptor;
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+          getDefaultInstanceForType() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+            .getDefaultInstance();
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule build() {
+        com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule result =
+            buildPartial();
+        if (!result.isInitialized()) {
+          throw newUninitializedMessageException(result);
+        }
+        return result;
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+          buildPartial() {
+        com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule result =
+            new com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule(this);
+        int from_bitField0_ = bitField0_;
+        result.evaluationMode_ = evaluationMode_;
+        if (((bitField0_ & 0x00000001) != 0)) {
+          requireAttestationsBy_ = requireAttestationsBy_.getUnmodifiableView();
+          bitField0_ = (bitField0_ & ~0x00000001);
+        }
+        result.requireAttestationsBy_ = requireAttestationsBy_;
+        result.enforcementMode_ = enforcementMode_;
+        onBuilt();
+        return result;
+      }
+
+      @java.lang.Override
+      public Builder clone() {
+        return super.clone();
+      }
+
+      @java.lang.Override
+      public Builder setField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.setField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+        return super.clearField(field);
+      }
+
+      @java.lang.Override
+      public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+        return super.clearOneof(oneof);
+      }
+
+      @java.lang.Override
+      public Builder setRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field,
+          int index,
+          java.lang.Object value) {
+        return super.setRepeatedField(field, index, value);
+      }
+
+      @java.lang.Override
+      public Builder addRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.addRepeatedField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(com.google.protobuf.Message other) {
+        if (other
+            instanceof
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule) {
+          return mergeFrom(
+              (com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule)
+                  other);
+        } else {
+          super.mergeFrom(other);
+          return this;
+        }
+      }
+
+      public Builder mergeFrom(
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule other) {
+        if (other
+            == com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+                .getDefaultInstance()) return this;
+        if (other.evaluationMode_ != 0) {
+          setEvaluationModeValue(other.getEvaluationModeValue());
+        }
+        if (!other.requireAttestationsBy_.isEmpty()) {
+          if (requireAttestationsBy_.isEmpty()) {
+            requireAttestationsBy_ = other.requireAttestationsBy_;
+            bitField0_ = (bitField0_ & ~0x00000001);
+          } else {
+            ensureRequireAttestationsByIsMutable();
+            requireAttestationsBy_.addAll(other.requireAttestationsBy_);
+          }
+          onChanged();
+        }
+        if (other.enforcementMode_ != 0) {
+          setEnforcementModeValue(other.getEnforcementModeValue());
+        }
+        this.mergeUnknownFields(other.unknownFields);
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final boolean isInitialized() {
+        return true;
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+        com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+            parsedMessage = null;
+        try {
+          parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+        } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+          parsedMessage =
+              (com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule)
+                  e.getUnfinishedMessage();
+          throw e.unwrapIOException();
+        } finally {
+          if (parsedMessage != null) {
+            mergeFrom(parsedMessage);
+          }
+        }
+        return this;
+      }
+
+      private int bitField0_;
+
+      private int evaluationMode_ = 0;
+      /**
+       *
+       *
+       * <pre>
+       * Required. How this admission rule will be evaluated.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.AdmissionRule.EvaluationMode evaluation_mode = 1 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       *
+       * @return The enum numeric value on the wire for evaluationMode.
+       */
+      @java.lang.Override
+      public int getEvaluationModeValue() {
+        return evaluationMode_;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. How this admission rule will be evaluated.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.AdmissionRule.EvaluationMode evaluation_mode = 1 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       *
+       * @param value The enum numeric value on the wire for evaluationMode to set.
+       * @return This builder for chaining.
+       */
+      public Builder setEvaluationModeValue(int value) {
+
+        evaluationMode_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. How this admission rule will be evaluated.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.AdmissionRule.EvaluationMode evaluation_mode = 1 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       *
+       * @return The evaluationMode.
+       */
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+              .EvaluationMode
+          getEvaluationMode() {
+        @SuppressWarnings("deprecation")
+        com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule.EvaluationMode
+            result =
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+                    .EvaluationMode.valueOf(evaluationMode_);
+        return result == null
+            ? com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+                .EvaluationMode.UNRECOGNIZED
+            : result;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. How this admission rule will be evaluated.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.AdmissionRule.EvaluationMode evaluation_mode = 1 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       *
+       * @param value The evaluationMode to set.
+       * @return This builder for chaining.
+       */
+      public Builder setEvaluationMode(
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+                  .EvaluationMode
+              value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+
+        evaluationMode_ = value.getNumber();
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. How this admission rule will be evaluated.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.AdmissionRule.EvaluationMode evaluation_mode = 1 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearEvaluationMode() {
+
+        evaluationMode_ = 0;
+        onChanged();
+        return this;
+      }
+
+      private com.google.protobuf.LazyStringList requireAttestationsBy_ =
+          com.google.protobuf.LazyStringArrayList.EMPTY;
+
+      private void ensureRequireAttestationsByIsMutable() {
+        if (!((bitField0_ & 0x00000001) != 0)) {
+          requireAttestationsBy_ =
+              new com.google.protobuf.LazyStringArrayList(requireAttestationsBy_);
+          bitField0_ |= 0x00000001;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. The resource names of the attestors that must attest to
+       * a container image, in the format `projects/&#42;&#47;attestors/&#42;`. Each
+       * attestor must exist before a policy can reference it.  To add an attestor
+       * to a policy the principal issuing the policy change request must be able
+       * to read the attestor resource.
+       * Note: this field must be non-empty when the evaluation_mode field specifies
+       * REQUIRE_ATTESTATION, otherwise it must be empty.
+       * </pre>
+       *
+       * <code>
+       * repeated string require_attestations_by = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       *
+       * @return A list containing the requireAttestationsBy.
+       */
+      public com.google.protobuf.ProtocolStringList getRequireAttestationsByList() {
+        return requireAttestationsBy_.getUnmodifiableView();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. The resource names of the attestors that must attest to
+       * a container image, in the format `projects/&#42;&#47;attestors/&#42;`. Each
+       * attestor must exist before a policy can reference it.  To add an attestor
+       * to a policy the principal issuing the policy change request must be able
+       * to read the attestor resource.
+       * Note: this field must be non-empty when the evaluation_mode field specifies
+       * REQUIRE_ATTESTATION, otherwise it must be empty.
+       * </pre>
+       *
+       * <code>
+       * repeated string require_attestations_by = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       *
+       * @return The count of requireAttestationsBy.
+       */
+      public int getRequireAttestationsByCount() {
+        return requireAttestationsBy_.size();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. The resource names of the attestors that must attest to
+       * a container image, in the format `projects/&#42;&#47;attestors/&#42;`. Each
+       * attestor must exist before a policy can reference it.  To add an attestor
+       * to a policy the principal issuing the policy change request must be able
+       * to read the attestor resource.
+       * Note: this field must be non-empty when the evaluation_mode field specifies
+       * REQUIRE_ATTESTATION, otherwise it must be empty.
+       * </pre>
+       *
+       * <code>
+       * repeated string require_attestations_by = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       *
+       * @param index The index of the element to return.
+       * @return The requireAttestationsBy at the given index.
+       */
+      public java.lang.String getRequireAttestationsBy(int index) {
+        return requireAttestationsBy_.get(index);
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. The resource names of the attestors that must attest to
+       * a container image, in the format `projects/&#42;&#47;attestors/&#42;`. Each
+       * attestor must exist before a policy can reference it.  To add an attestor
+       * to a policy the principal issuing the policy change request must be able
+       * to read the attestor resource.
+       * Note: this field must be non-empty when the evaluation_mode field specifies
+       * REQUIRE_ATTESTATION, otherwise it must be empty.
+       * </pre>
+       *
+       * <code>
+       * repeated string require_attestations_by = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       *
+       * @param index The index of the value to return.
+       * @return The bytes of the requireAttestationsBy at the given index.
+       */
+      public com.google.protobuf.ByteString getRequireAttestationsByBytes(int index) {
+        return requireAttestationsBy_.getByteString(index);
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. The resource names of the attestors that must attest to
+       * a container image, in the format `projects/&#42;&#47;attestors/&#42;`. Each
+       * attestor must exist before a policy can reference it.  To add an attestor
+       * to a policy the principal issuing the policy change request must be able
+       * to read the attestor resource.
+       * Note: this field must be non-empty when the evaluation_mode field specifies
+       * REQUIRE_ATTESTATION, otherwise it must be empty.
+       * </pre>
+       *
+       * <code>
+       * repeated string require_attestations_by = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       *
+       * @param index The index to set the value at.
+       * @param value The requireAttestationsBy to set.
+       * @return This builder for chaining.
+       */
+      public Builder setRequireAttestationsBy(int index, java.lang.String value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureRequireAttestationsByIsMutable();
+        requireAttestationsBy_.set(index, value);
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. The resource names of the attestors that must attest to
+       * a container image, in the format `projects/&#42;&#47;attestors/&#42;`. Each
+       * attestor must exist before a policy can reference it.  To add an attestor
+       * to a policy the principal issuing the policy change request must be able
+       * to read the attestor resource.
+       * Note: this field must be non-empty when the evaluation_mode field specifies
+       * REQUIRE_ATTESTATION, otherwise it must be empty.
+       * </pre>
+       *
+       * <code>
+       * repeated string require_attestations_by = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       *
+       * @param value The requireAttestationsBy to add.
+       * @return This builder for chaining.
+       */
+      public Builder addRequireAttestationsBy(java.lang.String value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureRequireAttestationsByIsMutable();
+        requireAttestationsBy_.add(value);
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. The resource names of the attestors that must attest to
+       * a container image, in the format `projects/&#42;&#47;attestors/&#42;`. Each
+       * attestor must exist before a policy can reference it.  To add an attestor
+       * to a policy the principal issuing the policy change request must be able
+       * to read the attestor resource.
+       * Note: this field must be non-empty when the evaluation_mode field specifies
+       * REQUIRE_ATTESTATION, otherwise it must be empty.
+       * </pre>
+       *
+       * <code>
+       * repeated string require_attestations_by = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       *
+       * @param values The requireAttestationsBy to add.
+       * @return This builder for chaining.
+       */
+      public Builder addAllRequireAttestationsBy(java.lang.Iterable<java.lang.String> values) {
+        ensureRequireAttestationsByIsMutable();
+        com.google.protobuf.AbstractMessageLite.Builder.addAll(values, requireAttestationsBy_);
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. The resource names of the attestors that must attest to
+       * a container image, in the format `projects/&#42;&#47;attestors/&#42;`. Each
+       * attestor must exist before a policy can reference it.  To add an attestor
+       * to a policy the principal issuing the policy change request must be able
+       * to read the attestor resource.
+       * Note: this field must be non-empty when the evaluation_mode field specifies
+       * REQUIRE_ATTESTATION, otherwise it must be empty.
+       * </pre>
+       *
+       * <code>
+       * repeated string require_attestations_by = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearRequireAttestationsBy() {
+        requireAttestationsBy_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+        bitField0_ = (bitField0_ & ~0x00000001);
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. The resource names of the attestors that must attest to
+       * a container image, in the format `projects/&#42;&#47;attestors/&#42;`. Each
+       * attestor must exist before a policy can reference it.  To add an attestor
+       * to a policy the principal issuing the policy change request must be able
+       * to read the attestor resource.
+       * Note: this field must be non-empty when the evaluation_mode field specifies
+       * REQUIRE_ATTESTATION, otherwise it must be empty.
+       * </pre>
+       *
+       * <code>
+       * repeated string require_attestations_by = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       *
+       * @param value The bytes of the requireAttestationsBy to add.
+       * @return This builder for chaining.
+       */
+      public Builder addRequireAttestationsByBytes(com.google.protobuf.ByteString value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        checkByteStringIsUtf8(value);
+        ensureRequireAttestationsByIsMutable();
+        requireAttestationsBy_.add(value);
+        onChanged();
+        return this;
+      }
+
+      private int enforcementMode_ = 0;
+      /**
+       *
+       *
+       * <pre>
+       * Required. The action when a pod creation is denied by the admission rule.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.AdmissionRule.EnforcementMode enforcement_mode = 3 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       *
+       * @return The enum numeric value on the wire for enforcementMode.
+       */
+      @java.lang.Override
+      public int getEnforcementModeValue() {
+        return enforcementMode_;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The action when a pod creation is denied by the admission rule.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.AdmissionRule.EnforcementMode enforcement_mode = 3 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       *
+       * @param value The enum numeric value on the wire for enforcementMode to set.
+       * @return This builder for chaining.
+       */
+      public Builder setEnforcementModeValue(int value) {
+
+        enforcementMode_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The action when a pod creation is denied by the admission rule.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.AdmissionRule.EnforcementMode enforcement_mode = 3 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       *
+       * @return The enforcementMode.
+       */
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+              .EnforcementMode
+          getEnforcementMode() {
+        @SuppressWarnings("deprecation")
+        com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+                .EnforcementMode
+            result =
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+                    .EnforcementMode.valueOf(enforcementMode_);
+        return result == null
+            ? com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+                .EnforcementMode.UNRECOGNIZED
+            : result;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The action when a pod creation is denied by the admission rule.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.AdmissionRule.EnforcementMode enforcement_mode = 3 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       *
+       * @param value The enforcementMode to set.
+       * @return This builder for chaining.
+       */
+      public Builder setEnforcementMode(
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+                  .EnforcementMode
+              value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+
+        enforcementMode_ = value.getNumber();
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The action when a pod creation is denied by the admission rule.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.AdmissionRule.EnforcementMode enforcement_mode = 3 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearEnforcementMode() {
+
+        enforcementMode_ = 0;
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final Builder setUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.setUnknownFields(unknownFields);
+      }
+
+      @java.lang.Override
+      public final Builder mergeUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.mergeUnknownFields(unknownFields);
+      }
+
+      // @@protoc_insertion_point(builder_scope:google.cloud.binaryauthorization.v1.AdmissionRule)
+    }
+
+    // @@protoc_insertion_point(class_scope:google.cloud.binaryauthorization.v1.AdmissionRule)
+    private static final com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .AdmissionRule
+        DEFAULT_INSTANCE;
+
+    static {
+      DEFAULT_INSTANCE =
+          new com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule();
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+        getDefaultInstance() {
+      return DEFAULT_INSTANCE;
+    }
+
+    private static final com.google.protobuf.Parser<AdmissionRule> PARSER =
+        new com.google.protobuf.AbstractParser<AdmissionRule>() {
+          @java.lang.Override
+          public AdmissionRule parsePartialFrom(
+              com.google.protobuf.CodedInputStream input,
+              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws com.google.protobuf.InvalidProtocolBufferException {
+            return new AdmissionRule(input, extensionRegistry);
+          }
+        };
+
+    public static com.google.protobuf.Parser<AdmissionRule> parser() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Parser<AdmissionRule> getParserForType() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionRule
+        getDefaultInstanceForType() {
+      return DEFAULT_INSTANCE;
+    }
+  }
+
+  public interface AttestorOrBuilder
+      extends
+      // @@protoc_insertion_point(interface_extends:google.cloud.binaryauthorization.v1.Attestor)
+      com.google.protobuf.MessageOrBuilder {
+
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name, in the format:
+     * `projects/&#42;&#47;attestors/&#42;`. This field may not be updated.
+     * </pre>
+     *
+     * <code>string name = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return The name.
+     */
+    java.lang.String getName();
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name, in the format:
+     * `projects/&#42;&#47;attestors/&#42;`. This field may not be updated.
+     * </pre>
+     *
+     * <code>string name = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return The bytes for name.
+     */
+    com.google.protobuf.ByteString getNameBytes();
+
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A descriptive comment.  This field may be updated.
+     * The field may be displayed in chooser dialogs.
+     * </pre>
+     *
+     * <code>string description = 6 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The description.
+     */
+    java.lang.String getDescription();
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A descriptive comment.  This field may be updated.
+     * The field may be displayed in chooser dialogs.
+     * </pre>
+     *
+     * <code>string description = 6 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The bytes for description.
+     */
+    com.google.protobuf.ByteString getDescriptionBytes();
+
+    /**
+     *
+     *
+     * <pre>
+     * This specifies how an attestation will be read, and how it will be used
+     * during policy enforcement.
+     * </pre>
+     *
+     * <code>.google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote user_owned_grafeas_note = 3;
+     * </code>
+     *
+     * @return Whether the userOwnedGrafeasNote field is set.
+     */
+    boolean hasUserOwnedGrafeasNote();
+    /**
+     *
+     *
+     * <pre>
+     * This specifies how an attestation will be read, and how it will be used
+     * during policy enforcement.
+     * </pre>
+     *
+     * <code>.google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote user_owned_grafeas_note = 3;
+     * </code>
+     *
+     * @return The userOwnedGrafeasNote.
+     */
+    com.google.protos.google.cloud.binaryauthorization.v1.Resources.UserOwnedGrafeasNote
+        getUserOwnedGrafeasNote();
+    /**
+     *
+     *
+     * <pre>
+     * This specifies how an attestation will be read, and how it will be used
+     * during policy enforcement.
+     * </pre>
+     *
+     * <code>.google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote user_owned_grafeas_note = 3;
+     * </code>
+     */
+    com.google.protos.google.cloud.binaryauthorization.v1.Resources.UserOwnedGrafeasNoteOrBuilder
+        getUserOwnedGrafeasNoteOrBuilder();
+
+    /**
+     *
+     *
+     * <pre>
+     * Output only. Time when the attestor was last updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 4 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return Whether the updateTime field is set.
+     */
+    boolean hasUpdateTime();
+    /**
+     *
+     *
+     * <pre>
+     * Output only. Time when the attestor was last updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 4 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return The updateTime.
+     */
+    com.google.protobuf.Timestamp getUpdateTime();
+    /**
+     *
+     *
+     * <pre>
+     * Output only. Time when the attestor was last updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 4 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    com.google.protobuf.TimestampOrBuilder getUpdateTimeOrBuilder();
+
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor.AttestorTypeCase
+        getAttestorTypeCase();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * An [attestor][google.cloud.binaryauthorization.v1.Attestor] that attests to container image
+   * artifacts. An existing attestor cannot be modified except where
+   * indicated.
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.binaryauthorization.v1.Attestor}
+   */
+  public static final class Attestor extends com.google.protobuf.GeneratedMessageV3
+      implements
+      // @@protoc_insertion_point(message_implements:google.cloud.binaryauthorization.v1.Attestor)
+      AttestorOrBuilder {
+    private static final long serialVersionUID = 0L;
+    // Use Attestor.newBuilder() to construct.
+    private Attestor(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+      super(builder);
+    }
+
+    private Attestor() {
+      name_ = "";
+      description_ = "";
+    }
+
+    @java.lang.Override
+    @SuppressWarnings({"unused"})
+    protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+      return new Attestor();
+    }
+
+    @java.lang.Override
+    public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+      return this.unknownFields;
+    }
+
+    private Attestor(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      this();
+      if (extensionRegistry == null) {
+        throw new java.lang.NullPointerException();
+      }
+      com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+          com.google.protobuf.UnknownFieldSet.newBuilder();
+      try {
+        boolean done = false;
+        while (!done) {
+          int tag = input.readTag();
+          switch (tag) {
+            case 0:
+              done = true;
+              break;
+            case 10:
+              {
+                java.lang.String s = input.readStringRequireUtf8();
+
+                name_ = s;
+                break;
+              }
+            case 26:
+              {
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.UserOwnedGrafeasNote
+                        .Builder
+                    subBuilder = null;
+                if (attestorTypeCase_ == 3) {
+                  subBuilder =
+                      ((com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                                  .UserOwnedGrafeasNote)
+                              attestorType_)
+                          .toBuilder();
+                }
+                attestorType_ =
+                    input.readMessage(
+                        com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                            .UserOwnedGrafeasNote.parser(),
+                        extensionRegistry);
+                if (subBuilder != null) {
+                  subBuilder.mergeFrom(
+                      (com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                              .UserOwnedGrafeasNote)
+                          attestorType_);
+                  attestorType_ = subBuilder.buildPartial();
+                }
+                attestorTypeCase_ = 3;
+                break;
+              }
+            case 34:
+              {
+                com.google.protobuf.Timestamp.Builder subBuilder = null;
+                if (updateTime_ != null) {
+                  subBuilder = updateTime_.toBuilder();
+                }
+                updateTime_ =
+                    input.readMessage(com.google.protobuf.Timestamp.parser(), extensionRegistry);
+                if (subBuilder != null) {
+                  subBuilder.mergeFrom(updateTime_);
+                  updateTime_ = subBuilder.buildPartial();
+                }
+
+                break;
+              }
+            case 50:
+              {
+                java.lang.String s = input.readStringRequireUtf8();
+
+                description_ = s;
+                break;
+              }
+            default:
+              {
+                if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                  done = true;
+                }
+                break;
+              }
+          }
+        }
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        throw e.setUnfinishedMessage(this);
+      } catch (java.io.IOException e) {
+        throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+      } finally {
+        this.unknownFields = unknownFields.build();
+        makeExtensionsImmutable();
+      }
+    }
+
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.protos.google.cloud.binaryauthorization.v1.Resources
+          .internal_static_google_cloud_binaryauthorization_v1_Attestor_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.protos.google.cloud.binaryauthorization.v1.Resources
+          .internal_static_google_cloud_binaryauthorization_v1_Attestor_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor.class,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor.Builder
+                  .class);
+    }
+
+    private int attestorTypeCase_ = 0;
+    private java.lang.Object attestorType_;
+
+    public enum AttestorTypeCase
+        implements
+            com.google.protobuf.Internal.EnumLite,
+            com.google.protobuf.AbstractMessage.InternalOneOfEnum {
+      USER_OWNED_GRAFEAS_NOTE(3),
+      ATTESTORTYPE_NOT_SET(0);
+      private final int value;
+
+      private AttestorTypeCase(int value) {
+        this.value = value;
+      }
+      /**
+       * @param value The number of the enum to look for.
+       * @return The enum associated with the given number.
+       * @deprecated Use {@link #forNumber(int)} instead.
+       */
+      @java.lang.Deprecated
+      public static AttestorTypeCase valueOf(int value) {
+        return forNumber(value);
+      }
+
+      public static AttestorTypeCase forNumber(int value) {
+        switch (value) {
+          case 3:
+            return USER_OWNED_GRAFEAS_NOTE;
+          case 0:
+            return ATTESTORTYPE_NOT_SET;
+          default:
+            return null;
+        }
+      }
+
+      public int getNumber() {
+        return this.value;
+      }
+    };
+
+    public AttestorTypeCase getAttestorTypeCase() {
+      return AttestorTypeCase.forNumber(attestorTypeCase_);
+    }
+
+    public static final int NAME_FIELD_NUMBER = 1;
+    private volatile java.lang.Object name_;
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name, in the format:
+     * `projects/&#42;&#47;attestors/&#42;`. This field may not be updated.
+     * </pre>
+     *
+     * <code>string name = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return The name.
+     */
+    @java.lang.Override
+    public java.lang.String getName() {
+      java.lang.Object ref = name_;
+      if (ref instanceof java.lang.String) {
+        return (java.lang.String) ref;
+      } else {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        name_ = s;
+        return s;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name, in the format:
+     * `projects/&#42;&#47;attestors/&#42;`. This field may not be updated.
+     * </pre>
+     *
+     * <code>string name = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return The bytes for name.
+     */
+    @java.lang.Override
+    public com.google.protobuf.ByteString getNameBytes() {
+      java.lang.Object ref = name_;
+      if (ref instanceof java.lang.String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        name_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+
+    public static final int DESCRIPTION_FIELD_NUMBER = 6;
+    private volatile java.lang.Object description_;
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A descriptive comment.  This field may be updated.
+     * The field may be displayed in chooser dialogs.
+     * </pre>
+     *
+     * <code>string description = 6 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The description.
+     */
+    @java.lang.Override
+    public java.lang.String getDescription() {
+      java.lang.Object ref = description_;
+      if (ref instanceof java.lang.String) {
+        return (java.lang.String) ref;
+      } else {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        description_ = s;
+        return s;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A descriptive comment.  This field may be updated.
+     * The field may be displayed in chooser dialogs.
+     * </pre>
+     *
+     * <code>string description = 6 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The bytes for description.
+     */
+    @java.lang.Override
+    public com.google.protobuf.ByteString getDescriptionBytes() {
+      java.lang.Object ref = description_;
+      if (ref instanceof java.lang.String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        description_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+
+    public static final int USER_OWNED_GRAFEAS_NOTE_FIELD_NUMBER = 3;
+    /**
+     *
+     *
+     * <pre>
+     * This specifies how an attestation will be read, and how it will be used
+     * during policy enforcement.
+     * </pre>
+     *
+     * <code>.google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote user_owned_grafeas_note = 3;
+     * </code>
+     *
+     * @return Whether the userOwnedGrafeasNote field is set.
+     */
+    @java.lang.Override
+    public boolean hasUserOwnedGrafeasNote() {
+      return attestorTypeCase_ == 3;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * This specifies how an attestation will be read, and how it will be used
+     * during policy enforcement.
+     * </pre>
+     *
+     * <code>.google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote user_owned_grafeas_note = 3;
+     * </code>
+     *
+     * @return The userOwnedGrafeasNote.
+     */
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources.UserOwnedGrafeasNote
+        getUserOwnedGrafeasNote() {
+      if (attestorTypeCase_ == 3) {
+        return (com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                .UserOwnedGrafeasNote)
+            attestorType_;
+      }
+      return com.google.protos.google.cloud.binaryauthorization.v1.Resources.UserOwnedGrafeasNote
+          .getDefaultInstance();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * This specifies how an attestation will be read, and how it will be used
+     * during policy enforcement.
+     * </pre>
+     *
+     * <code>.google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote user_owned_grafeas_note = 3;
+     * </code>
+     */
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .UserOwnedGrafeasNoteOrBuilder
+        getUserOwnedGrafeasNoteOrBuilder() {
+      if (attestorTypeCase_ == 3) {
+        return (com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                .UserOwnedGrafeasNote)
+            attestorType_;
+      }
+      return com.google.protos.google.cloud.binaryauthorization.v1.Resources.UserOwnedGrafeasNote
+          .getDefaultInstance();
+    }
+
+    public static final int UPDATE_TIME_FIELD_NUMBER = 4;
+    private com.google.protobuf.Timestamp updateTime_;
+    /**
+     *
+     *
+     * <pre>
+     * Output only. Time when the attestor was last updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 4 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return Whether the updateTime field is set.
+     */
+    @java.lang.Override
+    public boolean hasUpdateTime() {
+      return updateTime_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. Time when the attestor was last updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 4 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return The updateTime.
+     */
+    @java.lang.Override
+    public com.google.protobuf.Timestamp getUpdateTime() {
+      return updateTime_ == null ? com.google.protobuf.Timestamp.getDefaultInstance() : updateTime_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. Time when the attestor was last updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 4 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    @java.lang.Override
+    public com.google.protobuf.TimestampOrBuilder getUpdateTimeOrBuilder() {
+      return getUpdateTime();
+    }
+
+    private byte memoizedIsInitialized = -1;
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      byte isInitialized = memoizedIsInitialized;
+      if (isInitialized == 1) return true;
+      if (isInitialized == 0) return false;
+
+      memoizedIsInitialized = 1;
+      return true;
+    }
+
+    @java.lang.Override
+    public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+      if (!getNameBytes().isEmpty()) {
+        com.google.protobuf.GeneratedMessageV3.writeString(output, 1, name_);
+      }
+      if (attestorTypeCase_ == 3) {
+        output.writeMessage(
+            3,
+            (com.google.protos.google.cloud.binaryauthorization.v1.Resources.UserOwnedGrafeasNote)
+                attestorType_);
+      }
+      if (updateTime_ != null) {
+        output.writeMessage(4, getUpdateTime());
+      }
+      if (!getDescriptionBytes().isEmpty()) {
+        com.google.protobuf.GeneratedMessageV3.writeString(output, 6, description_);
+      }
+      unknownFields.writeTo(output);
+    }
+
+    @java.lang.Override
+    public int getSerializedSize() {
+      int size = memoizedSize;
+      if (size != -1) return size;
+
+      size = 0;
+      if (!getNameBytes().isEmpty()) {
+        size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, name_);
+      }
+      if (attestorTypeCase_ == 3) {
+        size +=
+            com.google.protobuf.CodedOutputStream.computeMessageSize(
+                3,
+                (com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                        .UserOwnedGrafeasNote)
+                    attestorType_);
+      }
+      if (updateTime_ != null) {
+        size += com.google.protobuf.CodedOutputStream.computeMessageSize(4, getUpdateTime());
+      }
+      if (!getDescriptionBytes().isEmpty()) {
+        size += com.google.protobuf.GeneratedMessageV3.computeStringSize(6, description_);
+      }
+      size += unknownFields.getSerializedSize();
+      memoizedSize = size;
+      return size;
+    }
+
+    @java.lang.Override
+    public boolean equals(final java.lang.Object obj) {
+      if (obj == this) {
+        return true;
+      }
+      if (!(obj
+          instanceof com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor)) {
+        return super.equals(obj);
+      }
+      com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor other =
+          (com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor) obj;
+
+      if (!getName().equals(other.getName())) return false;
+      if (!getDescription().equals(other.getDescription())) return false;
+      if (hasUpdateTime() != other.hasUpdateTime()) return false;
+      if (hasUpdateTime()) {
+        if (!getUpdateTime().equals(other.getUpdateTime())) return false;
+      }
+      if (!getAttestorTypeCase().equals(other.getAttestorTypeCase())) return false;
+      switch (attestorTypeCase_) {
+        case 3:
+          if (!getUserOwnedGrafeasNote().equals(other.getUserOwnedGrafeasNote())) return false;
+          break;
+        case 0:
+        default:
+      }
+      if (!unknownFields.equals(other.unknownFields)) return false;
+      return true;
+    }
+
+    @java.lang.Override
+    public int hashCode() {
+      if (memoizedHashCode != 0) {
+        return memoizedHashCode;
+      }
+      int hash = 41;
+      hash = (19 * hash) + getDescriptor().hashCode();
+      hash = (37 * hash) + NAME_FIELD_NUMBER;
+      hash = (53 * hash) + getName().hashCode();
+      hash = (37 * hash) + DESCRIPTION_FIELD_NUMBER;
+      hash = (53 * hash) + getDescription().hashCode();
+      if (hasUpdateTime()) {
+        hash = (37 * hash) + UPDATE_TIME_FIELD_NUMBER;
+        hash = (53 * hash) + getUpdateTime().hashCode();
+      }
+      switch (attestorTypeCase_) {
+        case 3:
+          hash = (37 * hash) + USER_OWNED_GRAFEAS_NOTE_FIELD_NUMBER;
+          hash = (53 * hash) + getUserOwnedGrafeasNote().hashCode();
+          break;
+        case 0:
+        default:
+      }
+      hash = (29 * hash) + unknownFields.hashCode();
+      memoizedHashCode = hash;
+      return hash;
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor
+        parseFrom(java.nio.ByteBuffer data)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor
+        parseFrom(
+            java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor
+        parseFrom(com.google.protobuf.ByteString data)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor
+        parseFrom(
+            com.google.protobuf.ByteString data,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor
+        parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor
+        parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor
+        parseFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor
+        parseFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor
+        parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor
+        parseDelimitedFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor
+        parseFrom(com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor
+        parseFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    @java.lang.Override
+    public Builder newBuilderForType() {
+      return newBuilder();
+    }
+
+    public static Builder newBuilder() {
+      return DEFAULT_INSTANCE.toBuilder();
+    }
+
+    public static Builder newBuilder(
+        com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor prototype) {
+      return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+    }
+
+    @java.lang.Override
+    public Builder toBuilder() {
+      return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+    }
+
+    @java.lang.Override
+    protected Builder newBuilderForType(
+        com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      Builder builder = new Builder(parent);
+      return builder;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * An [attestor][google.cloud.binaryauthorization.v1.Attestor] that attests to container image
+     * artifacts. An existing attestor cannot be modified except where
+     * indicated.
+     * </pre>
+     *
+     * Protobuf type {@code google.cloud.binaryauthorization.v1.Attestor}
+     */
+    public static final class Builder
+        extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+        implements
+        // @@protoc_insertion_point(builder_implements:google.cloud.binaryauthorization.v1.Attestor)
+        com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorOrBuilder {
+      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .internal_static_google_cloud_binaryauthorization_v1_Attestor_descriptor;
+      }
+
+      @java.lang.Override
+      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+          internalGetFieldAccessorTable() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .internal_static_google_cloud_binaryauthorization_v1_Attestor_fieldAccessorTable
+            .ensureFieldAccessorsInitialized(
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor.class,
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor.Builder
+                    .class);
+      }
+
+      // Construct using
+      // com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor.newBuilder()
+      private Builder() {
+        maybeForceBuilderInitialization();
+      }
+
+      private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+        super(parent);
+        maybeForceBuilderInitialization();
+      }
+
+      private void maybeForceBuilderInitialization() {
+        if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+      }
+
+      @java.lang.Override
+      public Builder clear() {
+        super.clear();
+        name_ = "";
+
+        description_ = "";
+
+        if (updateTimeBuilder_ == null) {
+          updateTime_ = null;
+        } else {
+          updateTime_ = null;
+          updateTimeBuilder_ = null;
+        }
+        attestorTypeCase_ = 0;
+        attestorType_ = null;
+        return this;
+      }
+
+      @java.lang.Override
+      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .internal_static_google_cloud_binaryauthorization_v1_Attestor_descriptor;
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor
+          getDefaultInstanceForType() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor
+            .getDefaultInstance();
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor build() {
+        com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor result =
+            buildPartial();
+        if (!result.isInitialized()) {
+          throw newUninitializedMessageException(result);
+        }
+        return result;
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor
+          buildPartial() {
+        com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor result =
+            new com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor(this);
+        result.name_ = name_;
+        result.description_ = description_;
+        if (attestorTypeCase_ == 3) {
+          if (userOwnedGrafeasNoteBuilder_ == null) {
+            result.attestorType_ = attestorType_;
+          } else {
+            result.attestorType_ = userOwnedGrafeasNoteBuilder_.build();
+          }
+        }
+        if (updateTimeBuilder_ == null) {
+          result.updateTime_ = updateTime_;
+        } else {
+          result.updateTime_ = updateTimeBuilder_.build();
+        }
+        result.attestorTypeCase_ = attestorTypeCase_;
+        onBuilt();
+        return result;
+      }
+
+      @java.lang.Override
+      public Builder clone() {
+        return super.clone();
+      }
+
+      @java.lang.Override
+      public Builder setField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.setField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+        return super.clearField(field);
+      }
+
+      @java.lang.Override
+      public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+        return super.clearOneof(oneof);
+      }
+
+      @java.lang.Override
+      public Builder setRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field,
+          int index,
+          java.lang.Object value) {
+        return super.setRepeatedField(field, index, value);
+      }
+
+      @java.lang.Override
+      public Builder addRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.addRepeatedField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(com.google.protobuf.Message other) {
+        if (other
+            instanceof com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor) {
+          return mergeFrom(
+              (com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor) other);
+        } else {
+          super.mergeFrom(other);
+          return this;
+        }
+      }
+
+      public Builder mergeFrom(
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor other) {
+        if (other
+            == com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor
+                .getDefaultInstance()) return this;
+        if (!other.getName().isEmpty()) {
+          name_ = other.name_;
+          onChanged();
+        }
+        if (!other.getDescription().isEmpty()) {
+          description_ = other.description_;
+          onChanged();
+        }
+        if (other.hasUpdateTime()) {
+          mergeUpdateTime(other.getUpdateTime());
+        }
+        switch (other.getAttestorTypeCase()) {
+          case USER_OWNED_GRAFEAS_NOTE:
+            {
+              mergeUserOwnedGrafeasNote(other.getUserOwnedGrafeasNote());
+              break;
+            }
+          case ATTESTORTYPE_NOT_SET:
+            {
+              break;
+            }
+        }
+        this.mergeUnknownFields(other.unknownFields);
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final boolean isInitialized() {
+        return true;
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+        com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor parsedMessage =
+            null;
+        try {
+          parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+        } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+          parsedMessage =
+              (com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor)
+                  e.getUnfinishedMessage();
+          throw e.unwrapIOException();
+        } finally {
+          if (parsedMessage != null) {
+            mergeFrom(parsedMessage);
+          }
+        }
+        return this;
+      }
+
+      private int attestorTypeCase_ = 0;
+      private java.lang.Object attestorType_;
+
+      public AttestorTypeCase getAttestorTypeCase() {
+        return AttestorTypeCase.forNumber(attestorTypeCase_);
+      }
+
+      public Builder clearAttestorType() {
+        attestorTypeCase_ = 0;
+        attestorType_ = null;
+        onChanged();
+        return this;
+      }
+
+      private java.lang.Object name_ = "";
+      /**
+       *
+       *
+       * <pre>
+       * Required. The resource name, in the format:
+       * `projects/&#42;&#47;attestors/&#42;`. This field may not be updated.
+       * </pre>
+       *
+       * <code>string name = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+       *
+       * @return The name.
+       */
+      public java.lang.String getName() {
+        java.lang.Object ref = name_;
+        if (!(ref instanceof java.lang.String)) {
+          com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+          java.lang.String s = bs.toStringUtf8();
+          name_ = s;
+          return s;
+        } else {
+          return (java.lang.String) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The resource name, in the format:
+       * `projects/&#42;&#47;attestors/&#42;`. This field may not be updated.
+       * </pre>
+       *
+       * <code>string name = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+       *
+       * @return The bytes for name.
+       */
+      public com.google.protobuf.ByteString getNameBytes() {
+        java.lang.Object ref = name_;
+        if (ref instanceof String) {
+          com.google.protobuf.ByteString b =
+              com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+          name_ = b;
+          return b;
+        } else {
+          return (com.google.protobuf.ByteString) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The resource name, in the format:
+       * `projects/&#42;&#47;attestors/&#42;`. This field may not be updated.
+       * </pre>
+       *
+       * <code>string name = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+       *
+       * @param value The name to set.
+       * @return This builder for chaining.
+       */
+      public Builder setName(java.lang.String value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+
+        name_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The resource name, in the format:
+       * `projects/&#42;&#47;attestors/&#42;`. This field may not be updated.
+       * </pre>
+       *
+       * <code>string name = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearName() {
+
+        name_ = getDefaultInstance().getName();
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The resource name, in the format:
+       * `projects/&#42;&#47;attestors/&#42;`. This field may not be updated.
+       * </pre>
+       *
+       * <code>string name = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+       *
+       * @param value The bytes for name to set.
+       * @return This builder for chaining.
+       */
+      public Builder setNameBytes(com.google.protobuf.ByteString value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        checkByteStringIsUtf8(value);
+
+        name_ = value;
+        onChanged();
+        return this;
+      }
+
+      private java.lang.Object description_ = "";
+      /**
+       *
+       *
+       * <pre>
+       * Optional. A descriptive comment.  This field may be updated.
+       * The field may be displayed in chooser dialogs.
+       * </pre>
+       *
+       * <code>string description = 6 [(.google.api.field_behavior) = OPTIONAL];</code>
+       *
+       * @return The description.
+       */
+      public java.lang.String getDescription() {
+        java.lang.Object ref = description_;
+        if (!(ref instanceof java.lang.String)) {
+          com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+          java.lang.String s = bs.toStringUtf8();
+          description_ = s;
+          return s;
+        } else {
+          return (java.lang.String) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. A descriptive comment.  This field may be updated.
+       * The field may be displayed in chooser dialogs.
+       * </pre>
+       *
+       * <code>string description = 6 [(.google.api.field_behavior) = OPTIONAL];</code>
+       *
+       * @return The bytes for description.
+       */
+      public com.google.protobuf.ByteString getDescriptionBytes() {
+        java.lang.Object ref = description_;
+        if (ref instanceof String) {
+          com.google.protobuf.ByteString b =
+              com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+          description_ = b;
+          return b;
+        } else {
+          return (com.google.protobuf.ByteString) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. A descriptive comment.  This field may be updated.
+       * The field may be displayed in chooser dialogs.
+       * </pre>
+       *
+       * <code>string description = 6 [(.google.api.field_behavior) = OPTIONAL];</code>
+       *
+       * @param value The description to set.
+       * @return This builder for chaining.
+       */
+      public Builder setDescription(java.lang.String value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+
+        description_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. A descriptive comment.  This field may be updated.
+       * The field may be displayed in chooser dialogs.
+       * </pre>
+       *
+       * <code>string description = 6 [(.google.api.field_behavior) = OPTIONAL];</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearDescription() {
+
+        description_ = getDefaultInstance().getDescription();
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. A descriptive comment.  This field may be updated.
+       * The field may be displayed in chooser dialogs.
+       * </pre>
+       *
+       * <code>string description = 6 [(.google.api.field_behavior) = OPTIONAL];</code>
+       *
+       * @param value The bytes for description to set.
+       * @return This builder for chaining.
+       */
+      public Builder setDescriptionBytes(com.google.protobuf.ByteString value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        checkByteStringIsUtf8(value);
+
+        description_ = value;
+        onChanged();
+        return this;
+      }
+
+      private com.google.protobuf.SingleFieldBuilderV3<
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.UserOwnedGrafeasNote,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.UserOwnedGrafeasNote
+                  .Builder,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                  .UserOwnedGrafeasNoteOrBuilder>
+          userOwnedGrafeasNoteBuilder_;
+      /**
+       *
+       *
+       * <pre>
+       * This specifies how an attestation will be read, and how it will be used
+       * during policy enforcement.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote user_owned_grafeas_note = 3;
+       * </code>
+       *
+       * @return Whether the userOwnedGrafeasNote field is set.
+       */
+      @java.lang.Override
+      public boolean hasUserOwnedGrafeasNote() {
+        return attestorTypeCase_ == 3;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * This specifies how an attestation will be read, and how it will be used
+       * during policy enforcement.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote user_owned_grafeas_note = 3;
+       * </code>
+       *
+       * @return The userOwnedGrafeasNote.
+       */
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.UserOwnedGrafeasNote
+          getUserOwnedGrafeasNote() {
+        if (userOwnedGrafeasNoteBuilder_ == null) {
+          if (attestorTypeCase_ == 3) {
+            return (com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                    .UserOwnedGrafeasNote)
+                attestorType_;
+          }
+          return com.google.protos.google.cloud.binaryauthorization.v1.Resources
+              .UserOwnedGrafeasNote.getDefaultInstance();
+        } else {
+          if (attestorTypeCase_ == 3) {
+            return userOwnedGrafeasNoteBuilder_.getMessage();
+          }
+          return com.google.protos.google.cloud.binaryauthorization.v1.Resources
+              .UserOwnedGrafeasNote.getDefaultInstance();
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * This specifies how an attestation will be read, and how it will be used
+       * during policy enforcement.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote user_owned_grafeas_note = 3;
+       * </code>
+       */
+      public Builder setUserOwnedGrafeasNote(
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.UserOwnedGrafeasNote
+              value) {
+        if (userOwnedGrafeasNoteBuilder_ == null) {
+          if (value == null) {
+            throw new NullPointerException();
+          }
+          attestorType_ = value;
+          onChanged();
+        } else {
+          userOwnedGrafeasNoteBuilder_.setMessage(value);
+        }
+        attestorTypeCase_ = 3;
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * This specifies how an attestation will be read, and how it will be used
+       * during policy enforcement.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote user_owned_grafeas_note = 3;
+       * </code>
+       */
+      public Builder setUserOwnedGrafeasNote(
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.UserOwnedGrafeasNote
+                  .Builder
+              builderForValue) {
+        if (userOwnedGrafeasNoteBuilder_ == null) {
+          attestorType_ = builderForValue.build();
+          onChanged();
+        } else {
+          userOwnedGrafeasNoteBuilder_.setMessage(builderForValue.build());
+        }
+        attestorTypeCase_ = 3;
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * This specifies how an attestation will be read, and how it will be used
+       * during policy enforcement.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote user_owned_grafeas_note = 3;
+       * </code>
+       */
+      public Builder mergeUserOwnedGrafeasNote(
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.UserOwnedGrafeasNote
+              value) {
+        if (userOwnedGrafeasNoteBuilder_ == null) {
+          if (attestorTypeCase_ == 3
+              && attestorType_
+                  != com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                      .UserOwnedGrafeasNote.getDefaultInstance()) {
+            attestorType_ =
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.UserOwnedGrafeasNote
+                    .newBuilder(
+                        (com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                                .UserOwnedGrafeasNote)
+                            attestorType_)
+                    .mergeFrom(value)
+                    .buildPartial();
+          } else {
+            attestorType_ = value;
+          }
+          onChanged();
+        } else {
+          if (attestorTypeCase_ == 3) {
+            userOwnedGrafeasNoteBuilder_.mergeFrom(value);
+          }
+          userOwnedGrafeasNoteBuilder_.setMessage(value);
+        }
+        attestorTypeCase_ = 3;
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * This specifies how an attestation will be read, and how it will be used
+       * during policy enforcement.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote user_owned_grafeas_note = 3;
+       * </code>
+       */
+      public Builder clearUserOwnedGrafeasNote() {
+        if (userOwnedGrafeasNoteBuilder_ == null) {
+          if (attestorTypeCase_ == 3) {
+            attestorTypeCase_ = 0;
+            attestorType_ = null;
+            onChanged();
+          }
+        } else {
+          if (attestorTypeCase_ == 3) {
+            attestorTypeCase_ = 0;
+            attestorType_ = null;
+          }
+          userOwnedGrafeasNoteBuilder_.clear();
+        }
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * This specifies how an attestation will be read, and how it will be used
+       * during policy enforcement.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote user_owned_grafeas_note = 3;
+       * </code>
+       */
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.UserOwnedGrafeasNote
+              .Builder
+          getUserOwnedGrafeasNoteBuilder() {
+        return getUserOwnedGrafeasNoteFieldBuilder().getBuilder();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * This specifies how an attestation will be read, and how it will be used
+       * during policy enforcement.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote user_owned_grafeas_note = 3;
+       * </code>
+       */
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources
+              .UserOwnedGrafeasNoteOrBuilder
+          getUserOwnedGrafeasNoteOrBuilder() {
+        if ((attestorTypeCase_ == 3) && (userOwnedGrafeasNoteBuilder_ != null)) {
+          return userOwnedGrafeasNoteBuilder_.getMessageOrBuilder();
+        } else {
+          if (attestorTypeCase_ == 3) {
+            return (com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                    .UserOwnedGrafeasNote)
+                attestorType_;
+          }
+          return com.google.protos.google.cloud.binaryauthorization.v1.Resources
+              .UserOwnedGrafeasNote.getDefaultInstance();
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * This specifies how an attestation will be read, and how it will be used
+       * during policy enforcement.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote user_owned_grafeas_note = 3;
+       * </code>
+       */
+      private com.google.protobuf.SingleFieldBuilderV3<
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.UserOwnedGrafeasNote,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.UserOwnedGrafeasNote
+                  .Builder,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                  .UserOwnedGrafeasNoteOrBuilder>
+          getUserOwnedGrafeasNoteFieldBuilder() {
+        if (userOwnedGrafeasNoteBuilder_ == null) {
+          if (!(attestorTypeCase_ == 3)) {
+            attestorType_ =
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.UserOwnedGrafeasNote
+                    .getDefaultInstance();
+          }
+          userOwnedGrafeasNoteBuilder_ =
+              new com.google.protobuf.SingleFieldBuilderV3<
+                  com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                      .UserOwnedGrafeasNote,
+                  com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                      .UserOwnedGrafeasNote.Builder,
+                  com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                      .UserOwnedGrafeasNoteOrBuilder>(
+                  (com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                          .UserOwnedGrafeasNote)
+                      attestorType_,
+                  getParentForChildren(),
+                  isClean());
+          attestorType_ = null;
+        }
+        attestorTypeCase_ = 3;
+        onChanged();
+        ;
+        return userOwnedGrafeasNoteBuilder_;
+      }
+
+      private com.google.protobuf.Timestamp updateTime_;
+      private com.google.protobuf.SingleFieldBuilderV3<
+              com.google.protobuf.Timestamp,
+              com.google.protobuf.Timestamp.Builder,
+              com.google.protobuf.TimestampOrBuilder>
+          updateTimeBuilder_;
+      /**
+       *
+       *
+       * <pre>
+       * Output only. Time when the attestor was last updated.
+       * </pre>
+       *
+       * <code>
+       * .google.protobuf.Timestamp update_time = 4 [(.google.api.field_behavior) = OUTPUT_ONLY];
+       * </code>
+       *
+       * @return Whether the updateTime field is set.
+       */
+      public boolean hasUpdateTime() {
+        return updateTimeBuilder_ != null || updateTime_ != null;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Output only. Time when the attestor was last updated.
+       * </pre>
+       *
+       * <code>
+       * .google.protobuf.Timestamp update_time = 4 [(.google.api.field_behavior) = OUTPUT_ONLY];
+       * </code>
+       *
+       * @return The updateTime.
+       */
+      public com.google.protobuf.Timestamp getUpdateTime() {
+        if (updateTimeBuilder_ == null) {
+          return updateTime_ == null
+              ? com.google.protobuf.Timestamp.getDefaultInstance()
+              : updateTime_;
+        } else {
+          return updateTimeBuilder_.getMessage();
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Output only. Time when the attestor was last updated.
+       * </pre>
+       *
+       * <code>
+       * .google.protobuf.Timestamp update_time = 4 [(.google.api.field_behavior) = OUTPUT_ONLY];
+       * </code>
+       */
+      public Builder setUpdateTime(com.google.protobuf.Timestamp value) {
+        if (updateTimeBuilder_ == null) {
+          if (value == null) {
+            throw new NullPointerException();
+          }
+          updateTime_ = value;
+          onChanged();
+        } else {
+          updateTimeBuilder_.setMessage(value);
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Output only. Time when the attestor was last updated.
+       * </pre>
+       *
+       * <code>
+       * .google.protobuf.Timestamp update_time = 4 [(.google.api.field_behavior) = OUTPUT_ONLY];
+       * </code>
+       */
+      public Builder setUpdateTime(com.google.protobuf.Timestamp.Builder builderForValue) {
+        if (updateTimeBuilder_ == null) {
+          updateTime_ = builderForValue.build();
+          onChanged();
+        } else {
+          updateTimeBuilder_.setMessage(builderForValue.build());
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Output only. Time when the attestor was last updated.
+       * </pre>
+       *
+       * <code>
+       * .google.protobuf.Timestamp update_time = 4 [(.google.api.field_behavior) = OUTPUT_ONLY];
+       * </code>
+       */
+      public Builder mergeUpdateTime(com.google.protobuf.Timestamp value) {
+        if (updateTimeBuilder_ == null) {
+          if (updateTime_ != null) {
+            updateTime_ =
+                com.google.protobuf.Timestamp.newBuilder(updateTime_)
+                    .mergeFrom(value)
+                    .buildPartial();
+          } else {
+            updateTime_ = value;
+          }
+          onChanged();
+        } else {
+          updateTimeBuilder_.mergeFrom(value);
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Output only. Time when the attestor was last updated.
+       * </pre>
+       *
+       * <code>
+       * .google.protobuf.Timestamp update_time = 4 [(.google.api.field_behavior) = OUTPUT_ONLY];
+       * </code>
+       */
+      public Builder clearUpdateTime() {
+        if (updateTimeBuilder_ == null) {
+          updateTime_ = null;
+          onChanged();
+        } else {
+          updateTime_ = null;
+          updateTimeBuilder_ = null;
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Output only. Time when the attestor was last updated.
+       * </pre>
+       *
+       * <code>
+       * .google.protobuf.Timestamp update_time = 4 [(.google.api.field_behavior) = OUTPUT_ONLY];
+       * </code>
+       */
+      public com.google.protobuf.Timestamp.Builder getUpdateTimeBuilder() {
+
+        onChanged();
+        return getUpdateTimeFieldBuilder().getBuilder();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Output only. Time when the attestor was last updated.
+       * </pre>
+       *
+       * <code>
+       * .google.protobuf.Timestamp update_time = 4 [(.google.api.field_behavior) = OUTPUT_ONLY];
+       * </code>
+       */
+      public com.google.protobuf.TimestampOrBuilder getUpdateTimeOrBuilder() {
+        if (updateTimeBuilder_ != null) {
+          return updateTimeBuilder_.getMessageOrBuilder();
+        } else {
+          return updateTime_ == null
+              ? com.google.protobuf.Timestamp.getDefaultInstance()
+              : updateTime_;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Output only. Time when the attestor was last updated.
+       * </pre>
+       *
+       * <code>
+       * .google.protobuf.Timestamp update_time = 4 [(.google.api.field_behavior) = OUTPUT_ONLY];
+       * </code>
+       */
+      private com.google.protobuf.SingleFieldBuilderV3<
+              com.google.protobuf.Timestamp,
+              com.google.protobuf.Timestamp.Builder,
+              com.google.protobuf.TimestampOrBuilder>
+          getUpdateTimeFieldBuilder() {
+        if (updateTimeBuilder_ == null) {
+          updateTimeBuilder_ =
+              new com.google.protobuf.SingleFieldBuilderV3<
+                  com.google.protobuf.Timestamp,
+                  com.google.protobuf.Timestamp.Builder,
+                  com.google.protobuf.TimestampOrBuilder>(
+                  getUpdateTime(), getParentForChildren(), isClean());
+          updateTime_ = null;
+        }
+        return updateTimeBuilder_;
+      }
+
+      @java.lang.Override
+      public final Builder setUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.setUnknownFields(unknownFields);
+      }
+
+      @java.lang.Override
+      public final Builder mergeUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.mergeUnknownFields(unknownFields);
+      }
+
+      // @@protoc_insertion_point(builder_scope:google.cloud.binaryauthorization.v1.Attestor)
+    }
+
+    // @@protoc_insertion_point(class_scope:google.cloud.binaryauthorization.v1.Attestor)
+    private static final com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor
+        DEFAULT_INSTANCE;
+
+    static {
+      DEFAULT_INSTANCE =
+          new com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor();
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor
+        getDefaultInstance() {
+      return DEFAULT_INSTANCE;
+    }
+
+    private static final com.google.protobuf.Parser<Attestor> PARSER =
+        new com.google.protobuf.AbstractParser<Attestor>() {
+          @java.lang.Override
+          public Attestor parsePartialFrom(
+              com.google.protobuf.CodedInputStream input,
+              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws com.google.protobuf.InvalidProtocolBufferException {
+            return new Attestor(input, extensionRegistry);
+          }
+        };
+
+    public static com.google.protobuf.Parser<Attestor> parser() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Parser<Attestor> getParserForType() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor
+        getDefaultInstanceForType() {
+      return DEFAULT_INSTANCE;
+    }
+  }
+
+  public interface UserOwnedGrafeasNoteOrBuilder
+      extends
+      // @@protoc_insertion_point(interface_extends:google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote)
+      com.google.protobuf.MessageOrBuilder {
+
+    /**
+     *
+     *
+     * <pre>
+     * Required. The Grafeas resource name of a Attestation.Authority Note,
+     * created by the user, in the format: `projects/&#42;&#47;notes/&#42;`. This field may
+     * not be updated.
+     * An attestation by this attestor is stored as a Grafeas
+     * Attestation.Authority Occurrence that names a container image and that
+     * links to this Note. Grafeas is an external dependency.
+     * </pre>
+     *
+     * <code>string note_reference = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return The noteReference.
+     */
+    java.lang.String getNoteReference();
+    /**
+     *
+     *
+     * <pre>
+     * Required. The Grafeas resource name of a Attestation.Authority Note,
+     * created by the user, in the format: `projects/&#42;&#47;notes/&#42;`. This field may
+     * not be updated.
+     * An attestation by this attestor is stored as a Grafeas
+     * Attestation.Authority Occurrence that names a container image and that
+     * links to this Note. Grafeas is an external dependency.
+     * </pre>
+     *
+     * <code>string note_reference = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return The bytes for noteReference.
+     */
+    com.google.protobuf.ByteString getNoteReferenceBytes();
+
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Public keys that verify attestations signed by this
+     * attestor.  This field may be updated.
+     * If this field is non-empty, one of the specified public keys must
+     * verify that an attestation was signed by this attestor for the
+     * image specified in the admission request.
+     * If this field is empty, this attestor always returns that no
+     * valid attestations exist.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.binaryauthorization.v1.AttestorPublicKey public_keys = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    java.util.List<
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey>
+        getPublicKeysList();
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Public keys that verify attestations signed by this
+     * attestor.  This field may be updated.
+     * If this field is non-empty, one of the specified public keys must
+     * verify that an attestation was signed by this attestor for the
+     * image specified in the admission request.
+     * If this field is empty, this attestor always returns that no
+     * valid attestations exist.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.binaryauthorization.v1.AttestorPublicKey public_keys = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey getPublicKeys(
+        int index);
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Public keys that verify attestations signed by this
+     * attestor.  This field may be updated.
+     * If this field is non-empty, one of the specified public keys must
+     * verify that an attestation was signed by this attestor for the
+     * image specified in the admission request.
+     * If this field is empty, this attestor always returns that no
+     * valid attestations exist.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.binaryauthorization.v1.AttestorPublicKey public_keys = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    int getPublicKeysCount();
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Public keys that verify attestations signed by this
+     * attestor.  This field may be updated.
+     * If this field is non-empty, one of the specified public keys must
+     * verify that an attestation was signed by this attestor for the
+     * image specified in the admission request.
+     * If this field is empty, this attestor always returns that no
+     * valid attestations exist.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.binaryauthorization.v1.AttestorPublicKey public_keys = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    java.util.List<
+            ? extends
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                    .AttestorPublicKeyOrBuilder>
+        getPublicKeysOrBuilderList();
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Public keys that verify attestations signed by this
+     * attestor.  This field may be updated.
+     * If this field is non-empty, one of the specified public keys must
+     * verify that an attestation was signed by this attestor for the
+     * image specified in the admission request.
+     * If this field is empty, this attestor always returns that no
+     * valid attestations exist.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.binaryauthorization.v1.AttestorPublicKey public_keys = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKeyOrBuilder
+        getPublicKeysOrBuilder(int index);
+
+    /**
+     *
+     *
+     * <pre>
+     * Output only. This field will contain the service account email address
+     * that this Attestor will use as the principal when querying Container
+     * Analysis. Attestor administrators must grant this service account the
+     * IAM role needed to read attestations from the [note_reference][Note] in
+     * Container Analysis (`containeranalysis.notes.occurrences.viewer`).
+     * This email address is fixed for the lifetime of the Attestor, but callers
+     * should not make any other assumptions about the service account email;
+     * future versions may use an email based on a different naming pattern.
+     * </pre>
+     *
+     * <code>
+     * string delegation_service_account_email = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return The delegationServiceAccountEmail.
+     */
+    java.lang.String getDelegationServiceAccountEmail();
+    /**
+     *
+     *
+     * <pre>
+     * Output only. This field will contain the service account email address
+     * that this Attestor will use as the principal when querying Container
+     * Analysis. Attestor administrators must grant this service account the
+     * IAM role needed to read attestations from the [note_reference][Note] in
+     * Container Analysis (`containeranalysis.notes.occurrences.viewer`).
+     * This email address is fixed for the lifetime of the Attestor, but callers
+     * should not make any other assumptions about the service account email;
+     * future versions may use an email based on a different naming pattern.
+     * </pre>
+     *
+     * <code>
+     * string delegation_service_account_email = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return The bytes for delegationServiceAccountEmail.
+     */
+    com.google.protobuf.ByteString getDelegationServiceAccountEmailBytes();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * An [user owned Grafeas note][google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote] references a Grafeas
+   * Attestation.Authority Note created by the user.
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote}
+   */
+  public static final class UserOwnedGrafeasNote extends com.google.protobuf.GeneratedMessageV3
+      implements
+      // @@protoc_insertion_point(message_implements:google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote)
+      UserOwnedGrafeasNoteOrBuilder {
+    private static final long serialVersionUID = 0L;
+    // Use UserOwnedGrafeasNote.newBuilder() to construct.
+    private UserOwnedGrafeasNote(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+      super(builder);
+    }
+
+    private UserOwnedGrafeasNote() {
+      noteReference_ = "";
+      publicKeys_ = java.util.Collections.emptyList();
+      delegationServiceAccountEmail_ = "";
+    }
+
+    @java.lang.Override
+    @SuppressWarnings({"unused"})
+    protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+      return new UserOwnedGrafeasNote();
+    }
+
+    @java.lang.Override
+    public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+      return this.unknownFields;
+    }
+
+    private UserOwnedGrafeasNote(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      this();
+      if (extensionRegistry == null) {
+        throw new java.lang.NullPointerException();
+      }
+      int mutable_bitField0_ = 0;
+      com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+          com.google.protobuf.UnknownFieldSet.newBuilder();
+      try {
+        boolean done = false;
+        while (!done) {
+          int tag = input.readTag();
+          switch (tag) {
+            case 0:
+              done = true;
+              break;
+            case 10:
+              {
+                java.lang.String s = input.readStringRequireUtf8();
+
+                noteReference_ = s;
+                break;
+              }
+            case 18:
+              {
+                if (!((mutable_bitField0_ & 0x00000001) != 0)) {
+                  publicKeys_ =
+                      new java.util.ArrayList<
+                          com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                              .AttestorPublicKey>();
+                  mutable_bitField0_ |= 0x00000001;
+                }
+                publicKeys_.add(
+                    input.readMessage(
+                        com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                            .AttestorPublicKey.parser(),
+                        extensionRegistry));
+                break;
+              }
+            case 26:
+              {
+                java.lang.String s = input.readStringRequireUtf8();
+
+                delegationServiceAccountEmail_ = s;
+                break;
+              }
+            default:
+              {
+                if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                  done = true;
+                }
+                break;
+              }
+          }
+        }
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        throw e.setUnfinishedMessage(this);
+      } catch (java.io.IOException e) {
+        throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+      } finally {
+        if (((mutable_bitField0_ & 0x00000001) != 0)) {
+          publicKeys_ = java.util.Collections.unmodifiableList(publicKeys_);
+        }
+        this.unknownFields = unknownFields.build();
+        makeExtensionsImmutable();
+      }
+    }
+
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.protos.google.cloud.binaryauthorization.v1.Resources
+          .internal_static_google_cloud_binaryauthorization_v1_UserOwnedGrafeasNote_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.protos.google.cloud.binaryauthorization.v1.Resources
+          .internal_static_google_cloud_binaryauthorization_v1_UserOwnedGrafeasNote_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.UserOwnedGrafeasNote
+                  .class,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.UserOwnedGrafeasNote
+                  .Builder.class);
+    }
+
+    public static final int NOTE_REFERENCE_FIELD_NUMBER = 1;
+    private volatile java.lang.Object noteReference_;
+    /**
+     *
+     *
+     * <pre>
+     * Required. The Grafeas resource name of a Attestation.Authority Note,
+     * created by the user, in the format: `projects/&#42;&#47;notes/&#42;`. This field may
+     * not be updated.
+     * An attestation by this attestor is stored as a Grafeas
+     * Attestation.Authority Occurrence that names a container image and that
+     * links to this Note. Grafeas is an external dependency.
+     * </pre>
+     *
+     * <code>string note_reference = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return The noteReference.
+     */
+    @java.lang.Override
+    public java.lang.String getNoteReference() {
+      java.lang.Object ref = noteReference_;
+      if (ref instanceof java.lang.String) {
+        return (java.lang.String) ref;
+      } else {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        noteReference_ = s;
+        return s;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The Grafeas resource name of a Attestation.Authority Note,
+     * created by the user, in the format: `projects/&#42;&#47;notes/&#42;`. This field may
+     * not be updated.
+     * An attestation by this attestor is stored as a Grafeas
+     * Attestation.Authority Occurrence that names a container image and that
+     * links to this Note. Grafeas is an external dependency.
+     * </pre>
+     *
+     * <code>string note_reference = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return The bytes for noteReference.
+     */
+    @java.lang.Override
+    public com.google.protobuf.ByteString getNoteReferenceBytes() {
+      java.lang.Object ref = noteReference_;
+      if (ref instanceof java.lang.String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        noteReference_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+
+    public static final int PUBLIC_KEYS_FIELD_NUMBER = 2;
+    private java.util.List<
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey>
+        publicKeys_;
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Public keys that verify attestations signed by this
+     * attestor.  This field may be updated.
+     * If this field is non-empty, one of the specified public keys must
+     * verify that an attestation was signed by this attestor for the
+     * image specified in the admission request.
+     * If this field is empty, this attestor always returns that no
+     * valid attestations exist.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.binaryauthorization.v1.AttestorPublicKey public_keys = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    @java.lang.Override
+    public java.util.List<
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey>
+        getPublicKeysList() {
+      return publicKeys_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Public keys that verify attestations signed by this
+     * attestor.  This field may be updated.
+     * If this field is non-empty, one of the specified public keys must
+     * verify that an attestation was signed by this attestor for the
+     * image specified in the admission request.
+     * If this field is empty, this attestor always returns that no
+     * valid attestations exist.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.binaryauthorization.v1.AttestorPublicKey public_keys = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    @java.lang.Override
+    public java.util.List<
+            ? extends
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                    .AttestorPublicKeyOrBuilder>
+        getPublicKeysOrBuilderList() {
+      return publicKeys_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Public keys that verify attestations signed by this
+     * attestor.  This field may be updated.
+     * If this field is non-empty, one of the specified public keys must
+     * verify that an attestation was signed by this attestor for the
+     * image specified in the admission request.
+     * If this field is empty, this attestor always returns that no
+     * valid attestations exist.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.binaryauthorization.v1.AttestorPublicKey public_keys = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    @java.lang.Override
+    public int getPublicKeysCount() {
+      return publicKeys_.size();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Public keys that verify attestations signed by this
+     * attestor.  This field may be updated.
+     * If this field is non-empty, one of the specified public keys must
+     * verify that an attestation was signed by this attestor for the
+     * image specified in the admission request.
+     * If this field is empty, this attestor always returns that no
+     * valid attestations exist.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.binaryauthorization.v1.AttestorPublicKey public_keys = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey
+        getPublicKeys(int index) {
+      return publicKeys_.get(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Public keys that verify attestations signed by this
+     * attestor.  This field may be updated.
+     * If this field is non-empty, one of the specified public keys must
+     * verify that an attestation was signed by this attestor for the
+     * image specified in the admission request.
+     * If this field is empty, this attestor always returns that no
+     * valid attestations exist.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.binaryauthorization.v1.AttestorPublicKey public_keys = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .AttestorPublicKeyOrBuilder
+        getPublicKeysOrBuilder(int index) {
+      return publicKeys_.get(index);
+    }
+
+    public static final int DELEGATION_SERVICE_ACCOUNT_EMAIL_FIELD_NUMBER = 3;
+    private volatile java.lang.Object delegationServiceAccountEmail_;
+    /**
+     *
+     *
+     * <pre>
+     * Output only. This field will contain the service account email address
+     * that this Attestor will use as the principal when querying Container
+     * Analysis. Attestor administrators must grant this service account the
+     * IAM role needed to read attestations from the [note_reference][Note] in
+     * Container Analysis (`containeranalysis.notes.occurrences.viewer`).
+     * This email address is fixed for the lifetime of the Attestor, but callers
+     * should not make any other assumptions about the service account email;
+     * future versions may use an email based on a different naming pattern.
+     * </pre>
+     *
+     * <code>
+     * string delegation_service_account_email = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return The delegationServiceAccountEmail.
+     */
+    @java.lang.Override
+    public java.lang.String getDelegationServiceAccountEmail() {
+      java.lang.Object ref = delegationServiceAccountEmail_;
+      if (ref instanceof java.lang.String) {
+        return (java.lang.String) ref;
+      } else {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        delegationServiceAccountEmail_ = s;
+        return s;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. This field will contain the service account email address
+     * that this Attestor will use as the principal when querying Container
+     * Analysis. Attestor administrators must grant this service account the
+     * IAM role needed to read attestations from the [note_reference][Note] in
+     * Container Analysis (`containeranalysis.notes.occurrences.viewer`).
+     * This email address is fixed for the lifetime of the Attestor, but callers
+     * should not make any other assumptions about the service account email;
+     * future versions may use an email based on a different naming pattern.
+     * </pre>
+     *
+     * <code>
+     * string delegation_service_account_email = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return The bytes for delegationServiceAccountEmail.
+     */
+    @java.lang.Override
+    public com.google.protobuf.ByteString getDelegationServiceAccountEmailBytes() {
+      java.lang.Object ref = delegationServiceAccountEmail_;
+      if (ref instanceof java.lang.String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        delegationServiceAccountEmail_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+
+    private byte memoizedIsInitialized = -1;
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      byte isInitialized = memoizedIsInitialized;
+      if (isInitialized == 1) return true;
+      if (isInitialized == 0) return false;
+
+      memoizedIsInitialized = 1;
+      return true;
+    }
+
+    @java.lang.Override
+    public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+      if (!getNoteReferenceBytes().isEmpty()) {
+        com.google.protobuf.GeneratedMessageV3.writeString(output, 1, noteReference_);
+      }
+      for (int i = 0; i < publicKeys_.size(); i++) {
+        output.writeMessage(2, publicKeys_.get(i));
+      }
+      if (!getDelegationServiceAccountEmailBytes().isEmpty()) {
+        com.google.protobuf.GeneratedMessageV3.writeString(
+            output, 3, delegationServiceAccountEmail_);
+      }
+      unknownFields.writeTo(output);
+    }
+
+    @java.lang.Override
+    public int getSerializedSize() {
+      int size = memoizedSize;
+      if (size != -1) return size;
+
+      size = 0;
+      if (!getNoteReferenceBytes().isEmpty()) {
+        size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, noteReference_);
+      }
+      for (int i = 0; i < publicKeys_.size(); i++) {
+        size += com.google.protobuf.CodedOutputStream.computeMessageSize(2, publicKeys_.get(i));
+      }
+      if (!getDelegationServiceAccountEmailBytes().isEmpty()) {
+        size +=
+            com.google.protobuf.GeneratedMessageV3.computeStringSize(
+                3, delegationServiceAccountEmail_);
+      }
+      size += unknownFields.getSerializedSize();
+      memoizedSize = size;
+      return size;
+    }
+
+    @java.lang.Override
+    public boolean equals(final java.lang.Object obj) {
+      if (obj == this) {
+        return true;
+      }
+      if (!(obj
+          instanceof
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.UserOwnedGrafeasNote)) {
+        return super.equals(obj);
+      }
+      com.google.protos.google.cloud.binaryauthorization.v1.Resources.UserOwnedGrafeasNote other =
+          (com.google.protos.google.cloud.binaryauthorization.v1.Resources.UserOwnedGrafeasNote)
+              obj;
+
+      if (!getNoteReference().equals(other.getNoteReference())) return false;
+      if (!getPublicKeysList().equals(other.getPublicKeysList())) return false;
+      if (!getDelegationServiceAccountEmail().equals(other.getDelegationServiceAccountEmail()))
+        return false;
+      if (!unknownFields.equals(other.unknownFields)) return false;
+      return true;
+    }
+
+    @java.lang.Override
+    public int hashCode() {
+      if (memoizedHashCode != 0) {
+        return memoizedHashCode;
+      }
+      int hash = 41;
+      hash = (19 * hash) + getDescriptor().hashCode();
+      hash = (37 * hash) + NOTE_REFERENCE_FIELD_NUMBER;
+      hash = (53 * hash) + getNoteReference().hashCode();
+      if (getPublicKeysCount() > 0) {
+        hash = (37 * hash) + PUBLIC_KEYS_FIELD_NUMBER;
+        hash = (53 * hash) + getPublicKeysList().hashCode();
+      }
+      hash = (37 * hash) + DELEGATION_SERVICE_ACCOUNT_EMAIL_FIELD_NUMBER;
+      hash = (53 * hash) + getDelegationServiceAccountEmail().hashCode();
+      hash = (29 * hash) + unknownFields.hashCode();
+      memoizedHashCode = hash;
+      return hash;
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .UserOwnedGrafeasNote
+        parseFrom(java.nio.ByteBuffer data)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .UserOwnedGrafeasNote
+        parseFrom(
+            java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .UserOwnedGrafeasNote
+        parseFrom(com.google.protobuf.ByteString data)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .UserOwnedGrafeasNote
+        parseFrom(
+            com.google.protobuf.ByteString data,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .UserOwnedGrafeasNote
+        parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .UserOwnedGrafeasNote
+        parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .UserOwnedGrafeasNote
+        parseFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .UserOwnedGrafeasNote
+        parseFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .UserOwnedGrafeasNote
+        parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .UserOwnedGrafeasNote
+        parseDelimitedFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .UserOwnedGrafeasNote
+        parseFrom(com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .UserOwnedGrafeasNote
+        parseFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    @java.lang.Override
+    public Builder newBuilderForType() {
+      return newBuilder();
+    }
+
+    public static Builder newBuilder() {
+      return DEFAULT_INSTANCE.toBuilder();
+    }
+
+    public static Builder newBuilder(
+        com.google.protos.google.cloud.binaryauthorization.v1.Resources.UserOwnedGrafeasNote
+            prototype) {
+      return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+    }
+
+    @java.lang.Override
+    public Builder toBuilder() {
+      return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+    }
+
+    @java.lang.Override
+    protected Builder newBuilderForType(
+        com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      Builder builder = new Builder(parent);
+      return builder;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * An [user owned Grafeas note][google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote] references a Grafeas
+     * Attestation.Authority Note created by the user.
+     * </pre>
+     *
+     * Protobuf type {@code google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote}
+     */
+    public static final class Builder
+        extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+        implements
+        // @@protoc_insertion_point(builder_implements:google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote)
+        com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .UserOwnedGrafeasNoteOrBuilder {
+      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .internal_static_google_cloud_binaryauthorization_v1_UserOwnedGrafeasNote_descriptor;
+      }
+
+      @java.lang.Override
+      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+          internalGetFieldAccessorTable() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .internal_static_google_cloud_binaryauthorization_v1_UserOwnedGrafeasNote_fieldAccessorTable
+            .ensureFieldAccessorsInitialized(
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.UserOwnedGrafeasNote
+                    .class,
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.UserOwnedGrafeasNote
+                    .Builder.class);
+      }
+
+      // Construct using
+      // com.google.protos.google.cloud.binaryauthorization.v1.Resources.UserOwnedGrafeasNote.newBuilder()
+      private Builder() {
+        maybeForceBuilderInitialization();
+      }
+
+      private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+        super(parent);
+        maybeForceBuilderInitialization();
+      }
+
+      private void maybeForceBuilderInitialization() {
+        if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {
+          getPublicKeysFieldBuilder();
+        }
+      }
+
+      @java.lang.Override
+      public Builder clear() {
+        super.clear();
+        noteReference_ = "";
+
+        if (publicKeysBuilder_ == null) {
+          publicKeys_ = java.util.Collections.emptyList();
+          bitField0_ = (bitField0_ & ~0x00000001);
+        } else {
+          publicKeysBuilder_.clear();
+        }
+        delegationServiceAccountEmail_ = "";
+
+        return this;
+      }
+
+      @java.lang.Override
+      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .internal_static_google_cloud_binaryauthorization_v1_UserOwnedGrafeasNote_descriptor;
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.UserOwnedGrafeasNote
+          getDefaultInstanceForType() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Resources.UserOwnedGrafeasNote
+            .getDefaultInstance();
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.UserOwnedGrafeasNote
+          build() {
+        com.google.protos.google.cloud.binaryauthorization.v1.Resources.UserOwnedGrafeasNote
+            result = buildPartial();
+        if (!result.isInitialized()) {
+          throw newUninitializedMessageException(result);
+        }
+        return result;
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.UserOwnedGrafeasNote
+          buildPartial() {
+        com.google.protos.google.cloud.binaryauthorization.v1.Resources.UserOwnedGrafeasNote
+            result =
+                new com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                    .UserOwnedGrafeasNote(this);
+        int from_bitField0_ = bitField0_;
+        result.noteReference_ = noteReference_;
+        if (publicKeysBuilder_ == null) {
+          if (((bitField0_ & 0x00000001) != 0)) {
+            publicKeys_ = java.util.Collections.unmodifiableList(publicKeys_);
+            bitField0_ = (bitField0_ & ~0x00000001);
+          }
+          result.publicKeys_ = publicKeys_;
+        } else {
+          result.publicKeys_ = publicKeysBuilder_.build();
+        }
+        result.delegationServiceAccountEmail_ = delegationServiceAccountEmail_;
+        onBuilt();
+        return result;
+      }
+
+      @java.lang.Override
+      public Builder clone() {
+        return super.clone();
+      }
+
+      @java.lang.Override
+      public Builder setField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.setField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+        return super.clearField(field);
+      }
+
+      @java.lang.Override
+      public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+        return super.clearOneof(oneof);
+      }
+
+      @java.lang.Override
+      public Builder setRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field,
+          int index,
+          java.lang.Object value) {
+        return super.setRepeatedField(field, index, value);
+      }
+
+      @java.lang.Override
+      public Builder addRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.addRepeatedField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(com.google.protobuf.Message other) {
+        if (other
+            instanceof
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.UserOwnedGrafeasNote) {
+          return mergeFrom(
+              (com.google.protos.google.cloud.binaryauthorization.v1.Resources.UserOwnedGrafeasNote)
+                  other);
+        } else {
+          super.mergeFrom(other);
+          return this;
+        }
+      }
+
+      public Builder mergeFrom(
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.UserOwnedGrafeasNote
+              other) {
+        if (other
+            == com.google.protos.google.cloud.binaryauthorization.v1.Resources.UserOwnedGrafeasNote
+                .getDefaultInstance()) return this;
+        if (!other.getNoteReference().isEmpty()) {
+          noteReference_ = other.noteReference_;
+          onChanged();
+        }
+        if (publicKeysBuilder_ == null) {
+          if (!other.publicKeys_.isEmpty()) {
+            if (publicKeys_.isEmpty()) {
+              publicKeys_ = other.publicKeys_;
+              bitField0_ = (bitField0_ & ~0x00000001);
+            } else {
+              ensurePublicKeysIsMutable();
+              publicKeys_.addAll(other.publicKeys_);
+            }
+            onChanged();
+          }
+        } else {
+          if (!other.publicKeys_.isEmpty()) {
+            if (publicKeysBuilder_.isEmpty()) {
+              publicKeysBuilder_.dispose();
+              publicKeysBuilder_ = null;
+              publicKeys_ = other.publicKeys_;
+              bitField0_ = (bitField0_ & ~0x00000001);
+              publicKeysBuilder_ =
+                  com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders
+                      ? getPublicKeysFieldBuilder()
+                      : null;
+            } else {
+              publicKeysBuilder_.addAllMessages(other.publicKeys_);
+            }
+          }
+        }
+        if (!other.getDelegationServiceAccountEmail().isEmpty()) {
+          delegationServiceAccountEmail_ = other.delegationServiceAccountEmail_;
+          onChanged();
+        }
+        this.mergeUnknownFields(other.unknownFields);
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final boolean isInitialized() {
+        return true;
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+        com.google.protos.google.cloud.binaryauthorization.v1.Resources.UserOwnedGrafeasNote
+            parsedMessage = null;
+        try {
+          parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+        } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+          parsedMessage =
+              (com.google.protos.google.cloud.binaryauthorization.v1.Resources.UserOwnedGrafeasNote)
+                  e.getUnfinishedMessage();
+          throw e.unwrapIOException();
+        } finally {
+          if (parsedMessage != null) {
+            mergeFrom(parsedMessage);
+          }
+        }
+        return this;
+      }
+
+      private int bitField0_;
+
+      private java.lang.Object noteReference_ = "";
+      /**
+       *
+       *
+       * <pre>
+       * Required. The Grafeas resource name of a Attestation.Authority Note,
+       * created by the user, in the format: `projects/&#42;&#47;notes/&#42;`. This field may
+       * not be updated.
+       * An attestation by this attestor is stored as a Grafeas
+       * Attestation.Authority Occurrence that names a container image and that
+       * links to this Note. Grafeas is an external dependency.
+       * </pre>
+       *
+       * <code>string note_reference = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+       *
+       * @return The noteReference.
+       */
+      public java.lang.String getNoteReference() {
+        java.lang.Object ref = noteReference_;
+        if (!(ref instanceof java.lang.String)) {
+          com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+          java.lang.String s = bs.toStringUtf8();
+          noteReference_ = s;
+          return s;
+        } else {
+          return (java.lang.String) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The Grafeas resource name of a Attestation.Authority Note,
+       * created by the user, in the format: `projects/&#42;&#47;notes/&#42;`. This field may
+       * not be updated.
+       * An attestation by this attestor is stored as a Grafeas
+       * Attestation.Authority Occurrence that names a container image and that
+       * links to this Note. Grafeas is an external dependency.
+       * </pre>
+       *
+       * <code>string note_reference = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+       *
+       * @return The bytes for noteReference.
+       */
+      public com.google.protobuf.ByteString getNoteReferenceBytes() {
+        java.lang.Object ref = noteReference_;
+        if (ref instanceof String) {
+          com.google.protobuf.ByteString b =
+              com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+          noteReference_ = b;
+          return b;
+        } else {
+          return (com.google.protobuf.ByteString) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The Grafeas resource name of a Attestation.Authority Note,
+       * created by the user, in the format: `projects/&#42;&#47;notes/&#42;`. This field may
+       * not be updated.
+       * An attestation by this attestor is stored as a Grafeas
+       * Attestation.Authority Occurrence that names a container image and that
+       * links to this Note. Grafeas is an external dependency.
+       * </pre>
+       *
+       * <code>string note_reference = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+       *
+       * @param value The noteReference to set.
+       * @return This builder for chaining.
+       */
+      public Builder setNoteReference(java.lang.String value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+
+        noteReference_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The Grafeas resource name of a Attestation.Authority Note,
+       * created by the user, in the format: `projects/&#42;&#47;notes/&#42;`. This field may
+       * not be updated.
+       * An attestation by this attestor is stored as a Grafeas
+       * Attestation.Authority Occurrence that names a container image and that
+       * links to this Note. Grafeas is an external dependency.
+       * </pre>
+       *
+       * <code>string note_reference = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearNoteReference() {
+
+        noteReference_ = getDefaultInstance().getNoteReference();
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The Grafeas resource name of a Attestation.Authority Note,
+       * created by the user, in the format: `projects/&#42;&#47;notes/&#42;`. This field may
+       * not be updated.
+       * An attestation by this attestor is stored as a Grafeas
+       * Attestation.Authority Occurrence that names a container image and that
+       * links to this Note. Grafeas is an external dependency.
+       * </pre>
+       *
+       * <code>string note_reference = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+       *
+       * @param value The bytes for noteReference to set.
+       * @return This builder for chaining.
+       */
+      public Builder setNoteReferenceBytes(com.google.protobuf.ByteString value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        checkByteStringIsUtf8(value);
+
+        noteReference_ = value;
+        onChanged();
+        return this;
+      }
+
+      private java.util.List<
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey>
+          publicKeys_ = java.util.Collections.emptyList();
+
+      private void ensurePublicKeysIsMutable() {
+        if (!((bitField0_ & 0x00000001) != 0)) {
+          publicKeys_ =
+              new java.util.ArrayList<
+                  com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                      .AttestorPublicKey>(publicKeys_);
+          bitField0_ |= 0x00000001;
+        }
+      }
+
+      private com.google.protobuf.RepeatedFieldBuilderV3<
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey
+                  .Builder,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                  .AttestorPublicKeyOrBuilder>
+          publicKeysBuilder_;
+
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Public keys that verify attestations signed by this
+       * attestor.  This field may be updated.
+       * If this field is non-empty, one of the specified public keys must
+       * verify that an attestation was signed by this attestor for the
+       * image specified in the admission request.
+       * If this field is empty, this attestor always returns that no
+       * valid attestations exist.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.binaryauthorization.v1.AttestorPublicKey public_keys = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public java.util.List<
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey>
+          getPublicKeysList() {
+        if (publicKeysBuilder_ == null) {
+          return java.util.Collections.unmodifiableList(publicKeys_);
+        } else {
+          return publicKeysBuilder_.getMessageList();
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Public keys that verify attestations signed by this
+       * attestor.  This field may be updated.
+       * If this field is non-empty, one of the specified public keys must
+       * verify that an attestation was signed by this attestor for the
+       * image specified in the admission request.
+       * If this field is empty, this attestor always returns that no
+       * valid attestations exist.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.binaryauthorization.v1.AttestorPublicKey public_keys = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public int getPublicKeysCount() {
+        if (publicKeysBuilder_ == null) {
+          return publicKeys_.size();
+        } else {
+          return publicKeysBuilder_.getCount();
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Public keys that verify attestations signed by this
+       * attestor.  This field may be updated.
+       * If this field is non-empty, one of the specified public keys must
+       * verify that an attestation was signed by this attestor for the
+       * image specified in the admission request.
+       * If this field is empty, this attestor always returns that no
+       * valid attestations exist.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.binaryauthorization.v1.AttestorPublicKey public_keys = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey
+          getPublicKeys(int index) {
+        if (publicKeysBuilder_ == null) {
+          return publicKeys_.get(index);
+        } else {
+          return publicKeysBuilder_.getMessage(index);
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Public keys that verify attestations signed by this
+       * attestor.  This field may be updated.
+       * If this field is non-empty, one of the specified public keys must
+       * verify that an attestation was signed by this attestor for the
+       * image specified in the admission request.
+       * If this field is empty, this attestor always returns that no
+       * valid attestations exist.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.binaryauthorization.v1.AttestorPublicKey public_keys = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder setPublicKeys(
+          int index,
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey value) {
+        if (publicKeysBuilder_ == null) {
+          if (value == null) {
+            throw new NullPointerException();
+          }
+          ensurePublicKeysIsMutable();
+          publicKeys_.set(index, value);
+          onChanged();
+        } else {
+          publicKeysBuilder_.setMessage(index, value);
+        }
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Public keys that verify attestations signed by this
+       * attestor.  This field may be updated.
+       * If this field is non-empty, one of the specified public keys must
+       * verify that an attestation was signed by this attestor for the
+       * image specified in the admission request.
+       * If this field is empty, this attestor always returns that no
+       * valid attestations exist.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.binaryauthorization.v1.AttestorPublicKey public_keys = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder setPublicKeys(
+          int index,
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey.Builder
+              builderForValue) {
+        if (publicKeysBuilder_ == null) {
+          ensurePublicKeysIsMutable();
+          publicKeys_.set(index, builderForValue.build());
+          onChanged();
+        } else {
+          publicKeysBuilder_.setMessage(index, builderForValue.build());
+        }
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Public keys that verify attestations signed by this
+       * attestor.  This field may be updated.
+       * If this field is non-empty, one of the specified public keys must
+       * verify that an attestation was signed by this attestor for the
+       * image specified in the admission request.
+       * If this field is empty, this attestor always returns that no
+       * valid attestations exist.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.binaryauthorization.v1.AttestorPublicKey public_keys = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder addPublicKeys(
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey value) {
+        if (publicKeysBuilder_ == null) {
+          if (value == null) {
+            throw new NullPointerException();
+          }
+          ensurePublicKeysIsMutable();
+          publicKeys_.add(value);
+          onChanged();
+        } else {
+          publicKeysBuilder_.addMessage(value);
+        }
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Public keys that verify attestations signed by this
+       * attestor.  This field may be updated.
+       * If this field is non-empty, one of the specified public keys must
+       * verify that an attestation was signed by this attestor for the
+       * image specified in the admission request.
+       * If this field is empty, this attestor always returns that no
+       * valid attestations exist.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.binaryauthorization.v1.AttestorPublicKey public_keys = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder addPublicKeys(
+          int index,
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey value) {
+        if (publicKeysBuilder_ == null) {
+          if (value == null) {
+            throw new NullPointerException();
+          }
+          ensurePublicKeysIsMutable();
+          publicKeys_.add(index, value);
+          onChanged();
+        } else {
+          publicKeysBuilder_.addMessage(index, value);
+        }
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Public keys that verify attestations signed by this
+       * attestor.  This field may be updated.
+       * If this field is non-empty, one of the specified public keys must
+       * verify that an attestation was signed by this attestor for the
+       * image specified in the admission request.
+       * If this field is empty, this attestor always returns that no
+       * valid attestations exist.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.binaryauthorization.v1.AttestorPublicKey public_keys = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder addPublicKeys(
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey.Builder
+              builderForValue) {
+        if (publicKeysBuilder_ == null) {
+          ensurePublicKeysIsMutable();
+          publicKeys_.add(builderForValue.build());
+          onChanged();
+        } else {
+          publicKeysBuilder_.addMessage(builderForValue.build());
+        }
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Public keys that verify attestations signed by this
+       * attestor.  This field may be updated.
+       * If this field is non-empty, one of the specified public keys must
+       * verify that an attestation was signed by this attestor for the
+       * image specified in the admission request.
+       * If this field is empty, this attestor always returns that no
+       * valid attestations exist.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.binaryauthorization.v1.AttestorPublicKey public_keys = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder addPublicKeys(
+          int index,
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey.Builder
+              builderForValue) {
+        if (publicKeysBuilder_ == null) {
+          ensurePublicKeysIsMutable();
+          publicKeys_.add(index, builderForValue.build());
+          onChanged();
+        } else {
+          publicKeysBuilder_.addMessage(index, builderForValue.build());
+        }
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Public keys that verify attestations signed by this
+       * attestor.  This field may be updated.
+       * If this field is non-empty, one of the specified public keys must
+       * verify that an attestation was signed by this attestor for the
+       * image specified in the admission request.
+       * If this field is empty, this attestor always returns that no
+       * valid attestations exist.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.binaryauthorization.v1.AttestorPublicKey public_keys = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder addAllPublicKeys(
+          java.lang.Iterable<
+                  ? extends
+                      com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                          .AttestorPublicKey>
+              values) {
+        if (publicKeysBuilder_ == null) {
+          ensurePublicKeysIsMutable();
+          com.google.protobuf.AbstractMessageLite.Builder.addAll(values, publicKeys_);
+          onChanged();
+        } else {
+          publicKeysBuilder_.addAllMessages(values);
+        }
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Public keys that verify attestations signed by this
+       * attestor.  This field may be updated.
+       * If this field is non-empty, one of the specified public keys must
+       * verify that an attestation was signed by this attestor for the
+       * image specified in the admission request.
+       * If this field is empty, this attestor always returns that no
+       * valid attestations exist.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.binaryauthorization.v1.AttestorPublicKey public_keys = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder clearPublicKeys() {
+        if (publicKeysBuilder_ == null) {
+          publicKeys_ = java.util.Collections.emptyList();
+          bitField0_ = (bitField0_ & ~0x00000001);
+          onChanged();
+        } else {
+          publicKeysBuilder_.clear();
+        }
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Public keys that verify attestations signed by this
+       * attestor.  This field may be updated.
+       * If this field is non-empty, one of the specified public keys must
+       * verify that an attestation was signed by this attestor for the
+       * image specified in the admission request.
+       * If this field is empty, this attestor always returns that no
+       * valid attestations exist.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.binaryauthorization.v1.AttestorPublicKey public_keys = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder removePublicKeys(int index) {
+        if (publicKeysBuilder_ == null) {
+          ensurePublicKeysIsMutable();
+          publicKeys_.remove(index);
+          onChanged();
+        } else {
+          publicKeysBuilder_.remove(index);
+        }
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Public keys that verify attestations signed by this
+       * attestor.  This field may be updated.
+       * If this field is non-empty, one of the specified public keys must
+       * verify that an attestation was signed by this attestor for the
+       * image specified in the admission request.
+       * If this field is empty, this attestor always returns that no
+       * valid attestations exist.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.binaryauthorization.v1.AttestorPublicKey public_keys = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey
+              .Builder
+          getPublicKeysBuilder(int index) {
+        return getPublicKeysFieldBuilder().getBuilder(index);
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Public keys that verify attestations signed by this
+       * attestor.  This field may be updated.
+       * If this field is non-empty, one of the specified public keys must
+       * verify that an attestation was signed by this attestor for the
+       * image specified in the admission request.
+       * If this field is empty, this attestor always returns that no
+       * valid attestations exist.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.binaryauthorization.v1.AttestorPublicKey public_keys = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources
+              .AttestorPublicKeyOrBuilder
+          getPublicKeysOrBuilder(int index) {
+        if (publicKeysBuilder_ == null) {
+          return publicKeys_.get(index);
+        } else {
+          return publicKeysBuilder_.getMessageOrBuilder(index);
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Public keys that verify attestations signed by this
+       * attestor.  This field may be updated.
+       * If this field is non-empty, one of the specified public keys must
+       * verify that an attestation was signed by this attestor for the
+       * image specified in the admission request.
+       * If this field is empty, this attestor always returns that no
+       * valid attestations exist.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.binaryauthorization.v1.AttestorPublicKey public_keys = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public java.util.List<
+              ? extends
+                  com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                      .AttestorPublicKeyOrBuilder>
+          getPublicKeysOrBuilderList() {
+        if (publicKeysBuilder_ != null) {
+          return publicKeysBuilder_.getMessageOrBuilderList();
+        } else {
+          return java.util.Collections.unmodifiableList(publicKeys_);
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Public keys that verify attestations signed by this
+       * attestor.  This field may be updated.
+       * If this field is non-empty, one of the specified public keys must
+       * verify that an attestation was signed by this attestor for the
+       * image specified in the admission request.
+       * If this field is empty, this attestor always returns that no
+       * valid attestations exist.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.binaryauthorization.v1.AttestorPublicKey public_keys = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey
+              .Builder
+          addPublicKeysBuilder() {
+        return getPublicKeysFieldBuilder()
+            .addBuilder(
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey
+                    .getDefaultInstance());
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Public keys that verify attestations signed by this
+       * attestor.  This field may be updated.
+       * If this field is non-empty, one of the specified public keys must
+       * verify that an attestation was signed by this attestor for the
+       * image specified in the admission request.
+       * If this field is empty, this attestor always returns that no
+       * valid attestations exist.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.binaryauthorization.v1.AttestorPublicKey public_keys = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey
+              .Builder
+          addPublicKeysBuilder(int index) {
+        return getPublicKeysFieldBuilder()
+            .addBuilder(
+                index,
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey
+                    .getDefaultInstance());
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Public keys that verify attestations signed by this
+       * attestor.  This field may be updated.
+       * If this field is non-empty, one of the specified public keys must
+       * verify that an attestation was signed by this attestor for the
+       * image specified in the admission request.
+       * If this field is empty, this attestor always returns that no
+       * valid attestations exist.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.binaryauthorization.v1.AttestorPublicKey public_keys = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public java.util.List<
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey
+                  .Builder>
+          getPublicKeysBuilderList() {
+        return getPublicKeysFieldBuilder().getBuilderList();
+      }
+
+      private com.google.protobuf.RepeatedFieldBuilderV3<
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey
+                  .Builder,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                  .AttestorPublicKeyOrBuilder>
+          getPublicKeysFieldBuilder() {
+        if (publicKeysBuilder_ == null) {
+          publicKeysBuilder_ =
+              new com.google.protobuf.RepeatedFieldBuilderV3<
+                  com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey,
+                  com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey
+                      .Builder,
+                  com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                      .AttestorPublicKeyOrBuilder>(
+                  publicKeys_, ((bitField0_ & 0x00000001) != 0), getParentForChildren(), isClean());
+          publicKeys_ = null;
+        }
+        return publicKeysBuilder_;
+      }
+
+      private java.lang.Object delegationServiceAccountEmail_ = "";
+      /**
+       *
+       *
+       * <pre>
+       * Output only. This field will contain the service account email address
+       * that this Attestor will use as the principal when querying Container
+       * Analysis. Attestor administrators must grant this service account the
+       * IAM role needed to read attestations from the [note_reference][Note] in
+       * Container Analysis (`containeranalysis.notes.occurrences.viewer`).
+       * This email address is fixed for the lifetime of the Attestor, but callers
+       * should not make any other assumptions about the service account email;
+       * future versions may use an email based on a different naming pattern.
+       * </pre>
+       *
+       * <code>
+       * string delegation_service_account_email = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];
+       * </code>
+       *
+       * @return The delegationServiceAccountEmail.
+       */
+      public java.lang.String getDelegationServiceAccountEmail() {
+        java.lang.Object ref = delegationServiceAccountEmail_;
+        if (!(ref instanceof java.lang.String)) {
+          com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+          java.lang.String s = bs.toStringUtf8();
+          delegationServiceAccountEmail_ = s;
+          return s;
+        } else {
+          return (java.lang.String) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Output only. This field will contain the service account email address
+       * that this Attestor will use as the principal when querying Container
+       * Analysis. Attestor administrators must grant this service account the
+       * IAM role needed to read attestations from the [note_reference][Note] in
+       * Container Analysis (`containeranalysis.notes.occurrences.viewer`).
+       * This email address is fixed for the lifetime of the Attestor, but callers
+       * should not make any other assumptions about the service account email;
+       * future versions may use an email based on a different naming pattern.
+       * </pre>
+       *
+       * <code>
+       * string delegation_service_account_email = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];
+       * </code>
+       *
+       * @return The bytes for delegationServiceAccountEmail.
+       */
+      public com.google.protobuf.ByteString getDelegationServiceAccountEmailBytes() {
+        java.lang.Object ref = delegationServiceAccountEmail_;
+        if (ref instanceof String) {
+          com.google.protobuf.ByteString b =
+              com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+          delegationServiceAccountEmail_ = b;
+          return b;
+        } else {
+          return (com.google.protobuf.ByteString) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Output only. This field will contain the service account email address
+       * that this Attestor will use as the principal when querying Container
+       * Analysis. Attestor administrators must grant this service account the
+       * IAM role needed to read attestations from the [note_reference][Note] in
+       * Container Analysis (`containeranalysis.notes.occurrences.viewer`).
+       * This email address is fixed for the lifetime of the Attestor, but callers
+       * should not make any other assumptions about the service account email;
+       * future versions may use an email based on a different naming pattern.
+       * </pre>
+       *
+       * <code>
+       * string delegation_service_account_email = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];
+       * </code>
+       *
+       * @param value The delegationServiceAccountEmail to set.
+       * @return This builder for chaining.
+       */
+      public Builder setDelegationServiceAccountEmail(java.lang.String value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+
+        delegationServiceAccountEmail_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Output only. This field will contain the service account email address
+       * that this Attestor will use as the principal when querying Container
+       * Analysis. Attestor administrators must grant this service account the
+       * IAM role needed to read attestations from the [note_reference][Note] in
+       * Container Analysis (`containeranalysis.notes.occurrences.viewer`).
+       * This email address is fixed for the lifetime of the Attestor, but callers
+       * should not make any other assumptions about the service account email;
+       * future versions may use an email based on a different naming pattern.
+       * </pre>
+       *
+       * <code>
+       * string delegation_service_account_email = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];
+       * </code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearDelegationServiceAccountEmail() {
+
+        delegationServiceAccountEmail_ = getDefaultInstance().getDelegationServiceAccountEmail();
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Output only. This field will contain the service account email address
+       * that this Attestor will use as the principal when querying Container
+       * Analysis. Attestor administrators must grant this service account the
+       * IAM role needed to read attestations from the [note_reference][Note] in
+       * Container Analysis (`containeranalysis.notes.occurrences.viewer`).
+       * This email address is fixed for the lifetime of the Attestor, but callers
+       * should not make any other assumptions about the service account email;
+       * future versions may use an email based on a different naming pattern.
+       * </pre>
+       *
+       * <code>
+       * string delegation_service_account_email = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];
+       * </code>
+       *
+       * @param value The bytes for delegationServiceAccountEmail to set.
+       * @return This builder for chaining.
+       */
+      public Builder setDelegationServiceAccountEmailBytes(com.google.protobuf.ByteString value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        checkByteStringIsUtf8(value);
+
+        delegationServiceAccountEmail_ = value;
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final Builder setUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.setUnknownFields(unknownFields);
+      }
+
+      @java.lang.Override
+      public final Builder mergeUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.mergeUnknownFields(unknownFields);
+      }
+
+      // @@protoc_insertion_point(builder_scope:google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote)
+    }
+
+    // @@protoc_insertion_point(class_scope:google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote)
+    private static final com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .UserOwnedGrafeasNote
+        DEFAULT_INSTANCE;
+
+    static {
+      DEFAULT_INSTANCE =
+          new com.google.protos.google.cloud.binaryauthorization.v1.Resources
+              .UserOwnedGrafeasNote();
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .UserOwnedGrafeasNote
+        getDefaultInstance() {
+      return DEFAULT_INSTANCE;
+    }
+
+    private static final com.google.protobuf.Parser<UserOwnedGrafeasNote> PARSER =
+        new com.google.protobuf.AbstractParser<UserOwnedGrafeasNote>() {
+          @java.lang.Override
+          public UserOwnedGrafeasNote parsePartialFrom(
+              com.google.protobuf.CodedInputStream input,
+              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws com.google.protobuf.InvalidProtocolBufferException {
+            return new UserOwnedGrafeasNote(input, extensionRegistry);
+          }
+        };
+
+    public static com.google.protobuf.Parser<UserOwnedGrafeasNote> parser() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Parser<UserOwnedGrafeasNote> getParserForType() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources.UserOwnedGrafeasNote
+        getDefaultInstanceForType() {
+      return DEFAULT_INSTANCE;
+    }
+  }
+
+  public interface PkixPublicKeyOrBuilder
+      extends
+      // @@protoc_insertion_point(interface_extends:google.cloud.binaryauthorization.v1.PkixPublicKey)
+      com.google.protobuf.MessageOrBuilder {
+
+    /**
+     *
+     *
+     * <pre>
+     * A PEM-encoded public key, as described in
+     * https://tools.ietf.org/html/rfc7468#section-13
+     * </pre>
+     *
+     * <code>string public_key_pem = 1;</code>
+     *
+     * @return The publicKeyPem.
+     */
+    java.lang.String getPublicKeyPem();
+    /**
+     *
+     *
+     * <pre>
+     * A PEM-encoded public key, as described in
+     * https://tools.ietf.org/html/rfc7468#section-13
+     * </pre>
+     *
+     * <code>string public_key_pem = 1;</code>
+     *
+     * @return The bytes for publicKeyPem.
+     */
+    com.google.protobuf.ByteString getPublicKeyPemBytes();
+
+    /**
+     *
+     *
+     * <pre>
+     * The signature algorithm used to verify a message against a signature using
+     * this key.
+     * These signature algorithm must match the structure and any object
+     * identifiers encoded in `public_key_pem` (i.e. this algorithm must match
+     * that of the public key).
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.binaryauthorization.v1.PkixPublicKey.SignatureAlgorithm signature_algorithm = 2;
+     * </code>
+     *
+     * @return The enum numeric value on the wire for signatureAlgorithm.
+     */
+    int getSignatureAlgorithmValue();
+    /**
+     *
+     *
+     * <pre>
+     * The signature algorithm used to verify a message against a signature using
+     * this key.
+     * These signature algorithm must match the structure and any object
+     * identifiers encoded in `public_key_pem` (i.e. this algorithm must match
+     * that of the public key).
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.binaryauthorization.v1.PkixPublicKey.SignatureAlgorithm signature_algorithm = 2;
+     * </code>
+     *
+     * @return The signatureAlgorithm.
+     */
+    com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey.SignatureAlgorithm
+        getSignatureAlgorithm();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * A public key in the PkixPublicKey format (see
+   * https://tools.ietf.org/html/rfc5280#section-4.1.2.7 for details).
+   * Public keys of this type are typically textually encoded using the PEM
+   * format.
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.binaryauthorization.v1.PkixPublicKey}
+   */
+  public static final class PkixPublicKey extends com.google.protobuf.GeneratedMessageV3
+      implements
+      // @@protoc_insertion_point(message_implements:google.cloud.binaryauthorization.v1.PkixPublicKey)
+      PkixPublicKeyOrBuilder {
+    private static final long serialVersionUID = 0L;
+    // Use PkixPublicKey.newBuilder() to construct.
+    private PkixPublicKey(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+      super(builder);
+    }
+
+    private PkixPublicKey() {
+      publicKeyPem_ = "";
+      signatureAlgorithm_ = 0;
+    }
+
+    @java.lang.Override
+    @SuppressWarnings({"unused"})
+    protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+      return new PkixPublicKey();
+    }
+
+    @java.lang.Override
+    public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+      return this.unknownFields;
+    }
+
+    private PkixPublicKey(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      this();
+      if (extensionRegistry == null) {
+        throw new java.lang.NullPointerException();
+      }
+      com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+          com.google.protobuf.UnknownFieldSet.newBuilder();
+      try {
+        boolean done = false;
+        while (!done) {
+          int tag = input.readTag();
+          switch (tag) {
+            case 0:
+              done = true;
+              break;
+            case 10:
+              {
+                java.lang.String s = input.readStringRequireUtf8();
+
+                publicKeyPem_ = s;
+                break;
+              }
+            case 16:
+              {
+                int rawValue = input.readEnum();
+
+                signatureAlgorithm_ = rawValue;
+                break;
+              }
+            default:
+              {
+                if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                  done = true;
+                }
+                break;
+              }
+          }
+        }
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        throw e.setUnfinishedMessage(this);
+      } catch (java.io.IOException e) {
+        throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+      } finally {
+        this.unknownFields = unknownFields.build();
+        makeExtensionsImmutable();
+      }
+    }
+
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.protos.google.cloud.binaryauthorization.v1.Resources
+          .internal_static_google_cloud_binaryauthorization_v1_PkixPublicKey_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.protos.google.cloud.binaryauthorization.v1.Resources
+          .internal_static_google_cloud_binaryauthorization_v1_PkixPublicKey_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey.class,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey.Builder
+                  .class);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Represents a signature algorithm and other information necessary to verify
+     * signatures with a given public key.
+     * This is based primarily on the public key types supported by Tink's
+     * PemKeyType, which is in turn based on KMS's supported signing algorithms.
+     * See https://cloud.google.com/kms/docs/algorithms. In the future, BinAuthz
+     * might support additional public key types independently of Tink and/or KMS.
+     * </pre>
+     *
+     * Protobuf enum {@code google.cloud.binaryauthorization.v1.PkixPublicKey.SignatureAlgorithm}
+     */
+    public enum SignatureAlgorithm implements com.google.protobuf.ProtocolMessageEnum {
+      /**
+       *
+       *
+       * <pre>
+       * Not specified.
+       * </pre>
+       *
+       * <code>SIGNATURE_ALGORITHM_UNSPECIFIED = 0;</code>
+       */
+      SIGNATURE_ALGORITHM_UNSPECIFIED(0, 0),
+      /**
+       *
+       *
+       * <pre>
+       * RSASSA-PSS 2048 bit key with a SHA256 digest.
+       * </pre>
+       *
+       * <code>RSA_PSS_2048_SHA256 = 1;</code>
+       */
+      RSA_PSS_2048_SHA256(1, 1),
+      /**
+       *
+       *
+       * <pre>
+       * RSASSA-PSS 3072 bit key with a SHA256 digest.
+       * </pre>
+       *
+       * <code>RSA_PSS_3072_SHA256 = 2;</code>
+       */
+      RSA_PSS_3072_SHA256(2, 2),
+      /**
+       *
+       *
+       * <pre>
+       * RSASSA-PSS 4096 bit key with a SHA256 digest.
+       * </pre>
+       *
+       * <code>RSA_PSS_4096_SHA256 = 3;</code>
+       */
+      RSA_PSS_4096_SHA256(3, 3),
+      /**
+       *
+       *
+       * <pre>
+       * RSASSA-PSS 4096 bit key with a SHA512 digest.
+       * </pre>
+       *
+       * <code>RSA_PSS_4096_SHA512 = 4;</code>
+       */
+      RSA_PSS_4096_SHA512(4, 4),
+      /**
+       *
+       *
+       * <pre>
+       * RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
+       * </pre>
+       *
+       * <code>RSA_SIGN_PKCS1_2048_SHA256 = 5;</code>
+       */
+      RSA_SIGN_PKCS1_2048_SHA256(5, 5),
+      /**
+       *
+       *
+       * <pre>
+       * RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
+       * </pre>
+       *
+       * <code>RSA_SIGN_PKCS1_3072_SHA256 = 6;</code>
+       */
+      RSA_SIGN_PKCS1_3072_SHA256(6, 6),
+      /**
+       *
+       *
+       * <pre>
+       * RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
+       * </pre>
+       *
+       * <code>RSA_SIGN_PKCS1_4096_SHA256 = 7;</code>
+       */
+      RSA_SIGN_PKCS1_4096_SHA256(7, 7),
+      /**
+       *
+       *
+       * <pre>
+       * RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
+       * </pre>
+       *
+       * <code>RSA_SIGN_PKCS1_4096_SHA512 = 8;</code>
+       */
+      RSA_SIGN_PKCS1_4096_SHA512(8, 8),
+      /**
+       *
+       *
+       * <pre>
+       * ECDSA on the NIST P-256 curve with a SHA256 digest.
+       * </pre>
+       *
+       * <code>ECDSA_P256_SHA256 = 9;</code>
+       */
+      ECDSA_P256_SHA256(9, 9),
+      /**
+       *
+       *
+       * <pre>
+       * ECDSA on the NIST P-384 curve with a SHA384 digest.
+       * </pre>
+       *
+       * <code>ECDSA_P384_SHA384 = 10;</code>
+       */
+      ECDSA_P384_SHA384(11, 10),
+      /**
+       *
+       *
+       * <pre>
+       * ECDSA on the NIST P-521 curve with a SHA512 digest.
+       * </pre>
+       *
+       * <code>ECDSA_P521_SHA512 = 11;</code>
+       */
+      ECDSA_P521_SHA512(13, 11),
+      UNRECOGNIZED(-1, -1),
+      ;
+
+      /**
+       *
+       *
+       * <pre>
+       * ECDSA on the NIST P-256 curve with a SHA256 digest.
+       * </pre>
+       *
+       * <code>EC_SIGN_P256_SHA256 = 9;</code>
+       */
+      public static final SignatureAlgorithm EC_SIGN_P256_SHA256 = ECDSA_P256_SHA256;
+      /**
+       *
+       *
+       * <pre>
+       * ECDSA on the NIST P-384 curve with a SHA384 digest.
+       * </pre>
+       *
+       * <code>EC_SIGN_P384_SHA384 = 10;</code>
+       */
+      public static final SignatureAlgorithm EC_SIGN_P384_SHA384 = ECDSA_P384_SHA384;
+      /**
+       *
+       *
+       * <pre>
+       * ECDSA on the NIST P-521 curve with a SHA512 digest.
+       * </pre>
+       *
+       * <code>EC_SIGN_P521_SHA512 = 11;</code>
+       */
+      public static final SignatureAlgorithm EC_SIGN_P521_SHA512 = ECDSA_P521_SHA512;
+      /**
+       *
+       *
+       * <pre>
+       * Not specified.
+       * </pre>
+       *
+       * <code>SIGNATURE_ALGORITHM_UNSPECIFIED = 0;</code>
+       */
+      public static final int SIGNATURE_ALGORITHM_UNSPECIFIED_VALUE = 0;
+      /**
+       *
+       *
+       * <pre>
+       * RSASSA-PSS 2048 bit key with a SHA256 digest.
+       * </pre>
+       *
+       * <code>RSA_PSS_2048_SHA256 = 1;</code>
+       */
+      public static final int RSA_PSS_2048_SHA256_VALUE = 1;
+      /**
+       *
+       *
+       * <pre>
+       * RSASSA-PSS 3072 bit key with a SHA256 digest.
+       * </pre>
+       *
+       * <code>RSA_PSS_3072_SHA256 = 2;</code>
+       */
+      public static final int RSA_PSS_3072_SHA256_VALUE = 2;
+      /**
+       *
+       *
+       * <pre>
+       * RSASSA-PSS 4096 bit key with a SHA256 digest.
+       * </pre>
+       *
+       * <code>RSA_PSS_4096_SHA256 = 3;</code>
+       */
+      public static final int RSA_PSS_4096_SHA256_VALUE = 3;
+      /**
+       *
+       *
+       * <pre>
+       * RSASSA-PSS 4096 bit key with a SHA512 digest.
+       * </pre>
+       *
+       * <code>RSA_PSS_4096_SHA512 = 4;</code>
+       */
+      public static final int RSA_PSS_4096_SHA512_VALUE = 4;
+      /**
+       *
+       *
+       * <pre>
+       * RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
+       * </pre>
+       *
+       * <code>RSA_SIGN_PKCS1_2048_SHA256 = 5;</code>
+       */
+      public static final int RSA_SIGN_PKCS1_2048_SHA256_VALUE = 5;
+      /**
+       *
+       *
+       * <pre>
+       * RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
+       * </pre>
+       *
+       * <code>RSA_SIGN_PKCS1_3072_SHA256 = 6;</code>
+       */
+      public static final int RSA_SIGN_PKCS1_3072_SHA256_VALUE = 6;
+      /**
+       *
+       *
+       * <pre>
+       * RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
+       * </pre>
+       *
+       * <code>RSA_SIGN_PKCS1_4096_SHA256 = 7;</code>
+       */
+      public static final int RSA_SIGN_PKCS1_4096_SHA256_VALUE = 7;
+      /**
+       *
+       *
+       * <pre>
+       * RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
+       * </pre>
+       *
+       * <code>RSA_SIGN_PKCS1_4096_SHA512 = 8;</code>
+       */
+      public static final int RSA_SIGN_PKCS1_4096_SHA512_VALUE = 8;
+      /**
+       *
+       *
+       * <pre>
+       * ECDSA on the NIST P-256 curve with a SHA256 digest.
+       * </pre>
+       *
+       * <code>ECDSA_P256_SHA256 = 9;</code>
+       */
+      public static final int ECDSA_P256_SHA256_VALUE = 9;
+      /**
+       *
+       *
+       * <pre>
+       * ECDSA on the NIST P-256 curve with a SHA256 digest.
+       * </pre>
+       *
+       * <code>EC_SIGN_P256_SHA256 = 9;</code>
+       */
+      public static final int EC_SIGN_P256_SHA256_VALUE = 9;
+      /**
+       *
+       *
+       * <pre>
+       * ECDSA on the NIST P-384 curve with a SHA384 digest.
+       * </pre>
+       *
+       * <code>ECDSA_P384_SHA384 = 10;</code>
+       */
+      public static final int ECDSA_P384_SHA384_VALUE = 10;
+      /**
+       *
+       *
+       * <pre>
+       * ECDSA on the NIST P-384 curve with a SHA384 digest.
+       * </pre>
+       *
+       * <code>EC_SIGN_P384_SHA384 = 10;</code>
+       */
+      public static final int EC_SIGN_P384_SHA384_VALUE = 10;
+      /**
+       *
+       *
+       * <pre>
+       * ECDSA on the NIST P-521 curve with a SHA512 digest.
+       * </pre>
+       *
+       * <code>ECDSA_P521_SHA512 = 11;</code>
+       */
+      public static final int ECDSA_P521_SHA512_VALUE = 11;
+      /**
+       *
+       *
+       * <pre>
+       * ECDSA on the NIST P-521 curve with a SHA512 digest.
+       * </pre>
+       *
+       * <code>EC_SIGN_P521_SHA512 = 11;</code>
+       */
+      public static final int EC_SIGN_P521_SHA512_VALUE = 11;
+
+      public final int getNumber() {
+        if (index == -1) {
+          throw new java.lang.IllegalArgumentException(
+              "Can't get the number of an unknown enum value.");
+        }
+        return value;
+      }
+
+      /**
+       * @param value The numeric wire value of the corresponding enum entry.
+       * @return The enum associated with the given numeric wire value.
+       * @deprecated Use {@link #forNumber(int)} instead.
+       */
+      @java.lang.Deprecated
+      public static SignatureAlgorithm valueOf(int value) {
+        return forNumber(value);
+      }
+
+      /**
+       * @param value The numeric wire value of the corresponding enum entry.
+       * @return The enum associated with the given numeric wire value.
+       */
+      public static SignatureAlgorithm forNumber(int value) {
+        switch (value) {
+          case 0:
+            return SIGNATURE_ALGORITHM_UNSPECIFIED;
+          case 1:
+            return RSA_PSS_2048_SHA256;
+          case 2:
+            return RSA_PSS_3072_SHA256;
+          case 3:
+            return RSA_PSS_4096_SHA256;
+          case 4:
+            return RSA_PSS_4096_SHA512;
+          case 5:
+            return RSA_SIGN_PKCS1_2048_SHA256;
+          case 6:
+            return RSA_SIGN_PKCS1_3072_SHA256;
+          case 7:
+            return RSA_SIGN_PKCS1_4096_SHA256;
+          case 8:
+            return RSA_SIGN_PKCS1_4096_SHA512;
+          case 9:
+            return ECDSA_P256_SHA256;
+          case 10:
+            return ECDSA_P384_SHA384;
+          case 11:
+            return ECDSA_P521_SHA512;
+          default:
+            return null;
+        }
+      }
+
+      public static com.google.protobuf.Internal.EnumLiteMap<SignatureAlgorithm>
+          internalGetValueMap() {
+        return internalValueMap;
+      }
+
+      private static final com.google.protobuf.Internal.EnumLiteMap<SignatureAlgorithm>
+          internalValueMap =
+              new com.google.protobuf.Internal.EnumLiteMap<SignatureAlgorithm>() {
+                public SignatureAlgorithm findValueByNumber(int number) {
+                  return SignatureAlgorithm.forNumber(number);
+                }
+              };
+
+      public final com.google.protobuf.Descriptors.EnumValueDescriptor getValueDescriptor() {
+        if (index == -1) {
+          throw new java.lang.IllegalStateException(
+              "Can't get the descriptor of an unrecognized enum value.");
+        }
+        return getDescriptor().getValues().get(index);
+      }
+
+      public final com.google.protobuf.Descriptors.EnumDescriptor getDescriptorForType() {
+        return getDescriptor();
+      }
+
+      public static final com.google.protobuf.Descriptors.EnumDescriptor getDescriptor() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+            .getDescriptor()
+            .getEnumTypes()
+            .get(0);
+      }
+
+      private static final SignatureAlgorithm[] VALUES = getStaticValuesArray();
+
+      private static SignatureAlgorithm[] getStaticValuesArray() {
+        return new SignatureAlgorithm[] {
+          SIGNATURE_ALGORITHM_UNSPECIFIED,
+          RSA_PSS_2048_SHA256,
+          RSA_PSS_3072_SHA256,
+          RSA_PSS_4096_SHA256,
+          RSA_PSS_4096_SHA512,
+          RSA_SIGN_PKCS1_2048_SHA256,
+          RSA_SIGN_PKCS1_3072_SHA256,
+          RSA_SIGN_PKCS1_4096_SHA256,
+          RSA_SIGN_PKCS1_4096_SHA512,
+          ECDSA_P256_SHA256,
+          EC_SIGN_P256_SHA256,
+          ECDSA_P384_SHA384,
+          EC_SIGN_P384_SHA384,
+          ECDSA_P521_SHA512,
+          EC_SIGN_P521_SHA512,
+        };
+      }
+
+      public static SignatureAlgorithm valueOf(
+          com.google.protobuf.Descriptors.EnumValueDescriptor desc) {
+        if (desc.getType() != getDescriptor()) {
+          throw new java.lang.IllegalArgumentException("EnumValueDescriptor is not for this type.");
+        }
+        if (desc.getIndex() == -1) {
+          return UNRECOGNIZED;
+        }
+        return VALUES[desc.getIndex()];
+      }
+
+      private final int index;
+      private final int value;
+
+      private SignatureAlgorithm(int index, int value) {
+        this.index = index;
+        this.value = value;
+      }
+
+      // @@protoc_insertion_point(enum_scope:google.cloud.binaryauthorization.v1.PkixPublicKey.SignatureAlgorithm)
+    }
+
+    public static final int PUBLIC_KEY_PEM_FIELD_NUMBER = 1;
+    private volatile java.lang.Object publicKeyPem_;
+    /**
+     *
+     *
+     * <pre>
+     * A PEM-encoded public key, as described in
+     * https://tools.ietf.org/html/rfc7468#section-13
+     * </pre>
+     *
+     * <code>string public_key_pem = 1;</code>
+     *
+     * @return The publicKeyPem.
+     */
+    @java.lang.Override
+    public java.lang.String getPublicKeyPem() {
+      java.lang.Object ref = publicKeyPem_;
+      if (ref instanceof java.lang.String) {
+        return (java.lang.String) ref;
+      } else {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        publicKeyPem_ = s;
+        return s;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A PEM-encoded public key, as described in
+     * https://tools.ietf.org/html/rfc7468#section-13
+     * </pre>
+     *
+     * <code>string public_key_pem = 1;</code>
+     *
+     * @return The bytes for publicKeyPem.
+     */
+    @java.lang.Override
+    public com.google.protobuf.ByteString getPublicKeyPemBytes() {
+      java.lang.Object ref = publicKeyPem_;
+      if (ref instanceof java.lang.String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        publicKeyPem_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+
+    public static final int SIGNATURE_ALGORITHM_FIELD_NUMBER = 2;
+    private int signatureAlgorithm_;
+    /**
+     *
+     *
+     * <pre>
+     * The signature algorithm used to verify a message against a signature using
+     * this key.
+     * These signature algorithm must match the structure and any object
+     * identifiers encoded in `public_key_pem` (i.e. this algorithm must match
+     * that of the public key).
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.binaryauthorization.v1.PkixPublicKey.SignatureAlgorithm signature_algorithm = 2;
+     * </code>
+     *
+     * @return The enum numeric value on the wire for signatureAlgorithm.
+     */
+    @java.lang.Override
+    public int getSignatureAlgorithmValue() {
+      return signatureAlgorithm_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The signature algorithm used to verify a message against a signature using
+     * this key.
+     * These signature algorithm must match the structure and any object
+     * identifiers encoded in `public_key_pem` (i.e. this algorithm must match
+     * that of the public key).
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.binaryauthorization.v1.PkixPublicKey.SignatureAlgorithm signature_algorithm = 2;
+     * </code>
+     *
+     * @return The signatureAlgorithm.
+     */
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+            .SignatureAlgorithm
+        getSignatureAlgorithm() {
+      @SuppressWarnings("deprecation")
+      com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+              .SignatureAlgorithm
+          result =
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+                  .SignatureAlgorithm.valueOf(signatureAlgorithm_);
+      return result == null
+          ? com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+              .SignatureAlgorithm.UNRECOGNIZED
+          : result;
+    }
+
+    private byte memoizedIsInitialized = -1;
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      byte isInitialized = memoizedIsInitialized;
+      if (isInitialized == 1) return true;
+      if (isInitialized == 0) return false;
+
+      memoizedIsInitialized = 1;
+      return true;
+    }
+
+    @java.lang.Override
+    public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+      if (!getPublicKeyPemBytes().isEmpty()) {
+        com.google.protobuf.GeneratedMessageV3.writeString(output, 1, publicKeyPem_);
+      }
+      if (signatureAlgorithm_
+          != com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+              .SignatureAlgorithm.SIGNATURE_ALGORITHM_UNSPECIFIED
+              .getNumber()) {
+        output.writeEnum(2, signatureAlgorithm_);
+      }
+      unknownFields.writeTo(output);
+    }
+
+    @java.lang.Override
+    public int getSerializedSize() {
+      int size = memoizedSize;
+      if (size != -1) return size;
+
+      size = 0;
+      if (!getPublicKeyPemBytes().isEmpty()) {
+        size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, publicKeyPem_);
+      }
+      if (signatureAlgorithm_
+          != com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+              .SignatureAlgorithm.SIGNATURE_ALGORITHM_UNSPECIFIED
+              .getNumber()) {
+        size += com.google.protobuf.CodedOutputStream.computeEnumSize(2, signatureAlgorithm_);
+      }
+      size += unknownFields.getSerializedSize();
+      memoizedSize = size;
+      return size;
+    }
+
+    @java.lang.Override
+    public boolean equals(final java.lang.Object obj) {
+      if (obj == this) {
+        return true;
+      }
+      if (!(obj
+          instanceof
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey)) {
+        return super.equals(obj);
+      }
+      com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey other =
+          (com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey) obj;
+
+      if (!getPublicKeyPem().equals(other.getPublicKeyPem())) return false;
+      if (signatureAlgorithm_ != other.signatureAlgorithm_) return false;
+      if (!unknownFields.equals(other.unknownFields)) return false;
+      return true;
+    }
+
+    @java.lang.Override
+    public int hashCode() {
+      if (memoizedHashCode != 0) {
+        return memoizedHashCode;
+      }
+      int hash = 41;
+      hash = (19 * hash) + getDescriptor().hashCode();
+      hash = (37 * hash) + PUBLIC_KEY_PEM_FIELD_NUMBER;
+      hash = (53 * hash) + getPublicKeyPem().hashCode();
+      hash = (37 * hash) + SIGNATURE_ALGORITHM_FIELD_NUMBER;
+      hash = (53 * hash) + signatureAlgorithm_;
+      hash = (29 * hash) + unknownFields.hashCode();
+      memoizedHashCode = hash;
+      return hash;
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+        parseFrom(java.nio.ByteBuffer data)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+        parseFrom(
+            java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+        parseFrom(com.google.protobuf.ByteString data)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+        parseFrom(
+            com.google.protobuf.ByteString data,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+        parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+        parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+        parseFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+        parseFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+        parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+        parseDelimitedFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+        parseFrom(com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+        parseFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    @java.lang.Override
+    public Builder newBuilderForType() {
+      return newBuilder();
+    }
+
+    public static Builder newBuilder() {
+      return DEFAULT_INSTANCE.toBuilder();
+    }
+
+    public static Builder newBuilder(
+        com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey prototype) {
+      return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+    }
+
+    @java.lang.Override
+    public Builder toBuilder() {
+      return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+    }
+
+    @java.lang.Override
+    protected Builder newBuilderForType(
+        com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      Builder builder = new Builder(parent);
+      return builder;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A public key in the PkixPublicKey format (see
+     * https://tools.ietf.org/html/rfc5280#section-4.1.2.7 for details).
+     * Public keys of this type are typically textually encoded using the PEM
+     * format.
+     * </pre>
+     *
+     * Protobuf type {@code google.cloud.binaryauthorization.v1.PkixPublicKey}
+     */
+    public static final class Builder
+        extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+        implements
+        // @@protoc_insertion_point(builder_implements:google.cloud.binaryauthorization.v1.PkixPublicKey)
+        com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKeyOrBuilder {
+      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .internal_static_google_cloud_binaryauthorization_v1_PkixPublicKey_descriptor;
+      }
+
+      @java.lang.Override
+      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+          internalGetFieldAccessorTable() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .internal_static_google_cloud_binaryauthorization_v1_PkixPublicKey_fieldAccessorTable
+            .ensureFieldAccessorsInitialized(
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey.class,
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+                    .Builder.class);
+      }
+
+      // Construct using
+      // com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey.newBuilder()
+      private Builder() {
+        maybeForceBuilderInitialization();
+      }
+
+      private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+        super(parent);
+        maybeForceBuilderInitialization();
+      }
+
+      private void maybeForceBuilderInitialization() {
+        if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+      }
+
+      @java.lang.Override
+      public Builder clear() {
+        super.clear();
+        publicKeyPem_ = "";
+
+        signatureAlgorithm_ = 0;
+
+        return this;
+      }
+
+      @java.lang.Override
+      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .internal_static_google_cloud_binaryauthorization_v1_PkixPublicKey_descriptor;
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+          getDefaultInstanceForType() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+            .getDefaultInstance();
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey build() {
+        com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey result =
+            buildPartial();
+        if (!result.isInitialized()) {
+          throw newUninitializedMessageException(result);
+        }
+        return result;
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+          buildPartial() {
+        com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey result =
+            new com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey(this);
+        result.publicKeyPem_ = publicKeyPem_;
+        result.signatureAlgorithm_ = signatureAlgorithm_;
+        onBuilt();
+        return result;
+      }
+
+      @java.lang.Override
+      public Builder clone() {
+        return super.clone();
+      }
+
+      @java.lang.Override
+      public Builder setField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.setField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+        return super.clearField(field);
+      }
+
+      @java.lang.Override
+      public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+        return super.clearOneof(oneof);
+      }
+
+      @java.lang.Override
+      public Builder setRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field,
+          int index,
+          java.lang.Object value) {
+        return super.setRepeatedField(field, index, value);
+      }
+
+      @java.lang.Override
+      public Builder addRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.addRepeatedField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(com.google.protobuf.Message other) {
+        if (other
+            instanceof
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey) {
+          return mergeFrom(
+              (com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey)
+                  other);
+        } else {
+          super.mergeFrom(other);
+          return this;
+        }
+      }
+
+      public Builder mergeFrom(
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey other) {
+        if (other
+            == com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+                .getDefaultInstance()) return this;
+        if (!other.getPublicKeyPem().isEmpty()) {
+          publicKeyPem_ = other.publicKeyPem_;
+          onChanged();
+        }
+        if (other.signatureAlgorithm_ != 0) {
+          setSignatureAlgorithmValue(other.getSignatureAlgorithmValue());
+        }
+        this.mergeUnknownFields(other.unknownFields);
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final boolean isInitialized() {
+        return true;
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+        com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+            parsedMessage = null;
+        try {
+          parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+        } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+          parsedMessage =
+              (com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey)
+                  e.getUnfinishedMessage();
+          throw e.unwrapIOException();
+        } finally {
+          if (parsedMessage != null) {
+            mergeFrom(parsedMessage);
+          }
+        }
+        return this;
+      }
+
+      private java.lang.Object publicKeyPem_ = "";
+      /**
+       *
+       *
+       * <pre>
+       * A PEM-encoded public key, as described in
+       * https://tools.ietf.org/html/rfc7468#section-13
+       * </pre>
+       *
+       * <code>string public_key_pem = 1;</code>
+       *
+       * @return The publicKeyPem.
+       */
+      public java.lang.String getPublicKeyPem() {
+        java.lang.Object ref = publicKeyPem_;
+        if (!(ref instanceof java.lang.String)) {
+          com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+          java.lang.String s = bs.toStringUtf8();
+          publicKeyPem_ = s;
+          return s;
+        } else {
+          return (java.lang.String) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * A PEM-encoded public key, as described in
+       * https://tools.ietf.org/html/rfc7468#section-13
+       * </pre>
+       *
+       * <code>string public_key_pem = 1;</code>
+       *
+       * @return The bytes for publicKeyPem.
+       */
+      public com.google.protobuf.ByteString getPublicKeyPemBytes() {
+        java.lang.Object ref = publicKeyPem_;
+        if (ref instanceof String) {
+          com.google.protobuf.ByteString b =
+              com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+          publicKeyPem_ = b;
+          return b;
+        } else {
+          return (com.google.protobuf.ByteString) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * A PEM-encoded public key, as described in
+       * https://tools.ietf.org/html/rfc7468#section-13
+       * </pre>
+       *
+       * <code>string public_key_pem = 1;</code>
+       *
+       * @param value The publicKeyPem to set.
+       * @return This builder for chaining.
+       */
+      public Builder setPublicKeyPem(java.lang.String value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+
+        publicKeyPem_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * A PEM-encoded public key, as described in
+       * https://tools.ietf.org/html/rfc7468#section-13
+       * </pre>
+       *
+       * <code>string public_key_pem = 1;</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearPublicKeyPem() {
+
+        publicKeyPem_ = getDefaultInstance().getPublicKeyPem();
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * A PEM-encoded public key, as described in
+       * https://tools.ietf.org/html/rfc7468#section-13
+       * </pre>
+       *
+       * <code>string public_key_pem = 1;</code>
+       *
+       * @param value The bytes for publicKeyPem to set.
+       * @return This builder for chaining.
+       */
+      public Builder setPublicKeyPemBytes(com.google.protobuf.ByteString value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        checkByteStringIsUtf8(value);
+
+        publicKeyPem_ = value;
+        onChanged();
+        return this;
+      }
+
+      private int signatureAlgorithm_ = 0;
+      /**
+       *
+       *
+       * <pre>
+       * The signature algorithm used to verify a message against a signature using
+       * this key.
+       * These signature algorithm must match the structure and any object
+       * identifiers encoded in `public_key_pem` (i.e. this algorithm must match
+       * that of the public key).
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.PkixPublicKey.SignatureAlgorithm signature_algorithm = 2;
+       * </code>
+       *
+       * @return The enum numeric value on the wire for signatureAlgorithm.
+       */
+      @java.lang.Override
+      public int getSignatureAlgorithmValue() {
+        return signatureAlgorithm_;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The signature algorithm used to verify a message against a signature using
+       * this key.
+       * These signature algorithm must match the structure and any object
+       * identifiers encoded in `public_key_pem` (i.e. this algorithm must match
+       * that of the public key).
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.PkixPublicKey.SignatureAlgorithm signature_algorithm = 2;
+       * </code>
+       *
+       * @param value The enum numeric value on the wire for signatureAlgorithm to set.
+       * @return This builder for chaining.
+       */
+      public Builder setSignatureAlgorithmValue(int value) {
+
+        signatureAlgorithm_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The signature algorithm used to verify a message against a signature using
+       * this key.
+       * These signature algorithm must match the structure and any object
+       * identifiers encoded in `public_key_pem` (i.e. this algorithm must match
+       * that of the public key).
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.PkixPublicKey.SignatureAlgorithm signature_algorithm = 2;
+       * </code>
+       *
+       * @return The signatureAlgorithm.
+       */
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+              .SignatureAlgorithm
+          getSignatureAlgorithm() {
+        @SuppressWarnings("deprecation")
+        com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+                .SignatureAlgorithm
+            result =
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+                    .SignatureAlgorithm.valueOf(signatureAlgorithm_);
+        return result == null
+            ? com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+                .SignatureAlgorithm.UNRECOGNIZED
+            : result;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The signature algorithm used to verify a message against a signature using
+       * this key.
+       * These signature algorithm must match the structure and any object
+       * identifiers encoded in `public_key_pem` (i.e. this algorithm must match
+       * that of the public key).
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.PkixPublicKey.SignatureAlgorithm signature_algorithm = 2;
+       * </code>
+       *
+       * @param value The signatureAlgorithm to set.
+       * @return This builder for chaining.
+       */
+      public Builder setSignatureAlgorithm(
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+                  .SignatureAlgorithm
+              value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+
+        signatureAlgorithm_ = value.getNumber();
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The signature algorithm used to verify a message against a signature using
+       * this key.
+       * These signature algorithm must match the structure and any object
+       * identifiers encoded in `public_key_pem` (i.e. this algorithm must match
+       * that of the public key).
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.PkixPublicKey.SignatureAlgorithm signature_algorithm = 2;
+       * </code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearSignatureAlgorithm() {
+
+        signatureAlgorithm_ = 0;
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final Builder setUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.setUnknownFields(unknownFields);
+      }
+
+      @java.lang.Override
+      public final Builder mergeUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.mergeUnknownFields(unknownFields);
+      }
+
+      // @@protoc_insertion_point(builder_scope:google.cloud.binaryauthorization.v1.PkixPublicKey)
+    }
+
+    // @@protoc_insertion_point(class_scope:google.cloud.binaryauthorization.v1.PkixPublicKey)
+    private static final com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .PkixPublicKey
+        DEFAULT_INSTANCE;
+
+    static {
+      DEFAULT_INSTANCE =
+          new com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey();
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+        getDefaultInstance() {
+      return DEFAULT_INSTANCE;
+    }
+
+    private static final com.google.protobuf.Parser<PkixPublicKey> PARSER =
+        new com.google.protobuf.AbstractParser<PkixPublicKey>() {
+          @java.lang.Override
+          public PkixPublicKey parsePartialFrom(
+              com.google.protobuf.CodedInputStream input,
+              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws com.google.protobuf.InvalidProtocolBufferException {
+            return new PkixPublicKey(input, extensionRegistry);
+          }
+        };
+
+    public static com.google.protobuf.Parser<PkixPublicKey> parser() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Parser<PkixPublicKey> getParserForType() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+        getDefaultInstanceForType() {
+      return DEFAULT_INSTANCE;
+    }
+  }
+
+  public interface AttestorPublicKeyOrBuilder
+      extends
+      // @@protoc_insertion_point(interface_extends:google.cloud.binaryauthorization.v1.AttestorPublicKey)
+      com.google.protobuf.MessageOrBuilder {
+
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A descriptive comment. This field may be updated.
+     * </pre>
+     *
+     * <code>string comment = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The comment.
+     */
+    java.lang.String getComment();
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A descriptive comment. This field may be updated.
+     * </pre>
+     *
+     * <code>string comment = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The bytes for comment.
+     */
+    com.google.protobuf.ByteString getCommentBytes();
+
+    /**
+     *
+     *
+     * <pre>
+     * The ID of this public key.
+     * Signatures verified by BinAuthz must include the ID of the public key that
+     * can be used to verify them, and that ID must match the contents of this
+     * field exactly.
+     * Additional restrictions on this field can be imposed based on which public
+     * key type is encapsulated. See the documentation on `public_key` cases below
+     * for details.
+     * </pre>
+     *
+     * <code>string id = 2;</code>
+     *
+     * @return The id.
+     */
+    java.lang.String getId();
+    /**
+     *
+     *
+     * <pre>
+     * The ID of this public key.
+     * Signatures verified by BinAuthz must include the ID of the public key that
+     * can be used to verify them, and that ID must match the contents of this
+     * field exactly.
+     * Additional restrictions on this field can be imposed based on which public
+     * key type is encapsulated. See the documentation on `public_key` cases below
+     * for details.
+     * </pre>
+     *
+     * <code>string id = 2;</code>
+     *
+     * @return The bytes for id.
+     */
+    com.google.protobuf.ByteString getIdBytes();
+
+    /**
+     *
+     *
+     * <pre>
+     * ASCII-armored representation of a PGP public key, as the entire output by
+     * the command `gpg --export --armor foo&#64;example.com` (either LF or CRLF
+     * line endings).
+     * When using this field, `id` should be left blank.  The BinAuthz API
+     * handlers will calculate the ID and fill it in automatically.  BinAuthz
+     * computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as
+     * upper-case hex.  If `id` is provided by the caller, it will be
+     * overwritten by the API-calculated ID.
+     * </pre>
+     *
+     * <code>string ascii_armored_pgp_public_key = 3;</code>
+     *
+     * @return Whether the asciiArmoredPgpPublicKey field is set.
+     */
+    boolean hasAsciiArmoredPgpPublicKey();
+    /**
+     *
+     *
+     * <pre>
+     * ASCII-armored representation of a PGP public key, as the entire output by
+     * the command `gpg --export --armor foo&#64;example.com` (either LF or CRLF
+     * line endings).
+     * When using this field, `id` should be left blank.  The BinAuthz API
+     * handlers will calculate the ID and fill it in automatically.  BinAuthz
+     * computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as
+     * upper-case hex.  If `id` is provided by the caller, it will be
+     * overwritten by the API-calculated ID.
+     * </pre>
+     *
+     * <code>string ascii_armored_pgp_public_key = 3;</code>
+     *
+     * @return The asciiArmoredPgpPublicKey.
+     */
+    java.lang.String getAsciiArmoredPgpPublicKey();
+    /**
+     *
+     *
+     * <pre>
+     * ASCII-armored representation of a PGP public key, as the entire output by
+     * the command `gpg --export --armor foo&#64;example.com` (either LF or CRLF
+     * line endings).
+     * When using this field, `id` should be left blank.  The BinAuthz API
+     * handlers will calculate the ID and fill it in automatically.  BinAuthz
+     * computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as
+     * upper-case hex.  If `id` is provided by the caller, it will be
+     * overwritten by the API-calculated ID.
+     * </pre>
+     *
+     * <code>string ascii_armored_pgp_public_key = 3;</code>
+     *
+     * @return The bytes for asciiArmoredPgpPublicKey.
+     */
+    com.google.protobuf.ByteString getAsciiArmoredPgpPublicKeyBytes();
+
+    /**
+     *
+     *
+     * <pre>
+     * A raw PKIX SubjectPublicKeyInfo format public key.
+     * NOTE: `id` may be explicitly provided by the caller when using this
+     * type of public key, but it MUST be a valid RFC3986 URI. If `id` is left
+     * blank, a default one will be computed based on the digest of the DER
+     * encoding of the public key.
+     * </pre>
+     *
+     * <code>.google.cloud.binaryauthorization.v1.PkixPublicKey pkix_public_key = 5;</code>
+     *
+     * @return Whether the pkixPublicKey field is set.
+     */
+    boolean hasPkixPublicKey();
+    /**
+     *
+     *
+     * <pre>
+     * A raw PKIX SubjectPublicKeyInfo format public key.
+     * NOTE: `id` may be explicitly provided by the caller when using this
+     * type of public key, but it MUST be a valid RFC3986 URI. If `id` is left
+     * blank, a default one will be computed based on the digest of the DER
+     * encoding of the public key.
+     * </pre>
+     *
+     * <code>.google.cloud.binaryauthorization.v1.PkixPublicKey pkix_public_key = 5;</code>
+     *
+     * @return The pkixPublicKey.
+     */
+    com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+        getPkixPublicKey();
+    /**
+     *
+     *
+     * <pre>
+     * A raw PKIX SubjectPublicKeyInfo format public key.
+     * NOTE: `id` may be explicitly provided by the caller when using this
+     * type of public key, but it MUST be a valid RFC3986 URI. If `id` is left
+     * blank, a default one will be computed based on the digest of the DER
+     * encoding of the public key.
+     * </pre>
+     *
+     * <code>.google.cloud.binaryauthorization.v1.PkixPublicKey pkix_public_key = 5;</code>
+     */
+    com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKeyOrBuilder
+        getPkixPublicKeyOrBuilder();
+
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey
+            .PublicKeyCase
+        getPublicKeyCase();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * An [attestor public key][google.cloud.binaryauthorization.v1.AttestorPublicKey] that will be used to verify
+   * attestations signed by this attestor.
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.binaryauthorization.v1.AttestorPublicKey}
+   */
+  public static final class AttestorPublicKey extends com.google.protobuf.GeneratedMessageV3
+      implements
+      // @@protoc_insertion_point(message_implements:google.cloud.binaryauthorization.v1.AttestorPublicKey)
+      AttestorPublicKeyOrBuilder {
+    private static final long serialVersionUID = 0L;
+    // Use AttestorPublicKey.newBuilder() to construct.
+    private AttestorPublicKey(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+      super(builder);
+    }
+
+    private AttestorPublicKey() {
+      comment_ = "";
+      id_ = "";
+    }
+
+    @java.lang.Override
+    @SuppressWarnings({"unused"})
+    protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+      return new AttestorPublicKey();
+    }
+
+    @java.lang.Override
+    public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+      return this.unknownFields;
+    }
+
+    private AttestorPublicKey(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      this();
+      if (extensionRegistry == null) {
+        throw new java.lang.NullPointerException();
+      }
+      com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+          com.google.protobuf.UnknownFieldSet.newBuilder();
+      try {
+        boolean done = false;
+        while (!done) {
+          int tag = input.readTag();
+          switch (tag) {
+            case 0:
+              done = true;
+              break;
+            case 10:
+              {
+                java.lang.String s = input.readStringRequireUtf8();
+
+                comment_ = s;
+                break;
+              }
+            case 18:
+              {
+                java.lang.String s = input.readStringRequireUtf8();
+
+                id_ = s;
+                break;
+              }
+            case 26:
+              {
+                java.lang.String s = input.readStringRequireUtf8();
+                publicKeyCase_ = 3;
+                publicKey_ = s;
+                break;
+              }
+            case 42:
+              {
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+                        .Builder
+                    subBuilder = null;
+                if (publicKeyCase_ == 5) {
+                  subBuilder =
+                      ((com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                                  .PkixPublicKey)
+                              publicKey_)
+                          .toBuilder();
+                }
+                publicKey_ =
+                    input.readMessage(
+                        com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                            .PkixPublicKey.parser(),
+                        extensionRegistry);
+                if (subBuilder != null) {
+                  subBuilder.mergeFrom(
+                      (com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                              .PkixPublicKey)
+                          publicKey_);
+                  publicKey_ = subBuilder.buildPartial();
+                }
+                publicKeyCase_ = 5;
+                break;
+              }
+            default:
+              {
+                if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                  done = true;
+                }
+                break;
+              }
+          }
+        }
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        throw e.setUnfinishedMessage(this);
+      } catch (java.io.IOException e) {
+        throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+      } finally {
+        this.unknownFields = unknownFields.build();
+        makeExtensionsImmutable();
+      }
+    }
+
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.protos.google.cloud.binaryauthorization.v1.Resources
+          .internal_static_google_cloud_binaryauthorization_v1_AttestorPublicKey_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.protos.google.cloud.binaryauthorization.v1.Resources
+          .internal_static_google_cloud_binaryauthorization_v1_AttestorPublicKey_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey
+                  .class,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey
+                  .Builder.class);
+    }
+
+    private int publicKeyCase_ = 0;
+    private java.lang.Object publicKey_;
+
+    public enum PublicKeyCase
+        implements
+            com.google.protobuf.Internal.EnumLite,
+            com.google.protobuf.AbstractMessage.InternalOneOfEnum {
+      ASCII_ARMORED_PGP_PUBLIC_KEY(3),
+      PKIX_PUBLIC_KEY(5),
+      PUBLICKEY_NOT_SET(0);
+      private final int value;
+
+      private PublicKeyCase(int value) {
+        this.value = value;
+      }
+      /**
+       * @param value The number of the enum to look for.
+       * @return The enum associated with the given number.
+       * @deprecated Use {@link #forNumber(int)} instead.
+       */
+      @java.lang.Deprecated
+      public static PublicKeyCase valueOf(int value) {
+        return forNumber(value);
+      }
+
+      public static PublicKeyCase forNumber(int value) {
+        switch (value) {
+          case 3:
+            return ASCII_ARMORED_PGP_PUBLIC_KEY;
+          case 5:
+            return PKIX_PUBLIC_KEY;
+          case 0:
+            return PUBLICKEY_NOT_SET;
+          default:
+            return null;
+        }
+      }
+
+      public int getNumber() {
+        return this.value;
+      }
+    };
+
+    public PublicKeyCase getPublicKeyCase() {
+      return PublicKeyCase.forNumber(publicKeyCase_);
+    }
+
+    public static final int COMMENT_FIELD_NUMBER = 1;
+    private volatile java.lang.Object comment_;
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A descriptive comment. This field may be updated.
+     * </pre>
+     *
+     * <code>string comment = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The comment.
+     */
+    @java.lang.Override
+    public java.lang.String getComment() {
+      java.lang.Object ref = comment_;
+      if (ref instanceof java.lang.String) {
+        return (java.lang.String) ref;
+      } else {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        comment_ = s;
+        return s;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A descriptive comment. This field may be updated.
+     * </pre>
+     *
+     * <code>string comment = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The bytes for comment.
+     */
+    @java.lang.Override
+    public com.google.protobuf.ByteString getCommentBytes() {
+      java.lang.Object ref = comment_;
+      if (ref instanceof java.lang.String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        comment_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+
+    public static final int ID_FIELD_NUMBER = 2;
+    private volatile java.lang.Object id_;
+    /**
+     *
+     *
+     * <pre>
+     * The ID of this public key.
+     * Signatures verified by BinAuthz must include the ID of the public key that
+     * can be used to verify them, and that ID must match the contents of this
+     * field exactly.
+     * Additional restrictions on this field can be imposed based on which public
+     * key type is encapsulated. See the documentation on `public_key` cases below
+     * for details.
+     * </pre>
+     *
+     * <code>string id = 2;</code>
+     *
+     * @return The id.
+     */
+    @java.lang.Override
+    public java.lang.String getId() {
+      java.lang.Object ref = id_;
+      if (ref instanceof java.lang.String) {
+        return (java.lang.String) ref;
+      } else {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        id_ = s;
+        return s;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The ID of this public key.
+     * Signatures verified by BinAuthz must include the ID of the public key that
+     * can be used to verify them, and that ID must match the contents of this
+     * field exactly.
+     * Additional restrictions on this field can be imposed based on which public
+     * key type is encapsulated. See the documentation on `public_key` cases below
+     * for details.
+     * </pre>
+     *
+     * <code>string id = 2;</code>
+     *
+     * @return The bytes for id.
+     */
+    @java.lang.Override
+    public com.google.protobuf.ByteString getIdBytes() {
+      java.lang.Object ref = id_;
+      if (ref instanceof java.lang.String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        id_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+
+    public static final int ASCII_ARMORED_PGP_PUBLIC_KEY_FIELD_NUMBER = 3;
+    /**
+     *
+     *
+     * <pre>
+     * ASCII-armored representation of a PGP public key, as the entire output by
+     * the command `gpg --export --armor foo&#64;example.com` (either LF or CRLF
+     * line endings).
+     * When using this field, `id` should be left blank.  The BinAuthz API
+     * handlers will calculate the ID and fill it in automatically.  BinAuthz
+     * computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as
+     * upper-case hex.  If `id` is provided by the caller, it will be
+     * overwritten by the API-calculated ID.
+     * </pre>
+     *
+     * <code>string ascii_armored_pgp_public_key = 3;</code>
+     *
+     * @return Whether the asciiArmoredPgpPublicKey field is set.
+     */
+    public boolean hasAsciiArmoredPgpPublicKey() {
+      return publicKeyCase_ == 3;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * ASCII-armored representation of a PGP public key, as the entire output by
+     * the command `gpg --export --armor foo&#64;example.com` (either LF or CRLF
+     * line endings).
+     * When using this field, `id` should be left blank.  The BinAuthz API
+     * handlers will calculate the ID and fill it in automatically.  BinAuthz
+     * computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as
+     * upper-case hex.  If `id` is provided by the caller, it will be
+     * overwritten by the API-calculated ID.
+     * </pre>
+     *
+     * <code>string ascii_armored_pgp_public_key = 3;</code>
+     *
+     * @return The asciiArmoredPgpPublicKey.
+     */
+    public java.lang.String getAsciiArmoredPgpPublicKey() {
+      java.lang.Object ref = "";
+      if (publicKeyCase_ == 3) {
+        ref = publicKey_;
+      }
+      if (ref instanceof java.lang.String) {
+        return (java.lang.String) ref;
+      } else {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        if (publicKeyCase_ == 3) {
+          publicKey_ = s;
+        }
+        return s;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * ASCII-armored representation of a PGP public key, as the entire output by
+     * the command `gpg --export --armor foo&#64;example.com` (either LF or CRLF
+     * line endings).
+     * When using this field, `id` should be left blank.  The BinAuthz API
+     * handlers will calculate the ID and fill it in automatically.  BinAuthz
+     * computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as
+     * upper-case hex.  If `id` is provided by the caller, it will be
+     * overwritten by the API-calculated ID.
+     * </pre>
+     *
+     * <code>string ascii_armored_pgp_public_key = 3;</code>
+     *
+     * @return The bytes for asciiArmoredPgpPublicKey.
+     */
+    public com.google.protobuf.ByteString getAsciiArmoredPgpPublicKeyBytes() {
+      java.lang.Object ref = "";
+      if (publicKeyCase_ == 3) {
+        ref = publicKey_;
+      }
+      if (ref instanceof java.lang.String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        if (publicKeyCase_ == 3) {
+          publicKey_ = b;
+        }
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+
+    public static final int PKIX_PUBLIC_KEY_FIELD_NUMBER = 5;
+    /**
+     *
+     *
+     * <pre>
+     * A raw PKIX SubjectPublicKeyInfo format public key.
+     * NOTE: `id` may be explicitly provided by the caller when using this
+     * type of public key, but it MUST be a valid RFC3986 URI. If `id` is left
+     * blank, a default one will be computed based on the digest of the DER
+     * encoding of the public key.
+     * </pre>
+     *
+     * <code>.google.cloud.binaryauthorization.v1.PkixPublicKey pkix_public_key = 5;</code>
+     *
+     * @return Whether the pkixPublicKey field is set.
+     */
+    @java.lang.Override
+    public boolean hasPkixPublicKey() {
+      return publicKeyCase_ == 5;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A raw PKIX SubjectPublicKeyInfo format public key.
+     * NOTE: `id` may be explicitly provided by the caller when using this
+     * type of public key, but it MUST be a valid RFC3986 URI. If `id` is left
+     * blank, a default one will be computed based on the digest of the DER
+     * encoding of the public key.
+     * </pre>
+     *
+     * <code>.google.cloud.binaryauthorization.v1.PkixPublicKey pkix_public_key = 5;</code>
+     *
+     * @return The pkixPublicKey.
+     */
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+        getPkixPublicKey() {
+      if (publicKeyCase_ == 5) {
+        return (com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey)
+            publicKey_;
+      }
+      return com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+          .getDefaultInstance();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A raw PKIX SubjectPublicKeyInfo format public key.
+     * NOTE: `id` may be explicitly provided by the caller when using this
+     * type of public key, but it MUST be a valid RFC3986 URI. If `id` is left
+     * blank, a default one will be computed based on the digest of the DER
+     * encoding of the public key.
+     * </pre>
+     *
+     * <code>.google.cloud.binaryauthorization.v1.PkixPublicKey pkix_public_key = 5;</code>
+     */
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKeyOrBuilder
+        getPkixPublicKeyOrBuilder() {
+      if (publicKeyCase_ == 5) {
+        return (com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey)
+            publicKey_;
+      }
+      return com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+          .getDefaultInstance();
+    }
+
+    private byte memoizedIsInitialized = -1;
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      byte isInitialized = memoizedIsInitialized;
+      if (isInitialized == 1) return true;
+      if (isInitialized == 0) return false;
+
+      memoizedIsInitialized = 1;
+      return true;
+    }
+
+    @java.lang.Override
+    public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+      if (!getCommentBytes().isEmpty()) {
+        com.google.protobuf.GeneratedMessageV3.writeString(output, 1, comment_);
+      }
+      if (!getIdBytes().isEmpty()) {
+        com.google.protobuf.GeneratedMessageV3.writeString(output, 2, id_);
+      }
+      if (publicKeyCase_ == 3) {
+        com.google.protobuf.GeneratedMessageV3.writeString(output, 3, publicKey_);
+      }
+      if (publicKeyCase_ == 5) {
+        output.writeMessage(
+            5,
+            (com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey)
+                publicKey_);
+      }
+      unknownFields.writeTo(output);
+    }
+
+    @java.lang.Override
+    public int getSerializedSize() {
+      int size = memoizedSize;
+      if (size != -1) return size;
+
+      size = 0;
+      if (!getCommentBytes().isEmpty()) {
+        size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, comment_);
+      }
+      if (!getIdBytes().isEmpty()) {
+        size += com.google.protobuf.GeneratedMessageV3.computeStringSize(2, id_);
+      }
+      if (publicKeyCase_ == 3) {
+        size += com.google.protobuf.GeneratedMessageV3.computeStringSize(3, publicKey_);
+      }
+      if (publicKeyCase_ == 5) {
+        size +=
+            com.google.protobuf.CodedOutputStream.computeMessageSize(
+                5,
+                (com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey)
+                    publicKey_);
+      }
+      size += unknownFields.getSerializedSize();
+      memoizedSize = size;
+      return size;
+    }
+
+    @java.lang.Override
+    public boolean equals(final java.lang.Object obj) {
+      if (obj == this) {
+        return true;
+      }
+      if (!(obj
+          instanceof
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey)) {
+        return super.equals(obj);
+      }
+      com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey other =
+          (com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey) obj;
+
+      if (!getComment().equals(other.getComment())) return false;
+      if (!getId().equals(other.getId())) return false;
+      if (!getPublicKeyCase().equals(other.getPublicKeyCase())) return false;
+      switch (publicKeyCase_) {
+        case 3:
+          if (!getAsciiArmoredPgpPublicKey().equals(other.getAsciiArmoredPgpPublicKey()))
+            return false;
+          break;
+        case 5:
+          if (!getPkixPublicKey().equals(other.getPkixPublicKey())) return false;
+          break;
+        case 0:
+        default:
+      }
+      if (!unknownFields.equals(other.unknownFields)) return false;
+      return true;
+    }
+
+    @java.lang.Override
+    public int hashCode() {
+      if (memoizedHashCode != 0) {
+        return memoizedHashCode;
+      }
+      int hash = 41;
+      hash = (19 * hash) + getDescriptor().hashCode();
+      hash = (37 * hash) + COMMENT_FIELD_NUMBER;
+      hash = (53 * hash) + getComment().hashCode();
+      hash = (37 * hash) + ID_FIELD_NUMBER;
+      hash = (53 * hash) + getId().hashCode();
+      switch (publicKeyCase_) {
+        case 3:
+          hash = (37 * hash) + ASCII_ARMORED_PGP_PUBLIC_KEY_FIELD_NUMBER;
+          hash = (53 * hash) + getAsciiArmoredPgpPublicKey().hashCode();
+          break;
+        case 5:
+          hash = (37 * hash) + PKIX_PUBLIC_KEY_FIELD_NUMBER;
+          hash = (53 * hash) + getPkixPublicKey().hashCode();
+          break;
+        case 0:
+        default:
+      }
+      hash = (29 * hash) + unknownFields.hashCode();
+      memoizedHashCode = hash;
+      return hash;
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey
+        parseFrom(java.nio.ByteBuffer data)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey
+        parseFrom(
+            java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey
+        parseFrom(com.google.protobuf.ByteString data)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey
+        parseFrom(
+            com.google.protobuf.ByteString data,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey
+        parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey
+        parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey
+        parseFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey
+        parseFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey
+        parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey
+        parseDelimitedFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey
+        parseFrom(com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey
+        parseFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    @java.lang.Override
+    public Builder newBuilderForType() {
+      return newBuilder();
+    }
+
+    public static Builder newBuilder() {
+      return DEFAULT_INSTANCE.toBuilder();
+    }
+
+    public static Builder newBuilder(
+        com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey
+            prototype) {
+      return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+    }
+
+    @java.lang.Override
+    public Builder toBuilder() {
+      return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+    }
+
+    @java.lang.Override
+    protected Builder newBuilderForType(
+        com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      Builder builder = new Builder(parent);
+      return builder;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * An [attestor public key][google.cloud.binaryauthorization.v1.AttestorPublicKey] that will be used to verify
+     * attestations signed by this attestor.
+     * </pre>
+     *
+     * Protobuf type {@code google.cloud.binaryauthorization.v1.AttestorPublicKey}
+     */
+    public static final class Builder
+        extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+        implements
+        // @@protoc_insertion_point(builder_implements:google.cloud.binaryauthorization.v1.AttestorPublicKey)
+        com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKeyOrBuilder {
+      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .internal_static_google_cloud_binaryauthorization_v1_AttestorPublicKey_descriptor;
+      }
+
+      @java.lang.Override
+      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+          internalGetFieldAccessorTable() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .internal_static_google_cloud_binaryauthorization_v1_AttestorPublicKey_fieldAccessorTable
+            .ensureFieldAccessorsInitialized(
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey
+                    .class,
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey
+                    .Builder.class);
+      }
+
+      // Construct using
+      // com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey.newBuilder()
+      private Builder() {
+        maybeForceBuilderInitialization();
+      }
+
+      private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+        super(parent);
+        maybeForceBuilderInitialization();
+      }
+
+      private void maybeForceBuilderInitialization() {
+        if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+      }
+
+      @java.lang.Override
+      public Builder clear() {
+        super.clear();
+        comment_ = "";
+
+        id_ = "";
+
+        publicKeyCase_ = 0;
+        publicKey_ = null;
+        return this;
+      }
+
+      @java.lang.Override
+      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .internal_static_google_cloud_binaryauthorization_v1_AttestorPublicKey_descriptor;
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey
+          getDefaultInstanceForType() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey
+            .getDefaultInstance();
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey
+          build() {
+        com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey result =
+            buildPartial();
+        if (!result.isInitialized()) {
+          throw newUninitializedMessageException(result);
+        }
+        return result;
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey
+          buildPartial() {
+        com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey result =
+            new com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey(
+                this);
+        result.comment_ = comment_;
+        result.id_ = id_;
+        if (publicKeyCase_ == 3) {
+          result.publicKey_ = publicKey_;
+        }
+        if (publicKeyCase_ == 5) {
+          if (pkixPublicKeyBuilder_ == null) {
+            result.publicKey_ = publicKey_;
+          } else {
+            result.publicKey_ = pkixPublicKeyBuilder_.build();
+          }
+        }
+        result.publicKeyCase_ = publicKeyCase_;
+        onBuilt();
+        return result;
+      }
+
+      @java.lang.Override
+      public Builder clone() {
+        return super.clone();
+      }
+
+      @java.lang.Override
+      public Builder setField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.setField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+        return super.clearField(field);
+      }
+
+      @java.lang.Override
+      public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+        return super.clearOneof(oneof);
+      }
+
+      @java.lang.Override
+      public Builder setRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field,
+          int index,
+          java.lang.Object value) {
+        return super.setRepeatedField(field, index, value);
+      }
+
+      @java.lang.Override
+      public Builder addRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.addRepeatedField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(com.google.protobuf.Message other) {
+        if (other
+            instanceof
+            com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey) {
+          return mergeFrom(
+              (com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey)
+                  other);
+        } else {
+          super.mergeFrom(other);
+          return this;
+        }
+      }
+
+      public Builder mergeFrom(
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey other) {
+        if (other
+            == com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey
+                .getDefaultInstance()) return this;
+        if (!other.getComment().isEmpty()) {
+          comment_ = other.comment_;
+          onChanged();
+        }
+        if (!other.getId().isEmpty()) {
+          id_ = other.id_;
+          onChanged();
+        }
+        switch (other.getPublicKeyCase()) {
+          case ASCII_ARMORED_PGP_PUBLIC_KEY:
+            {
+              publicKeyCase_ = 3;
+              publicKey_ = other.publicKey_;
+              onChanged();
+              break;
+            }
+          case PKIX_PUBLIC_KEY:
+            {
+              mergePkixPublicKey(other.getPkixPublicKey());
+              break;
+            }
+          case PUBLICKEY_NOT_SET:
+            {
+              break;
+            }
+        }
+        this.mergeUnknownFields(other.unknownFields);
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final boolean isInitialized() {
+        return true;
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+        com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey
+            parsedMessage = null;
+        try {
+          parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+        } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+          parsedMessage =
+              (com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey)
+                  e.getUnfinishedMessage();
+          throw e.unwrapIOException();
+        } finally {
+          if (parsedMessage != null) {
+            mergeFrom(parsedMessage);
+          }
+        }
+        return this;
+      }
+
+      private int publicKeyCase_ = 0;
+      private java.lang.Object publicKey_;
+
+      public PublicKeyCase getPublicKeyCase() {
+        return PublicKeyCase.forNumber(publicKeyCase_);
+      }
+
+      public Builder clearPublicKey() {
+        publicKeyCase_ = 0;
+        publicKey_ = null;
+        onChanged();
+        return this;
+      }
+
+      private java.lang.Object comment_ = "";
+      /**
+       *
+       *
+       * <pre>
+       * Optional. A descriptive comment. This field may be updated.
+       * </pre>
+       *
+       * <code>string comment = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+       *
+       * @return The comment.
+       */
+      public java.lang.String getComment() {
+        java.lang.Object ref = comment_;
+        if (!(ref instanceof java.lang.String)) {
+          com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+          java.lang.String s = bs.toStringUtf8();
+          comment_ = s;
+          return s;
+        } else {
+          return (java.lang.String) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. A descriptive comment. This field may be updated.
+       * </pre>
+       *
+       * <code>string comment = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+       *
+       * @return The bytes for comment.
+       */
+      public com.google.protobuf.ByteString getCommentBytes() {
+        java.lang.Object ref = comment_;
+        if (ref instanceof String) {
+          com.google.protobuf.ByteString b =
+              com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+          comment_ = b;
+          return b;
+        } else {
+          return (com.google.protobuf.ByteString) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. A descriptive comment. This field may be updated.
+       * </pre>
+       *
+       * <code>string comment = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+       *
+       * @param value The comment to set.
+       * @return This builder for chaining.
+       */
+      public Builder setComment(java.lang.String value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+
+        comment_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. A descriptive comment. This field may be updated.
+       * </pre>
+       *
+       * <code>string comment = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearComment() {
+
+        comment_ = getDefaultInstance().getComment();
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. A descriptive comment. This field may be updated.
+       * </pre>
+       *
+       * <code>string comment = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+       *
+       * @param value The bytes for comment to set.
+       * @return This builder for chaining.
+       */
+      public Builder setCommentBytes(com.google.protobuf.ByteString value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        checkByteStringIsUtf8(value);
+
+        comment_ = value;
+        onChanged();
+        return this;
+      }
+
+      private java.lang.Object id_ = "";
+      /**
+       *
+       *
+       * <pre>
+       * The ID of this public key.
+       * Signatures verified by BinAuthz must include the ID of the public key that
+       * can be used to verify them, and that ID must match the contents of this
+       * field exactly.
+       * Additional restrictions on this field can be imposed based on which public
+       * key type is encapsulated. See the documentation on `public_key` cases below
+       * for details.
+       * </pre>
+       *
+       * <code>string id = 2;</code>
+       *
+       * @return The id.
+       */
+      public java.lang.String getId() {
+        java.lang.Object ref = id_;
+        if (!(ref instanceof java.lang.String)) {
+          com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+          java.lang.String s = bs.toStringUtf8();
+          id_ = s;
+          return s;
+        } else {
+          return (java.lang.String) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The ID of this public key.
+       * Signatures verified by BinAuthz must include the ID of the public key that
+       * can be used to verify them, and that ID must match the contents of this
+       * field exactly.
+       * Additional restrictions on this field can be imposed based on which public
+       * key type is encapsulated. See the documentation on `public_key` cases below
+       * for details.
+       * </pre>
+       *
+       * <code>string id = 2;</code>
+       *
+       * @return The bytes for id.
+       */
+      public com.google.protobuf.ByteString getIdBytes() {
+        java.lang.Object ref = id_;
+        if (ref instanceof String) {
+          com.google.protobuf.ByteString b =
+              com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+          id_ = b;
+          return b;
+        } else {
+          return (com.google.protobuf.ByteString) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The ID of this public key.
+       * Signatures verified by BinAuthz must include the ID of the public key that
+       * can be used to verify them, and that ID must match the contents of this
+       * field exactly.
+       * Additional restrictions on this field can be imposed based on which public
+       * key type is encapsulated. See the documentation on `public_key` cases below
+       * for details.
+       * </pre>
+       *
+       * <code>string id = 2;</code>
+       *
+       * @param value The id to set.
+       * @return This builder for chaining.
+       */
+      public Builder setId(java.lang.String value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+
+        id_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The ID of this public key.
+       * Signatures verified by BinAuthz must include the ID of the public key that
+       * can be used to verify them, and that ID must match the contents of this
+       * field exactly.
+       * Additional restrictions on this field can be imposed based on which public
+       * key type is encapsulated. See the documentation on `public_key` cases below
+       * for details.
+       * </pre>
+       *
+       * <code>string id = 2;</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearId() {
+
+        id_ = getDefaultInstance().getId();
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The ID of this public key.
+       * Signatures verified by BinAuthz must include the ID of the public key that
+       * can be used to verify them, and that ID must match the contents of this
+       * field exactly.
+       * Additional restrictions on this field can be imposed based on which public
+       * key type is encapsulated. See the documentation on `public_key` cases below
+       * for details.
+       * </pre>
+       *
+       * <code>string id = 2;</code>
+       *
+       * @param value The bytes for id to set.
+       * @return This builder for chaining.
+       */
+      public Builder setIdBytes(com.google.protobuf.ByteString value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        checkByteStringIsUtf8(value);
+
+        id_ = value;
+        onChanged();
+        return this;
+      }
+
+      /**
+       *
+       *
+       * <pre>
+       * ASCII-armored representation of a PGP public key, as the entire output by
+       * the command `gpg --export --armor foo&#64;example.com` (either LF or CRLF
+       * line endings).
+       * When using this field, `id` should be left blank.  The BinAuthz API
+       * handlers will calculate the ID and fill it in automatically.  BinAuthz
+       * computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as
+       * upper-case hex.  If `id` is provided by the caller, it will be
+       * overwritten by the API-calculated ID.
+       * </pre>
+       *
+       * <code>string ascii_armored_pgp_public_key = 3;</code>
+       *
+       * @return Whether the asciiArmoredPgpPublicKey field is set.
+       */
+      @java.lang.Override
+      public boolean hasAsciiArmoredPgpPublicKey() {
+        return publicKeyCase_ == 3;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * ASCII-armored representation of a PGP public key, as the entire output by
+       * the command `gpg --export --armor foo&#64;example.com` (either LF or CRLF
+       * line endings).
+       * When using this field, `id` should be left blank.  The BinAuthz API
+       * handlers will calculate the ID and fill it in automatically.  BinAuthz
+       * computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as
+       * upper-case hex.  If `id` is provided by the caller, it will be
+       * overwritten by the API-calculated ID.
+       * </pre>
+       *
+       * <code>string ascii_armored_pgp_public_key = 3;</code>
+       *
+       * @return The asciiArmoredPgpPublicKey.
+       */
+      @java.lang.Override
+      public java.lang.String getAsciiArmoredPgpPublicKey() {
+        java.lang.Object ref = "";
+        if (publicKeyCase_ == 3) {
+          ref = publicKey_;
+        }
+        if (!(ref instanceof java.lang.String)) {
+          com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+          java.lang.String s = bs.toStringUtf8();
+          if (publicKeyCase_ == 3) {
+            publicKey_ = s;
+          }
+          return s;
+        } else {
+          return (java.lang.String) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * ASCII-armored representation of a PGP public key, as the entire output by
+       * the command `gpg --export --armor foo&#64;example.com` (either LF or CRLF
+       * line endings).
+       * When using this field, `id` should be left blank.  The BinAuthz API
+       * handlers will calculate the ID and fill it in automatically.  BinAuthz
+       * computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as
+       * upper-case hex.  If `id` is provided by the caller, it will be
+       * overwritten by the API-calculated ID.
+       * </pre>
+       *
+       * <code>string ascii_armored_pgp_public_key = 3;</code>
+       *
+       * @return The bytes for asciiArmoredPgpPublicKey.
+       */
+      @java.lang.Override
+      public com.google.protobuf.ByteString getAsciiArmoredPgpPublicKeyBytes() {
+        java.lang.Object ref = "";
+        if (publicKeyCase_ == 3) {
+          ref = publicKey_;
+        }
+        if (ref instanceof String) {
+          com.google.protobuf.ByteString b =
+              com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+          if (publicKeyCase_ == 3) {
+            publicKey_ = b;
+          }
+          return b;
+        } else {
+          return (com.google.protobuf.ByteString) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * ASCII-armored representation of a PGP public key, as the entire output by
+       * the command `gpg --export --armor foo&#64;example.com` (either LF or CRLF
+       * line endings).
+       * When using this field, `id` should be left blank.  The BinAuthz API
+       * handlers will calculate the ID and fill it in automatically.  BinAuthz
+       * computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as
+       * upper-case hex.  If `id` is provided by the caller, it will be
+       * overwritten by the API-calculated ID.
+       * </pre>
+       *
+       * <code>string ascii_armored_pgp_public_key = 3;</code>
+       *
+       * @param value The asciiArmoredPgpPublicKey to set.
+       * @return This builder for chaining.
+       */
+      public Builder setAsciiArmoredPgpPublicKey(java.lang.String value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        publicKeyCase_ = 3;
+        publicKey_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * ASCII-armored representation of a PGP public key, as the entire output by
+       * the command `gpg --export --armor foo&#64;example.com` (either LF or CRLF
+       * line endings).
+       * When using this field, `id` should be left blank.  The BinAuthz API
+       * handlers will calculate the ID and fill it in automatically.  BinAuthz
+       * computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as
+       * upper-case hex.  If `id` is provided by the caller, it will be
+       * overwritten by the API-calculated ID.
+       * </pre>
+       *
+       * <code>string ascii_armored_pgp_public_key = 3;</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearAsciiArmoredPgpPublicKey() {
+        if (publicKeyCase_ == 3) {
+          publicKeyCase_ = 0;
+          publicKey_ = null;
+          onChanged();
+        }
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * ASCII-armored representation of a PGP public key, as the entire output by
+       * the command `gpg --export --armor foo&#64;example.com` (either LF or CRLF
+       * line endings).
+       * When using this field, `id` should be left blank.  The BinAuthz API
+       * handlers will calculate the ID and fill it in automatically.  BinAuthz
+       * computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as
+       * upper-case hex.  If `id` is provided by the caller, it will be
+       * overwritten by the API-calculated ID.
+       * </pre>
+       *
+       * <code>string ascii_armored_pgp_public_key = 3;</code>
+       *
+       * @param value The bytes for asciiArmoredPgpPublicKey to set.
+       * @return This builder for chaining.
+       */
+      public Builder setAsciiArmoredPgpPublicKeyBytes(com.google.protobuf.ByteString value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        checkByteStringIsUtf8(value);
+        publicKeyCase_ = 3;
+        publicKey_ = value;
+        onChanged();
+        return this;
+      }
+
+      private com.google.protobuf.SingleFieldBuilderV3<
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey.Builder,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                  .PkixPublicKeyOrBuilder>
+          pkixPublicKeyBuilder_;
+      /**
+       *
+       *
+       * <pre>
+       * A raw PKIX SubjectPublicKeyInfo format public key.
+       * NOTE: `id` may be explicitly provided by the caller when using this
+       * type of public key, but it MUST be a valid RFC3986 URI. If `id` is left
+       * blank, a default one will be computed based on the digest of the DER
+       * encoding of the public key.
+       * </pre>
+       *
+       * <code>.google.cloud.binaryauthorization.v1.PkixPublicKey pkix_public_key = 5;</code>
+       *
+       * @return Whether the pkixPublicKey field is set.
+       */
+      @java.lang.Override
+      public boolean hasPkixPublicKey() {
+        return publicKeyCase_ == 5;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * A raw PKIX SubjectPublicKeyInfo format public key.
+       * NOTE: `id` may be explicitly provided by the caller when using this
+       * type of public key, but it MUST be a valid RFC3986 URI. If `id` is left
+       * blank, a default one will be computed based on the digest of the DER
+       * encoding of the public key.
+       * </pre>
+       *
+       * <code>.google.cloud.binaryauthorization.v1.PkixPublicKey pkix_public_key = 5;</code>
+       *
+       * @return The pkixPublicKey.
+       */
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+          getPkixPublicKey() {
+        if (pkixPublicKeyBuilder_ == null) {
+          if (publicKeyCase_ == 5) {
+            return (com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey)
+                publicKey_;
+          }
+          return com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+              .getDefaultInstance();
+        } else {
+          if (publicKeyCase_ == 5) {
+            return pkixPublicKeyBuilder_.getMessage();
+          }
+          return com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+              .getDefaultInstance();
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * A raw PKIX SubjectPublicKeyInfo format public key.
+       * NOTE: `id` may be explicitly provided by the caller when using this
+       * type of public key, but it MUST be a valid RFC3986 URI. If `id` is left
+       * blank, a default one will be computed based on the digest of the DER
+       * encoding of the public key.
+       * </pre>
+       *
+       * <code>.google.cloud.binaryauthorization.v1.PkixPublicKey pkix_public_key = 5;</code>
+       */
+      public Builder setPkixPublicKey(
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey value) {
+        if (pkixPublicKeyBuilder_ == null) {
+          if (value == null) {
+            throw new NullPointerException();
+          }
+          publicKey_ = value;
+          onChanged();
+        } else {
+          pkixPublicKeyBuilder_.setMessage(value);
+        }
+        publicKeyCase_ = 5;
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * A raw PKIX SubjectPublicKeyInfo format public key.
+       * NOTE: `id` may be explicitly provided by the caller when using this
+       * type of public key, but it MUST be a valid RFC3986 URI. If `id` is left
+       * blank, a default one will be computed based on the digest of the DER
+       * encoding of the public key.
+       * </pre>
+       *
+       * <code>.google.cloud.binaryauthorization.v1.PkixPublicKey pkix_public_key = 5;</code>
+       */
+      public Builder setPkixPublicKey(
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey.Builder
+              builderForValue) {
+        if (pkixPublicKeyBuilder_ == null) {
+          publicKey_ = builderForValue.build();
+          onChanged();
+        } else {
+          pkixPublicKeyBuilder_.setMessage(builderForValue.build());
+        }
+        publicKeyCase_ = 5;
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * A raw PKIX SubjectPublicKeyInfo format public key.
+       * NOTE: `id` may be explicitly provided by the caller when using this
+       * type of public key, but it MUST be a valid RFC3986 URI. If `id` is left
+       * blank, a default one will be computed based on the digest of the DER
+       * encoding of the public key.
+       * </pre>
+       *
+       * <code>.google.cloud.binaryauthorization.v1.PkixPublicKey pkix_public_key = 5;</code>
+       */
+      public Builder mergePkixPublicKey(
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey value) {
+        if (pkixPublicKeyBuilder_ == null) {
+          if (publicKeyCase_ == 5
+              && publicKey_
+                  != com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+                      .getDefaultInstance()) {
+            publicKey_ =
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+                    .newBuilder(
+                        (com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                                .PkixPublicKey)
+                            publicKey_)
+                    .mergeFrom(value)
+                    .buildPartial();
+          } else {
+            publicKey_ = value;
+          }
+          onChanged();
+        } else {
+          if (publicKeyCase_ == 5) {
+            pkixPublicKeyBuilder_.mergeFrom(value);
+          }
+          pkixPublicKeyBuilder_.setMessage(value);
+        }
+        publicKeyCase_ = 5;
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * A raw PKIX SubjectPublicKeyInfo format public key.
+       * NOTE: `id` may be explicitly provided by the caller when using this
+       * type of public key, but it MUST be a valid RFC3986 URI. If `id` is left
+       * blank, a default one will be computed based on the digest of the DER
+       * encoding of the public key.
+       * </pre>
+       *
+       * <code>.google.cloud.binaryauthorization.v1.PkixPublicKey pkix_public_key = 5;</code>
+       */
+      public Builder clearPkixPublicKey() {
+        if (pkixPublicKeyBuilder_ == null) {
+          if (publicKeyCase_ == 5) {
+            publicKeyCase_ = 0;
+            publicKey_ = null;
+            onChanged();
+          }
+        } else {
+          if (publicKeyCase_ == 5) {
+            publicKeyCase_ = 0;
+            publicKey_ = null;
+          }
+          pkixPublicKeyBuilder_.clear();
+        }
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * A raw PKIX SubjectPublicKeyInfo format public key.
+       * NOTE: `id` may be explicitly provided by the caller when using this
+       * type of public key, but it MUST be a valid RFC3986 URI. If `id` is left
+       * blank, a default one will be computed based on the digest of the DER
+       * encoding of the public key.
+       * </pre>
+       *
+       * <code>.google.cloud.binaryauthorization.v1.PkixPublicKey pkix_public_key = 5;</code>
+       */
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey.Builder
+          getPkixPublicKeyBuilder() {
+        return getPkixPublicKeyFieldBuilder().getBuilder();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * A raw PKIX SubjectPublicKeyInfo format public key.
+       * NOTE: `id` may be explicitly provided by the caller when using this
+       * type of public key, but it MUST be a valid RFC3986 URI. If `id` is left
+       * blank, a default one will be computed based on the digest of the DER
+       * encoding of the public key.
+       * </pre>
+       *
+       * <code>.google.cloud.binaryauthorization.v1.PkixPublicKey pkix_public_key = 5;</code>
+       */
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKeyOrBuilder
+          getPkixPublicKeyOrBuilder() {
+        if ((publicKeyCase_ == 5) && (pkixPublicKeyBuilder_ != null)) {
+          return pkixPublicKeyBuilder_.getMessageOrBuilder();
+        } else {
+          if (publicKeyCase_ == 5) {
+            return (com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey)
+                publicKey_;
+          }
+          return com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+              .getDefaultInstance();
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * A raw PKIX SubjectPublicKeyInfo format public key.
+       * NOTE: `id` may be explicitly provided by the caller when using this
+       * type of public key, but it MUST be a valid RFC3986 URI. If `id` is left
+       * blank, a default one will be computed based on the digest of the DER
+       * encoding of the public key.
+       * </pre>
+       *
+       * <code>.google.cloud.binaryauthorization.v1.PkixPublicKey pkix_public_key = 5;</code>
+       */
+      private com.google.protobuf.SingleFieldBuilderV3<
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey.Builder,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                  .PkixPublicKeyOrBuilder>
+          getPkixPublicKeyFieldBuilder() {
+        if (pkixPublicKeyBuilder_ == null) {
+          if (!(publicKeyCase_ == 5)) {
+            publicKey_ =
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+                    .getDefaultInstance();
+          }
+          pkixPublicKeyBuilder_ =
+              new com.google.protobuf.SingleFieldBuilderV3<
+                  com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey,
+                  com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey
+                      .Builder,
+                  com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                      .PkixPublicKeyOrBuilder>(
+                  (com.google.protos.google.cloud.binaryauthorization.v1.Resources.PkixPublicKey)
+                      publicKey_,
+                  getParentForChildren(),
+                  isClean());
+          publicKey_ = null;
+        }
+        publicKeyCase_ = 5;
+        onChanged();
+        ;
+        return pkixPublicKeyBuilder_;
+      }
+
+      @java.lang.Override
+      public final Builder setUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.setUnknownFields(unknownFields);
+      }
+
+      @java.lang.Override
+      public final Builder mergeUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.mergeUnknownFields(unknownFields);
+      }
+
+      // @@protoc_insertion_point(builder_scope:google.cloud.binaryauthorization.v1.AttestorPublicKey)
+    }
+
+    // @@protoc_insertion_point(class_scope:google.cloud.binaryauthorization.v1.AttestorPublicKey)
+    private static final com.google.protos.google.cloud.binaryauthorization.v1.Resources
+            .AttestorPublicKey
+        DEFAULT_INSTANCE;
+
+    static {
+      DEFAULT_INSTANCE =
+          new com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey();
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey
+        getDefaultInstance() {
+      return DEFAULT_INSTANCE;
+    }
+
+    private static final com.google.protobuf.Parser<AttestorPublicKey> PARSER =
+        new com.google.protobuf.AbstractParser<AttestorPublicKey>() {
+          @java.lang.Override
+          public AttestorPublicKey parsePartialFrom(
+              com.google.protobuf.CodedInputStream input,
+              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws com.google.protobuf.InvalidProtocolBufferException {
+            return new AttestorPublicKey(input, extensionRegistry);
+          }
+        };
+
+    public static com.google.protobuf.Parser<AttestorPublicKey> parser() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Parser<AttestorPublicKey> getParserForType() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorPublicKey
+        getDefaultInstanceForType() {
+      return DEFAULT_INSTANCE;
+    }
+  }
+
+  private static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_binaryauthorization_v1_Policy_descriptor;
+  private static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_binaryauthorization_v1_Policy_fieldAccessorTable;
+  private static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_binaryauthorization_v1_Policy_ClusterAdmissionRulesEntry_descriptor;
+  private static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_binaryauthorization_v1_Policy_ClusterAdmissionRulesEntry_fieldAccessorTable;
+  private static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_binaryauthorization_v1_Policy_KubernetesNamespaceAdmissionRulesEntry_descriptor;
+  private static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_binaryauthorization_v1_Policy_KubernetesNamespaceAdmissionRulesEntry_fieldAccessorTable;
+  private static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_binaryauthorization_v1_Policy_KubernetesServiceAccountAdmissionRulesEntry_descriptor;
+  private static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_binaryauthorization_v1_Policy_KubernetesServiceAccountAdmissionRulesEntry_fieldAccessorTable;
+  private static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_binaryauthorization_v1_Policy_IstioServiceIdentityAdmissionRulesEntry_descriptor;
+  private static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_binaryauthorization_v1_Policy_IstioServiceIdentityAdmissionRulesEntry_fieldAccessorTable;
+  private static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_binaryauthorization_v1_AdmissionWhitelistPattern_descriptor;
+  private static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_binaryauthorization_v1_AdmissionWhitelistPattern_fieldAccessorTable;
+  private static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_binaryauthorization_v1_AdmissionRule_descriptor;
+  private static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_binaryauthorization_v1_AdmissionRule_fieldAccessorTable;
+  private static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_binaryauthorization_v1_Attestor_descriptor;
+  private static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_binaryauthorization_v1_Attestor_fieldAccessorTable;
+  private static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_binaryauthorization_v1_UserOwnedGrafeasNote_descriptor;
+  private static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_binaryauthorization_v1_UserOwnedGrafeasNote_fieldAccessorTable;
+  private static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_binaryauthorization_v1_PkixPublicKey_descriptor;
+  private static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_binaryauthorization_v1_PkixPublicKey_fieldAccessorTable;
+  private static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_binaryauthorization_v1_AttestorPublicKey_descriptor;
+  private static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_binaryauthorization_v1_AttestorPublicKey_fieldAccessorTable;
+
+  public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
+    return descriptor;
+  }
+
+  private static com.google.protobuf.Descriptors.FileDescriptor descriptor;
+
+  static {
+    java.lang.String[] descriptorData = {
+      "\n3google/cloud/binaryauthorization/v1/re"
+          + "sources.proto\022#google.cloud.binaryauthor"
+          + "ization.v1\032\037google/api/field_behavior.pr"
+          + "oto\032\031google/api/resource.proto\032\037google/p"
+          + "rotobuf/timestamp.proto\032\034google/api/anno"
+          + "tations.proto\"\370\014\n\006Policy\022\021\n\004name\030\001 \001(\tB\003"
+          + "\340A\003\022\030\n\013description\030\006 \001(\tB\003\340A\001\022r\n\035global_"
+          + "policy_evaluation_mode\030\007 \001(\0162F.google.cl"
+          + "oud.binaryauthorization.v1.Policy.Global"
+          + "PolicyEvaluationModeB\003\340A\001\022i\n\034admission_w"
+          + "hitelist_patterns\030\002 \003(\0132>.google.cloud.b"
+          + "inaryauthorization.v1.AdmissionWhitelist"
+          + "PatternB\003\340A\001\022l\n\027cluster_admission_rules\030"
+          + "\003 \003(\0132F.google.cloud.binaryauthorization"
+          + ".v1.Policy.ClusterAdmissionRulesEntryB\003\340"
+          + "A\001\022\205\001\n$kubernetes_namespace_admission_ru"
+          + "les\030\n \003(\0132R.google.cloud.binaryauthoriza"
+          + "tion.v1.Policy.KubernetesNamespaceAdmiss"
+          + "ionRulesEntryB\003\340A\001\022\220\001\n*kubernetes_servic"
+          + "e_account_admission_rules\030\010 \003(\0132W.google"
+          + ".cloud.binaryauthorization.v1.Policy.Kub"
+          + "ernetesServiceAccountAdmissionRulesEntry"
+          + "B\003\340A\001\022\210\001\n&istio_service_identity_admissi"
+          + "on_rules\030\t \003(\0132S.google.cloud.binaryauth"
+          + "orization.v1.Policy.IstioServiceIdentity"
+          + "AdmissionRulesEntryB\003\340A\001\022W\n\026default_admi"
+          + "ssion_rule\030\004 \001(\01322.google.cloud.binaryau"
+          + "thorization.v1.AdmissionRuleB\003\340A\002\0224\n\013upd"
+          + "ate_time\030\005 \001(\0132\032.google.protobuf.Timesta"
+          + "mpB\003\340A\003\032p\n\032ClusterAdmissionRulesEntry\022\013\n"
+          + "\003key\030\001 \001(\t\022A\n\005value\030\002 \001(\01322.google.cloud"
+          + ".binaryauthorization.v1.AdmissionRule:\0028"
+          + "\001\032|\n&KubernetesNamespaceAdmissionRulesEn"
+          + "try\022\013\n\003key\030\001 \001(\t\022A\n\005value\030\002 \001(\01322.google"
+          + ".cloud.binaryauthorization.v1.AdmissionR"
+          + "ule:\0028\001\032\201\001\n+KubernetesServiceAccountAdmi"
+          + "ssionRulesEntry\022\013\n\003key\030\001 \001(\t\022A\n\005value\030\002 "
+          + "\001(\01322.google.cloud.binaryauthorization.v"
+          + "1.AdmissionRule:\0028\001\032}\n\'IstioServiceIdent"
+          + "ityAdmissionRulesEntry\022\013\n\003key\030\001 \001(\t\022A\n\005v"
+          + "alue\030\002 \001(\01322.google.cloud.binaryauthoriz"
+          + "ation.v1.AdmissionRule:\0028\001\"d\n\032GlobalPoli"
+          + "cyEvaluationMode\022-\n)GLOBAL_POLICY_EVALUA"
+          + "TION_MODE_UNSPECIFIED\020\000\022\n\n\006ENABLE\020\001\022\013\n\007D"
+          + "ISABLE\020\002:f\352Ac\n)binaryauthorization.googl"
+          + "eapis.com/Policy\022\031projects/{project}/pol"
+          + "icy\022\033locations/{location}/policy\"1\n\031Admi"
+          + "ssionWhitelistPattern\022\024\n\014name_pattern\030\001 "
+          + "\001(\t\"\332\003\n\rAdmissionRule\022_\n\017evaluation_mode"
+          + "\030\001 \001(\0162A.google.cloud.binaryauthorizatio"
+          + "n.v1.AdmissionRule.EvaluationModeB\003\340A\002\022$"
+          + "\n\027require_attestations_by\030\002 \003(\tB\003\340A\001\022a\n\020"
+          + "enforcement_mode\030\003 \001(\0162B.google.cloud.bi"
+          + "naryauthorization.v1.AdmissionRule.Enfor"
+          + "cementModeB\003\340A\002\"m\n\016EvaluationMode\022\037\n\033EVA"
+          + "LUATION_MODE_UNSPECIFIED\020\000\022\020\n\014ALWAYS_ALL"
+          + "OW\020\001\022\027\n\023REQUIRE_ATTESTATION\020\002\022\017\n\013ALWAYS_"
+          + "DENY\020\003\"p\n\017EnforcementMode\022 \n\034ENFORCEMENT"
+          + "_MODE_UNSPECIFIED\020\000\022 \n\034ENFORCED_BLOCK_AN"
+          + "D_AUDIT_LOG\020\001\022\031\n\025DRYRUN_AUDIT_LOG_ONLY\020\002"
+          + "\"\267\002\n\010Attestor\022\021\n\004name\030\001 \001(\tB\003\340A\002\022\030\n\013desc"
+          + "ription\030\006 \001(\tB\003\340A\001\022\\\n\027user_owned_grafeas"
+          + "_note\030\003 \001(\01329.google.cloud.binaryauthori"
+          + "zation.v1.UserOwnedGrafeasNoteH\000\0224\n\013upda"
+          + "te_time\030\004 \001(\0132\032.google.protobuf.Timestam"
+          + "pB\003\340A\003:Y\352AV\n+binaryauthorization.googlea"
+          + "pis.com/Attestor\022\'projects/{project}/att"
+          + "estors/{attestor}B\017\n\rattestor_type\"\264\001\n\024U"
+          + "serOwnedGrafeasNote\022\033\n\016note_reference\030\001 "
+          + "\001(\tB\003\340A\002\022P\n\013public_keys\030\002 \003(\01326.google.c"
+          + "loud.binaryauthorization.v1.AttestorPubl"
+          + "icKeyB\003\340A\001\022-\n delegation_service_account"
+          + "_email\030\003 \001(\tB\003\340A\003\"\277\004\n\rPkixPublicKey\022\026\n\016p"
+          + "ublic_key_pem\030\001 \001(\t\022b\n\023signature_algorit"
+          + "hm\030\002 \001(\0162E.google.cloud.binaryauthorizat"
+          + "ion.v1.PkixPublicKey.SignatureAlgorithm\""
+          + "\261\003\n\022SignatureAlgorithm\022#\n\037SIGNATURE_ALGO"
+          + "RITHM_UNSPECIFIED\020\000\022\027\n\023RSA_PSS_2048_SHA2"
+          + "56\020\001\022\027\n\023RSA_PSS_3072_SHA256\020\002\022\027\n\023RSA_PSS"
+          + "_4096_SHA256\020\003\022\027\n\023RSA_PSS_4096_SHA512\020\004\022"
+          + "\036\n\032RSA_SIGN_PKCS1_2048_SHA256\020\005\022\036\n\032RSA_S"
+          + "IGN_PKCS1_3072_SHA256\020\006\022\036\n\032RSA_SIGN_PKCS"
+          + "1_4096_SHA256\020\007\022\036\n\032RSA_SIGN_PKCS1_4096_S"
+          + "HA512\020\010\022\025\n\021ECDSA_P256_SHA256\020\t\022\027\n\023EC_SIG"
+          + "N_P256_SHA256\020\t\022\025\n\021ECDSA_P384_SHA384\020\n\022\027"
+          + "\n\023EC_SIGN_P384_SHA384\020\n\022\025\n\021ECDSA_P521_SH"
+          + "A512\020\013\022\027\n\023EC_SIGN_P521_SHA512\020\013\032\002\020\001\"\272\001\n\021"
+          + "AttestorPublicKey\022\024\n\007comment\030\001 \001(\tB\003\340A\001\022"
+          + "\n\n\002id\030\002 \001(\t\022&\n\034ascii_armored_pgp_public_"
+          + "key\030\003 \001(\tH\000\022M\n\017pkix_public_key\030\005 \001(\01322.g"
+          + "oogle.cloud.binaryauthorization.v1.PkixP"
+          + "ublicKeyH\000B\014\n\npublic_keyB\211\002\n5com.google."
+          + "protos.google.cloud.binaryauthorization."
+          + "v1P\000ZVgoogle.golang.org/genproto/googlea"
+          + "pis/cloud/binaryauthorization/v1;binarya"
+          + "uthorization\370\001\001\252\002#Google.Cloud.BinaryAut"
+          + "horization.V1\312\002#Google\\Cloud\\BinaryAutho"
+          + "rization\\V1\352\002&Google::Cloud::BinaryAutho"
+          + "rization::V1b\006proto3"
+    };
+    descriptor =
+        com.google.protobuf.Descriptors.FileDescriptor.internalBuildGeneratedFileFrom(
+            descriptorData,
+            new com.google.protobuf.Descriptors.FileDescriptor[] {
+              com.google.api.FieldBehaviorProto.getDescriptor(),
+              com.google.api.ResourceProto.getDescriptor(),
+              com.google.protobuf.TimestampProto.getDescriptor(),
+              com.google.api.AnnotationsProto.getDescriptor(),
+            });
+    internal_static_google_cloud_binaryauthorization_v1_Policy_descriptor =
+        getDescriptor().getMessageTypes().get(0);
+    internal_static_google_cloud_binaryauthorization_v1_Policy_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_binaryauthorization_v1_Policy_descriptor,
+            new java.lang.String[] {
+              "Name",
+              "Description",
+              "GlobalPolicyEvaluationMode",
+              "AdmissionWhitelistPatterns",
+              "ClusterAdmissionRules",
+              "KubernetesNamespaceAdmissionRules",
+              "KubernetesServiceAccountAdmissionRules",
+              "IstioServiceIdentityAdmissionRules",
+              "DefaultAdmissionRule",
+              "UpdateTime",
+            });
+    internal_static_google_cloud_binaryauthorization_v1_Policy_ClusterAdmissionRulesEntry_descriptor =
+        internal_static_google_cloud_binaryauthorization_v1_Policy_descriptor
+            .getNestedTypes()
+            .get(0);
+    internal_static_google_cloud_binaryauthorization_v1_Policy_ClusterAdmissionRulesEntry_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_binaryauthorization_v1_Policy_ClusterAdmissionRulesEntry_descriptor,
+            new java.lang.String[] {
+              "Key", "Value",
+            });
+    internal_static_google_cloud_binaryauthorization_v1_Policy_KubernetesNamespaceAdmissionRulesEntry_descriptor =
+        internal_static_google_cloud_binaryauthorization_v1_Policy_descriptor
+            .getNestedTypes()
+            .get(1);
+    internal_static_google_cloud_binaryauthorization_v1_Policy_KubernetesNamespaceAdmissionRulesEntry_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_binaryauthorization_v1_Policy_KubernetesNamespaceAdmissionRulesEntry_descriptor,
+            new java.lang.String[] {
+              "Key", "Value",
+            });
+    internal_static_google_cloud_binaryauthorization_v1_Policy_KubernetesServiceAccountAdmissionRulesEntry_descriptor =
+        internal_static_google_cloud_binaryauthorization_v1_Policy_descriptor
+            .getNestedTypes()
+            .get(2);
+    internal_static_google_cloud_binaryauthorization_v1_Policy_KubernetesServiceAccountAdmissionRulesEntry_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_binaryauthorization_v1_Policy_KubernetesServiceAccountAdmissionRulesEntry_descriptor,
+            new java.lang.String[] {
+              "Key", "Value",
+            });
+    internal_static_google_cloud_binaryauthorization_v1_Policy_IstioServiceIdentityAdmissionRulesEntry_descriptor =
+        internal_static_google_cloud_binaryauthorization_v1_Policy_descriptor
+            .getNestedTypes()
+            .get(3);
+    internal_static_google_cloud_binaryauthorization_v1_Policy_IstioServiceIdentityAdmissionRulesEntry_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_binaryauthorization_v1_Policy_IstioServiceIdentityAdmissionRulesEntry_descriptor,
+            new java.lang.String[] {
+              "Key", "Value",
+            });
+    internal_static_google_cloud_binaryauthorization_v1_AdmissionWhitelistPattern_descriptor =
+        getDescriptor().getMessageTypes().get(1);
+    internal_static_google_cloud_binaryauthorization_v1_AdmissionWhitelistPattern_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_binaryauthorization_v1_AdmissionWhitelistPattern_descriptor,
+            new java.lang.String[] {
+              "NamePattern",
+            });
+    internal_static_google_cloud_binaryauthorization_v1_AdmissionRule_descriptor =
+        getDescriptor().getMessageTypes().get(2);
+    internal_static_google_cloud_binaryauthorization_v1_AdmissionRule_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_binaryauthorization_v1_AdmissionRule_descriptor,
+            new java.lang.String[] {
+              "EvaluationMode", "RequireAttestationsBy", "EnforcementMode",
+            });
+    internal_static_google_cloud_binaryauthorization_v1_Attestor_descriptor =
+        getDescriptor().getMessageTypes().get(3);
+    internal_static_google_cloud_binaryauthorization_v1_Attestor_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_binaryauthorization_v1_Attestor_descriptor,
+            new java.lang.String[] {
+              "Name", "Description", "UserOwnedGrafeasNote", "UpdateTime", "AttestorType",
+            });
+    internal_static_google_cloud_binaryauthorization_v1_UserOwnedGrafeasNote_descriptor =
+        getDescriptor().getMessageTypes().get(4);
+    internal_static_google_cloud_binaryauthorization_v1_UserOwnedGrafeasNote_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_binaryauthorization_v1_UserOwnedGrafeasNote_descriptor,
+            new java.lang.String[] {
+              "NoteReference", "PublicKeys", "DelegationServiceAccountEmail",
+            });
+    internal_static_google_cloud_binaryauthorization_v1_PkixPublicKey_descriptor =
+        getDescriptor().getMessageTypes().get(5);
+    internal_static_google_cloud_binaryauthorization_v1_PkixPublicKey_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_binaryauthorization_v1_PkixPublicKey_descriptor,
+            new java.lang.String[] {
+              "PublicKeyPem", "SignatureAlgorithm",
+            });
+    internal_static_google_cloud_binaryauthorization_v1_AttestorPublicKey_descriptor =
+        getDescriptor().getMessageTypes().get(6);
+    internal_static_google_cloud_binaryauthorization_v1_AttestorPublicKey_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_binaryauthorization_v1_AttestorPublicKey_descriptor,
+            new java.lang.String[] {
+              "Comment", "Id", "AsciiArmoredPgpPublicKey", "PkixPublicKey", "PublicKey",
+            });
+    com.google.protobuf.ExtensionRegistry registry =
+        com.google.protobuf.ExtensionRegistry.newInstance();
+    registry.add(com.google.api.FieldBehaviorProto.fieldBehavior);
+    registry.add(com.google.api.ResourceProto.resource);
+    com.google.protobuf.Descriptors.FileDescriptor.internalUpdateFileDescriptor(
+        descriptor, registry);
+    com.google.api.FieldBehaviorProto.getDescriptor();
+    com.google.api.ResourceProto.getDescriptor();
+    com.google.protobuf.TimestampProto.getDescriptor();
+    com.google.api.AnnotationsProto.getDescriptor();
+  }
+
+  // @@protoc_insertion_point(outer_class_scope)
+}
diff --git a/proto-google-cloud-binary-authorization-v1/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/Service.java b/proto-google-cloud-binary-authorization-v1/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/Service.java
new file mode 100644
index 00000000..ee36ba6e
--- /dev/null
+++ b/proto-google-cloud-binary-authorization-v1/src/main/java/com/google/protos/google/cloud/binaryauthorization/v1/Service.java
@@ -0,0 +1,11272 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/binaryauthorization/v1/service.proto
+
+package com.google.protos.google.cloud.binaryauthorization.v1;
+
+public final class Service {
+  private Service() {}
+
+  public static void registerAllExtensions(com.google.protobuf.ExtensionRegistryLite registry) {}
+
+  public static void registerAllExtensions(com.google.protobuf.ExtensionRegistry registry) {
+    registerAllExtensions((com.google.protobuf.ExtensionRegistryLite) registry);
+  }
+
+  public interface GetPolicyRequestOrBuilder
+      extends
+      // @@protoc_insertion_point(interface_extends:google.cloud.binaryauthorization.v1.GetPolicyRequest)
+      com.google.protobuf.MessageOrBuilder {
+
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the [policy][google.cloud.binaryauthorization.v1.Policy] to retrieve,
+     * in the format `projects/&#42;&#47;policy`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The name.
+     */
+    java.lang.String getName();
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the [policy][google.cloud.binaryauthorization.v1.Policy] to retrieve,
+     * in the format `projects/&#42;&#47;policy`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The bytes for name.
+     */
+    com.google.protobuf.ByteString getNameBytes();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Request message for [BinauthzManagementService.GetPolicy][].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.binaryauthorization.v1.GetPolicyRequest}
+   */
+  public static final class GetPolicyRequest extends com.google.protobuf.GeneratedMessageV3
+      implements
+      // @@protoc_insertion_point(message_implements:google.cloud.binaryauthorization.v1.GetPolicyRequest)
+      GetPolicyRequestOrBuilder {
+    private static final long serialVersionUID = 0L;
+    // Use GetPolicyRequest.newBuilder() to construct.
+    private GetPolicyRequest(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+      super(builder);
+    }
+
+    private GetPolicyRequest() {
+      name_ = "";
+    }
+
+    @java.lang.Override
+    @SuppressWarnings({"unused"})
+    protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+      return new GetPolicyRequest();
+    }
+
+    @java.lang.Override
+    public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+      return this.unknownFields;
+    }
+
+    private GetPolicyRequest(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      this();
+      if (extensionRegistry == null) {
+        throw new java.lang.NullPointerException();
+      }
+      com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+          com.google.protobuf.UnknownFieldSet.newBuilder();
+      try {
+        boolean done = false;
+        while (!done) {
+          int tag = input.readTag();
+          switch (tag) {
+            case 0:
+              done = true;
+              break;
+            case 10:
+              {
+                java.lang.String s = input.readStringRequireUtf8();
+
+                name_ = s;
+                break;
+              }
+            default:
+              {
+                if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                  done = true;
+                }
+                break;
+              }
+          }
+        }
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        throw e.setUnfinishedMessage(this);
+      } catch (java.io.IOException e) {
+        throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+      } finally {
+        this.unknownFields = unknownFields.build();
+        makeExtensionsImmutable();
+      }
+    }
+
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.protos.google.cloud.binaryauthorization.v1.Service
+          .internal_static_google_cloud_binaryauthorization_v1_GetPolicyRequest_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.protos.google.cloud.binaryauthorization.v1.Service
+          .internal_static_google_cloud_binaryauthorization_v1_GetPolicyRequest_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest.class,
+              com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest.Builder
+                  .class);
+    }
+
+    public static final int NAME_FIELD_NUMBER = 1;
+    private volatile java.lang.Object name_;
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the [policy][google.cloud.binaryauthorization.v1.Policy] to retrieve,
+     * in the format `projects/&#42;&#47;policy`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The name.
+     */
+    @java.lang.Override
+    public java.lang.String getName() {
+      java.lang.Object ref = name_;
+      if (ref instanceof java.lang.String) {
+        return (java.lang.String) ref;
+      } else {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        name_ = s;
+        return s;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the [policy][google.cloud.binaryauthorization.v1.Policy] to retrieve,
+     * in the format `projects/&#42;&#47;policy`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The bytes for name.
+     */
+    @java.lang.Override
+    public com.google.protobuf.ByteString getNameBytes() {
+      java.lang.Object ref = name_;
+      if (ref instanceof java.lang.String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        name_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+
+    private byte memoizedIsInitialized = -1;
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      byte isInitialized = memoizedIsInitialized;
+      if (isInitialized == 1) return true;
+      if (isInitialized == 0) return false;
+
+      memoizedIsInitialized = 1;
+      return true;
+    }
+
+    @java.lang.Override
+    public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+      if (!getNameBytes().isEmpty()) {
+        com.google.protobuf.GeneratedMessageV3.writeString(output, 1, name_);
+      }
+      unknownFields.writeTo(output);
+    }
+
+    @java.lang.Override
+    public int getSerializedSize() {
+      int size = memoizedSize;
+      if (size != -1) return size;
+
+      size = 0;
+      if (!getNameBytes().isEmpty()) {
+        size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, name_);
+      }
+      size += unknownFields.getSerializedSize();
+      memoizedSize = size;
+      return size;
+    }
+
+    @java.lang.Override
+    public boolean equals(final java.lang.Object obj) {
+      if (obj == this) {
+        return true;
+      }
+      if (!(obj
+          instanceof
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest)) {
+        return super.equals(obj);
+      }
+      com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest other =
+          (com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest) obj;
+
+      if (!getName().equals(other.getName())) return false;
+      if (!unknownFields.equals(other.unknownFields)) return false;
+      return true;
+    }
+
+    @java.lang.Override
+    public int hashCode() {
+      if (memoizedHashCode != 0) {
+        return memoizedHashCode;
+      }
+      int hash = 41;
+      hash = (19 * hash) + getDescriptor().hashCode();
+      hash = (37 * hash) + NAME_FIELD_NUMBER;
+      hash = (53 * hash) + getName().hashCode();
+      hash = (29 * hash) + unknownFields.hashCode();
+      memoizedHashCode = hash;
+      return hash;
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest
+        parseFrom(java.nio.ByteBuffer data)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest
+        parseFrom(
+            java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest
+        parseFrom(com.google.protobuf.ByteString data)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest
+        parseFrom(
+            com.google.protobuf.ByteString data,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest
+        parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest
+        parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest
+        parseFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest
+        parseFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest
+        parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest
+        parseDelimitedFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest
+        parseFrom(com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest
+        parseFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    @java.lang.Override
+    public Builder newBuilderForType() {
+      return newBuilder();
+    }
+
+    public static Builder newBuilder() {
+      return DEFAULT_INSTANCE.toBuilder();
+    }
+
+    public static Builder newBuilder(
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest prototype) {
+      return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+    }
+
+    @java.lang.Override
+    public Builder toBuilder() {
+      return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+    }
+
+    @java.lang.Override
+    protected Builder newBuilderForType(
+        com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      Builder builder = new Builder(parent);
+      return builder;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Request message for [BinauthzManagementService.GetPolicy][].
+     * </pre>
+     *
+     * Protobuf type {@code google.cloud.binaryauthorization.v1.GetPolicyRequest}
+     */
+    public static final class Builder
+        extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+        implements
+        // @@protoc_insertion_point(builder_implements:google.cloud.binaryauthorization.v1.GetPolicyRequest)
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequestOrBuilder {
+      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .internal_static_google_cloud_binaryauthorization_v1_GetPolicyRequest_descriptor;
+      }
+
+      @java.lang.Override
+      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+          internalGetFieldAccessorTable() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .internal_static_google_cloud_binaryauthorization_v1_GetPolicyRequest_fieldAccessorTable
+            .ensureFieldAccessorsInitialized(
+                com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest
+                    .class,
+                com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest
+                    .Builder.class);
+      }
+
+      // Construct using
+      // com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest.newBuilder()
+      private Builder() {
+        maybeForceBuilderInitialization();
+      }
+
+      private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+        super(parent);
+        maybeForceBuilderInitialization();
+      }
+
+      private void maybeForceBuilderInitialization() {
+        if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+      }
+
+      @java.lang.Override
+      public Builder clear() {
+        super.clear();
+        name_ = "";
+
+        return this;
+      }
+
+      @java.lang.Override
+      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .internal_static_google_cloud_binaryauthorization_v1_GetPolicyRequest_descriptor;
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest
+          getDefaultInstanceForType() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest
+            .getDefaultInstance();
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest
+          build() {
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest result =
+            buildPartial();
+        if (!result.isInitialized()) {
+          throw newUninitializedMessageException(result);
+        }
+        return result;
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest
+          buildPartial() {
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest result =
+            new com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest(
+                this);
+        result.name_ = name_;
+        onBuilt();
+        return result;
+      }
+
+      @java.lang.Override
+      public Builder clone() {
+        return super.clone();
+      }
+
+      @java.lang.Override
+      public Builder setField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.setField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+        return super.clearField(field);
+      }
+
+      @java.lang.Override
+      public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+        return super.clearOneof(oneof);
+      }
+
+      @java.lang.Override
+      public Builder setRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field,
+          int index,
+          java.lang.Object value) {
+        return super.setRepeatedField(field, index, value);
+      }
+
+      @java.lang.Override
+      public Builder addRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.addRepeatedField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(com.google.protobuf.Message other) {
+        if (other
+            instanceof
+            com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest) {
+          return mergeFrom(
+              (com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest)
+                  other);
+        } else {
+          super.mergeFrom(other);
+          return this;
+        }
+      }
+
+      public Builder mergeFrom(
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest other) {
+        if (other
+            == com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest
+                .getDefaultInstance()) return this;
+        if (!other.getName().isEmpty()) {
+          name_ = other.name_;
+          onChanged();
+        }
+        this.mergeUnknownFields(other.unknownFields);
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final boolean isInitialized() {
+        return true;
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest
+            parsedMessage = null;
+        try {
+          parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+        } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+          parsedMessage =
+              (com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest)
+                  e.getUnfinishedMessage();
+          throw e.unwrapIOException();
+        } finally {
+          if (parsedMessage != null) {
+            mergeFrom(parsedMessage);
+          }
+        }
+        return this;
+      }
+
+      private java.lang.Object name_ = "";
+      /**
+       *
+       *
+       * <pre>
+       * Required. The resource name of the [policy][google.cloud.binaryauthorization.v1.Policy] to retrieve,
+       * in the format `projects/&#42;&#47;policy`.
+       * </pre>
+       *
+       * <code>
+       * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+       * </code>
+       *
+       * @return The name.
+       */
+      public java.lang.String getName() {
+        java.lang.Object ref = name_;
+        if (!(ref instanceof java.lang.String)) {
+          com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+          java.lang.String s = bs.toStringUtf8();
+          name_ = s;
+          return s;
+        } else {
+          return (java.lang.String) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The resource name of the [policy][google.cloud.binaryauthorization.v1.Policy] to retrieve,
+       * in the format `projects/&#42;&#47;policy`.
+       * </pre>
+       *
+       * <code>
+       * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+       * </code>
+       *
+       * @return The bytes for name.
+       */
+      public com.google.protobuf.ByteString getNameBytes() {
+        java.lang.Object ref = name_;
+        if (ref instanceof String) {
+          com.google.protobuf.ByteString b =
+              com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+          name_ = b;
+          return b;
+        } else {
+          return (com.google.protobuf.ByteString) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The resource name of the [policy][google.cloud.binaryauthorization.v1.Policy] to retrieve,
+       * in the format `projects/&#42;&#47;policy`.
+       * </pre>
+       *
+       * <code>
+       * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+       * </code>
+       *
+       * @param value The name to set.
+       * @return This builder for chaining.
+       */
+      public Builder setName(java.lang.String value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+
+        name_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The resource name of the [policy][google.cloud.binaryauthorization.v1.Policy] to retrieve,
+       * in the format `projects/&#42;&#47;policy`.
+       * </pre>
+       *
+       * <code>
+       * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+       * </code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearName() {
+
+        name_ = getDefaultInstance().getName();
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The resource name of the [policy][google.cloud.binaryauthorization.v1.Policy] to retrieve,
+       * in the format `projects/&#42;&#47;policy`.
+       * </pre>
+       *
+       * <code>
+       * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+       * </code>
+       *
+       * @param value The bytes for name to set.
+       * @return This builder for chaining.
+       */
+      public Builder setNameBytes(com.google.protobuf.ByteString value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        checkByteStringIsUtf8(value);
+
+        name_ = value;
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final Builder setUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.setUnknownFields(unknownFields);
+      }
+
+      @java.lang.Override
+      public final Builder mergeUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.mergeUnknownFields(unknownFields);
+      }
+
+      // @@protoc_insertion_point(builder_scope:google.cloud.binaryauthorization.v1.GetPolicyRequest)
+    }
+
+    // @@protoc_insertion_point(class_scope:google.cloud.binaryauthorization.v1.GetPolicyRequest)
+    private static final com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .GetPolicyRequest
+        DEFAULT_INSTANCE;
+
+    static {
+      DEFAULT_INSTANCE =
+          new com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest();
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest
+        getDefaultInstance() {
+      return DEFAULT_INSTANCE;
+    }
+
+    private static final com.google.protobuf.Parser<GetPolicyRequest> PARSER =
+        new com.google.protobuf.AbstractParser<GetPolicyRequest>() {
+          @java.lang.Override
+          public GetPolicyRequest parsePartialFrom(
+              com.google.protobuf.CodedInputStream input,
+              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws com.google.protobuf.InvalidProtocolBufferException {
+            return new GetPolicyRequest(input, extensionRegistry);
+          }
+        };
+
+    public static com.google.protobuf.Parser<GetPolicyRequest> parser() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Parser<GetPolicyRequest> getParserForType() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Service.GetPolicyRequest
+        getDefaultInstanceForType() {
+      return DEFAULT_INSTANCE;
+    }
+  }
+
+  public interface UpdatePolicyRequestOrBuilder
+      extends
+      // @@protoc_insertion_point(interface_extends:google.cloud.binaryauthorization.v1.UpdatePolicyRequest)
+      com.google.protobuf.MessageOrBuilder {
+
+    /**
+     *
+     *
+     * <pre>
+     * Required. A new or updated [policy][google.cloud.binaryauthorization.v1.Policy] value. The service will
+     * overwrite the [policy name][google.cloud.binaryauthorization.v1.Policy.name] field with the resource name in
+     * the request URL, in the format `projects/&#42;&#47;policy`.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.binaryauthorization.v1.Policy policy = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return Whether the policy field is set.
+     */
+    boolean hasPolicy();
+    /**
+     *
+     *
+     * <pre>
+     * Required. A new or updated [policy][google.cloud.binaryauthorization.v1.Policy] value. The service will
+     * overwrite the [policy name][google.cloud.binaryauthorization.v1.Policy.name] field with the resource name in
+     * the request URL, in the format `projects/&#42;&#47;policy`.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.binaryauthorization.v1.Policy policy = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return The policy.
+     */
+    com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy getPolicy();
+    /**
+     *
+     *
+     * <pre>
+     * Required. A new or updated [policy][google.cloud.binaryauthorization.v1.Policy] value. The service will
+     * overwrite the [policy name][google.cloud.binaryauthorization.v1.Policy.name] field with the resource name in
+     * the request URL, in the format `projects/&#42;&#47;policy`.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.binaryauthorization.v1.Policy policy = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    com.google.protos.google.cloud.binaryauthorization.v1.Resources.PolicyOrBuilder
+        getPolicyOrBuilder();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Request message for [BinauthzManagementService.UpdatePolicy][].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.binaryauthorization.v1.UpdatePolicyRequest}
+   */
+  public static final class UpdatePolicyRequest extends com.google.protobuf.GeneratedMessageV3
+      implements
+      // @@protoc_insertion_point(message_implements:google.cloud.binaryauthorization.v1.UpdatePolicyRequest)
+      UpdatePolicyRequestOrBuilder {
+    private static final long serialVersionUID = 0L;
+    // Use UpdatePolicyRequest.newBuilder() to construct.
+    private UpdatePolicyRequest(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+      super(builder);
+    }
+
+    private UpdatePolicyRequest() {}
+
+    @java.lang.Override
+    @SuppressWarnings({"unused"})
+    protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+      return new UpdatePolicyRequest();
+    }
+
+    @java.lang.Override
+    public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+      return this.unknownFields;
+    }
+
+    private UpdatePolicyRequest(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      this();
+      if (extensionRegistry == null) {
+        throw new java.lang.NullPointerException();
+      }
+      com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+          com.google.protobuf.UnknownFieldSet.newBuilder();
+      try {
+        boolean done = false;
+        while (!done) {
+          int tag = input.readTag();
+          switch (tag) {
+            case 0:
+              done = true;
+              break;
+            case 10:
+              {
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy.Builder
+                    subBuilder = null;
+                if (policy_ != null) {
+                  subBuilder = policy_.toBuilder();
+                }
+                policy_ =
+                    input.readMessage(
+                        com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy
+                            .parser(),
+                        extensionRegistry);
+                if (subBuilder != null) {
+                  subBuilder.mergeFrom(policy_);
+                  policy_ = subBuilder.buildPartial();
+                }
+
+                break;
+              }
+            default:
+              {
+                if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                  done = true;
+                }
+                break;
+              }
+          }
+        }
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        throw e.setUnfinishedMessage(this);
+      } catch (java.io.IOException e) {
+        throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+      } finally {
+        this.unknownFields = unknownFields.build();
+        makeExtensionsImmutable();
+      }
+    }
+
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.protos.google.cloud.binaryauthorization.v1.Service
+          .internal_static_google_cloud_binaryauthorization_v1_UpdatePolicyRequest_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.protos.google.cloud.binaryauthorization.v1.Service
+          .internal_static_google_cloud_binaryauthorization_v1_UpdatePolicyRequest_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest
+                  .class,
+              com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest
+                  .Builder.class);
+    }
+
+    public static final int POLICY_FIELD_NUMBER = 1;
+    private com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy policy_;
+    /**
+     *
+     *
+     * <pre>
+     * Required. A new or updated [policy][google.cloud.binaryauthorization.v1.Policy] value. The service will
+     * overwrite the [policy name][google.cloud.binaryauthorization.v1.Policy.name] field with the resource name in
+     * the request URL, in the format `projects/&#42;&#47;policy`.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.binaryauthorization.v1.Policy policy = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return Whether the policy field is set.
+     */
+    @java.lang.Override
+    public boolean hasPolicy() {
+      return policy_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A new or updated [policy][google.cloud.binaryauthorization.v1.Policy] value. The service will
+     * overwrite the [policy name][google.cloud.binaryauthorization.v1.Policy.name] field with the resource name in
+     * the request URL, in the format `projects/&#42;&#47;policy`.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.binaryauthorization.v1.Policy policy = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return The policy.
+     */
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy getPolicy() {
+      return policy_ == null
+          ? com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy
+              .getDefaultInstance()
+          : policy_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A new or updated [policy][google.cloud.binaryauthorization.v1.Policy] value. The service will
+     * overwrite the [policy name][google.cloud.binaryauthorization.v1.Policy.name] field with the resource name in
+     * the request URL, in the format `projects/&#42;&#47;policy`.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.binaryauthorization.v1.Policy policy = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources.PolicyOrBuilder
+        getPolicyOrBuilder() {
+      return getPolicy();
+    }
+
+    private byte memoizedIsInitialized = -1;
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      byte isInitialized = memoizedIsInitialized;
+      if (isInitialized == 1) return true;
+      if (isInitialized == 0) return false;
+
+      memoizedIsInitialized = 1;
+      return true;
+    }
+
+    @java.lang.Override
+    public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+      if (policy_ != null) {
+        output.writeMessage(1, getPolicy());
+      }
+      unknownFields.writeTo(output);
+    }
+
+    @java.lang.Override
+    public int getSerializedSize() {
+      int size = memoizedSize;
+      if (size != -1) return size;
+
+      size = 0;
+      if (policy_ != null) {
+        size += com.google.protobuf.CodedOutputStream.computeMessageSize(1, getPolicy());
+      }
+      size += unknownFields.getSerializedSize();
+      memoizedSize = size;
+      return size;
+    }
+
+    @java.lang.Override
+    public boolean equals(final java.lang.Object obj) {
+      if (obj == this) {
+        return true;
+      }
+      if (!(obj
+          instanceof
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest)) {
+        return super.equals(obj);
+      }
+      com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest other =
+          (com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest) obj;
+
+      if (hasPolicy() != other.hasPolicy()) return false;
+      if (hasPolicy()) {
+        if (!getPolicy().equals(other.getPolicy())) return false;
+      }
+      if (!unknownFields.equals(other.unknownFields)) return false;
+      return true;
+    }
+
+    @java.lang.Override
+    public int hashCode() {
+      if (memoizedHashCode != 0) {
+        return memoizedHashCode;
+      }
+      int hash = 41;
+      hash = (19 * hash) + getDescriptor().hashCode();
+      if (hasPolicy()) {
+        hash = (37 * hash) + POLICY_FIELD_NUMBER;
+        hash = (53 * hash) + getPolicy().hashCode();
+      }
+      hash = (29 * hash) + unknownFields.hashCode();
+      memoizedHashCode = hash;
+      return hash;
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest
+        parseFrom(java.nio.ByteBuffer data)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest
+        parseFrom(
+            java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest
+        parseFrom(com.google.protobuf.ByteString data)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest
+        parseFrom(
+            com.google.protobuf.ByteString data,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest
+        parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest
+        parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest
+        parseFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest
+        parseFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest
+        parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest
+        parseDelimitedFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest
+        parseFrom(com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest
+        parseFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    @java.lang.Override
+    public Builder newBuilderForType() {
+      return newBuilder();
+    }
+
+    public static Builder newBuilder() {
+      return DEFAULT_INSTANCE.toBuilder();
+    }
+
+    public static Builder newBuilder(
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest
+            prototype) {
+      return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+    }
+
+    @java.lang.Override
+    public Builder toBuilder() {
+      return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+    }
+
+    @java.lang.Override
+    protected Builder newBuilderForType(
+        com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      Builder builder = new Builder(parent);
+      return builder;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Request message for [BinauthzManagementService.UpdatePolicy][].
+     * </pre>
+     *
+     * Protobuf type {@code google.cloud.binaryauthorization.v1.UpdatePolicyRequest}
+     */
+    public static final class Builder
+        extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+        implements
+        // @@protoc_insertion_point(builder_implements:google.cloud.binaryauthorization.v1.UpdatePolicyRequest)
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequestOrBuilder {
+      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .internal_static_google_cloud_binaryauthorization_v1_UpdatePolicyRequest_descriptor;
+      }
+
+      @java.lang.Override
+      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+          internalGetFieldAccessorTable() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .internal_static_google_cloud_binaryauthorization_v1_UpdatePolicyRequest_fieldAccessorTable
+            .ensureFieldAccessorsInitialized(
+                com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest
+                    .class,
+                com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest
+                    .Builder.class);
+      }
+
+      // Construct using
+      // com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest.newBuilder()
+      private Builder() {
+        maybeForceBuilderInitialization();
+      }
+
+      private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+        super(parent);
+        maybeForceBuilderInitialization();
+      }
+
+      private void maybeForceBuilderInitialization() {
+        if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+      }
+
+      @java.lang.Override
+      public Builder clear() {
+        super.clear();
+        if (policyBuilder_ == null) {
+          policy_ = null;
+        } else {
+          policy_ = null;
+          policyBuilder_ = null;
+        }
+        return this;
+      }
+
+      @java.lang.Override
+      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .internal_static_google_cloud_binaryauthorization_v1_UpdatePolicyRequest_descriptor;
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest
+          getDefaultInstanceForType() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest
+            .getDefaultInstance();
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest
+          build() {
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest result =
+            buildPartial();
+        if (!result.isInitialized()) {
+          throw newUninitializedMessageException(result);
+        }
+        return result;
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest
+          buildPartial() {
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest result =
+            new com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest(
+                this);
+        if (policyBuilder_ == null) {
+          result.policy_ = policy_;
+        } else {
+          result.policy_ = policyBuilder_.build();
+        }
+        onBuilt();
+        return result;
+      }
+
+      @java.lang.Override
+      public Builder clone() {
+        return super.clone();
+      }
+
+      @java.lang.Override
+      public Builder setField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.setField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+        return super.clearField(field);
+      }
+
+      @java.lang.Override
+      public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+        return super.clearOneof(oneof);
+      }
+
+      @java.lang.Override
+      public Builder setRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field,
+          int index,
+          java.lang.Object value) {
+        return super.setRepeatedField(field, index, value);
+      }
+
+      @java.lang.Override
+      public Builder addRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.addRepeatedField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(com.google.protobuf.Message other) {
+        if (other
+            instanceof
+            com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest) {
+          return mergeFrom(
+              (com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest)
+                  other);
+        } else {
+          super.mergeFrom(other);
+          return this;
+        }
+      }
+
+      public Builder mergeFrom(
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest other) {
+        if (other
+            == com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest
+                .getDefaultInstance()) return this;
+        if (other.hasPolicy()) {
+          mergePolicy(other.getPolicy());
+        }
+        this.mergeUnknownFields(other.unknownFields);
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final boolean isInitialized() {
+        return true;
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest
+            parsedMessage = null;
+        try {
+          parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+        } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+          parsedMessage =
+              (com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest)
+                  e.getUnfinishedMessage();
+          throw e.unwrapIOException();
+        } finally {
+          if (parsedMessage != null) {
+            mergeFrom(parsedMessage);
+          }
+        }
+        return this;
+      }
+
+      private com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy policy_;
+      private com.google.protobuf.SingleFieldBuilderV3<
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy.Builder,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.PolicyOrBuilder>
+          policyBuilder_;
+      /**
+       *
+       *
+       * <pre>
+       * Required. A new or updated [policy][google.cloud.binaryauthorization.v1.Policy] value. The service will
+       * overwrite the [policy name][google.cloud.binaryauthorization.v1.Policy.name] field with the resource name in
+       * the request URL, in the format `projects/&#42;&#47;policy`.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.Policy policy = 1 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       *
+       * @return Whether the policy field is set.
+       */
+      public boolean hasPolicy() {
+        return policyBuilder_ != null || policy_ != null;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. A new or updated [policy][google.cloud.binaryauthorization.v1.Policy] value. The service will
+       * overwrite the [policy name][google.cloud.binaryauthorization.v1.Policy.name] field with the resource name in
+       * the request URL, in the format `projects/&#42;&#47;policy`.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.Policy policy = 1 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       *
+       * @return The policy.
+       */
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy getPolicy() {
+        if (policyBuilder_ == null) {
+          return policy_ == null
+              ? com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy
+                  .getDefaultInstance()
+              : policy_;
+        } else {
+          return policyBuilder_.getMessage();
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. A new or updated [policy][google.cloud.binaryauthorization.v1.Policy] value. The service will
+       * overwrite the [policy name][google.cloud.binaryauthorization.v1.Policy.name] field with the resource name in
+       * the request URL, in the format `projects/&#42;&#47;policy`.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.Policy policy = 1 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       */
+      public Builder setPolicy(
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy value) {
+        if (policyBuilder_ == null) {
+          if (value == null) {
+            throw new NullPointerException();
+          }
+          policy_ = value;
+          onChanged();
+        } else {
+          policyBuilder_.setMessage(value);
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. A new or updated [policy][google.cloud.binaryauthorization.v1.Policy] value. The service will
+       * overwrite the [policy name][google.cloud.binaryauthorization.v1.Policy.name] field with the resource name in
+       * the request URL, in the format `projects/&#42;&#47;policy`.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.Policy policy = 1 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       */
+      public Builder setPolicy(
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy.Builder
+              builderForValue) {
+        if (policyBuilder_ == null) {
+          policy_ = builderForValue.build();
+          onChanged();
+        } else {
+          policyBuilder_.setMessage(builderForValue.build());
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. A new or updated [policy][google.cloud.binaryauthorization.v1.Policy] value. The service will
+       * overwrite the [policy name][google.cloud.binaryauthorization.v1.Policy.name] field with the resource name in
+       * the request URL, in the format `projects/&#42;&#47;policy`.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.Policy policy = 1 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       */
+      public Builder mergePolicy(
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy value) {
+        if (policyBuilder_ == null) {
+          if (policy_ != null) {
+            policy_ =
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy.newBuilder(
+                        policy_)
+                    .mergeFrom(value)
+                    .buildPartial();
+          } else {
+            policy_ = value;
+          }
+          onChanged();
+        } else {
+          policyBuilder_.mergeFrom(value);
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. A new or updated [policy][google.cloud.binaryauthorization.v1.Policy] value. The service will
+       * overwrite the [policy name][google.cloud.binaryauthorization.v1.Policy.name] field with the resource name in
+       * the request URL, in the format `projects/&#42;&#47;policy`.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.Policy policy = 1 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       */
+      public Builder clearPolicy() {
+        if (policyBuilder_ == null) {
+          policy_ = null;
+          onChanged();
+        } else {
+          policy_ = null;
+          policyBuilder_ = null;
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. A new or updated [policy][google.cloud.binaryauthorization.v1.Policy] value. The service will
+       * overwrite the [policy name][google.cloud.binaryauthorization.v1.Policy.name] field with the resource name in
+       * the request URL, in the format `projects/&#42;&#47;policy`.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.Policy policy = 1 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       */
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy.Builder
+          getPolicyBuilder() {
+
+        onChanged();
+        return getPolicyFieldBuilder().getBuilder();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. A new or updated [policy][google.cloud.binaryauthorization.v1.Policy] value. The service will
+       * overwrite the [policy name][google.cloud.binaryauthorization.v1.Policy.name] field with the resource name in
+       * the request URL, in the format `projects/&#42;&#47;policy`.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.Policy policy = 1 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       */
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.PolicyOrBuilder
+          getPolicyOrBuilder() {
+        if (policyBuilder_ != null) {
+          return policyBuilder_.getMessageOrBuilder();
+        } else {
+          return policy_ == null
+              ? com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy
+                  .getDefaultInstance()
+              : policy_;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. A new or updated [policy][google.cloud.binaryauthorization.v1.Policy] value. The service will
+       * overwrite the [policy name][google.cloud.binaryauthorization.v1.Policy.name] field with the resource name in
+       * the request URL, in the format `projects/&#42;&#47;policy`.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.Policy policy = 1 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       */
+      private com.google.protobuf.SingleFieldBuilderV3<
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy.Builder,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.PolicyOrBuilder>
+          getPolicyFieldBuilder() {
+        if (policyBuilder_ == null) {
+          policyBuilder_ =
+              new com.google.protobuf.SingleFieldBuilderV3<
+                  com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy,
+                  com.google.protos.google.cloud.binaryauthorization.v1.Resources.Policy.Builder,
+                  com.google.protos.google.cloud.binaryauthorization.v1.Resources.PolicyOrBuilder>(
+                  getPolicy(), getParentForChildren(), isClean());
+          policy_ = null;
+        }
+        return policyBuilder_;
+      }
+
+      @java.lang.Override
+      public final Builder setUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.setUnknownFields(unknownFields);
+      }
+
+      @java.lang.Override
+      public final Builder mergeUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.mergeUnknownFields(unknownFields);
+      }
+
+      // @@protoc_insertion_point(builder_scope:google.cloud.binaryauthorization.v1.UpdatePolicyRequest)
+    }
+
+    // @@protoc_insertion_point(class_scope:google.cloud.binaryauthorization.v1.UpdatePolicyRequest)
+    private static final com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .UpdatePolicyRequest
+        DEFAULT_INSTANCE;
+
+    static {
+      DEFAULT_INSTANCE =
+          new com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest();
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest
+        getDefaultInstance() {
+      return DEFAULT_INSTANCE;
+    }
+
+    private static final com.google.protobuf.Parser<UpdatePolicyRequest> PARSER =
+        new com.google.protobuf.AbstractParser<UpdatePolicyRequest>() {
+          @java.lang.Override
+          public UpdatePolicyRequest parsePartialFrom(
+              com.google.protobuf.CodedInputStream input,
+              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws com.google.protobuf.InvalidProtocolBufferException {
+            return new UpdatePolicyRequest(input, extensionRegistry);
+          }
+        };
+
+    public static com.google.protobuf.Parser<UpdatePolicyRequest> parser() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Parser<UpdatePolicyRequest> getParserForType() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdatePolicyRequest
+        getDefaultInstanceForType() {
+      return DEFAULT_INSTANCE;
+    }
+  }
+
+  public interface CreateAttestorRequestOrBuilder
+      extends
+      // @@protoc_insertion_point(interface_extends:google.cloud.binaryauthorization.v1.CreateAttestorRequest)
+      com.google.protobuf.MessageOrBuilder {
+
+    /**
+     *
+     *
+     * <pre>
+     * Required. The parent of this [attestor][google.cloud.binaryauthorization.v1.Attestor].
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The parent.
+     */
+    java.lang.String getParent();
+    /**
+     *
+     *
+     * <pre>
+     * Required. The parent of this [attestor][google.cloud.binaryauthorization.v1.Attestor].
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The bytes for parent.
+     */
+    com.google.protobuf.ByteString getParentBytes();
+
+    /**
+     *
+     *
+     * <pre>
+     * Required. The [attestors][google.cloud.binaryauthorization.v1.Attestor] ID.
+     * </pre>
+     *
+     * <code>string attestor_id = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return The attestorId.
+     */
+    java.lang.String getAttestorId();
+    /**
+     *
+     *
+     * <pre>
+     * Required. The [attestors][google.cloud.binaryauthorization.v1.Attestor] ID.
+     * </pre>
+     *
+     * <code>string attestor_id = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return The bytes for attestorId.
+     */
+    com.google.protobuf.ByteString getAttestorIdBytes();
+
+    /**
+     *
+     *
+     * <pre>
+     * Required. The initial [attestor][google.cloud.binaryauthorization.v1.Attestor] value. The service will
+     * overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name,
+     * in the format `projects/&#42;&#47;attestors/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.binaryauthorization.v1.Attestor attestor = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return Whether the attestor field is set.
+     */
+    boolean hasAttestor();
+    /**
+     *
+     *
+     * <pre>
+     * Required. The initial [attestor][google.cloud.binaryauthorization.v1.Attestor] value. The service will
+     * overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name,
+     * in the format `projects/&#42;&#47;attestors/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.binaryauthorization.v1.Attestor attestor = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return The attestor.
+     */
+    com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor getAttestor();
+    /**
+     *
+     *
+     * <pre>
+     * Required. The initial [attestor][google.cloud.binaryauthorization.v1.Attestor] value. The service will
+     * overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name,
+     * in the format `projects/&#42;&#47;attestors/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.binaryauthorization.v1.Attestor attestor = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorOrBuilder
+        getAttestorOrBuilder();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Request message for [BinauthzManagementService.CreateAttestor][].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.binaryauthorization.v1.CreateAttestorRequest}
+   */
+  public static final class CreateAttestorRequest extends com.google.protobuf.GeneratedMessageV3
+      implements
+      // @@protoc_insertion_point(message_implements:google.cloud.binaryauthorization.v1.CreateAttestorRequest)
+      CreateAttestorRequestOrBuilder {
+    private static final long serialVersionUID = 0L;
+    // Use CreateAttestorRequest.newBuilder() to construct.
+    private CreateAttestorRequest(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+      super(builder);
+    }
+
+    private CreateAttestorRequest() {
+      parent_ = "";
+      attestorId_ = "";
+    }
+
+    @java.lang.Override
+    @SuppressWarnings({"unused"})
+    protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+      return new CreateAttestorRequest();
+    }
+
+    @java.lang.Override
+    public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+      return this.unknownFields;
+    }
+
+    private CreateAttestorRequest(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      this();
+      if (extensionRegistry == null) {
+        throw new java.lang.NullPointerException();
+      }
+      com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+          com.google.protobuf.UnknownFieldSet.newBuilder();
+      try {
+        boolean done = false;
+        while (!done) {
+          int tag = input.readTag();
+          switch (tag) {
+            case 0:
+              done = true;
+              break;
+            case 10:
+              {
+                java.lang.String s = input.readStringRequireUtf8();
+
+                parent_ = s;
+                break;
+              }
+            case 18:
+              {
+                java.lang.String s = input.readStringRequireUtf8();
+
+                attestorId_ = s;
+                break;
+              }
+            case 26:
+              {
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor.Builder
+                    subBuilder = null;
+                if (attestor_ != null) {
+                  subBuilder = attestor_.toBuilder();
+                }
+                attestor_ =
+                    input.readMessage(
+                        com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor
+                            .parser(),
+                        extensionRegistry);
+                if (subBuilder != null) {
+                  subBuilder.mergeFrom(attestor_);
+                  attestor_ = subBuilder.buildPartial();
+                }
+
+                break;
+              }
+            default:
+              {
+                if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                  done = true;
+                }
+                break;
+              }
+          }
+        }
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        throw e.setUnfinishedMessage(this);
+      } catch (java.io.IOException e) {
+        throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+      } finally {
+        this.unknownFields = unknownFields.build();
+        makeExtensionsImmutable();
+      }
+    }
+
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.protos.google.cloud.binaryauthorization.v1.Service
+          .internal_static_google_cloud_binaryauthorization_v1_CreateAttestorRequest_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.protos.google.cloud.binaryauthorization.v1.Service
+          .internal_static_google_cloud_binaryauthorization_v1_CreateAttestorRequest_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.protos.google.cloud.binaryauthorization.v1.Service.CreateAttestorRequest
+                  .class,
+              com.google.protos.google.cloud.binaryauthorization.v1.Service.CreateAttestorRequest
+                  .Builder.class);
+    }
+
+    public static final int PARENT_FIELD_NUMBER = 1;
+    private volatile java.lang.Object parent_;
+    /**
+     *
+     *
+     * <pre>
+     * Required. The parent of this [attestor][google.cloud.binaryauthorization.v1.Attestor].
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The parent.
+     */
+    @java.lang.Override
+    public java.lang.String getParent() {
+      java.lang.Object ref = parent_;
+      if (ref instanceof java.lang.String) {
+        return (java.lang.String) ref;
+      } else {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        parent_ = s;
+        return s;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The parent of this [attestor][google.cloud.binaryauthorization.v1.Attestor].
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The bytes for parent.
+     */
+    @java.lang.Override
+    public com.google.protobuf.ByteString getParentBytes() {
+      java.lang.Object ref = parent_;
+      if (ref instanceof java.lang.String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        parent_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+
+    public static final int ATTESTOR_ID_FIELD_NUMBER = 2;
+    private volatile java.lang.Object attestorId_;
+    /**
+     *
+     *
+     * <pre>
+     * Required. The [attestors][google.cloud.binaryauthorization.v1.Attestor] ID.
+     * </pre>
+     *
+     * <code>string attestor_id = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return The attestorId.
+     */
+    @java.lang.Override
+    public java.lang.String getAttestorId() {
+      java.lang.Object ref = attestorId_;
+      if (ref instanceof java.lang.String) {
+        return (java.lang.String) ref;
+      } else {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        attestorId_ = s;
+        return s;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The [attestors][google.cloud.binaryauthorization.v1.Attestor] ID.
+     * </pre>
+     *
+     * <code>string attestor_id = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return The bytes for attestorId.
+     */
+    @java.lang.Override
+    public com.google.protobuf.ByteString getAttestorIdBytes() {
+      java.lang.Object ref = attestorId_;
+      if (ref instanceof java.lang.String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        attestorId_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+
+    public static final int ATTESTOR_FIELD_NUMBER = 3;
+    private com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor attestor_;
+    /**
+     *
+     *
+     * <pre>
+     * Required. The initial [attestor][google.cloud.binaryauthorization.v1.Attestor] value. The service will
+     * overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name,
+     * in the format `projects/&#42;&#47;attestors/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.binaryauthorization.v1.Attestor attestor = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return Whether the attestor field is set.
+     */
+    @java.lang.Override
+    public boolean hasAttestor() {
+      return attestor_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The initial [attestor][google.cloud.binaryauthorization.v1.Attestor] value. The service will
+     * overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name,
+     * in the format `projects/&#42;&#47;attestors/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.binaryauthorization.v1.Attestor attestor = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return The attestor.
+     */
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor getAttestor() {
+      return attestor_ == null
+          ? com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor
+              .getDefaultInstance()
+          : attestor_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The initial [attestor][google.cloud.binaryauthorization.v1.Attestor] value. The service will
+     * overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name,
+     * in the format `projects/&#42;&#47;attestors/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.binaryauthorization.v1.Attestor attestor = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorOrBuilder
+        getAttestorOrBuilder() {
+      return getAttestor();
+    }
+
+    private byte memoizedIsInitialized = -1;
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      byte isInitialized = memoizedIsInitialized;
+      if (isInitialized == 1) return true;
+      if (isInitialized == 0) return false;
+
+      memoizedIsInitialized = 1;
+      return true;
+    }
+
+    @java.lang.Override
+    public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+      if (!getParentBytes().isEmpty()) {
+        com.google.protobuf.GeneratedMessageV3.writeString(output, 1, parent_);
+      }
+      if (!getAttestorIdBytes().isEmpty()) {
+        com.google.protobuf.GeneratedMessageV3.writeString(output, 2, attestorId_);
+      }
+      if (attestor_ != null) {
+        output.writeMessage(3, getAttestor());
+      }
+      unknownFields.writeTo(output);
+    }
+
+    @java.lang.Override
+    public int getSerializedSize() {
+      int size = memoizedSize;
+      if (size != -1) return size;
+
+      size = 0;
+      if (!getParentBytes().isEmpty()) {
+        size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, parent_);
+      }
+      if (!getAttestorIdBytes().isEmpty()) {
+        size += com.google.protobuf.GeneratedMessageV3.computeStringSize(2, attestorId_);
+      }
+      if (attestor_ != null) {
+        size += com.google.protobuf.CodedOutputStream.computeMessageSize(3, getAttestor());
+      }
+      size += unknownFields.getSerializedSize();
+      memoizedSize = size;
+      return size;
+    }
+
+    @java.lang.Override
+    public boolean equals(final java.lang.Object obj) {
+      if (obj == this) {
+        return true;
+      }
+      if (!(obj
+          instanceof
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.CreateAttestorRequest)) {
+        return super.equals(obj);
+      }
+      com.google.protos.google.cloud.binaryauthorization.v1.Service.CreateAttestorRequest other =
+          (com.google.protos.google.cloud.binaryauthorization.v1.Service.CreateAttestorRequest) obj;
+
+      if (!getParent().equals(other.getParent())) return false;
+      if (!getAttestorId().equals(other.getAttestorId())) return false;
+      if (hasAttestor() != other.hasAttestor()) return false;
+      if (hasAttestor()) {
+        if (!getAttestor().equals(other.getAttestor())) return false;
+      }
+      if (!unknownFields.equals(other.unknownFields)) return false;
+      return true;
+    }
+
+    @java.lang.Override
+    public int hashCode() {
+      if (memoizedHashCode != 0) {
+        return memoizedHashCode;
+      }
+      int hash = 41;
+      hash = (19 * hash) + getDescriptor().hashCode();
+      hash = (37 * hash) + PARENT_FIELD_NUMBER;
+      hash = (53 * hash) + getParent().hashCode();
+      hash = (37 * hash) + ATTESTOR_ID_FIELD_NUMBER;
+      hash = (53 * hash) + getAttestorId().hashCode();
+      if (hasAttestor()) {
+        hash = (37 * hash) + ATTESTOR_FIELD_NUMBER;
+        hash = (53 * hash) + getAttestor().hashCode();
+      }
+      hash = (29 * hash) + unknownFields.hashCode();
+      memoizedHashCode = hash;
+      return hash;
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .CreateAttestorRequest
+        parseFrom(java.nio.ByteBuffer data)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .CreateAttestorRequest
+        parseFrom(
+            java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .CreateAttestorRequest
+        parseFrom(com.google.protobuf.ByteString data)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .CreateAttestorRequest
+        parseFrom(
+            com.google.protobuf.ByteString data,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .CreateAttestorRequest
+        parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .CreateAttestorRequest
+        parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .CreateAttestorRequest
+        parseFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .CreateAttestorRequest
+        parseFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .CreateAttestorRequest
+        parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .CreateAttestorRequest
+        parseDelimitedFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .CreateAttestorRequest
+        parseFrom(com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .CreateAttestorRequest
+        parseFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    @java.lang.Override
+    public Builder newBuilderForType() {
+      return newBuilder();
+    }
+
+    public static Builder newBuilder() {
+      return DEFAULT_INSTANCE.toBuilder();
+    }
+
+    public static Builder newBuilder(
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.CreateAttestorRequest
+            prototype) {
+      return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+    }
+
+    @java.lang.Override
+    public Builder toBuilder() {
+      return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+    }
+
+    @java.lang.Override
+    protected Builder newBuilderForType(
+        com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      Builder builder = new Builder(parent);
+      return builder;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Request message for [BinauthzManagementService.CreateAttestor][].
+     * </pre>
+     *
+     * Protobuf type {@code google.cloud.binaryauthorization.v1.CreateAttestorRequest}
+     */
+    public static final class Builder
+        extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+        implements
+        // @@protoc_insertion_point(builder_implements:google.cloud.binaryauthorization.v1.CreateAttestorRequest)
+        com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .CreateAttestorRequestOrBuilder {
+      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .internal_static_google_cloud_binaryauthorization_v1_CreateAttestorRequest_descriptor;
+      }
+
+      @java.lang.Override
+      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+          internalGetFieldAccessorTable() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .internal_static_google_cloud_binaryauthorization_v1_CreateAttestorRequest_fieldAccessorTable
+            .ensureFieldAccessorsInitialized(
+                com.google.protos.google.cloud.binaryauthorization.v1.Service.CreateAttestorRequest
+                    .class,
+                com.google.protos.google.cloud.binaryauthorization.v1.Service.CreateAttestorRequest
+                    .Builder.class);
+      }
+
+      // Construct using
+      // com.google.protos.google.cloud.binaryauthorization.v1.Service.CreateAttestorRequest.newBuilder()
+      private Builder() {
+        maybeForceBuilderInitialization();
+      }
+
+      private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+        super(parent);
+        maybeForceBuilderInitialization();
+      }
+
+      private void maybeForceBuilderInitialization() {
+        if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+      }
+
+      @java.lang.Override
+      public Builder clear() {
+        super.clear();
+        parent_ = "";
+
+        attestorId_ = "";
+
+        if (attestorBuilder_ == null) {
+          attestor_ = null;
+        } else {
+          attestor_ = null;
+          attestorBuilder_ = null;
+        }
+        return this;
+      }
+
+      @java.lang.Override
+      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .internal_static_google_cloud_binaryauthorization_v1_CreateAttestorRequest_descriptor;
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Service.CreateAttestorRequest
+          getDefaultInstanceForType() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service.CreateAttestorRequest
+            .getDefaultInstance();
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Service.CreateAttestorRequest
+          build() {
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.CreateAttestorRequest result =
+            buildPartial();
+        if (!result.isInitialized()) {
+          throw newUninitializedMessageException(result);
+        }
+        return result;
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Service.CreateAttestorRequest
+          buildPartial() {
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.CreateAttestorRequest result =
+            new com.google.protos.google.cloud.binaryauthorization.v1.Service.CreateAttestorRequest(
+                this);
+        result.parent_ = parent_;
+        result.attestorId_ = attestorId_;
+        if (attestorBuilder_ == null) {
+          result.attestor_ = attestor_;
+        } else {
+          result.attestor_ = attestorBuilder_.build();
+        }
+        onBuilt();
+        return result;
+      }
+
+      @java.lang.Override
+      public Builder clone() {
+        return super.clone();
+      }
+
+      @java.lang.Override
+      public Builder setField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.setField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+        return super.clearField(field);
+      }
+
+      @java.lang.Override
+      public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+        return super.clearOneof(oneof);
+      }
+
+      @java.lang.Override
+      public Builder setRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field,
+          int index,
+          java.lang.Object value) {
+        return super.setRepeatedField(field, index, value);
+      }
+
+      @java.lang.Override
+      public Builder addRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.addRepeatedField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(com.google.protobuf.Message other) {
+        if (other
+            instanceof
+            com.google.protos.google.cloud.binaryauthorization.v1.Service.CreateAttestorRequest) {
+          return mergeFrom(
+              (com.google.protos.google.cloud.binaryauthorization.v1.Service.CreateAttestorRequest)
+                  other);
+        } else {
+          super.mergeFrom(other);
+          return this;
+        }
+      }
+
+      public Builder mergeFrom(
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.CreateAttestorRequest
+              other) {
+        if (other
+            == com.google.protos.google.cloud.binaryauthorization.v1.Service.CreateAttestorRequest
+                .getDefaultInstance()) return this;
+        if (!other.getParent().isEmpty()) {
+          parent_ = other.parent_;
+          onChanged();
+        }
+        if (!other.getAttestorId().isEmpty()) {
+          attestorId_ = other.attestorId_;
+          onChanged();
+        }
+        if (other.hasAttestor()) {
+          mergeAttestor(other.getAttestor());
+        }
+        this.mergeUnknownFields(other.unknownFields);
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final boolean isInitialized() {
+        return true;
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.CreateAttestorRequest
+            parsedMessage = null;
+        try {
+          parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+        } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+          parsedMessage =
+              (com.google.protos.google.cloud.binaryauthorization.v1.Service.CreateAttestorRequest)
+                  e.getUnfinishedMessage();
+          throw e.unwrapIOException();
+        } finally {
+          if (parsedMessage != null) {
+            mergeFrom(parsedMessage);
+          }
+        }
+        return this;
+      }
+
+      private java.lang.Object parent_ = "";
+      /**
+       *
+       *
+       * <pre>
+       * Required. The parent of this [attestor][google.cloud.binaryauthorization.v1.Attestor].
+       * </pre>
+       *
+       * <code>
+       * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+       * </code>
+       *
+       * @return The parent.
+       */
+      public java.lang.String getParent() {
+        java.lang.Object ref = parent_;
+        if (!(ref instanceof java.lang.String)) {
+          com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+          java.lang.String s = bs.toStringUtf8();
+          parent_ = s;
+          return s;
+        } else {
+          return (java.lang.String) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The parent of this [attestor][google.cloud.binaryauthorization.v1.Attestor].
+       * </pre>
+       *
+       * <code>
+       * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+       * </code>
+       *
+       * @return The bytes for parent.
+       */
+      public com.google.protobuf.ByteString getParentBytes() {
+        java.lang.Object ref = parent_;
+        if (ref instanceof String) {
+          com.google.protobuf.ByteString b =
+              com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+          parent_ = b;
+          return b;
+        } else {
+          return (com.google.protobuf.ByteString) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The parent of this [attestor][google.cloud.binaryauthorization.v1.Attestor].
+       * </pre>
+       *
+       * <code>
+       * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+       * </code>
+       *
+       * @param value The parent to set.
+       * @return This builder for chaining.
+       */
+      public Builder setParent(java.lang.String value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+
+        parent_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The parent of this [attestor][google.cloud.binaryauthorization.v1.Attestor].
+       * </pre>
+       *
+       * <code>
+       * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+       * </code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearParent() {
+
+        parent_ = getDefaultInstance().getParent();
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The parent of this [attestor][google.cloud.binaryauthorization.v1.Attestor].
+       * </pre>
+       *
+       * <code>
+       * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+       * </code>
+       *
+       * @param value The bytes for parent to set.
+       * @return This builder for chaining.
+       */
+      public Builder setParentBytes(com.google.protobuf.ByteString value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        checkByteStringIsUtf8(value);
+
+        parent_ = value;
+        onChanged();
+        return this;
+      }
+
+      private java.lang.Object attestorId_ = "";
+      /**
+       *
+       *
+       * <pre>
+       * Required. The [attestors][google.cloud.binaryauthorization.v1.Attestor] ID.
+       * </pre>
+       *
+       * <code>string attestor_id = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+       *
+       * @return The attestorId.
+       */
+      public java.lang.String getAttestorId() {
+        java.lang.Object ref = attestorId_;
+        if (!(ref instanceof java.lang.String)) {
+          com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+          java.lang.String s = bs.toStringUtf8();
+          attestorId_ = s;
+          return s;
+        } else {
+          return (java.lang.String) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The [attestors][google.cloud.binaryauthorization.v1.Attestor] ID.
+       * </pre>
+       *
+       * <code>string attestor_id = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+       *
+       * @return The bytes for attestorId.
+       */
+      public com.google.protobuf.ByteString getAttestorIdBytes() {
+        java.lang.Object ref = attestorId_;
+        if (ref instanceof String) {
+          com.google.protobuf.ByteString b =
+              com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+          attestorId_ = b;
+          return b;
+        } else {
+          return (com.google.protobuf.ByteString) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The [attestors][google.cloud.binaryauthorization.v1.Attestor] ID.
+       * </pre>
+       *
+       * <code>string attestor_id = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+       *
+       * @param value The attestorId to set.
+       * @return This builder for chaining.
+       */
+      public Builder setAttestorId(java.lang.String value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+
+        attestorId_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The [attestors][google.cloud.binaryauthorization.v1.Attestor] ID.
+       * </pre>
+       *
+       * <code>string attestor_id = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearAttestorId() {
+
+        attestorId_ = getDefaultInstance().getAttestorId();
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The [attestors][google.cloud.binaryauthorization.v1.Attestor] ID.
+       * </pre>
+       *
+       * <code>string attestor_id = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+       *
+       * @param value The bytes for attestorId to set.
+       * @return This builder for chaining.
+       */
+      public Builder setAttestorIdBytes(com.google.protobuf.ByteString value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        checkByteStringIsUtf8(value);
+
+        attestorId_ = value;
+        onChanged();
+        return this;
+      }
+
+      private com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor attestor_;
+      private com.google.protobuf.SingleFieldBuilderV3<
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor.Builder,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorOrBuilder>
+          attestorBuilder_;
+      /**
+       *
+       *
+       * <pre>
+       * Required. The initial [attestor][google.cloud.binaryauthorization.v1.Attestor] value. The service will
+       * overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name,
+       * in the format `projects/&#42;&#47;attestors/&#42;`.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.Attestor attestor = 3 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       *
+       * @return Whether the attestor field is set.
+       */
+      public boolean hasAttestor() {
+        return attestorBuilder_ != null || attestor_ != null;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The initial [attestor][google.cloud.binaryauthorization.v1.Attestor] value. The service will
+       * overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name,
+       * in the format `projects/&#42;&#47;attestors/&#42;`.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.Attestor attestor = 3 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       *
+       * @return The attestor.
+       */
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor
+          getAttestor() {
+        if (attestorBuilder_ == null) {
+          return attestor_ == null
+              ? com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor
+                  .getDefaultInstance()
+              : attestor_;
+        } else {
+          return attestorBuilder_.getMessage();
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The initial [attestor][google.cloud.binaryauthorization.v1.Attestor] value. The service will
+       * overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name,
+       * in the format `projects/&#42;&#47;attestors/&#42;`.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.Attestor attestor = 3 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       */
+      public Builder setAttestor(
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor value) {
+        if (attestorBuilder_ == null) {
+          if (value == null) {
+            throw new NullPointerException();
+          }
+          attestor_ = value;
+          onChanged();
+        } else {
+          attestorBuilder_.setMessage(value);
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The initial [attestor][google.cloud.binaryauthorization.v1.Attestor] value. The service will
+       * overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name,
+       * in the format `projects/&#42;&#47;attestors/&#42;`.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.Attestor attestor = 3 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       */
+      public Builder setAttestor(
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor.Builder
+              builderForValue) {
+        if (attestorBuilder_ == null) {
+          attestor_ = builderForValue.build();
+          onChanged();
+        } else {
+          attestorBuilder_.setMessage(builderForValue.build());
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The initial [attestor][google.cloud.binaryauthorization.v1.Attestor] value. The service will
+       * overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name,
+       * in the format `projects/&#42;&#47;attestors/&#42;`.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.Attestor attestor = 3 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       */
+      public Builder mergeAttestor(
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor value) {
+        if (attestorBuilder_ == null) {
+          if (attestor_ != null) {
+            attestor_ =
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor.newBuilder(
+                        attestor_)
+                    .mergeFrom(value)
+                    .buildPartial();
+          } else {
+            attestor_ = value;
+          }
+          onChanged();
+        } else {
+          attestorBuilder_.mergeFrom(value);
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The initial [attestor][google.cloud.binaryauthorization.v1.Attestor] value. The service will
+       * overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name,
+       * in the format `projects/&#42;&#47;attestors/&#42;`.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.Attestor attestor = 3 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       */
+      public Builder clearAttestor() {
+        if (attestorBuilder_ == null) {
+          attestor_ = null;
+          onChanged();
+        } else {
+          attestor_ = null;
+          attestorBuilder_ = null;
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The initial [attestor][google.cloud.binaryauthorization.v1.Attestor] value. The service will
+       * overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name,
+       * in the format `projects/&#42;&#47;attestors/&#42;`.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.Attestor attestor = 3 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       */
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor.Builder
+          getAttestorBuilder() {
+
+        onChanged();
+        return getAttestorFieldBuilder().getBuilder();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The initial [attestor][google.cloud.binaryauthorization.v1.Attestor] value. The service will
+       * overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name,
+       * in the format `projects/&#42;&#47;attestors/&#42;`.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.Attestor attestor = 3 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       */
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorOrBuilder
+          getAttestorOrBuilder() {
+        if (attestorBuilder_ != null) {
+          return attestorBuilder_.getMessageOrBuilder();
+        } else {
+          return attestor_ == null
+              ? com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor
+                  .getDefaultInstance()
+              : attestor_;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The initial [attestor][google.cloud.binaryauthorization.v1.Attestor] value. The service will
+       * overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name,
+       * in the format `projects/&#42;&#47;attestors/&#42;`.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.Attestor attestor = 3 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       */
+      private com.google.protobuf.SingleFieldBuilderV3<
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor.Builder,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorOrBuilder>
+          getAttestorFieldBuilder() {
+        if (attestorBuilder_ == null) {
+          attestorBuilder_ =
+              new com.google.protobuf.SingleFieldBuilderV3<
+                  com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor,
+                  com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor.Builder,
+                  com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                      .AttestorOrBuilder>(getAttestor(), getParentForChildren(), isClean());
+          attestor_ = null;
+        }
+        return attestorBuilder_;
+      }
+
+      @java.lang.Override
+      public final Builder setUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.setUnknownFields(unknownFields);
+      }
+
+      @java.lang.Override
+      public final Builder mergeUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.mergeUnknownFields(unknownFields);
+      }
+
+      // @@protoc_insertion_point(builder_scope:google.cloud.binaryauthorization.v1.CreateAttestorRequest)
+    }
+
+    // @@protoc_insertion_point(class_scope:google.cloud.binaryauthorization.v1.CreateAttestorRequest)
+    private static final com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .CreateAttestorRequest
+        DEFAULT_INSTANCE;
+
+    static {
+      DEFAULT_INSTANCE =
+          new com.google.protos.google.cloud.binaryauthorization.v1.Service.CreateAttestorRequest();
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .CreateAttestorRequest
+        getDefaultInstance() {
+      return DEFAULT_INSTANCE;
+    }
+
+    private static final com.google.protobuf.Parser<CreateAttestorRequest> PARSER =
+        new com.google.protobuf.AbstractParser<CreateAttestorRequest>() {
+          @java.lang.Override
+          public CreateAttestorRequest parsePartialFrom(
+              com.google.protobuf.CodedInputStream input,
+              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws com.google.protobuf.InvalidProtocolBufferException {
+            return new CreateAttestorRequest(input, extensionRegistry);
+          }
+        };
+
+    public static com.google.protobuf.Parser<CreateAttestorRequest> parser() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Parser<CreateAttestorRequest> getParserForType() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Service.CreateAttestorRequest
+        getDefaultInstanceForType() {
+      return DEFAULT_INSTANCE;
+    }
+  }
+
+  public interface GetAttestorRequestOrBuilder
+      extends
+      // @@protoc_insertion_point(interface_extends:google.cloud.binaryauthorization.v1.GetAttestorRequest)
+      com.google.protobuf.MessageOrBuilder {
+
+    /**
+     *
+     *
+     * <pre>
+     * Required. The name of the [attestor][google.cloud.binaryauthorization.v1.Attestor] to retrieve, in the format
+     * `projects/&#42;&#47;attestors/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The name.
+     */
+    java.lang.String getName();
+    /**
+     *
+     *
+     * <pre>
+     * Required. The name of the [attestor][google.cloud.binaryauthorization.v1.Attestor] to retrieve, in the format
+     * `projects/&#42;&#47;attestors/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The bytes for name.
+     */
+    com.google.protobuf.ByteString getNameBytes();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Request message for [BinauthzManagementService.GetAttestor][].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.binaryauthorization.v1.GetAttestorRequest}
+   */
+  public static final class GetAttestorRequest extends com.google.protobuf.GeneratedMessageV3
+      implements
+      // @@protoc_insertion_point(message_implements:google.cloud.binaryauthorization.v1.GetAttestorRequest)
+      GetAttestorRequestOrBuilder {
+    private static final long serialVersionUID = 0L;
+    // Use GetAttestorRequest.newBuilder() to construct.
+    private GetAttestorRequest(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+      super(builder);
+    }
+
+    private GetAttestorRequest() {
+      name_ = "";
+    }
+
+    @java.lang.Override
+    @SuppressWarnings({"unused"})
+    protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+      return new GetAttestorRequest();
+    }
+
+    @java.lang.Override
+    public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+      return this.unknownFields;
+    }
+
+    private GetAttestorRequest(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      this();
+      if (extensionRegistry == null) {
+        throw new java.lang.NullPointerException();
+      }
+      com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+          com.google.protobuf.UnknownFieldSet.newBuilder();
+      try {
+        boolean done = false;
+        while (!done) {
+          int tag = input.readTag();
+          switch (tag) {
+            case 0:
+              done = true;
+              break;
+            case 10:
+              {
+                java.lang.String s = input.readStringRequireUtf8();
+
+                name_ = s;
+                break;
+              }
+            default:
+              {
+                if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                  done = true;
+                }
+                break;
+              }
+          }
+        }
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        throw e.setUnfinishedMessage(this);
+      } catch (java.io.IOException e) {
+        throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+      } finally {
+        this.unknownFields = unknownFields.build();
+        makeExtensionsImmutable();
+      }
+    }
+
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.protos.google.cloud.binaryauthorization.v1.Service
+          .internal_static_google_cloud_binaryauthorization_v1_GetAttestorRequest_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.protos.google.cloud.binaryauthorization.v1.Service
+          .internal_static_google_cloud_binaryauthorization_v1_GetAttestorRequest_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest
+                  .class,
+              com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest
+                  .Builder.class);
+    }
+
+    public static final int NAME_FIELD_NUMBER = 1;
+    private volatile java.lang.Object name_;
+    /**
+     *
+     *
+     * <pre>
+     * Required. The name of the [attestor][google.cloud.binaryauthorization.v1.Attestor] to retrieve, in the format
+     * `projects/&#42;&#47;attestors/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The name.
+     */
+    @java.lang.Override
+    public java.lang.String getName() {
+      java.lang.Object ref = name_;
+      if (ref instanceof java.lang.String) {
+        return (java.lang.String) ref;
+      } else {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        name_ = s;
+        return s;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The name of the [attestor][google.cloud.binaryauthorization.v1.Attestor] to retrieve, in the format
+     * `projects/&#42;&#47;attestors/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The bytes for name.
+     */
+    @java.lang.Override
+    public com.google.protobuf.ByteString getNameBytes() {
+      java.lang.Object ref = name_;
+      if (ref instanceof java.lang.String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        name_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+
+    private byte memoizedIsInitialized = -1;
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      byte isInitialized = memoizedIsInitialized;
+      if (isInitialized == 1) return true;
+      if (isInitialized == 0) return false;
+
+      memoizedIsInitialized = 1;
+      return true;
+    }
+
+    @java.lang.Override
+    public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+      if (!getNameBytes().isEmpty()) {
+        com.google.protobuf.GeneratedMessageV3.writeString(output, 1, name_);
+      }
+      unknownFields.writeTo(output);
+    }
+
+    @java.lang.Override
+    public int getSerializedSize() {
+      int size = memoizedSize;
+      if (size != -1) return size;
+
+      size = 0;
+      if (!getNameBytes().isEmpty()) {
+        size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, name_);
+      }
+      size += unknownFields.getSerializedSize();
+      memoizedSize = size;
+      return size;
+    }
+
+    @java.lang.Override
+    public boolean equals(final java.lang.Object obj) {
+      if (obj == this) {
+        return true;
+      }
+      if (!(obj
+          instanceof
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest)) {
+        return super.equals(obj);
+      }
+      com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest other =
+          (com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest) obj;
+
+      if (!getName().equals(other.getName())) return false;
+      if (!unknownFields.equals(other.unknownFields)) return false;
+      return true;
+    }
+
+    @java.lang.Override
+    public int hashCode() {
+      if (memoizedHashCode != 0) {
+        return memoizedHashCode;
+      }
+      int hash = 41;
+      hash = (19 * hash) + getDescriptor().hashCode();
+      hash = (37 * hash) + NAME_FIELD_NUMBER;
+      hash = (53 * hash) + getName().hashCode();
+      hash = (29 * hash) + unknownFields.hashCode();
+      memoizedHashCode = hash;
+      return hash;
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest
+        parseFrom(java.nio.ByteBuffer data)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest
+        parseFrom(
+            java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest
+        parseFrom(com.google.protobuf.ByteString data)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest
+        parseFrom(
+            com.google.protobuf.ByteString data,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest
+        parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest
+        parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest
+        parseFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest
+        parseFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest
+        parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest
+        parseDelimitedFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest
+        parseFrom(com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest
+        parseFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    @java.lang.Override
+    public Builder newBuilderForType() {
+      return newBuilder();
+    }
+
+    public static Builder newBuilder() {
+      return DEFAULT_INSTANCE.toBuilder();
+    }
+
+    public static Builder newBuilder(
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest
+            prototype) {
+      return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+    }
+
+    @java.lang.Override
+    public Builder toBuilder() {
+      return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+    }
+
+    @java.lang.Override
+    protected Builder newBuilderForType(
+        com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      Builder builder = new Builder(parent);
+      return builder;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Request message for [BinauthzManagementService.GetAttestor][].
+     * </pre>
+     *
+     * Protobuf type {@code google.cloud.binaryauthorization.v1.GetAttestorRequest}
+     */
+    public static final class Builder
+        extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+        implements
+        // @@protoc_insertion_point(builder_implements:google.cloud.binaryauthorization.v1.GetAttestorRequest)
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequestOrBuilder {
+      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .internal_static_google_cloud_binaryauthorization_v1_GetAttestorRequest_descriptor;
+      }
+
+      @java.lang.Override
+      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+          internalGetFieldAccessorTable() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .internal_static_google_cloud_binaryauthorization_v1_GetAttestorRequest_fieldAccessorTable
+            .ensureFieldAccessorsInitialized(
+                com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest
+                    .class,
+                com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest
+                    .Builder.class);
+      }
+
+      // Construct using
+      // com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest.newBuilder()
+      private Builder() {
+        maybeForceBuilderInitialization();
+      }
+
+      private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+        super(parent);
+        maybeForceBuilderInitialization();
+      }
+
+      private void maybeForceBuilderInitialization() {
+        if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+      }
+
+      @java.lang.Override
+      public Builder clear() {
+        super.clear();
+        name_ = "";
+
+        return this;
+      }
+
+      @java.lang.Override
+      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .internal_static_google_cloud_binaryauthorization_v1_GetAttestorRequest_descriptor;
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest
+          getDefaultInstanceForType() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest
+            .getDefaultInstance();
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest
+          build() {
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest result =
+            buildPartial();
+        if (!result.isInitialized()) {
+          throw newUninitializedMessageException(result);
+        }
+        return result;
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest
+          buildPartial() {
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest result =
+            new com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest(
+                this);
+        result.name_ = name_;
+        onBuilt();
+        return result;
+      }
+
+      @java.lang.Override
+      public Builder clone() {
+        return super.clone();
+      }
+
+      @java.lang.Override
+      public Builder setField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.setField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+        return super.clearField(field);
+      }
+
+      @java.lang.Override
+      public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+        return super.clearOneof(oneof);
+      }
+
+      @java.lang.Override
+      public Builder setRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field,
+          int index,
+          java.lang.Object value) {
+        return super.setRepeatedField(field, index, value);
+      }
+
+      @java.lang.Override
+      public Builder addRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.addRepeatedField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(com.google.protobuf.Message other) {
+        if (other
+            instanceof
+            com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest) {
+          return mergeFrom(
+              (com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest)
+                  other);
+        } else {
+          super.mergeFrom(other);
+          return this;
+        }
+      }
+
+      public Builder mergeFrom(
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest other) {
+        if (other
+            == com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest
+                .getDefaultInstance()) return this;
+        if (!other.getName().isEmpty()) {
+          name_ = other.name_;
+          onChanged();
+        }
+        this.mergeUnknownFields(other.unknownFields);
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final boolean isInitialized() {
+        return true;
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest
+            parsedMessage = null;
+        try {
+          parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+        } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+          parsedMessage =
+              (com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest)
+                  e.getUnfinishedMessage();
+          throw e.unwrapIOException();
+        } finally {
+          if (parsedMessage != null) {
+            mergeFrom(parsedMessage);
+          }
+        }
+        return this;
+      }
+
+      private java.lang.Object name_ = "";
+      /**
+       *
+       *
+       * <pre>
+       * Required. The name of the [attestor][google.cloud.binaryauthorization.v1.Attestor] to retrieve, in the format
+       * `projects/&#42;&#47;attestors/&#42;`.
+       * </pre>
+       *
+       * <code>
+       * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+       * </code>
+       *
+       * @return The name.
+       */
+      public java.lang.String getName() {
+        java.lang.Object ref = name_;
+        if (!(ref instanceof java.lang.String)) {
+          com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+          java.lang.String s = bs.toStringUtf8();
+          name_ = s;
+          return s;
+        } else {
+          return (java.lang.String) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The name of the [attestor][google.cloud.binaryauthorization.v1.Attestor] to retrieve, in the format
+       * `projects/&#42;&#47;attestors/&#42;`.
+       * </pre>
+       *
+       * <code>
+       * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+       * </code>
+       *
+       * @return The bytes for name.
+       */
+      public com.google.protobuf.ByteString getNameBytes() {
+        java.lang.Object ref = name_;
+        if (ref instanceof String) {
+          com.google.protobuf.ByteString b =
+              com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+          name_ = b;
+          return b;
+        } else {
+          return (com.google.protobuf.ByteString) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The name of the [attestor][google.cloud.binaryauthorization.v1.Attestor] to retrieve, in the format
+       * `projects/&#42;&#47;attestors/&#42;`.
+       * </pre>
+       *
+       * <code>
+       * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+       * </code>
+       *
+       * @param value The name to set.
+       * @return This builder for chaining.
+       */
+      public Builder setName(java.lang.String value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+
+        name_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The name of the [attestor][google.cloud.binaryauthorization.v1.Attestor] to retrieve, in the format
+       * `projects/&#42;&#47;attestors/&#42;`.
+       * </pre>
+       *
+       * <code>
+       * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+       * </code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearName() {
+
+        name_ = getDefaultInstance().getName();
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The name of the [attestor][google.cloud.binaryauthorization.v1.Attestor] to retrieve, in the format
+       * `projects/&#42;&#47;attestors/&#42;`.
+       * </pre>
+       *
+       * <code>
+       * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+       * </code>
+       *
+       * @param value The bytes for name to set.
+       * @return This builder for chaining.
+       */
+      public Builder setNameBytes(com.google.protobuf.ByteString value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        checkByteStringIsUtf8(value);
+
+        name_ = value;
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final Builder setUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.setUnknownFields(unknownFields);
+      }
+
+      @java.lang.Override
+      public final Builder mergeUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.mergeUnknownFields(unknownFields);
+      }
+
+      // @@protoc_insertion_point(builder_scope:google.cloud.binaryauthorization.v1.GetAttestorRequest)
+    }
+
+    // @@protoc_insertion_point(class_scope:google.cloud.binaryauthorization.v1.GetAttestorRequest)
+    private static final com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .GetAttestorRequest
+        DEFAULT_INSTANCE;
+
+    static {
+      DEFAULT_INSTANCE =
+          new com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest();
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest
+        getDefaultInstance() {
+      return DEFAULT_INSTANCE;
+    }
+
+    private static final com.google.protobuf.Parser<GetAttestorRequest> PARSER =
+        new com.google.protobuf.AbstractParser<GetAttestorRequest>() {
+          @java.lang.Override
+          public GetAttestorRequest parsePartialFrom(
+              com.google.protobuf.CodedInputStream input,
+              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws com.google.protobuf.InvalidProtocolBufferException {
+            return new GetAttestorRequest(input, extensionRegistry);
+          }
+        };
+
+    public static com.google.protobuf.Parser<GetAttestorRequest> parser() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Parser<GetAttestorRequest> getParserForType() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Service.GetAttestorRequest
+        getDefaultInstanceForType() {
+      return DEFAULT_INSTANCE;
+    }
+  }
+
+  public interface UpdateAttestorRequestOrBuilder
+      extends
+      // @@protoc_insertion_point(interface_extends:google.cloud.binaryauthorization.v1.UpdateAttestorRequest)
+      com.google.protobuf.MessageOrBuilder {
+
+    /**
+     *
+     *
+     * <pre>
+     * Required. The updated [attestor][google.cloud.binaryauthorization.v1.Attestor] value. The service will
+     * overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name
+     * in the request URL, in the format `projects/&#42;&#47;attestors/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.binaryauthorization.v1.Attestor attestor = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return Whether the attestor field is set.
+     */
+    boolean hasAttestor();
+    /**
+     *
+     *
+     * <pre>
+     * Required. The updated [attestor][google.cloud.binaryauthorization.v1.Attestor] value. The service will
+     * overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name
+     * in the request URL, in the format `projects/&#42;&#47;attestors/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.binaryauthorization.v1.Attestor attestor = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return The attestor.
+     */
+    com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor getAttestor();
+    /**
+     *
+     *
+     * <pre>
+     * Required. The updated [attestor][google.cloud.binaryauthorization.v1.Attestor] value. The service will
+     * overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name
+     * in the request URL, in the format `projects/&#42;&#47;attestors/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.binaryauthorization.v1.Attestor attestor = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorOrBuilder
+        getAttestorOrBuilder();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Request message for [BinauthzManagementService.UpdateAttestor][].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.binaryauthorization.v1.UpdateAttestorRequest}
+   */
+  public static final class UpdateAttestorRequest extends com.google.protobuf.GeneratedMessageV3
+      implements
+      // @@protoc_insertion_point(message_implements:google.cloud.binaryauthorization.v1.UpdateAttestorRequest)
+      UpdateAttestorRequestOrBuilder {
+    private static final long serialVersionUID = 0L;
+    // Use UpdateAttestorRequest.newBuilder() to construct.
+    private UpdateAttestorRequest(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+      super(builder);
+    }
+
+    private UpdateAttestorRequest() {}
+
+    @java.lang.Override
+    @SuppressWarnings({"unused"})
+    protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+      return new UpdateAttestorRequest();
+    }
+
+    @java.lang.Override
+    public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+      return this.unknownFields;
+    }
+
+    private UpdateAttestorRequest(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      this();
+      if (extensionRegistry == null) {
+        throw new java.lang.NullPointerException();
+      }
+      com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+          com.google.protobuf.UnknownFieldSet.newBuilder();
+      try {
+        boolean done = false;
+        while (!done) {
+          int tag = input.readTag();
+          switch (tag) {
+            case 0:
+              done = true;
+              break;
+            case 10:
+              {
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor.Builder
+                    subBuilder = null;
+                if (attestor_ != null) {
+                  subBuilder = attestor_.toBuilder();
+                }
+                attestor_ =
+                    input.readMessage(
+                        com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor
+                            .parser(),
+                        extensionRegistry);
+                if (subBuilder != null) {
+                  subBuilder.mergeFrom(attestor_);
+                  attestor_ = subBuilder.buildPartial();
+                }
+
+                break;
+              }
+            default:
+              {
+                if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                  done = true;
+                }
+                break;
+              }
+          }
+        }
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        throw e.setUnfinishedMessage(this);
+      } catch (java.io.IOException e) {
+        throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+      } finally {
+        this.unknownFields = unknownFields.build();
+        makeExtensionsImmutable();
+      }
+    }
+
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.protos.google.cloud.binaryauthorization.v1.Service
+          .internal_static_google_cloud_binaryauthorization_v1_UpdateAttestorRequest_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.protos.google.cloud.binaryauthorization.v1.Service
+          .internal_static_google_cloud_binaryauthorization_v1_UpdateAttestorRequest_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdateAttestorRequest
+                  .class,
+              com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdateAttestorRequest
+                  .Builder.class);
+    }
+
+    public static final int ATTESTOR_FIELD_NUMBER = 1;
+    private com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor attestor_;
+    /**
+     *
+     *
+     * <pre>
+     * Required. The updated [attestor][google.cloud.binaryauthorization.v1.Attestor] value. The service will
+     * overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name
+     * in the request URL, in the format `projects/&#42;&#47;attestors/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.binaryauthorization.v1.Attestor attestor = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return Whether the attestor field is set.
+     */
+    @java.lang.Override
+    public boolean hasAttestor() {
+      return attestor_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The updated [attestor][google.cloud.binaryauthorization.v1.Attestor] value. The service will
+     * overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name
+     * in the request URL, in the format `projects/&#42;&#47;attestors/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.binaryauthorization.v1.Attestor attestor = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return The attestor.
+     */
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor getAttestor() {
+      return attestor_ == null
+          ? com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor
+              .getDefaultInstance()
+          : attestor_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The updated [attestor][google.cloud.binaryauthorization.v1.Attestor] value. The service will
+     * overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name
+     * in the request URL, in the format `projects/&#42;&#47;attestors/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.binaryauthorization.v1.Attestor attestor = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorOrBuilder
+        getAttestorOrBuilder() {
+      return getAttestor();
+    }
+
+    private byte memoizedIsInitialized = -1;
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      byte isInitialized = memoizedIsInitialized;
+      if (isInitialized == 1) return true;
+      if (isInitialized == 0) return false;
+
+      memoizedIsInitialized = 1;
+      return true;
+    }
+
+    @java.lang.Override
+    public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+      if (attestor_ != null) {
+        output.writeMessage(1, getAttestor());
+      }
+      unknownFields.writeTo(output);
+    }
+
+    @java.lang.Override
+    public int getSerializedSize() {
+      int size = memoizedSize;
+      if (size != -1) return size;
+
+      size = 0;
+      if (attestor_ != null) {
+        size += com.google.protobuf.CodedOutputStream.computeMessageSize(1, getAttestor());
+      }
+      size += unknownFields.getSerializedSize();
+      memoizedSize = size;
+      return size;
+    }
+
+    @java.lang.Override
+    public boolean equals(final java.lang.Object obj) {
+      if (obj == this) {
+        return true;
+      }
+      if (!(obj
+          instanceof
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdateAttestorRequest)) {
+        return super.equals(obj);
+      }
+      com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdateAttestorRequest other =
+          (com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdateAttestorRequest) obj;
+
+      if (hasAttestor() != other.hasAttestor()) return false;
+      if (hasAttestor()) {
+        if (!getAttestor().equals(other.getAttestor())) return false;
+      }
+      if (!unknownFields.equals(other.unknownFields)) return false;
+      return true;
+    }
+
+    @java.lang.Override
+    public int hashCode() {
+      if (memoizedHashCode != 0) {
+        return memoizedHashCode;
+      }
+      int hash = 41;
+      hash = (19 * hash) + getDescriptor().hashCode();
+      if (hasAttestor()) {
+        hash = (37 * hash) + ATTESTOR_FIELD_NUMBER;
+        hash = (53 * hash) + getAttestor().hashCode();
+      }
+      hash = (29 * hash) + unknownFields.hashCode();
+      memoizedHashCode = hash;
+      return hash;
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .UpdateAttestorRequest
+        parseFrom(java.nio.ByteBuffer data)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .UpdateAttestorRequest
+        parseFrom(
+            java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .UpdateAttestorRequest
+        parseFrom(com.google.protobuf.ByteString data)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .UpdateAttestorRequest
+        parseFrom(
+            com.google.protobuf.ByteString data,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .UpdateAttestorRequest
+        parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .UpdateAttestorRequest
+        parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .UpdateAttestorRequest
+        parseFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .UpdateAttestorRequest
+        parseFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .UpdateAttestorRequest
+        parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .UpdateAttestorRequest
+        parseDelimitedFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .UpdateAttestorRequest
+        parseFrom(com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .UpdateAttestorRequest
+        parseFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    @java.lang.Override
+    public Builder newBuilderForType() {
+      return newBuilder();
+    }
+
+    public static Builder newBuilder() {
+      return DEFAULT_INSTANCE.toBuilder();
+    }
+
+    public static Builder newBuilder(
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdateAttestorRequest
+            prototype) {
+      return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+    }
+
+    @java.lang.Override
+    public Builder toBuilder() {
+      return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+    }
+
+    @java.lang.Override
+    protected Builder newBuilderForType(
+        com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      Builder builder = new Builder(parent);
+      return builder;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Request message for [BinauthzManagementService.UpdateAttestor][].
+     * </pre>
+     *
+     * Protobuf type {@code google.cloud.binaryauthorization.v1.UpdateAttestorRequest}
+     */
+    public static final class Builder
+        extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+        implements
+        // @@protoc_insertion_point(builder_implements:google.cloud.binaryauthorization.v1.UpdateAttestorRequest)
+        com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .UpdateAttestorRequestOrBuilder {
+      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .internal_static_google_cloud_binaryauthorization_v1_UpdateAttestorRequest_descriptor;
+      }
+
+      @java.lang.Override
+      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+          internalGetFieldAccessorTable() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .internal_static_google_cloud_binaryauthorization_v1_UpdateAttestorRequest_fieldAccessorTable
+            .ensureFieldAccessorsInitialized(
+                com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdateAttestorRequest
+                    .class,
+                com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdateAttestorRequest
+                    .Builder.class);
+      }
+
+      // Construct using
+      // com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdateAttestorRequest.newBuilder()
+      private Builder() {
+        maybeForceBuilderInitialization();
+      }
+
+      private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+        super(parent);
+        maybeForceBuilderInitialization();
+      }
+
+      private void maybeForceBuilderInitialization() {
+        if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+      }
+
+      @java.lang.Override
+      public Builder clear() {
+        super.clear();
+        if (attestorBuilder_ == null) {
+          attestor_ = null;
+        } else {
+          attestor_ = null;
+          attestorBuilder_ = null;
+        }
+        return this;
+      }
+
+      @java.lang.Override
+      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .internal_static_google_cloud_binaryauthorization_v1_UpdateAttestorRequest_descriptor;
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdateAttestorRequest
+          getDefaultInstanceForType() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdateAttestorRequest
+            .getDefaultInstance();
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdateAttestorRequest
+          build() {
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdateAttestorRequest result =
+            buildPartial();
+        if (!result.isInitialized()) {
+          throw newUninitializedMessageException(result);
+        }
+        return result;
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdateAttestorRequest
+          buildPartial() {
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdateAttestorRequest result =
+            new com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdateAttestorRequest(
+                this);
+        if (attestorBuilder_ == null) {
+          result.attestor_ = attestor_;
+        } else {
+          result.attestor_ = attestorBuilder_.build();
+        }
+        onBuilt();
+        return result;
+      }
+
+      @java.lang.Override
+      public Builder clone() {
+        return super.clone();
+      }
+
+      @java.lang.Override
+      public Builder setField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.setField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+        return super.clearField(field);
+      }
+
+      @java.lang.Override
+      public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+        return super.clearOneof(oneof);
+      }
+
+      @java.lang.Override
+      public Builder setRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field,
+          int index,
+          java.lang.Object value) {
+        return super.setRepeatedField(field, index, value);
+      }
+
+      @java.lang.Override
+      public Builder addRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.addRepeatedField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(com.google.protobuf.Message other) {
+        if (other
+            instanceof
+            com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdateAttestorRequest) {
+          return mergeFrom(
+              (com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdateAttestorRequest)
+                  other);
+        } else {
+          super.mergeFrom(other);
+          return this;
+        }
+      }
+
+      public Builder mergeFrom(
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdateAttestorRequest
+              other) {
+        if (other
+            == com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdateAttestorRequest
+                .getDefaultInstance()) return this;
+        if (other.hasAttestor()) {
+          mergeAttestor(other.getAttestor());
+        }
+        this.mergeUnknownFields(other.unknownFields);
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final boolean isInitialized() {
+        return true;
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdateAttestorRequest
+            parsedMessage = null;
+        try {
+          parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+        } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+          parsedMessage =
+              (com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdateAttestorRequest)
+                  e.getUnfinishedMessage();
+          throw e.unwrapIOException();
+        } finally {
+          if (parsedMessage != null) {
+            mergeFrom(parsedMessage);
+          }
+        }
+        return this;
+      }
+
+      private com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor attestor_;
+      private com.google.protobuf.SingleFieldBuilderV3<
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor.Builder,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorOrBuilder>
+          attestorBuilder_;
+      /**
+       *
+       *
+       * <pre>
+       * Required. The updated [attestor][google.cloud.binaryauthorization.v1.Attestor] value. The service will
+       * overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name
+       * in the request URL, in the format `projects/&#42;&#47;attestors/&#42;`.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.Attestor attestor = 1 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       *
+       * @return Whether the attestor field is set.
+       */
+      public boolean hasAttestor() {
+        return attestorBuilder_ != null || attestor_ != null;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The updated [attestor][google.cloud.binaryauthorization.v1.Attestor] value. The service will
+       * overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name
+       * in the request URL, in the format `projects/&#42;&#47;attestors/&#42;`.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.Attestor attestor = 1 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       *
+       * @return The attestor.
+       */
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor
+          getAttestor() {
+        if (attestorBuilder_ == null) {
+          return attestor_ == null
+              ? com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor
+                  .getDefaultInstance()
+              : attestor_;
+        } else {
+          return attestorBuilder_.getMessage();
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The updated [attestor][google.cloud.binaryauthorization.v1.Attestor] value. The service will
+       * overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name
+       * in the request URL, in the format `projects/&#42;&#47;attestors/&#42;`.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.Attestor attestor = 1 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       */
+      public Builder setAttestor(
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor value) {
+        if (attestorBuilder_ == null) {
+          if (value == null) {
+            throw new NullPointerException();
+          }
+          attestor_ = value;
+          onChanged();
+        } else {
+          attestorBuilder_.setMessage(value);
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The updated [attestor][google.cloud.binaryauthorization.v1.Attestor] value. The service will
+       * overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name
+       * in the request URL, in the format `projects/&#42;&#47;attestors/&#42;`.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.Attestor attestor = 1 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       */
+      public Builder setAttestor(
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor.Builder
+              builderForValue) {
+        if (attestorBuilder_ == null) {
+          attestor_ = builderForValue.build();
+          onChanged();
+        } else {
+          attestorBuilder_.setMessage(builderForValue.build());
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The updated [attestor][google.cloud.binaryauthorization.v1.Attestor] value. The service will
+       * overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name
+       * in the request URL, in the format `projects/&#42;&#47;attestors/&#42;`.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.Attestor attestor = 1 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       */
+      public Builder mergeAttestor(
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor value) {
+        if (attestorBuilder_ == null) {
+          if (attestor_ != null) {
+            attestor_ =
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor.newBuilder(
+                        attestor_)
+                    .mergeFrom(value)
+                    .buildPartial();
+          } else {
+            attestor_ = value;
+          }
+          onChanged();
+        } else {
+          attestorBuilder_.mergeFrom(value);
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The updated [attestor][google.cloud.binaryauthorization.v1.Attestor] value. The service will
+       * overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name
+       * in the request URL, in the format `projects/&#42;&#47;attestors/&#42;`.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.Attestor attestor = 1 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       */
+      public Builder clearAttestor() {
+        if (attestorBuilder_ == null) {
+          attestor_ = null;
+          onChanged();
+        } else {
+          attestor_ = null;
+          attestorBuilder_ = null;
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The updated [attestor][google.cloud.binaryauthorization.v1.Attestor] value. The service will
+       * overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name
+       * in the request URL, in the format `projects/&#42;&#47;attestors/&#42;`.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.Attestor attestor = 1 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       */
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor.Builder
+          getAttestorBuilder() {
+
+        onChanged();
+        return getAttestorFieldBuilder().getBuilder();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The updated [attestor][google.cloud.binaryauthorization.v1.Attestor] value. The service will
+       * overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name
+       * in the request URL, in the format `projects/&#42;&#47;attestors/&#42;`.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.Attestor attestor = 1 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       */
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorOrBuilder
+          getAttestorOrBuilder() {
+        if (attestorBuilder_ != null) {
+          return attestorBuilder_.getMessageOrBuilder();
+        } else {
+          return attestor_ == null
+              ? com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor
+                  .getDefaultInstance()
+              : attestor_;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The updated [attestor][google.cloud.binaryauthorization.v1.Attestor] value. The service will
+       * overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name
+       * in the request URL, in the format `projects/&#42;&#47;attestors/&#42;`.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.Attestor attestor = 1 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       */
+      private com.google.protobuf.SingleFieldBuilderV3<
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor.Builder,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorOrBuilder>
+          getAttestorFieldBuilder() {
+        if (attestorBuilder_ == null) {
+          attestorBuilder_ =
+              new com.google.protobuf.SingleFieldBuilderV3<
+                  com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor,
+                  com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor.Builder,
+                  com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                      .AttestorOrBuilder>(getAttestor(), getParentForChildren(), isClean());
+          attestor_ = null;
+        }
+        return attestorBuilder_;
+      }
+
+      @java.lang.Override
+      public final Builder setUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.setUnknownFields(unknownFields);
+      }
+
+      @java.lang.Override
+      public final Builder mergeUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.mergeUnknownFields(unknownFields);
+      }
+
+      // @@protoc_insertion_point(builder_scope:google.cloud.binaryauthorization.v1.UpdateAttestorRequest)
+    }
+
+    // @@protoc_insertion_point(class_scope:google.cloud.binaryauthorization.v1.UpdateAttestorRequest)
+    private static final com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .UpdateAttestorRequest
+        DEFAULT_INSTANCE;
+
+    static {
+      DEFAULT_INSTANCE =
+          new com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdateAttestorRequest();
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .UpdateAttestorRequest
+        getDefaultInstance() {
+      return DEFAULT_INSTANCE;
+    }
+
+    private static final com.google.protobuf.Parser<UpdateAttestorRequest> PARSER =
+        new com.google.protobuf.AbstractParser<UpdateAttestorRequest>() {
+          @java.lang.Override
+          public UpdateAttestorRequest parsePartialFrom(
+              com.google.protobuf.CodedInputStream input,
+              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws com.google.protobuf.InvalidProtocolBufferException {
+            return new UpdateAttestorRequest(input, extensionRegistry);
+          }
+        };
+
+    public static com.google.protobuf.Parser<UpdateAttestorRequest> parser() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Parser<UpdateAttestorRequest> getParserForType() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Service.UpdateAttestorRequest
+        getDefaultInstanceForType() {
+      return DEFAULT_INSTANCE;
+    }
+  }
+
+  public interface ListAttestorsRequestOrBuilder
+      extends
+      // @@protoc_insertion_point(interface_extends:google.cloud.binaryauthorization.v1.ListAttestorsRequest)
+      com.google.protobuf.MessageOrBuilder {
+
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the project associated with the
+     * [attestors][google.cloud.binaryauthorization.v1.Attestor], in the format `projects/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The parent.
+     */
+    java.lang.String getParent();
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the project associated with the
+     * [attestors][google.cloud.binaryauthorization.v1.Attestor], in the format `projects/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The bytes for parent.
+     */
+    com.google.protobuf.ByteString getParentBytes();
+
+    /**
+     *
+     *
+     * <pre>
+     * Requested page size. The server may return fewer results than requested. If
+     * unspecified, the server will pick an appropriate default.
+     * </pre>
+     *
+     * <code>int32 page_size = 2;</code>
+     *
+     * @return The pageSize.
+     */
+    int getPageSize();
+
+    /**
+     *
+     *
+     * <pre>
+     * A token identifying a page of results the server should return. Typically,
+     * this is the value of [ListAttestorsResponse.next_page_token][google.cloud.binaryauthorization.v1.ListAttestorsResponse.next_page_token] returned
+     * from the previous call to the `ListAttestors` method.
+     * </pre>
+     *
+     * <code>string page_token = 3;</code>
+     *
+     * @return The pageToken.
+     */
+    java.lang.String getPageToken();
+    /**
+     *
+     *
+     * <pre>
+     * A token identifying a page of results the server should return. Typically,
+     * this is the value of [ListAttestorsResponse.next_page_token][google.cloud.binaryauthorization.v1.ListAttestorsResponse.next_page_token] returned
+     * from the previous call to the `ListAttestors` method.
+     * </pre>
+     *
+     * <code>string page_token = 3;</code>
+     *
+     * @return The bytes for pageToken.
+     */
+    com.google.protobuf.ByteString getPageTokenBytes();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Request message for [BinauthzManagementService.ListAttestors][].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.binaryauthorization.v1.ListAttestorsRequest}
+   */
+  public static final class ListAttestorsRequest extends com.google.protobuf.GeneratedMessageV3
+      implements
+      // @@protoc_insertion_point(message_implements:google.cloud.binaryauthorization.v1.ListAttestorsRequest)
+      ListAttestorsRequestOrBuilder {
+    private static final long serialVersionUID = 0L;
+    // Use ListAttestorsRequest.newBuilder() to construct.
+    private ListAttestorsRequest(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+      super(builder);
+    }
+
+    private ListAttestorsRequest() {
+      parent_ = "";
+      pageToken_ = "";
+    }
+
+    @java.lang.Override
+    @SuppressWarnings({"unused"})
+    protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+      return new ListAttestorsRequest();
+    }
+
+    @java.lang.Override
+    public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+      return this.unknownFields;
+    }
+
+    private ListAttestorsRequest(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      this();
+      if (extensionRegistry == null) {
+        throw new java.lang.NullPointerException();
+      }
+      com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+          com.google.protobuf.UnknownFieldSet.newBuilder();
+      try {
+        boolean done = false;
+        while (!done) {
+          int tag = input.readTag();
+          switch (tag) {
+            case 0:
+              done = true;
+              break;
+            case 10:
+              {
+                java.lang.String s = input.readStringRequireUtf8();
+
+                parent_ = s;
+                break;
+              }
+            case 16:
+              {
+                pageSize_ = input.readInt32();
+                break;
+              }
+            case 26:
+              {
+                java.lang.String s = input.readStringRequireUtf8();
+
+                pageToken_ = s;
+                break;
+              }
+            default:
+              {
+                if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                  done = true;
+                }
+                break;
+              }
+          }
+        }
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        throw e.setUnfinishedMessage(this);
+      } catch (java.io.IOException e) {
+        throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+      } finally {
+        this.unknownFields = unknownFields.build();
+        makeExtensionsImmutable();
+      }
+    }
+
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.protos.google.cloud.binaryauthorization.v1.Service
+          .internal_static_google_cloud_binaryauthorization_v1_ListAttestorsRequest_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.protos.google.cloud.binaryauthorization.v1.Service
+          .internal_static_google_cloud_binaryauthorization_v1_ListAttestorsRequest_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest
+                  .class,
+              com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest
+                  .Builder.class);
+    }
+
+    public static final int PARENT_FIELD_NUMBER = 1;
+    private volatile java.lang.Object parent_;
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the project associated with the
+     * [attestors][google.cloud.binaryauthorization.v1.Attestor], in the format `projects/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The parent.
+     */
+    @java.lang.Override
+    public java.lang.String getParent() {
+      java.lang.Object ref = parent_;
+      if (ref instanceof java.lang.String) {
+        return (java.lang.String) ref;
+      } else {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        parent_ = s;
+        return s;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the project associated with the
+     * [attestors][google.cloud.binaryauthorization.v1.Attestor], in the format `projects/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The bytes for parent.
+     */
+    @java.lang.Override
+    public com.google.protobuf.ByteString getParentBytes() {
+      java.lang.Object ref = parent_;
+      if (ref instanceof java.lang.String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        parent_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+
+    public static final int PAGE_SIZE_FIELD_NUMBER = 2;
+    private int pageSize_;
+    /**
+     *
+     *
+     * <pre>
+     * Requested page size. The server may return fewer results than requested. If
+     * unspecified, the server will pick an appropriate default.
+     * </pre>
+     *
+     * <code>int32 page_size = 2;</code>
+     *
+     * @return The pageSize.
+     */
+    @java.lang.Override
+    public int getPageSize() {
+      return pageSize_;
+    }
+
+    public static final int PAGE_TOKEN_FIELD_NUMBER = 3;
+    private volatile java.lang.Object pageToken_;
+    /**
+     *
+     *
+     * <pre>
+     * A token identifying a page of results the server should return. Typically,
+     * this is the value of [ListAttestorsResponse.next_page_token][google.cloud.binaryauthorization.v1.ListAttestorsResponse.next_page_token] returned
+     * from the previous call to the `ListAttestors` method.
+     * </pre>
+     *
+     * <code>string page_token = 3;</code>
+     *
+     * @return The pageToken.
+     */
+    @java.lang.Override
+    public java.lang.String getPageToken() {
+      java.lang.Object ref = pageToken_;
+      if (ref instanceof java.lang.String) {
+        return (java.lang.String) ref;
+      } else {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        pageToken_ = s;
+        return s;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A token identifying a page of results the server should return. Typically,
+     * this is the value of [ListAttestorsResponse.next_page_token][google.cloud.binaryauthorization.v1.ListAttestorsResponse.next_page_token] returned
+     * from the previous call to the `ListAttestors` method.
+     * </pre>
+     *
+     * <code>string page_token = 3;</code>
+     *
+     * @return The bytes for pageToken.
+     */
+    @java.lang.Override
+    public com.google.protobuf.ByteString getPageTokenBytes() {
+      java.lang.Object ref = pageToken_;
+      if (ref instanceof java.lang.String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        pageToken_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+
+    private byte memoizedIsInitialized = -1;
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      byte isInitialized = memoizedIsInitialized;
+      if (isInitialized == 1) return true;
+      if (isInitialized == 0) return false;
+
+      memoizedIsInitialized = 1;
+      return true;
+    }
+
+    @java.lang.Override
+    public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+      if (!getParentBytes().isEmpty()) {
+        com.google.protobuf.GeneratedMessageV3.writeString(output, 1, parent_);
+      }
+      if (pageSize_ != 0) {
+        output.writeInt32(2, pageSize_);
+      }
+      if (!getPageTokenBytes().isEmpty()) {
+        com.google.protobuf.GeneratedMessageV3.writeString(output, 3, pageToken_);
+      }
+      unknownFields.writeTo(output);
+    }
+
+    @java.lang.Override
+    public int getSerializedSize() {
+      int size = memoizedSize;
+      if (size != -1) return size;
+
+      size = 0;
+      if (!getParentBytes().isEmpty()) {
+        size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, parent_);
+      }
+      if (pageSize_ != 0) {
+        size += com.google.protobuf.CodedOutputStream.computeInt32Size(2, pageSize_);
+      }
+      if (!getPageTokenBytes().isEmpty()) {
+        size += com.google.protobuf.GeneratedMessageV3.computeStringSize(3, pageToken_);
+      }
+      size += unknownFields.getSerializedSize();
+      memoizedSize = size;
+      return size;
+    }
+
+    @java.lang.Override
+    public boolean equals(final java.lang.Object obj) {
+      if (obj == this) {
+        return true;
+      }
+      if (!(obj
+          instanceof
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest)) {
+        return super.equals(obj);
+      }
+      com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest other =
+          (com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest) obj;
+
+      if (!getParent().equals(other.getParent())) return false;
+      if (getPageSize() != other.getPageSize()) return false;
+      if (!getPageToken().equals(other.getPageToken())) return false;
+      if (!unknownFields.equals(other.unknownFields)) return false;
+      return true;
+    }
+
+    @java.lang.Override
+    public int hashCode() {
+      if (memoizedHashCode != 0) {
+        return memoizedHashCode;
+      }
+      int hash = 41;
+      hash = (19 * hash) + getDescriptor().hashCode();
+      hash = (37 * hash) + PARENT_FIELD_NUMBER;
+      hash = (53 * hash) + getParent().hashCode();
+      hash = (37 * hash) + PAGE_SIZE_FIELD_NUMBER;
+      hash = (53 * hash) + getPageSize();
+      hash = (37 * hash) + PAGE_TOKEN_FIELD_NUMBER;
+      hash = (53 * hash) + getPageToken().hashCode();
+      hash = (29 * hash) + unknownFields.hashCode();
+      memoizedHashCode = hash;
+      return hash;
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest
+        parseFrom(java.nio.ByteBuffer data)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest
+        parseFrom(
+            java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest
+        parseFrom(com.google.protobuf.ByteString data)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest
+        parseFrom(
+            com.google.protobuf.ByteString data,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest
+        parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest
+        parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest
+        parseFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest
+        parseFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest
+        parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest
+        parseDelimitedFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest
+        parseFrom(com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest
+        parseFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    @java.lang.Override
+    public Builder newBuilderForType() {
+      return newBuilder();
+    }
+
+    public static Builder newBuilder() {
+      return DEFAULT_INSTANCE.toBuilder();
+    }
+
+    public static Builder newBuilder(
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest
+            prototype) {
+      return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+    }
+
+    @java.lang.Override
+    public Builder toBuilder() {
+      return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+    }
+
+    @java.lang.Override
+    protected Builder newBuilderForType(
+        com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      Builder builder = new Builder(parent);
+      return builder;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Request message for [BinauthzManagementService.ListAttestors][].
+     * </pre>
+     *
+     * Protobuf type {@code google.cloud.binaryauthorization.v1.ListAttestorsRequest}
+     */
+    public static final class Builder
+        extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+        implements
+        // @@protoc_insertion_point(builder_implements:google.cloud.binaryauthorization.v1.ListAttestorsRequest)
+        com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ListAttestorsRequestOrBuilder {
+      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .internal_static_google_cloud_binaryauthorization_v1_ListAttestorsRequest_descriptor;
+      }
+
+      @java.lang.Override
+      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+          internalGetFieldAccessorTable() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .internal_static_google_cloud_binaryauthorization_v1_ListAttestorsRequest_fieldAccessorTable
+            .ensureFieldAccessorsInitialized(
+                com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest
+                    .class,
+                com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest
+                    .Builder.class);
+      }
+
+      // Construct using
+      // com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest.newBuilder()
+      private Builder() {
+        maybeForceBuilderInitialization();
+      }
+
+      private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+        super(parent);
+        maybeForceBuilderInitialization();
+      }
+
+      private void maybeForceBuilderInitialization() {
+        if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+      }
+
+      @java.lang.Override
+      public Builder clear() {
+        super.clear();
+        parent_ = "";
+
+        pageSize_ = 0;
+
+        pageToken_ = "";
+
+        return this;
+      }
+
+      @java.lang.Override
+      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .internal_static_google_cloud_binaryauthorization_v1_ListAttestorsRequest_descriptor;
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest
+          getDefaultInstanceForType() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest
+            .getDefaultInstance();
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest
+          build() {
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest result =
+            buildPartial();
+        if (!result.isInitialized()) {
+          throw newUninitializedMessageException(result);
+        }
+        return result;
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest
+          buildPartial() {
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest result =
+            new com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest(
+                this);
+        result.parent_ = parent_;
+        result.pageSize_ = pageSize_;
+        result.pageToken_ = pageToken_;
+        onBuilt();
+        return result;
+      }
+
+      @java.lang.Override
+      public Builder clone() {
+        return super.clone();
+      }
+
+      @java.lang.Override
+      public Builder setField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.setField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+        return super.clearField(field);
+      }
+
+      @java.lang.Override
+      public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+        return super.clearOneof(oneof);
+      }
+
+      @java.lang.Override
+      public Builder setRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field,
+          int index,
+          java.lang.Object value) {
+        return super.setRepeatedField(field, index, value);
+      }
+
+      @java.lang.Override
+      public Builder addRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.addRepeatedField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(com.google.protobuf.Message other) {
+        if (other
+            instanceof
+            com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest) {
+          return mergeFrom(
+              (com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest)
+                  other);
+        } else {
+          super.mergeFrom(other);
+          return this;
+        }
+      }
+
+      public Builder mergeFrom(
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest
+              other) {
+        if (other
+            == com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest
+                .getDefaultInstance()) return this;
+        if (!other.getParent().isEmpty()) {
+          parent_ = other.parent_;
+          onChanged();
+        }
+        if (other.getPageSize() != 0) {
+          setPageSize(other.getPageSize());
+        }
+        if (!other.getPageToken().isEmpty()) {
+          pageToken_ = other.pageToken_;
+          onChanged();
+        }
+        this.mergeUnknownFields(other.unknownFields);
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final boolean isInitialized() {
+        return true;
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest
+            parsedMessage = null;
+        try {
+          parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+        } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+          parsedMessage =
+              (com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest)
+                  e.getUnfinishedMessage();
+          throw e.unwrapIOException();
+        } finally {
+          if (parsedMessage != null) {
+            mergeFrom(parsedMessage);
+          }
+        }
+        return this;
+      }
+
+      private java.lang.Object parent_ = "";
+      /**
+       *
+       *
+       * <pre>
+       * Required. The resource name of the project associated with the
+       * [attestors][google.cloud.binaryauthorization.v1.Attestor], in the format `projects/&#42;`.
+       * </pre>
+       *
+       * <code>
+       * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+       * </code>
+       *
+       * @return The parent.
+       */
+      public java.lang.String getParent() {
+        java.lang.Object ref = parent_;
+        if (!(ref instanceof java.lang.String)) {
+          com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+          java.lang.String s = bs.toStringUtf8();
+          parent_ = s;
+          return s;
+        } else {
+          return (java.lang.String) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The resource name of the project associated with the
+       * [attestors][google.cloud.binaryauthorization.v1.Attestor], in the format `projects/&#42;`.
+       * </pre>
+       *
+       * <code>
+       * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+       * </code>
+       *
+       * @return The bytes for parent.
+       */
+      public com.google.protobuf.ByteString getParentBytes() {
+        java.lang.Object ref = parent_;
+        if (ref instanceof String) {
+          com.google.protobuf.ByteString b =
+              com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+          parent_ = b;
+          return b;
+        } else {
+          return (com.google.protobuf.ByteString) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The resource name of the project associated with the
+       * [attestors][google.cloud.binaryauthorization.v1.Attestor], in the format `projects/&#42;`.
+       * </pre>
+       *
+       * <code>
+       * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+       * </code>
+       *
+       * @param value The parent to set.
+       * @return This builder for chaining.
+       */
+      public Builder setParent(java.lang.String value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+
+        parent_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The resource name of the project associated with the
+       * [attestors][google.cloud.binaryauthorization.v1.Attestor], in the format `projects/&#42;`.
+       * </pre>
+       *
+       * <code>
+       * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+       * </code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearParent() {
+
+        parent_ = getDefaultInstance().getParent();
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The resource name of the project associated with the
+       * [attestors][google.cloud.binaryauthorization.v1.Attestor], in the format `projects/&#42;`.
+       * </pre>
+       *
+       * <code>
+       * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+       * </code>
+       *
+       * @param value The bytes for parent to set.
+       * @return This builder for chaining.
+       */
+      public Builder setParentBytes(com.google.protobuf.ByteString value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        checkByteStringIsUtf8(value);
+
+        parent_ = value;
+        onChanged();
+        return this;
+      }
+
+      private int pageSize_;
+      /**
+       *
+       *
+       * <pre>
+       * Requested page size. The server may return fewer results than requested. If
+       * unspecified, the server will pick an appropriate default.
+       * </pre>
+       *
+       * <code>int32 page_size = 2;</code>
+       *
+       * @return The pageSize.
+       */
+      @java.lang.Override
+      public int getPageSize() {
+        return pageSize_;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Requested page size. The server may return fewer results than requested. If
+       * unspecified, the server will pick an appropriate default.
+       * </pre>
+       *
+       * <code>int32 page_size = 2;</code>
+       *
+       * @param value The pageSize to set.
+       * @return This builder for chaining.
+       */
+      public Builder setPageSize(int value) {
+
+        pageSize_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Requested page size. The server may return fewer results than requested. If
+       * unspecified, the server will pick an appropriate default.
+       * </pre>
+       *
+       * <code>int32 page_size = 2;</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearPageSize() {
+
+        pageSize_ = 0;
+        onChanged();
+        return this;
+      }
+
+      private java.lang.Object pageToken_ = "";
+      /**
+       *
+       *
+       * <pre>
+       * A token identifying a page of results the server should return. Typically,
+       * this is the value of [ListAttestorsResponse.next_page_token][google.cloud.binaryauthorization.v1.ListAttestorsResponse.next_page_token] returned
+       * from the previous call to the `ListAttestors` method.
+       * </pre>
+       *
+       * <code>string page_token = 3;</code>
+       *
+       * @return The pageToken.
+       */
+      public java.lang.String getPageToken() {
+        java.lang.Object ref = pageToken_;
+        if (!(ref instanceof java.lang.String)) {
+          com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+          java.lang.String s = bs.toStringUtf8();
+          pageToken_ = s;
+          return s;
+        } else {
+          return (java.lang.String) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * A token identifying a page of results the server should return. Typically,
+       * this is the value of [ListAttestorsResponse.next_page_token][google.cloud.binaryauthorization.v1.ListAttestorsResponse.next_page_token] returned
+       * from the previous call to the `ListAttestors` method.
+       * </pre>
+       *
+       * <code>string page_token = 3;</code>
+       *
+       * @return The bytes for pageToken.
+       */
+      public com.google.protobuf.ByteString getPageTokenBytes() {
+        java.lang.Object ref = pageToken_;
+        if (ref instanceof String) {
+          com.google.protobuf.ByteString b =
+              com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+          pageToken_ = b;
+          return b;
+        } else {
+          return (com.google.protobuf.ByteString) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * A token identifying a page of results the server should return. Typically,
+       * this is the value of [ListAttestorsResponse.next_page_token][google.cloud.binaryauthorization.v1.ListAttestorsResponse.next_page_token] returned
+       * from the previous call to the `ListAttestors` method.
+       * </pre>
+       *
+       * <code>string page_token = 3;</code>
+       *
+       * @param value The pageToken to set.
+       * @return This builder for chaining.
+       */
+      public Builder setPageToken(java.lang.String value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+
+        pageToken_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * A token identifying a page of results the server should return. Typically,
+       * this is the value of [ListAttestorsResponse.next_page_token][google.cloud.binaryauthorization.v1.ListAttestorsResponse.next_page_token] returned
+       * from the previous call to the `ListAttestors` method.
+       * </pre>
+       *
+       * <code>string page_token = 3;</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearPageToken() {
+
+        pageToken_ = getDefaultInstance().getPageToken();
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * A token identifying a page of results the server should return. Typically,
+       * this is the value of [ListAttestorsResponse.next_page_token][google.cloud.binaryauthorization.v1.ListAttestorsResponse.next_page_token] returned
+       * from the previous call to the `ListAttestors` method.
+       * </pre>
+       *
+       * <code>string page_token = 3;</code>
+       *
+       * @param value The bytes for pageToken to set.
+       * @return This builder for chaining.
+       */
+      public Builder setPageTokenBytes(com.google.protobuf.ByteString value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        checkByteStringIsUtf8(value);
+
+        pageToken_ = value;
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final Builder setUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.setUnknownFields(unknownFields);
+      }
+
+      @java.lang.Override
+      public final Builder mergeUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.mergeUnknownFields(unknownFields);
+      }
+
+      // @@protoc_insertion_point(builder_scope:google.cloud.binaryauthorization.v1.ListAttestorsRequest)
+    }
+
+    // @@protoc_insertion_point(class_scope:google.cloud.binaryauthorization.v1.ListAttestorsRequest)
+    private static final com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ListAttestorsRequest
+        DEFAULT_INSTANCE;
+
+    static {
+      DEFAULT_INSTANCE =
+          new com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest();
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest
+        getDefaultInstance() {
+      return DEFAULT_INSTANCE;
+    }
+
+    private static final com.google.protobuf.Parser<ListAttestorsRequest> PARSER =
+        new com.google.protobuf.AbstractParser<ListAttestorsRequest>() {
+          @java.lang.Override
+          public ListAttestorsRequest parsePartialFrom(
+              com.google.protobuf.CodedInputStream input,
+              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws com.google.protobuf.InvalidProtocolBufferException {
+            return new ListAttestorsRequest(input, extensionRegistry);
+          }
+        };
+
+    public static com.google.protobuf.Parser<ListAttestorsRequest> parser() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Parser<ListAttestorsRequest> getParserForType() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsRequest
+        getDefaultInstanceForType() {
+      return DEFAULT_INSTANCE;
+    }
+  }
+
+  public interface ListAttestorsResponseOrBuilder
+      extends
+      // @@protoc_insertion_point(interface_extends:google.cloud.binaryauthorization.v1.ListAttestorsResponse)
+      com.google.protobuf.MessageOrBuilder {
+
+    /**
+     *
+     *
+     * <pre>
+     * The list of [attestors][google.cloud.binaryauthorization.v1.Attestor].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.binaryauthorization.v1.Attestor attestors = 1;</code>
+     */
+    java.util.List<com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor>
+        getAttestorsList();
+    /**
+     *
+     *
+     * <pre>
+     * The list of [attestors][google.cloud.binaryauthorization.v1.Attestor].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.binaryauthorization.v1.Attestor attestors = 1;</code>
+     */
+    com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor getAttestors(
+        int index);
+    /**
+     *
+     *
+     * <pre>
+     * The list of [attestors][google.cloud.binaryauthorization.v1.Attestor].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.binaryauthorization.v1.Attestor attestors = 1;</code>
+     */
+    int getAttestorsCount();
+    /**
+     *
+     *
+     * <pre>
+     * The list of [attestors][google.cloud.binaryauthorization.v1.Attestor].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.binaryauthorization.v1.Attestor attestors = 1;</code>
+     */
+    java.util.List<
+            ? extends
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorOrBuilder>
+        getAttestorsOrBuilderList();
+    /**
+     *
+     *
+     * <pre>
+     * The list of [attestors][google.cloud.binaryauthorization.v1.Attestor].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.binaryauthorization.v1.Attestor attestors = 1;</code>
+     */
+    com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorOrBuilder
+        getAttestorsOrBuilder(int index);
+
+    /**
+     *
+     *
+     * <pre>
+     * A token to retrieve the next page of results. Pass this value in the
+     * [ListAttestorsRequest.page_token][google.cloud.binaryauthorization.v1.ListAttestorsRequest.page_token] field in the subsequent call to the
+     * `ListAttestors` method to retrieve the next page of results.
+     * </pre>
+     *
+     * <code>string next_page_token = 2;</code>
+     *
+     * @return The nextPageToken.
+     */
+    java.lang.String getNextPageToken();
+    /**
+     *
+     *
+     * <pre>
+     * A token to retrieve the next page of results. Pass this value in the
+     * [ListAttestorsRequest.page_token][google.cloud.binaryauthorization.v1.ListAttestorsRequest.page_token] field in the subsequent call to the
+     * `ListAttestors` method to retrieve the next page of results.
+     * </pre>
+     *
+     * <code>string next_page_token = 2;</code>
+     *
+     * @return The bytes for nextPageToken.
+     */
+    com.google.protobuf.ByteString getNextPageTokenBytes();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Response message for [BinauthzManagementService.ListAttestors][].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.binaryauthorization.v1.ListAttestorsResponse}
+   */
+  public static final class ListAttestorsResponse extends com.google.protobuf.GeneratedMessageV3
+      implements
+      // @@protoc_insertion_point(message_implements:google.cloud.binaryauthorization.v1.ListAttestorsResponse)
+      ListAttestorsResponseOrBuilder {
+    private static final long serialVersionUID = 0L;
+    // Use ListAttestorsResponse.newBuilder() to construct.
+    private ListAttestorsResponse(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+      super(builder);
+    }
+
+    private ListAttestorsResponse() {
+      attestors_ = java.util.Collections.emptyList();
+      nextPageToken_ = "";
+    }
+
+    @java.lang.Override
+    @SuppressWarnings({"unused"})
+    protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+      return new ListAttestorsResponse();
+    }
+
+    @java.lang.Override
+    public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+      return this.unknownFields;
+    }
+
+    private ListAttestorsResponse(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      this();
+      if (extensionRegistry == null) {
+        throw new java.lang.NullPointerException();
+      }
+      int mutable_bitField0_ = 0;
+      com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+          com.google.protobuf.UnknownFieldSet.newBuilder();
+      try {
+        boolean done = false;
+        while (!done) {
+          int tag = input.readTag();
+          switch (tag) {
+            case 0:
+              done = true;
+              break;
+            case 10:
+              {
+                if (!((mutable_bitField0_ & 0x00000001) != 0)) {
+                  attestors_ =
+                      new java.util.ArrayList<
+                          com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                              .Attestor>();
+                  mutable_bitField0_ |= 0x00000001;
+                }
+                attestors_.add(
+                    input.readMessage(
+                        com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor
+                            .parser(),
+                        extensionRegistry));
+                break;
+              }
+            case 18:
+              {
+                java.lang.String s = input.readStringRequireUtf8();
+
+                nextPageToken_ = s;
+                break;
+              }
+            default:
+              {
+                if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                  done = true;
+                }
+                break;
+              }
+          }
+        }
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        throw e.setUnfinishedMessage(this);
+      } catch (java.io.IOException e) {
+        throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+      } finally {
+        if (((mutable_bitField0_ & 0x00000001) != 0)) {
+          attestors_ = java.util.Collections.unmodifiableList(attestors_);
+        }
+        this.unknownFields = unknownFields.build();
+        makeExtensionsImmutable();
+      }
+    }
+
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.protos.google.cloud.binaryauthorization.v1.Service
+          .internal_static_google_cloud_binaryauthorization_v1_ListAttestorsResponse_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.protos.google.cloud.binaryauthorization.v1.Service
+          .internal_static_google_cloud_binaryauthorization_v1_ListAttestorsResponse_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsResponse
+                  .class,
+              com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsResponse
+                  .Builder.class);
+    }
+
+    public static final int ATTESTORS_FIELD_NUMBER = 1;
+    private java.util.List<com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor>
+        attestors_;
+    /**
+     *
+     *
+     * <pre>
+     * The list of [attestors][google.cloud.binaryauthorization.v1.Attestor].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.binaryauthorization.v1.Attestor attestors = 1;</code>
+     */
+    @java.lang.Override
+    public java.util.List<com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor>
+        getAttestorsList() {
+      return attestors_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of [attestors][google.cloud.binaryauthorization.v1.Attestor].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.binaryauthorization.v1.Attestor attestors = 1;</code>
+     */
+    @java.lang.Override
+    public java.util.List<
+            ? extends
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorOrBuilder>
+        getAttestorsOrBuilderList() {
+      return attestors_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of [attestors][google.cloud.binaryauthorization.v1.Attestor].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.binaryauthorization.v1.Attestor attestors = 1;</code>
+     */
+    @java.lang.Override
+    public int getAttestorsCount() {
+      return attestors_.size();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of [attestors][google.cloud.binaryauthorization.v1.Attestor].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.binaryauthorization.v1.Attestor attestors = 1;</code>
+     */
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor getAttestors(
+        int index) {
+      return attestors_.get(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of [attestors][google.cloud.binaryauthorization.v1.Attestor].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.binaryauthorization.v1.Attestor attestors = 1;</code>
+     */
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorOrBuilder
+        getAttestorsOrBuilder(int index) {
+      return attestors_.get(index);
+    }
+
+    public static final int NEXT_PAGE_TOKEN_FIELD_NUMBER = 2;
+    private volatile java.lang.Object nextPageToken_;
+    /**
+     *
+     *
+     * <pre>
+     * A token to retrieve the next page of results. Pass this value in the
+     * [ListAttestorsRequest.page_token][google.cloud.binaryauthorization.v1.ListAttestorsRequest.page_token] field in the subsequent call to the
+     * `ListAttestors` method to retrieve the next page of results.
+     * </pre>
+     *
+     * <code>string next_page_token = 2;</code>
+     *
+     * @return The nextPageToken.
+     */
+    @java.lang.Override
+    public java.lang.String getNextPageToken() {
+      java.lang.Object ref = nextPageToken_;
+      if (ref instanceof java.lang.String) {
+        return (java.lang.String) ref;
+      } else {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        nextPageToken_ = s;
+        return s;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A token to retrieve the next page of results. Pass this value in the
+     * [ListAttestorsRequest.page_token][google.cloud.binaryauthorization.v1.ListAttestorsRequest.page_token] field in the subsequent call to the
+     * `ListAttestors` method to retrieve the next page of results.
+     * </pre>
+     *
+     * <code>string next_page_token = 2;</code>
+     *
+     * @return The bytes for nextPageToken.
+     */
+    @java.lang.Override
+    public com.google.protobuf.ByteString getNextPageTokenBytes() {
+      java.lang.Object ref = nextPageToken_;
+      if (ref instanceof java.lang.String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        nextPageToken_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+
+    private byte memoizedIsInitialized = -1;
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      byte isInitialized = memoizedIsInitialized;
+      if (isInitialized == 1) return true;
+      if (isInitialized == 0) return false;
+
+      memoizedIsInitialized = 1;
+      return true;
+    }
+
+    @java.lang.Override
+    public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+      for (int i = 0; i < attestors_.size(); i++) {
+        output.writeMessage(1, attestors_.get(i));
+      }
+      if (!getNextPageTokenBytes().isEmpty()) {
+        com.google.protobuf.GeneratedMessageV3.writeString(output, 2, nextPageToken_);
+      }
+      unknownFields.writeTo(output);
+    }
+
+    @java.lang.Override
+    public int getSerializedSize() {
+      int size = memoizedSize;
+      if (size != -1) return size;
+
+      size = 0;
+      for (int i = 0; i < attestors_.size(); i++) {
+        size += com.google.protobuf.CodedOutputStream.computeMessageSize(1, attestors_.get(i));
+      }
+      if (!getNextPageTokenBytes().isEmpty()) {
+        size += com.google.protobuf.GeneratedMessageV3.computeStringSize(2, nextPageToken_);
+      }
+      size += unknownFields.getSerializedSize();
+      memoizedSize = size;
+      return size;
+    }
+
+    @java.lang.Override
+    public boolean equals(final java.lang.Object obj) {
+      if (obj == this) {
+        return true;
+      }
+      if (!(obj
+          instanceof
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsResponse)) {
+        return super.equals(obj);
+      }
+      com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsResponse other =
+          (com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsResponse) obj;
+
+      if (!getAttestorsList().equals(other.getAttestorsList())) return false;
+      if (!getNextPageToken().equals(other.getNextPageToken())) return false;
+      if (!unknownFields.equals(other.unknownFields)) return false;
+      return true;
+    }
+
+    @java.lang.Override
+    public int hashCode() {
+      if (memoizedHashCode != 0) {
+        return memoizedHashCode;
+      }
+      int hash = 41;
+      hash = (19 * hash) + getDescriptor().hashCode();
+      if (getAttestorsCount() > 0) {
+        hash = (37 * hash) + ATTESTORS_FIELD_NUMBER;
+        hash = (53 * hash) + getAttestorsList().hashCode();
+      }
+      hash = (37 * hash) + NEXT_PAGE_TOKEN_FIELD_NUMBER;
+      hash = (53 * hash) + getNextPageToken().hashCode();
+      hash = (29 * hash) + unknownFields.hashCode();
+      memoizedHashCode = hash;
+      return hash;
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ListAttestorsResponse
+        parseFrom(java.nio.ByteBuffer data)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ListAttestorsResponse
+        parseFrom(
+            java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ListAttestorsResponse
+        parseFrom(com.google.protobuf.ByteString data)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ListAttestorsResponse
+        parseFrom(
+            com.google.protobuf.ByteString data,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ListAttestorsResponse
+        parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ListAttestorsResponse
+        parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ListAttestorsResponse
+        parseFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ListAttestorsResponse
+        parseFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ListAttestorsResponse
+        parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ListAttestorsResponse
+        parseDelimitedFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ListAttestorsResponse
+        parseFrom(com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ListAttestorsResponse
+        parseFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    @java.lang.Override
+    public Builder newBuilderForType() {
+      return newBuilder();
+    }
+
+    public static Builder newBuilder() {
+      return DEFAULT_INSTANCE.toBuilder();
+    }
+
+    public static Builder newBuilder(
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsResponse
+            prototype) {
+      return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+    }
+
+    @java.lang.Override
+    public Builder toBuilder() {
+      return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+    }
+
+    @java.lang.Override
+    protected Builder newBuilderForType(
+        com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      Builder builder = new Builder(parent);
+      return builder;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Response message for [BinauthzManagementService.ListAttestors][].
+     * </pre>
+     *
+     * Protobuf type {@code google.cloud.binaryauthorization.v1.ListAttestorsResponse}
+     */
+    public static final class Builder
+        extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+        implements
+        // @@protoc_insertion_point(builder_implements:google.cloud.binaryauthorization.v1.ListAttestorsResponse)
+        com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ListAttestorsResponseOrBuilder {
+      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .internal_static_google_cloud_binaryauthorization_v1_ListAttestorsResponse_descriptor;
+      }
+
+      @java.lang.Override
+      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+          internalGetFieldAccessorTable() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .internal_static_google_cloud_binaryauthorization_v1_ListAttestorsResponse_fieldAccessorTable
+            .ensureFieldAccessorsInitialized(
+                com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsResponse
+                    .class,
+                com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsResponse
+                    .Builder.class);
+      }
+
+      // Construct using
+      // com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsResponse.newBuilder()
+      private Builder() {
+        maybeForceBuilderInitialization();
+      }
+
+      private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+        super(parent);
+        maybeForceBuilderInitialization();
+      }
+
+      private void maybeForceBuilderInitialization() {
+        if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {
+          getAttestorsFieldBuilder();
+        }
+      }
+
+      @java.lang.Override
+      public Builder clear() {
+        super.clear();
+        if (attestorsBuilder_ == null) {
+          attestors_ = java.util.Collections.emptyList();
+          bitField0_ = (bitField0_ & ~0x00000001);
+        } else {
+          attestorsBuilder_.clear();
+        }
+        nextPageToken_ = "";
+
+        return this;
+      }
+
+      @java.lang.Override
+      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .internal_static_google_cloud_binaryauthorization_v1_ListAttestorsResponse_descriptor;
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsResponse
+          getDefaultInstanceForType() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsResponse
+            .getDefaultInstance();
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsResponse
+          build() {
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsResponse result =
+            buildPartial();
+        if (!result.isInitialized()) {
+          throw newUninitializedMessageException(result);
+        }
+        return result;
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsResponse
+          buildPartial() {
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsResponse result =
+            new com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsResponse(
+                this);
+        int from_bitField0_ = bitField0_;
+        if (attestorsBuilder_ == null) {
+          if (((bitField0_ & 0x00000001) != 0)) {
+            attestors_ = java.util.Collections.unmodifiableList(attestors_);
+            bitField0_ = (bitField0_ & ~0x00000001);
+          }
+          result.attestors_ = attestors_;
+        } else {
+          result.attestors_ = attestorsBuilder_.build();
+        }
+        result.nextPageToken_ = nextPageToken_;
+        onBuilt();
+        return result;
+      }
+
+      @java.lang.Override
+      public Builder clone() {
+        return super.clone();
+      }
+
+      @java.lang.Override
+      public Builder setField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.setField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+        return super.clearField(field);
+      }
+
+      @java.lang.Override
+      public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+        return super.clearOneof(oneof);
+      }
+
+      @java.lang.Override
+      public Builder setRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field,
+          int index,
+          java.lang.Object value) {
+        return super.setRepeatedField(field, index, value);
+      }
+
+      @java.lang.Override
+      public Builder addRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.addRepeatedField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(com.google.protobuf.Message other) {
+        if (other
+            instanceof
+            com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsResponse) {
+          return mergeFrom(
+              (com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsResponse)
+                  other);
+        } else {
+          super.mergeFrom(other);
+          return this;
+        }
+      }
+
+      public Builder mergeFrom(
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsResponse
+              other) {
+        if (other
+            == com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsResponse
+                .getDefaultInstance()) return this;
+        if (attestorsBuilder_ == null) {
+          if (!other.attestors_.isEmpty()) {
+            if (attestors_.isEmpty()) {
+              attestors_ = other.attestors_;
+              bitField0_ = (bitField0_ & ~0x00000001);
+            } else {
+              ensureAttestorsIsMutable();
+              attestors_.addAll(other.attestors_);
+            }
+            onChanged();
+          }
+        } else {
+          if (!other.attestors_.isEmpty()) {
+            if (attestorsBuilder_.isEmpty()) {
+              attestorsBuilder_.dispose();
+              attestorsBuilder_ = null;
+              attestors_ = other.attestors_;
+              bitField0_ = (bitField0_ & ~0x00000001);
+              attestorsBuilder_ =
+                  com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders
+                      ? getAttestorsFieldBuilder()
+                      : null;
+            } else {
+              attestorsBuilder_.addAllMessages(other.attestors_);
+            }
+          }
+        }
+        if (!other.getNextPageToken().isEmpty()) {
+          nextPageToken_ = other.nextPageToken_;
+          onChanged();
+        }
+        this.mergeUnknownFields(other.unknownFields);
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final boolean isInitialized() {
+        return true;
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsResponse
+            parsedMessage = null;
+        try {
+          parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+        } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+          parsedMessage =
+              (com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsResponse)
+                  e.getUnfinishedMessage();
+          throw e.unwrapIOException();
+        } finally {
+          if (parsedMessage != null) {
+            mergeFrom(parsedMessage);
+          }
+        }
+        return this;
+      }
+
+      private int bitField0_;
+
+      private java.util.List<
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor>
+          attestors_ = java.util.Collections.emptyList();
+
+      private void ensureAttestorsIsMutable() {
+        if (!((bitField0_ & 0x00000001) != 0)) {
+          attestors_ =
+              new java.util.ArrayList<
+                  com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor>(
+                  attestors_);
+          bitField0_ |= 0x00000001;
+        }
+      }
+
+      private com.google.protobuf.RepeatedFieldBuilderV3<
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor.Builder,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorOrBuilder>
+          attestorsBuilder_;
+
+      /**
+       *
+       *
+       * <pre>
+       * The list of [attestors][google.cloud.binaryauthorization.v1.Attestor].
+       * </pre>
+       *
+       * <code>repeated .google.cloud.binaryauthorization.v1.Attestor attestors = 1;</code>
+       */
+      public java.util.List<
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor>
+          getAttestorsList() {
+        if (attestorsBuilder_ == null) {
+          return java.util.Collections.unmodifiableList(attestors_);
+        } else {
+          return attestorsBuilder_.getMessageList();
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The list of [attestors][google.cloud.binaryauthorization.v1.Attestor].
+       * </pre>
+       *
+       * <code>repeated .google.cloud.binaryauthorization.v1.Attestor attestors = 1;</code>
+       */
+      public int getAttestorsCount() {
+        if (attestorsBuilder_ == null) {
+          return attestors_.size();
+        } else {
+          return attestorsBuilder_.getCount();
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The list of [attestors][google.cloud.binaryauthorization.v1.Attestor].
+       * </pre>
+       *
+       * <code>repeated .google.cloud.binaryauthorization.v1.Attestor attestors = 1;</code>
+       */
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor getAttestors(
+          int index) {
+        if (attestorsBuilder_ == null) {
+          return attestors_.get(index);
+        } else {
+          return attestorsBuilder_.getMessage(index);
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The list of [attestors][google.cloud.binaryauthorization.v1.Attestor].
+       * </pre>
+       *
+       * <code>repeated .google.cloud.binaryauthorization.v1.Attestor attestors = 1;</code>
+       */
+      public Builder setAttestors(
+          int index,
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor value) {
+        if (attestorsBuilder_ == null) {
+          if (value == null) {
+            throw new NullPointerException();
+          }
+          ensureAttestorsIsMutable();
+          attestors_.set(index, value);
+          onChanged();
+        } else {
+          attestorsBuilder_.setMessage(index, value);
+        }
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The list of [attestors][google.cloud.binaryauthorization.v1.Attestor].
+       * </pre>
+       *
+       * <code>repeated .google.cloud.binaryauthorization.v1.Attestor attestors = 1;</code>
+       */
+      public Builder setAttestors(
+          int index,
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor.Builder
+              builderForValue) {
+        if (attestorsBuilder_ == null) {
+          ensureAttestorsIsMutable();
+          attestors_.set(index, builderForValue.build());
+          onChanged();
+        } else {
+          attestorsBuilder_.setMessage(index, builderForValue.build());
+        }
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The list of [attestors][google.cloud.binaryauthorization.v1.Attestor].
+       * </pre>
+       *
+       * <code>repeated .google.cloud.binaryauthorization.v1.Attestor attestors = 1;</code>
+       */
+      public Builder addAttestors(
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor value) {
+        if (attestorsBuilder_ == null) {
+          if (value == null) {
+            throw new NullPointerException();
+          }
+          ensureAttestorsIsMutable();
+          attestors_.add(value);
+          onChanged();
+        } else {
+          attestorsBuilder_.addMessage(value);
+        }
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The list of [attestors][google.cloud.binaryauthorization.v1.Attestor].
+       * </pre>
+       *
+       * <code>repeated .google.cloud.binaryauthorization.v1.Attestor attestors = 1;</code>
+       */
+      public Builder addAttestors(
+          int index,
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor value) {
+        if (attestorsBuilder_ == null) {
+          if (value == null) {
+            throw new NullPointerException();
+          }
+          ensureAttestorsIsMutable();
+          attestors_.add(index, value);
+          onChanged();
+        } else {
+          attestorsBuilder_.addMessage(index, value);
+        }
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The list of [attestors][google.cloud.binaryauthorization.v1.Attestor].
+       * </pre>
+       *
+       * <code>repeated .google.cloud.binaryauthorization.v1.Attestor attestors = 1;</code>
+       */
+      public Builder addAttestors(
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor.Builder
+              builderForValue) {
+        if (attestorsBuilder_ == null) {
+          ensureAttestorsIsMutable();
+          attestors_.add(builderForValue.build());
+          onChanged();
+        } else {
+          attestorsBuilder_.addMessage(builderForValue.build());
+        }
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The list of [attestors][google.cloud.binaryauthorization.v1.Attestor].
+       * </pre>
+       *
+       * <code>repeated .google.cloud.binaryauthorization.v1.Attestor attestors = 1;</code>
+       */
+      public Builder addAttestors(
+          int index,
+          com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor.Builder
+              builderForValue) {
+        if (attestorsBuilder_ == null) {
+          ensureAttestorsIsMutable();
+          attestors_.add(index, builderForValue.build());
+          onChanged();
+        } else {
+          attestorsBuilder_.addMessage(index, builderForValue.build());
+        }
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The list of [attestors][google.cloud.binaryauthorization.v1.Attestor].
+       * </pre>
+       *
+       * <code>repeated .google.cloud.binaryauthorization.v1.Attestor attestors = 1;</code>
+       */
+      public Builder addAllAttestors(
+          java.lang.Iterable<
+                  ? extends
+                      com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor>
+              values) {
+        if (attestorsBuilder_ == null) {
+          ensureAttestorsIsMutable();
+          com.google.protobuf.AbstractMessageLite.Builder.addAll(values, attestors_);
+          onChanged();
+        } else {
+          attestorsBuilder_.addAllMessages(values);
+        }
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The list of [attestors][google.cloud.binaryauthorization.v1.Attestor].
+       * </pre>
+       *
+       * <code>repeated .google.cloud.binaryauthorization.v1.Attestor attestors = 1;</code>
+       */
+      public Builder clearAttestors() {
+        if (attestorsBuilder_ == null) {
+          attestors_ = java.util.Collections.emptyList();
+          bitField0_ = (bitField0_ & ~0x00000001);
+          onChanged();
+        } else {
+          attestorsBuilder_.clear();
+        }
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The list of [attestors][google.cloud.binaryauthorization.v1.Attestor].
+       * </pre>
+       *
+       * <code>repeated .google.cloud.binaryauthorization.v1.Attestor attestors = 1;</code>
+       */
+      public Builder removeAttestors(int index) {
+        if (attestorsBuilder_ == null) {
+          ensureAttestorsIsMutable();
+          attestors_.remove(index);
+          onChanged();
+        } else {
+          attestorsBuilder_.remove(index);
+        }
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The list of [attestors][google.cloud.binaryauthorization.v1.Attestor].
+       * </pre>
+       *
+       * <code>repeated .google.cloud.binaryauthorization.v1.Attestor attestors = 1;</code>
+       */
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor.Builder
+          getAttestorsBuilder(int index) {
+        return getAttestorsFieldBuilder().getBuilder(index);
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The list of [attestors][google.cloud.binaryauthorization.v1.Attestor].
+       * </pre>
+       *
+       * <code>repeated .google.cloud.binaryauthorization.v1.Attestor attestors = 1;</code>
+       */
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorOrBuilder
+          getAttestorsOrBuilder(int index) {
+        if (attestorsBuilder_ == null) {
+          return attestors_.get(index);
+        } else {
+          return attestorsBuilder_.getMessageOrBuilder(index);
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The list of [attestors][google.cloud.binaryauthorization.v1.Attestor].
+       * </pre>
+       *
+       * <code>repeated .google.cloud.binaryauthorization.v1.Attestor attestors = 1;</code>
+       */
+      public java.util.List<
+              ? extends
+                  com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorOrBuilder>
+          getAttestorsOrBuilderList() {
+        if (attestorsBuilder_ != null) {
+          return attestorsBuilder_.getMessageOrBuilderList();
+        } else {
+          return java.util.Collections.unmodifiableList(attestors_);
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The list of [attestors][google.cloud.binaryauthorization.v1.Attestor].
+       * </pre>
+       *
+       * <code>repeated .google.cloud.binaryauthorization.v1.Attestor attestors = 1;</code>
+       */
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor.Builder
+          addAttestorsBuilder() {
+        return getAttestorsFieldBuilder()
+            .addBuilder(
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor
+                    .getDefaultInstance());
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The list of [attestors][google.cloud.binaryauthorization.v1.Attestor].
+       * </pre>
+       *
+       * <code>repeated .google.cloud.binaryauthorization.v1.Attestor attestors = 1;</code>
+       */
+      public com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor.Builder
+          addAttestorsBuilder(int index) {
+        return getAttestorsFieldBuilder()
+            .addBuilder(
+                index,
+                com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor
+                    .getDefaultInstance());
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The list of [attestors][google.cloud.binaryauthorization.v1.Attestor].
+       * </pre>
+       *
+       * <code>repeated .google.cloud.binaryauthorization.v1.Attestor attestors = 1;</code>
+       */
+      public java.util.List<
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor.Builder>
+          getAttestorsBuilderList() {
+        return getAttestorsFieldBuilder().getBuilderList();
+      }
+
+      private com.google.protobuf.RepeatedFieldBuilderV3<
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor.Builder,
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.AttestorOrBuilder>
+          getAttestorsFieldBuilder() {
+        if (attestorsBuilder_ == null) {
+          attestorsBuilder_ =
+              new com.google.protobuf.RepeatedFieldBuilderV3<
+                  com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor,
+                  com.google.protos.google.cloud.binaryauthorization.v1.Resources.Attestor.Builder,
+                  com.google.protos.google.cloud.binaryauthorization.v1.Resources
+                      .AttestorOrBuilder>(
+                  attestors_, ((bitField0_ & 0x00000001) != 0), getParentForChildren(), isClean());
+          attestors_ = null;
+        }
+        return attestorsBuilder_;
+      }
+
+      private java.lang.Object nextPageToken_ = "";
+      /**
+       *
+       *
+       * <pre>
+       * A token to retrieve the next page of results. Pass this value in the
+       * [ListAttestorsRequest.page_token][google.cloud.binaryauthorization.v1.ListAttestorsRequest.page_token] field in the subsequent call to the
+       * `ListAttestors` method to retrieve the next page of results.
+       * </pre>
+       *
+       * <code>string next_page_token = 2;</code>
+       *
+       * @return The nextPageToken.
+       */
+      public java.lang.String getNextPageToken() {
+        java.lang.Object ref = nextPageToken_;
+        if (!(ref instanceof java.lang.String)) {
+          com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+          java.lang.String s = bs.toStringUtf8();
+          nextPageToken_ = s;
+          return s;
+        } else {
+          return (java.lang.String) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * A token to retrieve the next page of results. Pass this value in the
+       * [ListAttestorsRequest.page_token][google.cloud.binaryauthorization.v1.ListAttestorsRequest.page_token] field in the subsequent call to the
+       * `ListAttestors` method to retrieve the next page of results.
+       * </pre>
+       *
+       * <code>string next_page_token = 2;</code>
+       *
+       * @return The bytes for nextPageToken.
+       */
+      public com.google.protobuf.ByteString getNextPageTokenBytes() {
+        java.lang.Object ref = nextPageToken_;
+        if (ref instanceof String) {
+          com.google.protobuf.ByteString b =
+              com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+          nextPageToken_ = b;
+          return b;
+        } else {
+          return (com.google.protobuf.ByteString) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * A token to retrieve the next page of results. Pass this value in the
+       * [ListAttestorsRequest.page_token][google.cloud.binaryauthorization.v1.ListAttestorsRequest.page_token] field in the subsequent call to the
+       * `ListAttestors` method to retrieve the next page of results.
+       * </pre>
+       *
+       * <code>string next_page_token = 2;</code>
+       *
+       * @param value The nextPageToken to set.
+       * @return This builder for chaining.
+       */
+      public Builder setNextPageToken(java.lang.String value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+
+        nextPageToken_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * A token to retrieve the next page of results. Pass this value in the
+       * [ListAttestorsRequest.page_token][google.cloud.binaryauthorization.v1.ListAttestorsRequest.page_token] field in the subsequent call to the
+       * `ListAttestors` method to retrieve the next page of results.
+       * </pre>
+       *
+       * <code>string next_page_token = 2;</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearNextPageToken() {
+
+        nextPageToken_ = getDefaultInstance().getNextPageToken();
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * A token to retrieve the next page of results. Pass this value in the
+       * [ListAttestorsRequest.page_token][google.cloud.binaryauthorization.v1.ListAttestorsRequest.page_token] field in the subsequent call to the
+       * `ListAttestors` method to retrieve the next page of results.
+       * </pre>
+       *
+       * <code>string next_page_token = 2;</code>
+       *
+       * @param value The bytes for nextPageToken to set.
+       * @return This builder for chaining.
+       */
+      public Builder setNextPageTokenBytes(com.google.protobuf.ByteString value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        checkByteStringIsUtf8(value);
+
+        nextPageToken_ = value;
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final Builder setUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.setUnknownFields(unknownFields);
+      }
+
+      @java.lang.Override
+      public final Builder mergeUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.mergeUnknownFields(unknownFields);
+      }
+
+      // @@protoc_insertion_point(builder_scope:google.cloud.binaryauthorization.v1.ListAttestorsResponse)
+    }
+
+    // @@protoc_insertion_point(class_scope:google.cloud.binaryauthorization.v1.ListAttestorsResponse)
+    private static final com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ListAttestorsResponse
+        DEFAULT_INSTANCE;
+
+    static {
+      DEFAULT_INSTANCE =
+          new com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsResponse();
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ListAttestorsResponse
+        getDefaultInstance() {
+      return DEFAULT_INSTANCE;
+    }
+
+    private static final com.google.protobuf.Parser<ListAttestorsResponse> PARSER =
+        new com.google.protobuf.AbstractParser<ListAttestorsResponse>() {
+          @java.lang.Override
+          public ListAttestorsResponse parsePartialFrom(
+              com.google.protobuf.CodedInputStream input,
+              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws com.google.protobuf.InvalidProtocolBufferException {
+            return new ListAttestorsResponse(input, extensionRegistry);
+          }
+        };
+
+    public static com.google.protobuf.Parser<ListAttestorsResponse> parser() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Parser<ListAttestorsResponse> getParserForType() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Service.ListAttestorsResponse
+        getDefaultInstanceForType() {
+      return DEFAULT_INSTANCE;
+    }
+  }
+
+  public interface DeleteAttestorRequestOrBuilder
+      extends
+      // @@protoc_insertion_point(interface_extends:google.cloud.binaryauthorization.v1.DeleteAttestorRequest)
+      com.google.protobuf.MessageOrBuilder {
+
+    /**
+     *
+     *
+     * <pre>
+     * Required. The name of the [attestors][google.cloud.binaryauthorization.v1.Attestor] to delete, in the format
+     * `projects/&#42;&#47;attestors/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The name.
+     */
+    java.lang.String getName();
+    /**
+     *
+     *
+     * <pre>
+     * Required. The name of the [attestors][google.cloud.binaryauthorization.v1.Attestor] to delete, in the format
+     * `projects/&#42;&#47;attestors/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The bytes for name.
+     */
+    com.google.protobuf.ByteString getNameBytes();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Request message for [BinauthzManagementService.DeleteAttestor][].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.binaryauthorization.v1.DeleteAttestorRequest}
+   */
+  public static final class DeleteAttestorRequest extends com.google.protobuf.GeneratedMessageV3
+      implements
+      // @@protoc_insertion_point(message_implements:google.cloud.binaryauthorization.v1.DeleteAttestorRequest)
+      DeleteAttestorRequestOrBuilder {
+    private static final long serialVersionUID = 0L;
+    // Use DeleteAttestorRequest.newBuilder() to construct.
+    private DeleteAttestorRequest(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+      super(builder);
+    }
+
+    private DeleteAttestorRequest() {
+      name_ = "";
+    }
+
+    @java.lang.Override
+    @SuppressWarnings({"unused"})
+    protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+      return new DeleteAttestorRequest();
+    }
+
+    @java.lang.Override
+    public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+      return this.unknownFields;
+    }
+
+    private DeleteAttestorRequest(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      this();
+      if (extensionRegistry == null) {
+        throw new java.lang.NullPointerException();
+      }
+      com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+          com.google.protobuf.UnknownFieldSet.newBuilder();
+      try {
+        boolean done = false;
+        while (!done) {
+          int tag = input.readTag();
+          switch (tag) {
+            case 0:
+              done = true;
+              break;
+            case 10:
+              {
+                java.lang.String s = input.readStringRequireUtf8();
+
+                name_ = s;
+                break;
+              }
+            default:
+              {
+                if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                  done = true;
+                }
+                break;
+              }
+          }
+        }
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        throw e.setUnfinishedMessage(this);
+      } catch (java.io.IOException e) {
+        throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+      } finally {
+        this.unknownFields = unknownFields.build();
+        makeExtensionsImmutable();
+      }
+    }
+
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.protos.google.cloud.binaryauthorization.v1.Service
+          .internal_static_google_cloud_binaryauthorization_v1_DeleteAttestorRequest_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.protos.google.cloud.binaryauthorization.v1.Service
+          .internal_static_google_cloud_binaryauthorization_v1_DeleteAttestorRequest_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.protos.google.cloud.binaryauthorization.v1.Service.DeleteAttestorRequest
+                  .class,
+              com.google.protos.google.cloud.binaryauthorization.v1.Service.DeleteAttestorRequest
+                  .Builder.class);
+    }
+
+    public static final int NAME_FIELD_NUMBER = 1;
+    private volatile java.lang.Object name_;
+    /**
+     *
+     *
+     * <pre>
+     * Required. The name of the [attestors][google.cloud.binaryauthorization.v1.Attestor] to delete, in the format
+     * `projects/&#42;&#47;attestors/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The name.
+     */
+    @java.lang.Override
+    public java.lang.String getName() {
+      java.lang.Object ref = name_;
+      if (ref instanceof java.lang.String) {
+        return (java.lang.String) ref;
+      } else {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        name_ = s;
+        return s;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The name of the [attestors][google.cloud.binaryauthorization.v1.Attestor] to delete, in the format
+     * `projects/&#42;&#47;attestors/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The bytes for name.
+     */
+    @java.lang.Override
+    public com.google.protobuf.ByteString getNameBytes() {
+      java.lang.Object ref = name_;
+      if (ref instanceof java.lang.String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        name_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+
+    private byte memoizedIsInitialized = -1;
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      byte isInitialized = memoizedIsInitialized;
+      if (isInitialized == 1) return true;
+      if (isInitialized == 0) return false;
+
+      memoizedIsInitialized = 1;
+      return true;
+    }
+
+    @java.lang.Override
+    public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+      if (!getNameBytes().isEmpty()) {
+        com.google.protobuf.GeneratedMessageV3.writeString(output, 1, name_);
+      }
+      unknownFields.writeTo(output);
+    }
+
+    @java.lang.Override
+    public int getSerializedSize() {
+      int size = memoizedSize;
+      if (size != -1) return size;
+
+      size = 0;
+      if (!getNameBytes().isEmpty()) {
+        size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, name_);
+      }
+      size += unknownFields.getSerializedSize();
+      memoizedSize = size;
+      return size;
+    }
+
+    @java.lang.Override
+    public boolean equals(final java.lang.Object obj) {
+      if (obj == this) {
+        return true;
+      }
+      if (!(obj
+          instanceof
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.DeleteAttestorRequest)) {
+        return super.equals(obj);
+      }
+      com.google.protos.google.cloud.binaryauthorization.v1.Service.DeleteAttestorRequest other =
+          (com.google.protos.google.cloud.binaryauthorization.v1.Service.DeleteAttestorRequest) obj;
+
+      if (!getName().equals(other.getName())) return false;
+      if (!unknownFields.equals(other.unknownFields)) return false;
+      return true;
+    }
+
+    @java.lang.Override
+    public int hashCode() {
+      if (memoizedHashCode != 0) {
+        return memoizedHashCode;
+      }
+      int hash = 41;
+      hash = (19 * hash) + getDescriptor().hashCode();
+      hash = (37 * hash) + NAME_FIELD_NUMBER;
+      hash = (53 * hash) + getName().hashCode();
+      hash = (29 * hash) + unknownFields.hashCode();
+      memoizedHashCode = hash;
+      return hash;
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .DeleteAttestorRequest
+        parseFrom(java.nio.ByteBuffer data)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .DeleteAttestorRequest
+        parseFrom(
+            java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .DeleteAttestorRequest
+        parseFrom(com.google.protobuf.ByteString data)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .DeleteAttestorRequest
+        parseFrom(
+            com.google.protobuf.ByteString data,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .DeleteAttestorRequest
+        parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .DeleteAttestorRequest
+        parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .DeleteAttestorRequest
+        parseFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .DeleteAttestorRequest
+        parseFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .DeleteAttestorRequest
+        parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .DeleteAttestorRequest
+        parseDelimitedFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .DeleteAttestorRequest
+        parseFrom(com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .DeleteAttestorRequest
+        parseFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    @java.lang.Override
+    public Builder newBuilderForType() {
+      return newBuilder();
+    }
+
+    public static Builder newBuilder() {
+      return DEFAULT_INSTANCE.toBuilder();
+    }
+
+    public static Builder newBuilder(
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.DeleteAttestorRequest
+            prototype) {
+      return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+    }
+
+    @java.lang.Override
+    public Builder toBuilder() {
+      return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+    }
+
+    @java.lang.Override
+    protected Builder newBuilderForType(
+        com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      Builder builder = new Builder(parent);
+      return builder;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Request message for [BinauthzManagementService.DeleteAttestor][].
+     * </pre>
+     *
+     * Protobuf type {@code google.cloud.binaryauthorization.v1.DeleteAttestorRequest}
+     */
+    public static final class Builder
+        extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+        implements
+        // @@protoc_insertion_point(builder_implements:google.cloud.binaryauthorization.v1.DeleteAttestorRequest)
+        com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .DeleteAttestorRequestOrBuilder {
+      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .internal_static_google_cloud_binaryauthorization_v1_DeleteAttestorRequest_descriptor;
+      }
+
+      @java.lang.Override
+      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+          internalGetFieldAccessorTable() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .internal_static_google_cloud_binaryauthorization_v1_DeleteAttestorRequest_fieldAccessorTable
+            .ensureFieldAccessorsInitialized(
+                com.google.protos.google.cloud.binaryauthorization.v1.Service.DeleteAttestorRequest
+                    .class,
+                com.google.protos.google.cloud.binaryauthorization.v1.Service.DeleteAttestorRequest
+                    .Builder.class);
+      }
+
+      // Construct using
+      // com.google.protos.google.cloud.binaryauthorization.v1.Service.DeleteAttestorRequest.newBuilder()
+      private Builder() {
+        maybeForceBuilderInitialization();
+      }
+
+      private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+        super(parent);
+        maybeForceBuilderInitialization();
+      }
+
+      private void maybeForceBuilderInitialization() {
+        if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+      }
+
+      @java.lang.Override
+      public Builder clear() {
+        super.clear();
+        name_ = "";
+
+        return this;
+      }
+
+      @java.lang.Override
+      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .internal_static_google_cloud_binaryauthorization_v1_DeleteAttestorRequest_descriptor;
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Service.DeleteAttestorRequest
+          getDefaultInstanceForType() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service.DeleteAttestorRequest
+            .getDefaultInstance();
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Service.DeleteAttestorRequest
+          build() {
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.DeleteAttestorRequest result =
+            buildPartial();
+        if (!result.isInitialized()) {
+          throw newUninitializedMessageException(result);
+        }
+        return result;
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Service.DeleteAttestorRequest
+          buildPartial() {
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.DeleteAttestorRequest result =
+            new com.google.protos.google.cloud.binaryauthorization.v1.Service.DeleteAttestorRequest(
+                this);
+        result.name_ = name_;
+        onBuilt();
+        return result;
+      }
+
+      @java.lang.Override
+      public Builder clone() {
+        return super.clone();
+      }
+
+      @java.lang.Override
+      public Builder setField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.setField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+        return super.clearField(field);
+      }
+
+      @java.lang.Override
+      public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+        return super.clearOneof(oneof);
+      }
+
+      @java.lang.Override
+      public Builder setRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field,
+          int index,
+          java.lang.Object value) {
+        return super.setRepeatedField(field, index, value);
+      }
+
+      @java.lang.Override
+      public Builder addRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.addRepeatedField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(com.google.protobuf.Message other) {
+        if (other
+            instanceof
+            com.google.protos.google.cloud.binaryauthorization.v1.Service.DeleteAttestorRequest) {
+          return mergeFrom(
+              (com.google.protos.google.cloud.binaryauthorization.v1.Service.DeleteAttestorRequest)
+                  other);
+        } else {
+          super.mergeFrom(other);
+          return this;
+        }
+      }
+
+      public Builder mergeFrom(
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.DeleteAttestorRequest
+              other) {
+        if (other
+            == com.google.protos.google.cloud.binaryauthorization.v1.Service.DeleteAttestorRequest
+                .getDefaultInstance()) return this;
+        if (!other.getName().isEmpty()) {
+          name_ = other.name_;
+          onChanged();
+        }
+        this.mergeUnknownFields(other.unknownFields);
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final boolean isInitialized() {
+        return true;
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.DeleteAttestorRequest
+            parsedMessage = null;
+        try {
+          parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+        } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+          parsedMessage =
+              (com.google.protos.google.cloud.binaryauthorization.v1.Service.DeleteAttestorRequest)
+                  e.getUnfinishedMessage();
+          throw e.unwrapIOException();
+        } finally {
+          if (parsedMessage != null) {
+            mergeFrom(parsedMessage);
+          }
+        }
+        return this;
+      }
+
+      private java.lang.Object name_ = "";
+      /**
+       *
+       *
+       * <pre>
+       * Required. The name of the [attestors][google.cloud.binaryauthorization.v1.Attestor] to delete, in the format
+       * `projects/&#42;&#47;attestors/&#42;`.
+       * </pre>
+       *
+       * <code>
+       * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+       * </code>
+       *
+       * @return The name.
+       */
+      public java.lang.String getName() {
+        java.lang.Object ref = name_;
+        if (!(ref instanceof java.lang.String)) {
+          com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+          java.lang.String s = bs.toStringUtf8();
+          name_ = s;
+          return s;
+        } else {
+          return (java.lang.String) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The name of the [attestors][google.cloud.binaryauthorization.v1.Attestor] to delete, in the format
+       * `projects/&#42;&#47;attestors/&#42;`.
+       * </pre>
+       *
+       * <code>
+       * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+       * </code>
+       *
+       * @return The bytes for name.
+       */
+      public com.google.protobuf.ByteString getNameBytes() {
+        java.lang.Object ref = name_;
+        if (ref instanceof String) {
+          com.google.protobuf.ByteString b =
+              com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+          name_ = b;
+          return b;
+        } else {
+          return (com.google.protobuf.ByteString) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The name of the [attestors][google.cloud.binaryauthorization.v1.Attestor] to delete, in the format
+       * `projects/&#42;&#47;attestors/&#42;`.
+       * </pre>
+       *
+       * <code>
+       * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+       * </code>
+       *
+       * @param value The name to set.
+       * @return This builder for chaining.
+       */
+      public Builder setName(java.lang.String value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+
+        name_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The name of the [attestors][google.cloud.binaryauthorization.v1.Attestor] to delete, in the format
+       * `projects/&#42;&#47;attestors/&#42;`.
+       * </pre>
+       *
+       * <code>
+       * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+       * </code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearName() {
+
+        name_ = getDefaultInstance().getName();
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The name of the [attestors][google.cloud.binaryauthorization.v1.Attestor] to delete, in the format
+       * `projects/&#42;&#47;attestors/&#42;`.
+       * </pre>
+       *
+       * <code>
+       * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+       * </code>
+       *
+       * @param value The bytes for name to set.
+       * @return This builder for chaining.
+       */
+      public Builder setNameBytes(com.google.protobuf.ByteString value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        checkByteStringIsUtf8(value);
+
+        name_ = value;
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final Builder setUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.setUnknownFields(unknownFields);
+      }
+
+      @java.lang.Override
+      public final Builder mergeUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.mergeUnknownFields(unknownFields);
+      }
+
+      // @@protoc_insertion_point(builder_scope:google.cloud.binaryauthorization.v1.DeleteAttestorRequest)
+    }
+
+    // @@protoc_insertion_point(class_scope:google.cloud.binaryauthorization.v1.DeleteAttestorRequest)
+    private static final com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .DeleteAttestorRequest
+        DEFAULT_INSTANCE;
+
+    static {
+      DEFAULT_INSTANCE =
+          new com.google.protos.google.cloud.binaryauthorization.v1.Service.DeleteAttestorRequest();
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .DeleteAttestorRequest
+        getDefaultInstance() {
+      return DEFAULT_INSTANCE;
+    }
+
+    private static final com.google.protobuf.Parser<DeleteAttestorRequest> PARSER =
+        new com.google.protobuf.AbstractParser<DeleteAttestorRequest>() {
+          @java.lang.Override
+          public DeleteAttestorRequest parsePartialFrom(
+              com.google.protobuf.CodedInputStream input,
+              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws com.google.protobuf.InvalidProtocolBufferException {
+            return new DeleteAttestorRequest(input, extensionRegistry);
+          }
+        };
+
+    public static com.google.protobuf.Parser<DeleteAttestorRequest> parser() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Parser<DeleteAttestorRequest> getParserForType() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Service.DeleteAttestorRequest
+        getDefaultInstanceForType() {
+      return DEFAULT_INSTANCE;
+    }
+  }
+
+  public interface GetSystemPolicyRequestOrBuilder
+      extends
+      // @@protoc_insertion_point(interface_extends:google.cloud.binaryauthorization.v1.GetSystemPolicyRequest)
+      com.google.protobuf.MessageOrBuilder {
+
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name, in the format `locations/&#42;&#47;policy`.
+     * Note that the system policy is not associated with a project.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The name.
+     */
+    java.lang.String getName();
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name, in the format `locations/&#42;&#47;policy`.
+     * Note that the system policy is not associated with a project.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The bytes for name.
+     */
+    com.google.protobuf.ByteString getNameBytes();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Request to read the current system policy.
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.binaryauthorization.v1.GetSystemPolicyRequest}
+   */
+  public static final class GetSystemPolicyRequest extends com.google.protobuf.GeneratedMessageV3
+      implements
+      // @@protoc_insertion_point(message_implements:google.cloud.binaryauthorization.v1.GetSystemPolicyRequest)
+      GetSystemPolicyRequestOrBuilder {
+    private static final long serialVersionUID = 0L;
+    // Use GetSystemPolicyRequest.newBuilder() to construct.
+    private GetSystemPolicyRequest(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+      super(builder);
+    }
+
+    private GetSystemPolicyRequest() {
+      name_ = "";
+    }
+
+    @java.lang.Override
+    @SuppressWarnings({"unused"})
+    protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+      return new GetSystemPolicyRequest();
+    }
+
+    @java.lang.Override
+    public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+      return this.unknownFields;
+    }
+
+    private GetSystemPolicyRequest(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      this();
+      if (extensionRegistry == null) {
+        throw new java.lang.NullPointerException();
+      }
+      com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+          com.google.protobuf.UnknownFieldSet.newBuilder();
+      try {
+        boolean done = false;
+        while (!done) {
+          int tag = input.readTag();
+          switch (tag) {
+            case 0:
+              done = true;
+              break;
+            case 10:
+              {
+                java.lang.String s = input.readStringRequireUtf8();
+
+                name_ = s;
+                break;
+              }
+            default:
+              {
+                if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                  done = true;
+                }
+                break;
+              }
+          }
+        }
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        throw e.setUnfinishedMessage(this);
+      } catch (java.io.IOException e) {
+        throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+      } finally {
+        this.unknownFields = unknownFields.build();
+        makeExtensionsImmutable();
+      }
+    }
+
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.protos.google.cloud.binaryauthorization.v1.Service
+          .internal_static_google_cloud_binaryauthorization_v1_GetSystemPolicyRequest_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.protos.google.cloud.binaryauthorization.v1.Service
+          .internal_static_google_cloud_binaryauthorization_v1_GetSystemPolicyRequest_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.protos.google.cloud.binaryauthorization.v1.Service.GetSystemPolicyRequest
+                  .class,
+              com.google.protos.google.cloud.binaryauthorization.v1.Service.GetSystemPolicyRequest
+                  .Builder.class);
+    }
+
+    public static final int NAME_FIELD_NUMBER = 1;
+    private volatile java.lang.Object name_;
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name, in the format `locations/&#42;&#47;policy`.
+     * Note that the system policy is not associated with a project.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The name.
+     */
+    @java.lang.Override
+    public java.lang.String getName() {
+      java.lang.Object ref = name_;
+      if (ref instanceof java.lang.String) {
+        return (java.lang.String) ref;
+      } else {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        name_ = s;
+        return s;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name, in the format `locations/&#42;&#47;policy`.
+     * Note that the system policy is not associated with a project.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The bytes for name.
+     */
+    @java.lang.Override
+    public com.google.protobuf.ByteString getNameBytes() {
+      java.lang.Object ref = name_;
+      if (ref instanceof java.lang.String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        name_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+
+    private byte memoizedIsInitialized = -1;
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      byte isInitialized = memoizedIsInitialized;
+      if (isInitialized == 1) return true;
+      if (isInitialized == 0) return false;
+
+      memoizedIsInitialized = 1;
+      return true;
+    }
+
+    @java.lang.Override
+    public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+      if (!getNameBytes().isEmpty()) {
+        com.google.protobuf.GeneratedMessageV3.writeString(output, 1, name_);
+      }
+      unknownFields.writeTo(output);
+    }
+
+    @java.lang.Override
+    public int getSerializedSize() {
+      int size = memoizedSize;
+      if (size != -1) return size;
+
+      size = 0;
+      if (!getNameBytes().isEmpty()) {
+        size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, name_);
+      }
+      size += unknownFields.getSerializedSize();
+      memoizedSize = size;
+      return size;
+    }
+
+    @java.lang.Override
+    public boolean equals(final java.lang.Object obj) {
+      if (obj == this) {
+        return true;
+      }
+      if (!(obj
+          instanceof
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.GetSystemPolicyRequest)) {
+        return super.equals(obj);
+      }
+      com.google.protos.google.cloud.binaryauthorization.v1.Service.GetSystemPolicyRequest other =
+          (com.google.protos.google.cloud.binaryauthorization.v1.Service.GetSystemPolicyRequest)
+              obj;
+
+      if (!getName().equals(other.getName())) return false;
+      if (!unknownFields.equals(other.unknownFields)) return false;
+      return true;
+    }
+
+    @java.lang.Override
+    public int hashCode() {
+      if (memoizedHashCode != 0) {
+        return memoizedHashCode;
+      }
+      int hash = 41;
+      hash = (19 * hash) + getDescriptor().hashCode();
+      hash = (37 * hash) + NAME_FIELD_NUMBER;
+      hash = (53 * hash) + getName().hashCode();
+      hash = (29 * hash) + unknownFields.hashCode();
+      memoizedHashCode = hash;
+      return hash;
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .GetSystemPolicyRequest
+        parseFrom(java.nio.ByteBuffer data)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .GetSystemPolicyRequest
+        parseFrom(
+            java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .GetSystemPolicyRequest
+        parseFrom(com.google.protobuf.ByteString data)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .GetSystemPolicyRequest
+        parseFrom(
+            com.google.protobuf.ByteString data,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .GetSystemPolicyRequest
+        parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .GetSystemPolicyRequest
+        parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .GetSystemPolicyRequest
+        parseFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .GetSystemPolicyRequest
+        parseFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .GetSystemPolicyRequest
+        parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .GetSystemPolicyRequest
+        parseDelimitedFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .GetSystemPolicyRequest
+        parseFrom(com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .GetSystemPolicyRequest
+        parseFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    @java.lang.Override
+    public Builder newBuilderForType() {
+      return newBuilder();
+    }
+
+    public static Builder newBuilder() {
+      return DEFAULT_INSTANCE.toBuilder();
+    }
+
+    public static Builder newBuilder(
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.GetSystemPolicyRequest
+            prototype) {
+      return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+    }
+
+    @java.lang.Override
+    public Builder toBuilder() {
+      return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+    }
+
+    @java.lang.Override
+    protected Builder newBuilderForType(
+        com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      Builder builder = new Builder(parent);
+      return builder;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Request to read the current system policy.
+     * </pre>
+     *
+     * Protobuf type {@code google.cloud.binaryauthorization.v1.GetSystemPolicyRequest}
+     */
+    public static final class Builder
+        extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+        implements
+        // @@protoc_insertion_point(builder_implements:google.cloud.binaryauthorization.v1.GetSystemPolicyRequest)
+        com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .GetSystemPolicyRequestOrBuilder {
+      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .internal_static_google_cloud_binaryauthorization_v1_GetSystemPolicyRequest_descriptor;
+      }
+
+      @java.lang.Override
+      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+          internalGetFieldAccessorTable() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .internal_static_google_cloud_binaryauthorization_v1_GetSystemPolicyRequest_fieldAccessorTable
+            .ensureFieldAccessorsInitialized(
+                com.google.protos.google.cloud.binaryauthorization.v1.Service.GetSystemPolicyRequest
+                    .class,
+                com.google.protos.google.cloud.binaryauthorization.v1.Service.GetSystemPolicyRequest
+                    .Builder.class);
+      }
+
+      // Construct using
+      // com.google.protos.google.cloud.binaryauthorization.v1.Service.GetSystemPolicyRequest.newBuilder()
+      private Builder() {
+        maybeForceBuilderInitialization();
+      }
+
+      private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+        super(parent);
+        maybeForceBuilderInitialization();
+      }
+
+      private void maybeForceBuilderInitialization() {
+        if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+      }
+
+      @java.lang.Override
+      public Builder clear() {
+        super.clear();
+        name_ = "";
+
+        return this;
+      }
+
+      @java.lang.Override
+      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .internal_static_google_cloud_binaryauthorization_v1_GetSystemPolicyRequest_descriptor;
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Service.GetSystemPolicyRequest
+          getDefaultInstanceForType() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service.GetSystemPolicyRequest
+            .getDefaultInstance();
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Service.GetSystemPolicyRequest
+          build() {
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.GetSystemPolicyRequest
+            result = buildPartial();
+        if (!result.isInitialized()) {
+          throw newUninitializedMessageException(result);
+        }
+        return result;
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Service.GetSystemPolicyRequest
+          buildPartial() {
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.GetSystemPolicyRequest
+            result =
+                new com.google.protos.google.cloud.binaryauthorization.v1.Service
+                    .GetSystemPolicyRequest(this);
+        result.name_ = name_;
+        onBuilt();
+        return result;
+      }
+
+      @java.lang.Override
+      public Builder clone() {
+        return super.clone();
+      }
+
+      @java.lang.Override
+      public Builder setField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.setField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+        return super.clearField(field);
+      }
+
+      @java.lang.Override
+      public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+        return super.clearOneof(oneof);
+      }
+
+      @java.lang.Override
+      public Builder setRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field,
+          int index,
+          java.lang.Object value) {
+        return super.setRepeatedField(field, index, value);
+      }
+
+      @java.lang.Override
+      public Builder addRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.addRepeatedField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(com.google.protobuf.Message other) {
+        if (other
+            instanceof
+            com.google.protos.google.cloud.binaryauthorization.v1.Service.GetSystemPolicyRequest) {
+          return mergeFrom(
+              (com.google.protos.google.cloud.binaryauthorization.v1.Service.GetSystemPolicyRequest)
+                  other);
+        } else {
+          super.mergeFrom(other);
+          return this;
+        }
+      }
+
+      public Builder mergeFrom(
+          com.google.protos.google.cloud.binaryauthorization.v1.Service.GetSystemPolicyRequest
+              other) {
+        if (other
+            == com.google.protos.google.cloud.binaryauthorization.v1.Service.GetSystemPolicyRequest
+                .getDefaultInstance()) return this;
+        if (!other.getName().isEmpty()) {
+          name_ = other.name_;
+          onChanged();
+        }
+        this.mergeUnknownFields(other.unknownFields);
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final boolean isInitialized() {
+        return true;
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+        com.google.protos.google.cloud.binaryauthorization.v1.Service.GetSystemPolicyRequest
+            parsedMessage = null;
+        try {
+          parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+        } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+          parsedMessage =
+              (com.google.protos.google.cloud.binaryauthorization.v1.Service.GetSystemPolicyRequest)
+                  e.getUnfinishedMessage();
+          throw e.unwrapIOException();
+        } finally {
+          if (parsedMessage != null) {
+            mergeFrom(parsedMessage);
+          }
+        }
+        return this;
+      }
+
+      private java.lang.Object name_ = "";
+      /**
+       *
+       *
+       * <pre>
+       * Required. The resource name, in the format `locations/&#42;&#47;policy`.
+       * Note that the system policy is not associated with a project.
+       * </pre>
+       *
+       * <code>
+       * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+       * </code>
+       *
+       * @return The name.
+       */
+      public java.lang.String getName() {
+        java.lang.Object ref = name_;
+        if (!(ref instanceof java.lang.String)) {
+          com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+          java.lang.String s = bs.toStringUtf8();
+          name_ = s;
+          return s;
+        } else {
+          return (java.lang.String) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The resource name, in the format `locations/&#42;&#47;policy`.
+       * Note that the system policy is not associated with a project.
+       * </pre>
+       *
+       * <code>
+       * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+       * </code>
+       *
+       * @return The bytes for name.
+       */
+      public com.google.protobuf.ByteString getNameBytes() {
+        java.lang.Object ref = name_;
+        if (ref instanceof String) {
+          com.google.protobuf.ByteString b =
+              com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+          name_ = b;
+          return b;
+        } else {
+          return (com.google.protobuf.ByteString) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The resource name, in the format `locations/&#42;&#47;policy`.
+       * Note that the system policy is not associated with a project.
+       * </pre>
+       *
+       * <code>
+       * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+       * </code>
+       *
+       * @param value The name to set.
+       * @return This builder for chaining.
+       */
+      public Builder setName(java.lang.String value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+
+        name_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The resource name, in the format `locations/&#42;&#47;policy`.
+       * Note that the system policy is not associated with a project.
+       * </pre>
+       *
+       * <code>
+       * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+       * </code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearName() {
+
+        name_ = getDefaultInstance().getName();
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The resource name, in the format `locations/&#42;&#47;policy`.
+       * Note that the system policy is not associated with a project.
+       * </pre>
+       *
+       * <code>
+       * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+       * </code>
+       *
+       * @param value The bytes for name to set.
+       * @return This builder for chaining.
+       */
+      public Builder setNameBytes(com.google.protobuf.ByteString value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        checkByteStringIsUtf8(value);
+
+        name_ = value;
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final Builder setUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.setUnknownFields(unknownFields);
+      }
+
+      @java.lang.Override
+      public final Builder mergeUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.mergeUnknownFields(unknownFields);
+      }
+
+      // @@protoc_insertion_point(builder_scope:google.cloud.binaryauthorization.v1.GetSystemPolicyRequest)
+    }
+
+    // @@protoc_insertion_point(class_scope:google.cloud.binaryauthorization.v1.GetSystemPolicyRequest)
+    private static final com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .GetSystemPolicyRequest
+        DEFAULT_INSTANCE;
+
+    static {
+      DEFAULT_INSTANCE =
+          new com.google.protos.google.cloud.binaryauthorization.v1.Service
+              .GetSystemPolicyRequest();
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .GetSystemPolicyRequest
+        getDefaultInstance() {
+      return DEFAULT_INSTANCE;
+    }
+
+    private static final com.google.protobuf.Parser<GetSystemPolicyRequest> PARSER =
+        new com.google.protobuf.AbstractParser<GetSystemPolicyRequest>() {
+          @java.lang.Override
+          public GetSystemPolicyRequest parsePartialFrom(
+              com.google.protobuf.CodedInputStream input,
+              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws com.google.protobuf.InvalidProtocolBufferException {
+            return new GetSystemPolicyRequest(input, extensionRegistry);
+          }
+        };
+
+    public static com.google.protobuf.Parser<GetSystemPolicyRequest> parser() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Parser<GetSystemPolicyRequest> getParserForType() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Service.GetSystemPolicyRequest
+        getDefaultInstanceForType() {
+      return DEFAULT_INSTANCE;
+    }
+  }
+
+  public interface ValidateAttestationOccurrenceRequestOrBuilder
+      extends
+      // @@protoc_insertion_point(interface_extends:google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceRequest)
+      com.google.protobuf.MessageOrBuilder {
+
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the [Attestor][google.cloud.binaryauthorization.v1.Attestor] of the
+     * [occurrence][grafeas.v1.Occurrence], in the format
+     * `projects/&#42;&#47;attestors/&#42;`.
+     * </pre>
+     *
+     * <code>string attestor = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return The attestor.
+     */
+    java.lang.String getAttestor();
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the [Attestor][google.cloud.binaryauthorization.v1.Attestor] of the
+     * [occurrence][grafeas.v1.Occurrence], in the format
+     * `projects/&#42;&#47;attestors/&#42;`.
+     * </pre>
+     *
+     * <code>string attestor = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return The bytes for attestor.
+     */
+    com.google.protobuf.ByteString getAttestorBytes();
+
+    /**
+     *
+     *
+     * <pre>
+     * Required. An [AttestationOccurrence][grafeas.v1.AttestationOccurrence] to
+     * be checked that it can be verified by the Attestor. It does not have to be
+     * an existing entity in Container Analysis. It must otherwise be a valid
+     * AttestationOccurrence.
+     * </pre>
+     *
+     * <code>
+     * .grafeas.v1.AttestationOccurrence attestation = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return Whether the attestation field is set.
+     */
+    boolean hasAttestation();
+    /**
+     *
+     *
+     * <pre>
+     * Required. An [AttestationOccurrence][grafeas.v1.AttestationOccurrence] to
+     * be checked that it can be verified by the Attestor. It does not have to be
+     * an existing entity in Container Analysis. It must otherwise be a valid
+     * AttestationOccurrence.
+     * </pre>
+     *
+     * <code>
+     * .grafeas.v1.AttestationOccurrence attestation = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return The attestation.
+     */
+    io.grafeas.v1.AttestationOccurrence getAttestation();
+    /**
+     *
+     *
+     * <pre>
+     * Required. An [AttestationOccurrence][grafeas.v1.AttestationOccurrence] to
+     * be checked that it can be verified by the Attestor. It does not have to be
+     * an existing entity in Container Analysis. It must otherwise be a valid
+     * AttestationOccurrence.
+     * </pre>
+     *
+     * <code>
+     * .grafeas.v1.AttestationOccurrence attestation = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    io.grafeas.v1.AttestationOccurrenceOrBuilder getAttestationOrBuilder();
+
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the [Note][grafeas.v1.Note] to which the
+     * containing [Occurrence][grafeas.v1.Occurrence] is associated.
+     * </pre>
+     *
+     * <code>string occurrence_note = 3 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return The occurrenceNote.
+     */
+    java.lang.String getOccurrenceNote();
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the [Note][grafeas.v1.Note] to which the
+     * containing [Occurrence][grafeas.v1.Occurrence] is associated.
+     * </pre>
+     *
+     * <code>string occurrence_note = 3 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return The bytes for occurrenceNote.
+     */
+    com.google.protobuf.ByteString getOccurrenceNoteBytes();
+
+    /**
+     *
+     *
+     * <pre>
+     * Required. The URI of the artifact (e.g. container image) that is the
+     * subject of the containing [Occurrence][grafeas.v1.Occurrence].
+     * </pre>
+     *
+     * <code>string occurrence_resource_uri = 4 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return The occurrenceResourceUri.
+     */
+    java.lang.String getOccurrenceResourceUri();
+    /**
+     *
+     *
+     * <pre>
+     * Required. The URI of the artifact (e.g. container image) that is the
+     * subject of the containing [Occurrence][grafeas.v1.Occurrence].
+     * </pre>
+     *
+     * <code>string occurrence_resource_uri = 4 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return The bytes for occurrenceResourceUri.
+     */
+    com.google.protobuf.ByteString getOccurrenceResourceUriBytes();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Request message for
+   * [ValidationHelperV1.ValidateAttestationOccurrence][google.cloud.binaryauthorization.v1.ValidationHelperV1.ValidateAttestationOccurrence].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceRequest}
+   */
+  public static final class ValidateAttestationOccurrenceRequest
+      extends com.google.protobuf.GeneratedMessageV3
+      implements
+      // @@protoc_insertion_point(message_implements:google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceRequest)
+      ValidateAttestationOccurrenceRequestOrBuilder {
+    private static final long serialVersionUID = 0L;
+    // Use ValidateAttestationOccurrenceRequest.newBuilder() to construct.
+    private ValidateAttestationOccurrenceRequest(
+        com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+      super(builder);
+    }
+
+    private ValidateAttestationOccurrenceRequest() {
+      attestor_ = "";
+      occurrenceNote_ = "";
+      occurrenceResourceUri_ = "";
+    }
+
+    @java.lang.Override
+    @SuppressWarnings({"unused"})
+    protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+      return new ValidateAttestationOccurrenceRequest();
+    }
+
+    @java.lang.Override
+    public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+      return this.unknownFields;
+    }
+
+    private ValidateAttestationOccurrenceRequest(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      this();
+      if (extensionRegistry == null) {
+        throw new java.lang.NullPointerException();
+      }
+      com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+          com.google.protobuf.UnknownFieldSet.newBuilder();
+      try {
+        boolean done = false;
+        while (!done) {
+          int tag = input.readTag();
+          switch (tag) {
+            case 0:
+              done = true;
+              break;
+            case 10:
+              {
+                java.lang.String s = input.readStringRequireUtf8();
+
+                attestor_ = s;
+                break;
+              }
+            case 18:
+              {
+                io.grafeas.v1.AttestationOccurrence.Builder subBuilder = null;
+                if (attestation_ != null) {
+                  subBuilder = attestation_.toBuilder();
+                }
+                attestation_ =
+                    input.readMessage(
+                        io.grafeas.v1.AttestationOccurrence.parser(), extensionRegistry);
+                if (subBuilder != null) {
+                  subBuilder.mergeFrom(attestation_);
+                  attestation_ = subBuilder.buildPartial();
+                }
+
+                break;
+              }
+            case 26:
+              {
+                java.lang.String s = input.readStringRequireUtf8();
+
+                occurrenceNote_ = s;
+                break;
+              }
+            case 34:
+              {
+                java.lang.String s = input.readStringRequireUtf8();
+
+                occurrenceResourceUri_ = s;
+                break;
+              }
+            default:
+              {
+                if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                  done = true;
+                }
+                break;
+              }
+          }
+        }
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        throw e.setUnfinishedMessage(this);
+      } catch (java.io.IOException e) {
+        throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+      } finally {
+        this.unknownFields = unknownFields.build();
+        makeExtensionsImmutable();
+      }
+    }
+
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.protos.google.cloud.binaryauthorization.v1.Service
+          .internal_static_google_cloud_binaryauthorization_v1_ValidateAttestationOccurrenceRequest_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.protos.google.cloud.binaryauthorization.v1.Service
+          .internal_static_google_cloud_binaryauthorization_v1_ValidateAttestationOccurrenceRequest_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.protos.google.cloud.binaryauthorization.v1.Service
+                  .ValidateAttestationOccurrenceRequest.class,
+              com.google.protos.google.cloud.binaryauthorization.v1.Service
+                  .ValidateAttestationOccurrenceRequest.Builder.class);
+    }
+
+    public static final int ATTESTOR_FIELD_NUMBER = 1;
+    private volatile java.lang.Object attestor_;
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the [Attestor][google.cloud.binaryauthorization.v1.Attestor] of the
+     * [occurrence][grafeas.v1.Occurrence], in the format
+     * `projects/&#42;&#47;attestors/&#42;`.
+     * </pre>
+     *
+     * <code>string attestor = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return The attestor.
+     */
+    @java.lang.Override
+    public java.lang.String getAttestor() {
+      java.lang.Object ref = attestor_;
+      if (ref instanceof java.lang.String) {
+        return (java.lang.String) ref;
+      } else {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        attestor_ = s;
+        return s;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the [Attestor][google.cloud.binaryauthorization.v1.Attestor] of the
+     * [occurrence][grafeas.v1.Occurrence], in the format
+     * `projects/&#42;&#47;attestors/&#42;`.
+     * </pre>
+     *
+     * <code>string attestor = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return The bytes for attestor.
+     */
+    @java.lang.Override
+    public com.google.protobuf.ByteString getAttestorBytes() {
+      java.lang.Object ref = attestor_;
+      if (ref instanceof java.lang.String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        attestor_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+
+    public static final int ATTESTATION_FIELD_NUMBER = 2;
+    private io.grafeas.v1.AttestationOccurrence attestation_;
+    /**
+     *
+     *
+     * <pre>
+     * Required. An [AttestationOccurrence][grafeas.v1.AttestationOccurrence] to
+     * be checked that it can be verified by the Attestor. It does not have to be
+     * an existing entity in Container Analysis. It must otherwise be a valid
+     * AttestationOccurrence.
+     * </pre>
+     *
+     * <code>
+     * .grafeas.v1.AttestationOccurrence attestation = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return Whether the attestation field is set.
+     */
+    @java.lang.Override
+    public boolean hasAttestation() {
+      return attestation_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. An [AttestationOccurrence][grafeas.v1.AttestationOccurrence] to
+     * be checked that it can be verified by the Attestor. It does not have to be
+     * an existing entity in Container Analysis. It must otherwise be a valid
+     * AttestationOccurrence.
+     * </pre>
+     *
+     * <code>
+     * .grafeas.v1.AttestationOccurrence attestation = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return The attestation.
+     */
+    @java.lang.Override
+    public io.grafeas.v1.AttestationOccurrence getAttestation() {
+      return attestation_ == null
+          ? io.grafeas.v1.AttestationOccurrence.getDefaultInstance()
+          : attestation_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. An [AttestationOccurrence][grafeas.v1.AttestationOccurrence] to
+     * be checked that it can be verified by the Attestor. It does not have to be
+     * an existing entity in Container Analysis. It must otherwise be a valid
+     * AttestationOccurrence.
+     * </pre>
+     *
+     * <code>
+     * .grafeas.v1.AttestationOccurrence attestation = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    @java.lang.Override
+    public io.grafeas.v1.AttestationOccurrenceOrBuilder getAttestationOrBuilder() {
+      return getAttestation();
+    }
+
+    public static final int OCCURRENCE_NOTE_FIELD_NUMBER = 3;
+    private volatile java.lang.Object occurrenceNote_;
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the [Note][grafeas.v1.Note] to which the
+     * containing [Occurrence][grafeas.v1.Occurrence] is associated.
+     * </pre>
+     *
+     * <code>string occurrence_note = 3 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return The occurrenceNote.
+     */
+    @java.lang.Override
+    public java.lang.String getOccurrenceNote() {
+      java.lang.Object ref = occurrenceNote_;
+      if (ref instanceof java.lang.String) {
+        return (java.lang.String) ref;
+      } else {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        occurrenceNote_ = s;
+        return s;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the [Note][grafeas.v1.Note] to which the
+     * containing [Occurrence][grafeas.v1.Occurrence] is associated.
+     * </pre>
+     *
+     * <code>string occurrence_note = 3 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return The bytes for occurrenceNote.
+     */
+    @java.lang.Override
+    public com.google.protobuf.ByteString getOccurrenceNoteBytes() {
+      java.lang.Object ref = occurrenceNote_;
+      if (ref instanceof java.lang.String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        occurrenceNote_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+
+    public static final int OCCURRENCE_RESOURCE_URI_FIELD_NUMBER = 4;
+    private volatile java.lang.Object occurrenceResourceUri_;
+    /**
+     *
+     *
+     * <pre>
+     * Required. The URI of the artifact (e.g. container image) that is the
+     * subject of the containing [Occurrence][grafeas.v1.Occurrence].
+     * </pre>
+     *
+     * <code>string occurrence_resource_uri = 4 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return The occurrenceResourceUri.
+     */
+    @java.lang.Override
+    public java.lang.String getOccurrenceResourceUri() {
+      java.lang.Object ref = occurrenceResourceUri_;
+      if (ref instanceof java.lang.String) {
+        return (java.lang.String) ref;
+      } else {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        occurrenceResourceUri_ = s;
+        return s;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The URI of the artifact (e.g. container image) that is the
+     * subject of the containing [Occurrence][grafeas.v1.Occurrence].
+     * </pre>
+     *
+     * <code>string occurrence_resource_uri = 4 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return The bytes for occurrenceResourceUri.
+     */
+    @java.lang.Override
+    public com.google.protobuf.ByteString getOccurrenceResourceUriBytes() {
+      java.lang.Object ref = occurrenceResourceUri_;
+      if (ref instanceof java.lang.String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        occurrenceResourceUri_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+
+    private byte memoizedIsInitialized = -1;
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      byte isInitialized = memoizedIsInitialized;
+      if (isInitialized == 1) return true;
+      if (isInitialized == 0) return false;
+
+      memoizedIsInitialized = 1;
+      return true;
+    }
+
+    @java.lang.Override
+    public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+      if (!getAttestorBytes().isEmpty()) {
+        com.google.protobuf.GeneratedMessageV3.writeString(output, 1, attestor_);
+      }
+      if (attestation_ != null) {
+        output.writeMessage(2, getAttestation());
+      }
+      if (!getOccurrenceNoteBytes().isEmpty()) {
+        com.google.protobuf.GeneratedMessageV3.writeString(output, 3, occurrenceNote_);
+      }
+      if (!getOccurrenceResourceUriBytes().isEmpty()) {
+        com.google.protobuf.GeneratedMessageV3.writeString(output, 4, occurrenceResourceUri_);
+      }
+      unknownFields.writeTo(output);
+    }
+
+    @java.lang.Override
+    public int getSerializedSize() {
+      int size = memoizedSize;
+      if (size != -1) return size;
+
+      size = 0;
+      if (!getAttestorBytes().isEmpty()) {
+        size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, attestor_);
+      }
+      if (attestation_ != null) {
+        size += com.google.protobuf.CodedOutputStream.computeMessageSize(2, getAttestation());
+      }
+      if (!getOccurrenceNoteBytes().isEmpty()) {
+        size += com.google.protobuf.GeneratedMessageV3.computeStringSize(3, occurrenceNote_);
+      }
+      if (!getOccurrenceResourceUriBytes().isEmpty()) {
+        size += com.google.protobuf.GeneratedMessageV3.computeStringSize(4, occurrenceResourceUri_);
+      }
+      size += unknownFields.getSerializedSize();
+      memoizedSize = size;
+      return size;
+    }
+
+    @java.lang.Override
+    public boolean equals(final java.lang.Object obj) {
+      if (obj == this) {
+        return true;
+      }
+      if (!(obj
+          instanceof
+          com.google.protos.google.cloud.binaryauthorization.v1.Service
+              .ValidateAttestationOccurrenceRequest)) {
+        return super.equals(obj);
+      }
+      com.google.protos.google.cloud.binaryauthorization.v1.Service
+              .ValidateAttestationOccurrenceRequest
+          other =
+              (com.google.protos.google.cloud.binaryauthorization.v1.Service
+                      .ValidateAttestationOccurrenceRequest)
+                  obj;
+
+      if (!getAttestor().equals(other.getAttestor())) return false;
+      if (hasAttestation() != other.hasAttestation()) return false;
+      if (hasAttestation()) {
+        if (!getAttestation().equals(other.getAttestation())) return false;
+      }
+      if (!getOccurrenceNote().equals(other.getOccurrenceNote())) return false;
+      if (!getOccurrenceResourceUri().equals(other.getOccurrenceResourceUri())) return false;
+      if (!unknownFields.equals(other.unknownFields)) return false;
+      return true;
+    }
+
+    @java.lang.Override
+    public int hashCode() {
+      if (memoizedHashCode != 0) {
+        return memoizedHashCode;
+      }
+      int hash = 41;
+      hash = (19 * hash) + getDescriptor().hashCode();
+      hash = (37 * hash) + ATTESTOR_FIELD_NUMBER;
+      hash = (53 * hash) + getAttestor().hashCode();
+      if (hasAttestation()) {
+        hash = (37 * hash) + ATTESTATION_FIELD_NUMBER;
+        hash = (53 * hash) + getAttestation().hashCode();
+      }
+      hash = (37 * hash) + OCCURRENCE_NOTE_FIELD_NUMBER;
+      hash = (53 * hash) + getOccurrenceNote().hashCode();
+      hash = (37 * hash) + OCCURRENCE_RESOURCE_URI_FIELD_NUMBER;
+      hash = (53 * hash) + getOccurrenceResourceUri().hashCode();
+      hash = (29 * hash) + unknownFields.hashCode();
+      memoizedHashCode = hash;
+      return hash;
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ValidateAttestationOccurrenceRequest
+        parseFrom(java.nio.ByteBuffer data)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ValidateAttestationOccurrenceRequest
+        parseFrom(
+            java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ValidateAttestationOccurrenceRequest
+        parseFrom(com.google.protobuf.ByteString data)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ValidateAttestationOccurrenceRequest
+        parseFrom(
+            com.google.protobuf.ByteString data,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ValidateAttestationOccurrenceRequest
+        parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ValidateAttestationOccurrenceRequest
+        parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ValidateAttestationOccurrenceRequest
+        parseFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ValidateAttestationOccurrenceRequest
+        parseFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ValidateAttestationOccurrenceRequest
+        parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ValidateAttestationOccurrenceRequest
+        parseDelimitedFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ValidateAttestationOccurrenceRequest
+        parseFrom(com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ValidateAttestationOccurrenceRequest
+        parseFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    @java.lang.Override
+    public Builder newBuilderForType() {
+      return newBuilder();
+    }
+
+    public static Builder newBuilder() {
+      return DEFAULT_INSTANCE.toBuilder();
+    }
+
+    public static Builder newBuilder(
+        com.google.protos.google.cloud.binaryauthorization.v1.Service
+                .ValidateAttestationOccurrenceRequest
+            prototype) {
+      return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+    }
+
+    @java.lang.Override
+    public Builder toBuilder() {
+      return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+    }
+
+    @java.lang.Override
+    protected Builder newBuilderForType(
+        com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      Builder builder = new Builder(parent);
+      return builder;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Request message for
+     * [ValidationHelperV1.ValidateAttestationOccurrence][google.cloud.binaryauthorization.v1.ValidationHelperV1.ValidateAttestationOccurrence].
+     * </pre>
+     *
+     * Protobuf type {@code
+     * google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceRequest}
+     */
+    public static final class Builder
+        extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+        implements
+        // @@protoc_insertion_point(builder_implements:google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceRequest)
+        com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ValidateAttestationOccurrenceRequestOrBuilder {
+      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .internal_static_google_cloud_binaryauthorization_v1_ValidateAttestationOccurrenceRequest_descriptor;
+      }
+
+      @java.lang.Override
+      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+          internalGetFieldAccessorTable() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .internal_static_google_cloud_binaryauthorization_v1_ValidateAttestationOccurrenceRequest_fieldAccessorTable
+            .ensureFieldAccessorsInitialized(
+                com.google.protos.google.cloud.binaryauthorization.v1.Service
+                    .ValidateAttestationOccurrenceRequest.class,
+                com.google.protos.google.cloud.binaryauthorization.v1.Service
+                    .ValidateAttestationOccurrenceRequest.Builder.class);
+      }
+
+      // Construct using
+      // com.google.protos.google.cloud.binaryauthorization.v1.Service.ValidateAttestationOccurrenceRequest.newBuilder()
+      private Builder() {
+        maybeForceBuilderInitialization();
+      }
+
+      private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+        super(parent);
+        maybeForceBuilderInitialization();
+      }
+
+      private void maybeForceBuilderInitialization() {
+        if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+      }
+
+      @java.lang.Override
+      public Builder clear() {
+        super.clear();
+        attestor_ = "";
+
+        if (attestationBuilder_ == null) {
+          attestation_ = null;
+        } else {
+          attestation_ = null;
+          attestationBuilder_ = null;
+        }
+        occurrenceNote_ = "";
+
+        occurrenceResourceUri_ = "";
+
+        return this;
+      }
+
+      @java.lang.Override
+      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .internal_static_google_cloud_binaryauthorization_v1_ValidateAttestationOccurrenceRequest_descriptor;
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Service
+              .ValidateAttestationOccurrenceRequest
+          getDefaultInstanceForType() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ValidateAttestationOccurrenceRequest.getDefaultInstance();
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Service
+              .ValidateAttestationOccurrenceRequest
+          build() {
+        com.google.protos.google.cloud.binaryauthorization.v1.Service
+                .ValidateAttestationOccurrenceRequest
+            result = buildPartial();
+        if (!result.isInitialized()) {
+          throw newUninitializedMessageException(result);
+        }
+        return result;
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Service
+              .ValidateAttestationOccurrenceRequest
+          buildPartial() {
+        com.google.protos.google.cloud.binaryauthorization.v1.Service
+                .ValidateAttestationOccurrenceRequest
+            result =
+                new com.google.protos.google.cloud.binaryauthorization.v1.Service
+                    .ValidateAttestationOccurrenceRequest(this);
+        result.attestor_ = attestor_;
+        if (attestationBuilder_ == null) {
+          result.attestation_ = attestation_;
+        } else {
+          result.attestation_ = attestationBuilder_.build();
+        }
+        result.occurrenceNote_ = occurrenceNote_;
+        result.occurrenceResourceUri_ = occurrenceResourceUri_;
+        onBuilt();
+        return result;
+      }
+
+      @java.lang.Override
+      public Builder clone() {
+        return super.clone();
+      }
+
+      @java.lang.Override
+      public Builder setField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.setField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+        return super.clearField(field);
+      }
+
+      @java.lang.Override
+      public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+        return super.clearOneof(oneof);
+      }
+
+      @java.lang.Override
+      public Builder setRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field,
+          int index,
+          java.lang.Object value) {
+        return super.setRepeatedField(field, index, value);
+      }
+
+      @java.lang.Override
+      public Builder addRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.addRepeatedField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(com.google.protobuf.Message other) {
+        if (other
+            instanceof
+            com.google.protos.google.cloud.binaryauthorization.v1.Service
+                .ValidateAttestationOccurrenceRequest) {
+          return mergeFrom(
+              (com.google.protos.google.cloud.binaryauthorization.v1.Service
+                      .ValidateAttestationOccurrenceRequest)
+                  other);
+        } else {
+          super.mergeFrom(other);
+          return this;
+        }
+      }
+
+      public Builder mergeFrom(
+          com.google.protos.google.cloud.binaryauthorization.v1.Service
+                  .ValidateAttestationOccurrenceRequest
+              other) {
+        if (other
+            == com.google.protos.google.cloud.binaryauthorization.v1.Service
+                .ValidateAttestationOccurrenceRequest.getDefaultInstance()) return this;
+        if (!other.getAttestor().isEmpty()) {
+          attestor_ = other.attestor_;
+          onChanged();
+        }
+        if (other.hasAttestation()) {
+          mergeAttestation(other.getAttestation());
+        }
+        if (!other.getOccurrenceNote().isEmpty()) {
+          occurrenceNote_ = other.occurrenceNote_;
+          onChanged();
+        }
+        if (!other.getOccurrenceResourceUri().isEmpty()) {
+          occurrenceResourceUri_ = other.occurrenceResourceUri_;
+          onChanged();
+        }
+        this.mergeUnknownFields(other.unknownFields);
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final boolean isInitialized() {
+        return true;
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+        com.google.protos.google.cloud.binaryauthorization.v1.Service
+                .ValidateAttestationOccurrenceRequest
+            parsedMessage = null;
+        try {
+          parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+        } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+          parsedMessage =
+              (com.google.protos.google.cloud.binaryauthorization.v1.Service
+                      .ValidateAttestationOccurrenceRequest)
+                  e.getUnfinishedMessage();
+          throw e.unwrapIOException();
+        } finally {
+          if (parsedMessage != null) {
+            mergeFrom(parsedMessage);
+          }
+        }
+        return this;
+      }
+
+      private java.lang.Object attestor_ = "";
+      /**
+       *
+       *
+       * <pre>
+       * Required. The resource name of the [Attestor][google.cloud.binaryauthorization.v1.Attestor] of the
+       * [occurrence][grafeas.v1.Occurrence], in the format
+       * `projects/&#42;&#47;attestors/&#42;`.
+       * </pre>
+       *
+       * <code>string attestor = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+       *
+       * @return The attestor.
+       */
+      public java.lang.String getAttestor() {
+        java.lang.Object ref = attestor_;
+        if (!(ref instanceof java.lang.String)) {
+          com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+          java.lang.String s = bs.toStringUtf8();
+          attestor_ = s;
+          return s;
+        } else {
+          return (java.lang.String) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The resource name of the [Attestor][google.cloud.binaryauthorization.v1.Attestor] of the
+       * [occurrence][grafeas.v1.Occurrence], in the format
+       * `projects/&#42;&#47;attestors/&#42;`.
+       * </pre>
+       *
+       * <code>string attestor = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+       *
+       * @return The bytes for attestor.
+       */
+      public com.google.protobuf.ByteString getAttestorBytes() {
+        java.lang.Object ref = attestor_;
+        if (ref instanceof String) {
+          com.google.protobuf.ByteString b =
+              com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+          attestor_ = b;
+          return b;
+        } else {
+          return (com.google.protobuf.ByteString) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The resource name of the [Attestor][google.cloud.binaryauthorization.v1.Attestor] of the
+       * [occurrence][grafeas.v1.Occurrence], in the format
+       * `projects/&#42;&#47;attestors/&#42;`.
+       * </pre>
+       *
+       * <code>string attestor = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+       *
+       * @param value The attestor to set.
+       * @return This builder for chaining.
+       */
+      public Builder setAttestor(java.lang.String value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+
+        attestor_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The resource name of the [Attestor][google.cloud.binaryauthorization.v1.Attestor] of the
+       * [occurrence][grafeas.v1.Occurrence], in the format
+       * `projects/&#42;&#47;attestors/&#42;`.
+       * </pre>
+       *
+       * <code>string attestor = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearAttestor() {
+
+        attestor_ = getDefaultInstance().getAttestor();
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The resource name of the [Attestor][google.cloud.binaryauthorization.v1.Attestor] of the
+       * [occurrence][grafeas.v1.Occurrence], in the format
+       * `projects/&#42;&#47;attestors/&#42;`.
+       * </pre>
+       *
+       * <code>string attestor = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+       *
+       * @param value The bytes for attestor to set.
+       * @return This builder for chaining.
+       */
+      public Builder setAttestorBytes(com.google.protobuf.ByteString value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        checkByteStringIsUtf8(value);
+
+        attestor_ = value;
+        onChanged();
+        return this;
+      }
+
+      private io.grafeas.v1.AttestationOccurrence attestation_;
+      private com.google.protobuf.SingleFieldBuilderV3<
+              io.grafeas.v1.AttestationOccurrence,
+              io.grafeas.v1.AttestationOccurrence.Builder,
+              io.grafeas.v1.AttestationOccurrenceOrBuilder>
+          attestationBuilder_;
+      /**
+       *
+       *
+       * <pre>
+       * Required. An [AttestationOccurrence][grafeas.v1.AttestationOccurrence] to
+       * be checked that it can be verified by the Attestor. It does not have to be
+       * an existing entity in Container Analysis. It must otherwise be a valid
+       * AttestationOccurrence.
+       * </pre>
+       *
+       * <code>
+       * .grafeas.v1.AttestationOccurrence attestation = 2 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       *
+       * @return Whether the attestation field is set.
+       */
+      public boolean hasAttestation() {
+        return attestationBuilder_ != null || attestation_ != null;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. An [AttestationOccurrence][grafeas.v1.AttestationOccurrence] to
+       * be checked that it can be verified by the Attestor. It does not have to be
+       * an existing entity in Container Analysis. It must otherwise be a valid
+       * AttestationOccurrence.
+       * </pre>
+       *
+       * <code>
+       * .grafeas.v1.AttestationOccurrence attestation = 2 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       *
+       * @return The attestation.
+       */
+      public io.grafeas.v1.AttestationOccurrence getAttestation() {
+        if (attestationBuilder_ == null) {
+          return attestation_ == null
+              ? io.grafeas.v1.AttestationOccurrence.getDefaultInstance()
+              : attestation_;
+        } else {
+          return attestationBuilder_.getMessage();
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. An [AttestationOccurrence][grafeas.v1.AttestationOccurrence] to
+       * be checked that it can be verified by the Attestor. It does not have to be
+       * an existing entity in Container Analysis. It must otherwise be a valid
+       * AttestationOccurrence.
+       * </pre>
+       *
+       * <code>
+       * .grafeas.v1.AttestationOccurrence attestation = 2 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       */
+      public Builder setAttestation(io.grafeas.v1.AttestationOccurrence value) {
+        if (attestationBuilder_ == null) {
+          if (value == null) {
+            throw new NullPointerException();
+          }
+          attestation_ = value;
+          onChanged();
+        } else {
+          attestationBuilder_.setMessage(value);
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. An [AttestationOccurrence][grafeas.v1.AttestationOccurrence] to
+       * be checked that it can be verified by the Attestor. It does not have to be
+       * an existing entity in Container Analysis. It must otherwise be a valid
+       * AttestationOccurrence.
+       * </pre>
+       *
+       * <code>
+       * .grafeas.v1.AttestationOccurrence attestation = 2 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       */
+      public Builder setAttestation(io.grafeas.v1.AttestationOccurrence.Builder builderForValue) {
+        if (attestationBuilder_ == null) {
+          attestation_ = builderForValue.build();
+          onChanged();
+        } else {
+          attestationBuilder_.setMessage(builderForValue.build());
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. An [AttestationOccurrence][grafeas.v1.AttestationOccurrence] to
+       * be checked that it can be verified by the Attestor. It does not have to be
+       * an existing entity in Container Analysis. It must otherwise be a valid
+       * AttestationOccurrence.
+       * </pre>
+       *
+       * <code>
+       * .grafeas.v1.AttestationOccurrence attestation = 2 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       */
+      public Builder mergeAttestation(io.grafeas.v1.AttestationOccurrence value) {
+        if (attestationBuilder_ == null) {
+          if (attestation_ != null) {
+            attestation_ =
+                io.grafeas.v1.AttestationOccurrence.newBuilder(attestation_)
+                    .mergeFrom(value)
+                    .buildPartial();
+          } else {
+            attestation_ = value;
+          }
+          onChanged();
+        } else {
+          attestationBuilder_.mergeFrom(value);
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. An [AttestationOccurrence][grafeas.v1.AttestationOccurrence] to
+       * be checked that it can be verified by the Attestor. It does not have to be
+       * an existing entity in Container Analysis. It must otherwise be a valid
+       * AttestationOccurrence.
+       * </pre>
+       *
+       * <code>
+       * .grafeas.v1.AttestationOccurrence attestation = 2 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       */
+      public Builder clearAttestation() {
+        if (attestationBuilder_ == null) {
+          attestation_ = null;
+          onChanged();
+        } else {
+          attestation_ = null;
+          attestationBuilder_ = null;
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. An [AttestationOccurrence][grafeas.v1.AttestationOccurrence] to
+       * be checked that it can be verified by the Attestor. It does not have to be
+       * an existing entity in Container Analysis. It must otherwise be a valid
+       * AttestationOccurrence.
+       * </pre>
+       *
+       * <code>
+       * .grafeas.v1.AttestationOccurrence attestation = 2 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       */
+      public io.grafeas.v1.AttestationOccurrence.Builder getAttestationBuilder() {
+
+        onChanged();
+        return getAttestationFieldBuilder().getBuilder();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. An [AttestationOccurrence][grafeas.v1.AttestationOccurrence] to
+       * be checked that it can be verified by the Attestor. It does not have to be
+       * an existing entity in Container Analysis. It must otherwise be a valid
+       * AttestationOccurrence.
+       * </pre>
+       *
+       * <code>
+       * .grafeas.v1.AttestationOccurrence attestation = 2 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       */
+      public io.grafeas.v1.AttestationOccurrenceOrBuilder getAttestationOrBuilder() {
+        if (attestationBuilder_ != null) {
+          return attestationBuilder_.getMessageOrBuilder();
+        } else {
+          return attestation_ == null
+              ? io.grafeas.v1.AttestationOccurrence.getDefaultInstance()
+              : attestation_;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. An [AttestationOccurrence][grafeas.v1.AttestationOccurrence] to
+       * be checked that it can be verified by the Attestor. It does not have to be
+       * an existing entity in Container Analysis. It must otherwise be a valid
+       * AttestationOccurrence.
+       * </pre>
+       *
+       * <code>
+       * .grafeas.v1.AttestationOccurrence attestation = 2 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       */
+      private com.google.protobuf.SingleFieldBuilderV3<
+              io.grafeas.v1.AttestationOccurrence,
+              io.grafeas.v1.AttestationOccurrence.Builder,
+              io.grafeas.v1.AttestationOccurrenceOrBuilder>
+          getAttestationFieldBuilder() {
+        if (attestationBuilder_ == null) {
+          attestationBuilder_ =
+              new com.google.protobuf.SingleFieldBuilderV3<
+                  io.grafeas.v1.AttestationOccurrence,
+                  io.grafeas.v1.AttestationOccurrence.Builder,
+                  io.grafeas.v1.AttestationOccurrenceOrBuilder>(
+                  getAttestation(), getParentForChildren(), isClean());
+          attestation_ = null;
+        }
+        return attestationBuilder_;
+      }
+
+      private java.lang.Object occurrenceNote_ = "";
+      /**
+       *
+       *
+       * <pre>
+       * Required. The resource name of the [Note][grafeas.v1.Note] to which the
+       * containing [Occurrence][grafeas.v1.Occurrence] is associated.
+       * </pre>
+       *
+       * <code>string occurrence_note = 3 [(.google.api.field_behavior) = REQUIRED];</code>
+       *
+       * @return The occurrenceNote.
+       */
+      public java.lang.String getOccurrenceNote() {
+        java.lang.Object ref = occurrenceNote_;
+        if (!(ref instanceof java.lang.String)) {
+          com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+          java.lang.String s = bs.toStringUtf8();
+          occurrenceNote_ = s;
+          return s;
+        } else {
+          return (java.lang.String) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The resource name of the [Note][grafeas.v1.Note] to which the
+       * containing [Occurrence][grafeas.v1.Occurrence] is associated.
+       * </pre>
+       *
+       * <code>string occurrence_note = 3 [(.google.api.field_behavior) = REQUIRED];</code>
+       *
+       * @return The bytes for occurrenceNote.
+       */
+      public com.google.protobuf.ByteString getOccurrenceNoteBytes() {
+        java.lang.Object ref = occurrenceNote_;
+        if (ref instanceof String) {
+          com.google.protobuf.ByteString b =
+              com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+          occurrenceNote_ = b;
+          return b;
+        } else {
+          return (com.google.protobuf.ByteString) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The resource name of the [Note][grafeas.v1.Note] to which the
+       * containing [Occurrence][grafeas.v1.Occurrence] is associated.
+       * </pre>
+       *
+       * <code>string occurrence_note = 3 [(.google.api.field_behavior) = REQUIRED];</code>
+       *
+       * @param value The occurrenceNote to set.
+       * @return This builder for chaining.
+       */
+      public Builder setOccurrenceNote(java.lang.String value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+
+        occurrenceNote_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The resource name of the [Note][grafeas.v1.Note] to which the
+       * containing [Occurrence][grafeas.v1.Occurrence] is associated.
+       * </pre>
+       *
+       * <code>string occurrence_note = 3 [(.google.api.field_behavior) = REQUIRED];</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearOccurrenceNote() {
+
+        occurrenceNote_ = getDefaultInstance().getOccurrenceNote();
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The resource name of the [Note][grafeas.v1.Note] to which the
+       * containing [Occurrence][grafeas.v1.Occurrence] is associated.
+       * </pre>
+       *
+       * <code>string occurrence_note = 3 [(.google.api.field_behavior) = REQUIRED];</code>
+       *
+       * @param value The bytes for occurrenceNote to set.
+       * @return This builder for chaining.
+       */
+      public Builder setOccurrenceNoteBytes(com.google.protobuf.ByteString value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        checkByteStringIsUtf8(value);
+
+        occurrenceNote_ = value;
+        onChanged();
+        return this;
+      }
+
+      private java.lang.Object occurrenceResourceUri_ = "";
+      /**
+       *
+       *
+       * <pre>
+       * Required. The URI of the artifact (e.g. container image) that is the
+       * subject of the containing [Occurrence][grafeas.v1.Occurrence].
+       * </pre>
+       *
+       * <code>string occurrence_resource_uri = 4 [(.google.api.field_behavior) = REQUIRED];</code>
+       *
+       * @return The occurrenceResourceUri.
+       */
+      public java.lang.String getOccurrenceResourceUri() {
+        java.lang.Object ref = occurrenceResourceUri_;
+        if (!(ref instanceof java.lang.String)) {
+          com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+          java.lang.String s = bs.toStringUtf8();
+          occurrenceResourceUri_ = s;
+          return s;
+        } else {
+          return (java.lang.String) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The URI of the artifact (e.g. container image) that is the
+       * subject of the containing [Occurrence][grafeas.v1.Occurrence].
+       * </pre>
+       *
+       * <code>string occurrence_resource_uri = 4 [(.google.api.field_behavior) = REQUIRED];</code>
+       *
+       * @return The bytes for occurrenceResourceUri.
+       */
+      public com.google.protobuf.ByteString getOccurrenceResourceUriBytes() {
+        java.lang.Object ref = occurrenceResourceUri_;
+        if (ref instanceof String) {
+          com.google.protobuf.ByteString b =
+              com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+          occurrenceResourceUri_ = b;
+          return b;
+        } else {
+          return (com.google.protobuf.ByteString) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The URI of the artifact (e.g. container image) that is the
+       * subject of the containing [Occurrence][grafeas.v1.Occurrence].
+       * </pre>
+       *
+       * <code>string occurrence_resource_uri = 4 [(.google.api.field_behavior) = REQUIRED];</code>
+       *
+       * @param value The occurrenceResourceUri to set.
+       * @return This builder for chaining.
+       */
+      public Builder setOccurrenceResourceUri(java.lang.String value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+
+        occurrenceResourceUri_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The URI of the artifact (e.g. container image) that is the
+       * subject of the containing [Occurrence][grafeas.v1.Occurrence].
+       * </pre>
+       *
+       * <code>string occurrence_resource_uri = 4 [(.google.api.field_behavior) = REQUIRED];</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearOccurrenceResourceUri() {
+
+        occurrenceResourceUri_ = getDefaultInstance().getOccurrenceResourceUri();
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. The URI of the artifact (e.g. container image) that is the
+       * subject of the containing [Occurrence][grafeas.v1.Occurrence].
+       * </pre>
+       *
+       * <code>string occurrence_resource_uri = 4 [(.google.api.field_behavior) = REQUIRED];</code>
+       *
+       * @param value The bytes for occurrenceResourceUri to set.
+       * @return This builder for chaining.
+       */
+      public Builder setOccurrenceResourceUriBytes(com.google.protobuf.ByteString value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        checkByteStringIsUtf8(value);
+
+        occurrenceResourceUri_ = value;
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final Builder setUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.setUnknownFields(unknownFields);
+      }
+
+      @java.lang.Override
+      public final Builder mergeUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.mergeUnknownFields(unknownFields);
+      }
+
+      // @@protoc_insertion_point(builder_scope:google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceRequest)
+    }
+
+    // @@protoc_insertion_point(class_scope:google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceRequest)
+    private static final com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ValidateAttestationOccurrenceRequest
+        DEFAULT_INSTANCE;
+
+    static {
+      DEFAULT_INSTANCE =
+          new com.google.protos.google.cloud.binaryauthorization.v1.Service
+              .ValidateAttestationOccurrenceRequest();
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ValidateAttestationOccurrenceRequest
+        getDefaultInstance() {
+      return DEFAULT_INSTANCE;
+    }
+
+    private static final com.google.protobuf.Parser<ValidateAttestationOccurrenceRequest> PARSER =
+        new com.google.protobuf.AbstractParser<ValidateAttestationOccurrenceRequest>() {
+          @java.lang.Override
+          public ValidateAttestationOccurrenceRequest parsePartialFrom(
+              com.google.protobuf.CodedInputStream input,
+              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws com.google.protobuf.InvalidProtocolBufferException {
+            return new ValidateAttestationOccurrenceRequest(input, extensionRegistry);
+          }
+        };
+
+    public static com.google.protobuf.Parser<ValidateAttestationOccurrenceRequest> parser() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Parser<ValidateAttestationOccurrenceRequest> getParserForType() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ValidateAttestationOccurrenceRequest
+        getDefaultInstanceForType() {
+      return DEFAULT_INSTANCE;
+    }
+  }
+
+  public interface ValidateAttestationOccurrenceResponseOrBuilder
+      extends
+      // @@protoc_insertion_point(interface_extends:google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceResponse)
+      com.google.protobuf.MessageOrBuilder {
+
+    /**
+     *
+     *
+     * <pre>
+     * The result of the Attestation validation.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceResponse.Result result = 1;
+     * </code>
+     *
+     * @return The enum numeric value on the wire for result.
+     */
+    int getResultValue();
+    /**
+     *
+     *
+     * <pre>
+     * The result of the Attestation validation.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceResponse.Result result = 1;
+     * </code>
+     *
+     * @return The result.
+     */
+    com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ValidateAttestationOccurrenceResponse.Result
+        getResult();
+
+    /**
+     *
+     *
+     * <pre>
+     * The reason for denial if the Attestation couldn't be validated.
+     * </pre>
+     *
+     * <code>string denial_reason = 2;</code>
+     *
+     * @return The denialReason.
+     */
+    java.lang.String getDenialReason();
+    /**
+     *
+     *
+     * <pre>
+     * The reason for denial if the Attestation couldn't be validated.
+     * </pre>
+     *
+     * <code>string denial_reason = 2;</code>
+     *
+     * @return The bytes for denialReason.
+     */
+    com.google.protobuf.ByteString getDenialReasonBytes();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Response message for
+   * [ValidationHelperV1.ValidateAttestationOccurrence][google.cloud.binaryauthorization.v1.ValidationHelperV1.ValidateAttestationOccurrence].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceResponse}
+   */
+  public static final class ValidateAttestationOccurrenceResponse
+      extends com.google.protobuf.GeneratedMessageV3
+      implements
+      // @@protoc_insertion_point(message_implements:google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceResponse)
+      ValidateAttestationOccurrenceResponseOrBuilder {
+    private static final long serialVersionUID = 0L;
+    // Use ValidateAttestationOccurrenceResponse.newBuilder() to construct.
+    private ValidateAttestationOccurrenceResponse(
+        com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+      super(builder);
+    }
+
+    private ValidateAttestationOccurrenceResponse() {
+      result_ = 0;
+      denialReason_ = "";
+    }
+
+    @java.lang.Override
+    @SuppressWarnings({"unused"})
+    protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+      return new ValidateAttestationOccurrenceResponse();
+    }
+
+    @java.lang.Override
+    public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+      return this.unknownFields;
+    }
+
+    private ValidateAttestationOccurrenceResponse(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      this();
+      if (extensionRegistry == null) {
+        throw new java.lang.NullPointerException();
+      }
+      com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+          com.google.protobuf.UnknownFieldSet.newBuilder();
+      try {
+        boolean done = false;
+        while (!done) {
+          int tag = input.readTag();
+          switch (tag) {
+            case 0:
+              done = true;
+              break;
+            case 8:
+              {
+                int rawValue = input.readEnum();
+
+                result_ = rawValue;
+                break;
+              }
+            case 18:
+              {
+                java.lang.String s = input.readStringRequireUtf8();
+
+                denialReason_ = s;
+                break;
+              }
+            default:
+              {
+                if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                  done = true;
+                }
+                break;
+              }
+          }
+        }
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        throw e.setUnfinishedMessage(this);
+      } catch (java.io.IOException e) {
+        throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+      } finally {
+        this.unknownFields = unknownFields.build();
+        makeExtensionsImmutable();
+      }
+    }
+
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.protos.google.cloud.binaryauthorization.v1.Service
+          .internal_static_google_cloud_binaryauthorization_v1_ValidateAttestationOccurrenceResponse_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.protos.google.cloud.binaryauthorization.v1.Service
+          .internal_static_google_cloud_binaryauthorization_v1_ValidateAttestationOccurrenceResponse_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.protos.google.cloud.binaryauthorization.v1.Service
+                  .ValidateAttestationOccurrenceResponse.class,
+              com.google.protos.google.cloud.binaryauthorization.v1.Service
+                  .ValidateAttestationOccurrenceResponse.Builder.class);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * The enum returned in the "result" field.
+     * </pre>
+     *
+     * Protobuf enum {@code
+     * google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceResponse.Result}
+     */
+    public enum Result implements com.google.protobuf.ProtocolMessageEnum {
+      /**
+       *
+       *
+       * <pre>
+       * Unspecified.
+       * </pre>
+       *
+       * <code>RESULT_UNSPECIFIED = 0;</code>
+       */
+      RESULT_UNSPECIFIED(0),
+      /**
+       *
+       *
+       * <pre>
+       * The Attestation was able to verified by the Attestor.
+       * </pre>
+       *
+       * <code>VERIFIED = 1;</code>
+       */
+      VERIFIED(1),
+      /**
+       *
+       *
+       * <pre>
+       * The Attestation was not able to verified by the Attestor.
+       * </pre>
+       *
+       * <code>ATTESTATION_NOT_VERIFIABLE = 2;</code>
+       */
+      ATTESTATION_NOT_VERIFIABLE(2),
+      UNRECOGNIZED(-1),
+      ;
+
+      /**
+       *
+       *
+       * <pre>
+       * Unspecified.
+       * </pre>
+       *
+       * <code>RESULT_UNSPECIFIED = 0;</code>
+       */
+      public static final int RESULT_UNSPECIFIED_VALUE = 0;
+      /**
+       *
+       *
+       * <pre>
+       * The Attestation was able to verified by the Attestor.
+       * </pre>
+       *
+       * <code>VERIFIED = 1;</code>
+       */
+      public static final int VERIFIED_VALUE = 1;
+      /**
+       *
+       *
+       * <pre>
+       * The Attestation was not able to verified by the Attestor.
+       * </pre>
+       *
+       * <code>ATTESTATION_NOT_VERIFIABLE = 2;</code>
+       */
+      public static final int ATTESTATION_NOT_VERIFIABLE_VALUE = 2;
+
+      public final int getNumber() {
+        if (this == UNRECOGNIZED) {
+          throw new java.lang.IllegalArgumentException(
+              "Can't get the number of an unknown enum value.");
+        }
+        return value;
+      }
+
+      /**
+       * @param value The numeric wire value of the corresponding enum entry.
+       * @return The enum associated with the given numeric wire value.
+       * @deprecated Use {@link #forNumber(int)} instead.
+       */
+      @java.lang.Deprecated
+      public static Result valueOf(int value) {
+        return forNumber(value);
+      }
+
+      /**
+       * @param value The numeric wire value of the corresponding enum entry.
+       * @return The enum associated with the given numeric wire value.
+       */
+      public static Result forNumber(int value) {
+        switch (value) {
+          case 0:
+            return RESULT_UNSPECIFIED;
+          case 1:
+            return VERIFIED;
+          case 2:
+            return ATTESTATION_NOT_VERIFIABLE;
+          default:
+            return null;
+        }
+      }
+
+      public static com.google.protobuf.Internal.EnumLiteMap<Result> internalGetValueMap() {
+        return internalValueMap;
+      }
+
+      private static final com.google.protobuf.Internal.EnumLiteMap<Result> internalValueMap =
+          new com.google.protobuf.Internal.EnumLiteMap<Result>() {
+            public Result findValueByNumber(int number) {
+              return Result.forNumber(number);
+            }
+          };
+
+      public final com.google.protobuf.Descriptors.EnumValueDescriptor getValueDescriptor() {
+        if (this == UNRECOGNIZED) {
+          throw new java.lang.IllegalStateException(
+              "Can't get the descriptor of an unrecognized enum value.");
+        }
+        return getDescriptor().getValues().get(ordinal());
+      }
+
+      public final com.google.protobuf.Descriptors.EnumDescriptor getDescriptorForType() {
+        return getDescriptor();
+      }
+
+      public static final com.google.protobuf.Descriptors.EnumDescriptor getDescriptor() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ValidateAttestationOccurrenceResponse.getDescriptor()
+            .getEnumTypes()
+            .get(0);
+      }
+
+      private static final Result[] VALUES = values();
+
+      public static Result valueOf(com.google.protobuf.Descriptors.EnumValueDescriptor desc) {
+        if (desc.getType() != getDescriptor()) {
+          throw new java.lang.IllegalArgumentException("EnumValueDescriptor is not for this type.");
+        }
+        if (desc.getIndex() == -1) {
+          return UNRECOGNIZED;
+        }
+        return VALUES[desc.getIndex()];
+      }
+
+      private final int value;
+
+      private Result(int value) {
+        this.value = value;
+      }
+
+      // @@protoc_insertion_point(enum_scope:google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceResponse.Result)
+    }
+
+    public static final int RESULT_FIELD_NUMBER = 1;
+    private int result_;
+    /**
+     *
+     *
+     * <pre>
+     * The result of the Attestation validation.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceResponse.Result result = 1;
+     * </code>
+     *
+     * @return The enum numeric value on the wire for result.
+     */
+    @java.lang.Override
+    public int getResultValue() {
+      return result_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The result of the Attestation validation.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceResponse.Result result = 1;
+     * </code>
+     *
+     * @return The result.
+     */
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ValidateAttestationOccurrenceResponse.Result
+        getResult() {
+      @SuppressWarnings("deprecation")
+      com.google.protos.google.cloud.binaryauthorization.v1.Service
+              .ValidateAttestationOccurrenceResponse.Result
+          result =
+              com.google.protos.google.cloud.binaryauthorization.v1.Service
+                  .ValidateAttestationOccurrenceResponse.Result.valueOf(result_);
+      return result == null
+          ? com.google.protos.google.cloud.binaryauthorization.v1.Service
+              .ValidateAttestationOccurrenceResponse.Result.UNRECOGNIZED
+          : result;
+    }
+
+    public static final int DENIAL_REASON_FIELD_NUMBER = 2;
+    private volatile java.lang.Object denialReason_;
+    /**
+     *
+     *
+     * <pre>
+     * The reason for denial if the Attestation couldn't be validated.
+     * </pre>
+     *
+     * <code>string denial_reason = 2;</code>
+     *
+     * @return The denialReason.
+     */
+    @java.lang.Override
+    public java.lang.String getDenialReason() {
+      java.lang.Object ref = denialReason_;
+      if (ref instanceof java.lang.String) {
+        return (java.lang.String) ref;
+      } else {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        denialReason_ = s;
+        return s;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The reason for denial if the Attestation couldn't be validated.
+     * </pre>
+     *
+     * <code>string denial_reason = 2;</code>
+     *
+     * @return The bytes for denialReason.
+     */
+    @java.lang.Override
+    public com.google.protobuf.ByteString getDenialReasonBytes() {
+      java.lang.Object ref = denialReason_;
+      if (ref instanceof java.lang.String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        denialReason_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+
+    private byte memoizedIsInitialized = -1;
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      byte isInitialized = memoizedIsInitialized;
+      if (isInitialized == 1) return true;
+      if (isInitialized == 0) return false;
+
+      memoizedIsInitialized = 1;
+      return true;
+    }
+
+    @java.lang.Override
+    public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+      if (result_
+          != com.google.protos.google.cloud.binaryauthorization.v1.Service
+              .ValidateAttestationOccurrenceResponse.Result.RESULT_UNSPECIFIED
+              .getNumber()) {
+        output.writeEnum(1, result_);
+      }
+      if (!getDenialReasonBytes().isEmpty()) {
+        com.google.protobuf.GeneratedMessageV3.writeString(output, 2, denialReason_);
+      }
+      unknownFields.writeTo(output);
+    }
+
+    @java.lang.Override
+    public int getSerializedSize() {
+      int size = memoizedSize;
+      if (size != -1) return size;
+
+      size = 0;
+      if (result_
+          != com.google.protos.google.cloud.binaryauthorization.v1.Service
+              .ValidateAttestationOccurrenceResponse.Result.RESULT_UNSPECIFIED
+              .getNumber()) {
+        size += com.google.protobuf.CodedOutputStream.computeEnumSize(1, result_);
+      }
+      if (!getDenialReasonBytes().isEmpty()) {
+        size += com.google.protobuf.GeneratedMessageV3.computeStringSize(2, denialReason_);
+      }
+      size += unknownFields.getSerializedSize();
+      memoizedSize = size;
+      return size;
+    }
+
+    @java.lang.Override
+    public boolean equals(final java.lang.Object obj) {
+      if (obj == this) {
+        return true;
+      }
+      if (!(obj
+          instanceof
+          com.google.protos.google.cloud.binaryauthorization.v1.Service
+              .ValidateAttestationOccurrenceResponse)) {
+        return super.equals(obj);
+      }
+      com.google.protos.google.cloud.binaryauthorization.v1.Service
+              .ValidateAttestationOccurrenceResponse
+          other =
+              (com.google.protos.google.cloud.binaryauthorization.v1.Service
+                      .ValidateAttestationOccurrenceResponse)
+                  obj;
+
+      if (result_ != other.result_) return false;
+      if (!getDenialReason().equals(other.getDenialReason())) return false;
+      if (!unknownFields.equals(other.unknownFields)) return false;
+      return true;
+    }
+
+    @java.lang.Override
+    public int hashCode() {
+      if (memoizedHashCode != 0) {
+        return memoizedHashCode;
+      }
+      int hash = 41;
+      hash = (19 * hash) + getDescriptor().hashCode();
+      hash = (37 * hash) + RESULT_FIELD_NUMBER;
+      hash = (53 * hash) + result_;
+      hash = (37 * hash) + DENIAL_REASON_FIELD_NUMBER;
+      hash = (53 * hash) + getDenialReason().hashCode();
+      hash = (29 * hash) + unknownFields.hashCode();
+      memoizedHashCode = hash;
+      return hash;
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ValidateAttestationOccurrenceResponse
+        parseFrom(java.nio.ByteBuffer data)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ValidateAttestationOccurrenceResponse
+        parseFrom(
+            java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ValidateAttestationOccurrenceResponse
+        parseFrom(com.google.protobuf.ByteString data)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ValidateAttestationOccurrenceResponse
+        parseFrom(
+            com.google.protobuf.ByteString data,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ValidateAttestationOccurrenceResponse
+        parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ValidateAttestationOccurrenceResponse
+        parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ValidateAttestationOccurrenceResponse
+        parseFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ValidateAttestationOccurrenceResponse
+        parseFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ValidateAttestationOccurrenceResponse
+        parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ValidateAttestationOccurrenceResponse
+        parseDelimitedFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ValidateAttestationOccurrenceResponse
+        parseFrom(com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ValidateAttestationOccurrenceResponse
+        parseFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    @java.lang.Override
+    public Builder newBuilderForType() {
+      return newBuilder();
+    }
+
+    public static Builder newBuilder() {
+      return DEFAULT_INSTANCE.toBuilder();
+    }
+
+    public static Builder newBuilder(
+        com.google.protos.google.cloud.binaryauthorization.v1.Service
+                .ValidateAttestationOccurrenceResponse
+            prototype) {
+      return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+    }
+
+    @java.lang.Override
+    public Builder toBuilder() {
+      return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+    }
+
+    @java.lang.Override
+    protected Builder newBuilderForType(
+        com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      Builder builder = new Builder(parent);
+      return builder;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Response message for
+     * [ValidationHelperV1.ValidateAttestationOccurrence][google.cloud.binaryauthorization.v1.ValidationHelperV1.ValidateAttestationOccurrence].
+     * </pre>
+     *
+     * Protobuf type {@code
+     * google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceResponse}
+     */
+    public static final class Builder
+        extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+        implements
+        // @@protoc_insertion_point(builder_implements:google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceResponse)
+        com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ValidateAttestationOccurrenceResponseOrBuilder {
+      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .internal_static_google_cloud_binaryauthorization_v1_ValidateAttestationOccurrenceResponse_descriptor;
+      }
+
+      @java.lang.Override
+      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+          internalGetFieldAccessorTable() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .internal_static_google_cloud_binaryauthorization_v1_ValidateAttestationOccurrenceResponse_fieldAccessorTable
+            .ensureFieldAccessorsInitialized(
+                com.google.protos.google.cloud.binaryauthorization.v1.Service
+                    .ValidateAttestationOccurrenceResponse.class,
+                com.google.protos.google.cloud.binaryauthorization.v1.Service
+                    .ValidateAttestationOccurrenceResponse.Builder.class);
+      }
+
+      // Construct using
+      // com.google.protos.google.cloud.binaryauthorization.v1.Service.ValidateAttestationOccurrenceResponse.newBuilder()
+      private Builder() {
+        maybeForceBuilderInitialization();
+      }
+
+      private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+        super(parent);
+        maybeForceBuilderInitialization();
+      }
+
+      private void maybeForceBuilderInitialization() {
+        if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+      }
+
+      @java.lang.Override
+      public Builder clear() {
+        super.clear();
+        result_ = 0;
+
+        denialReason_ = "";
+
+        return this;
+      }
+
+      @java.lang.Override
+      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .internal_static_google_cloud_binaryauthorization_v1_ValidateAttestationOccurrenceResponse_descriptor;
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Service
+              .ValidateAttestationOccurrenceResponse
+          getDefaultInstanceForType() {
+        return com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ValidateAttestationOccurrenceResponse.getDefaultInstance();
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Service
+              .ValidateAttestationOccurrenceResponse
+          build() {
+        com.google.protos.google.cloud.binaryauthorization.v1.Service
+                .ValidateAttestationOccurrenceResponse
+            result = buildPartial();
+        if (!result.isInitialized()) {
+          throw newUninitializedMessageException(result);
+        }
+        return result;
+      }
+
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Service
+              .ValidateAttestationOccurrenceResponse
+          buildPartial() {
+        com.google.protos.google.cloud.binaryauthorization.v1.Service
+                .ValidateAttestationOccurrenceResponse
+            result =
+                new com.google.protos.google.cloud.binaryauthorization.v1.Service
+                    .ValidateAttestationOccurrenceResponse(this);
+        result.result_ = result_;
+        result.denialReason_ = denialReason_;
+        onBuilt();
+        return result;
+      }
+
+      @java.lang.Override
+      public Builder clone() {
+        return super.clone();
+      }
+
+      @java.lang.Override
+      public Builder setField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.setField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+        return super.clearField(field);
+      }
+
+      @java.lang.Override
+      public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+        return super.clearOneof(oneof);
+      }
+
+      @java.lang.Override
+      public Builder setRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field,
+          int index,
+          java.lang.Object value) {
+        return super.setRepeatedField(field, index, value);
+      }
+
+      @java.lang.Override
+      public Builder addRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.addRepeatedField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(com.google.protobuf.Message other) {
+        if (other
+            instanceof
+            com.google.protos.google.cloud.binaryauthorization.v1.Service
+                .ValidateAttestationOccurrenceResponse) {
+          return mergeFrom(
+              (com.google.protos.google.cloud.binaryauthorization.v1.Service
+                      .ValidateAttestationOccurrenceResponse)
+                  other);
+        } else {
+          super.mergeFrom(other);
+          return this;
+        }
+      }
+
+      public Builder mergeFrom(
+          com.google.protos.google.cloud.binaryauthorization.v1.Service
+                  .ValidateAttestationOccurrenceResponse
+              other) {
+        if (other
+            == com.google.protos.google.cloud.binaryauthorization.v1.Service
+                .ValidateAttestationOccurrenceResponse.getDefaultInstance()) return this;
+        if (other.result_ != 0) {
+          setResultValue(other.getResultValue());
+        }
+        if (!other.getDenialReason().isEmpty()) {
+          denialReason_ = other.denialReason_;
+          onChanged();
+        }
+        this.mergeUnknownFields(other.unknownFields);
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final boolean isInitialized() {
+        return true;
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+        com.google.protos.google.cloud.binaryauthorization.v1.Service
+                .ValidateAttestationOccurrenceResponse
+            parsedMessage = null;
+        try {
+          parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+        } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+          parsedMessage =
+              (com.google.protos.google.cloud.binaryauthorization.v1.Service
+                      .ValidateAttestationOccurrenceResponse)
+                  e.getUnfinishedMessage();
+          throw e.unwrapIOException();
+        } finally {
+          if (parsedMessage != null) {
+            mergeFrom(parsedMessage);
+          }
+        }
+        return this;
+      }
+
+      private int result_ = 0;
+      /**
+       *
+       *
+       * <pre>
+       * The result of the Attestation validation.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceResponse.Result result = 1;
+       * </code>
+       *
+       * @return The enum numeric value on the wire for result.
+       */
+      @java.lang.Override
+      public int getResultValue() {
+        return result_;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The result of the Attestation validation.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceResponse.Result result = 1;
+       * </code>
+       *
+       * @param value The enum numeric value on the wire for result to set.
+       * @return This builder for chaining.
+       */
+      public Builder setResultValue(int value) {
+
+        result_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The result of the Attestation validation.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceResponse.Result result = 1;
+       * </code>
+       *
+       * @return The result.
+       */
+      @java.lang.Override
+      public com.google.protos.google.cloud.binaryauthorization.v1.Service
+              .ValidateAttestationOccurrenceResponse.Result
+          getResult() {
+        @SuppressWarnings("deprecation")
+        com.google.protos.google.cloud.binaryauthorization.v1.Service
+                .ValidateAttestationOccurrenceResponse.Result
+            result =
+                com.google.protos.google.cloud.binaryauthorization.v1.Service
+                    .ValidateAttestationOccurrenceResponse.Result.valueOf(result_);
+        return result == null
+            ? com.google.protos.google.cloud.binaryauthorization.v1.Service
+                .ValidateAttestationOccurrenceResponse.Result.UNRECOGNIZED
+            : result;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The result of the Attestation validation.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceResponse.Result result = 1;
+       * </code>
+       *
+       * @param value The result to set.
+       * @return This builder for chaining.
+       */
+      public Builder setResult(
+          com.google.protos.google.cloud.binaryauthorization.v1.Service
+                  .ValidateAttestationOccurrenceResponse.Result
+              value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+
+        result_ = value.getNumber();
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The result of the Attestation validation.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceResponse.Result result = 1;
+       * </code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearResult() {
+
+        result_ = 0;
+        onChanged();
+        return this;
+      }
+
+      private java.lang.Object denialReason_ = "";
+      /**
+       *
+       *
+       * <pre>
+       * The reason for denial if the Attestation couldn't be validated.
+       * </pre>
+       *
+       * <code>string denial_reason = 2;</code>
+       *
+       * @return The denialReason.
+       */
+      public java.lang.String getDenialReason() {
+        java.lang.Object ref = denialReason_;
+        if (!(ref instanceof java.lang.String)) {
+          com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+          java.lang.String s = bs.toStringUtf8();
+          denialReason_ = s;
+          return s;
+        } else {
+          return (java.lang.String) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The reason for denial if the Attestation couldn't be validated.
+       * </pre>
+       *
+       * <code>string denial_reason = 2;</code>
+       *
+       * @return The bytes for denialReason.
+       */
+      public com.google.protobuf.ByteString getDenialReasonBytes() {
+        java.lang.Object ref = denialReason_;
+        if (ref instanceof String) {
+          com.google.protobuf.ByteString b =
+              com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+          denialReason_ = b;
+          return b;
+        } else {
+          return (com.google.protobuf.ByteString) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The reason for denial if the Attestation couldn't be validated.
+       * </pre>
+       *
+       * <code>string denial_reason = 2;</code>
+       *
+       * @param value The denialReason to set.
+       * @return This builder for chaining.
+       */
+      public Builder setDenialReason(java.lang.String value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+
+        denialReason_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The reason for denial if the Attestation couldn't be validated.
+       * </pre>
+       *
+       * <code>string denial_reason = 2;</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearDenialReason() {
+
+        denialReason_ = getDefaultInstance().getDenialReason();
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The reason for denial if the Attestation couldn't be validated.
+       * </pre>
+       *
+       * <code>string denial_reason = 2;</code>
+       *
+       * @param value The bytes for denialReason to set.
+       * @return This builder for chaining.
+       */
+      public Builder setDenialReasonBytes(com.google.protobuf.ByteString value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        checkByteStringIsUtf8(value);
+
+        denialReason_ = value;
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final Builder setUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.setUnknownFields(unknownFields);
+      }
+
+      @java.lang.Override
+      public final Builder mergeUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.mergeUnknownFields(unknownFields);
+      }
+
+      // @@protoc_insertion_point(builder_scope:google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceResponse)
+    }
+
+    // @@protoc_insertion_point(class_scope:google.cloud.binaryauthorization.v1.ValidateAttestationOccurrenceResponse)
+    private static final com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ValidateAttestationOccurrenceResponse
+        DEFAULT_INSTANCE;
+
+    static {
+      DEFAULT_INSTANCE =
+          new com.google.protos.google.cloud.binaryauthorization.v1.Service
+              .ValidateAttestationOccurrenceResponse();
+    }
+
+    public static com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ValidateAttestationOccurrenceResponse
+        getDefaultInstance() {
+      return DEFAULT_INSTANCE;
+    }
+
+    private static final com.google.protobuf.Parser<ValidateAttestationOccurrenceResponse> PARSER =
+        new com.google.protobuf.AbstractParser<ValidateAttestationOccurrenceResponse>() {
+          @java.lang.Override
+          public ValidateAttestationOccurrenceResponse parsePartialFrom(
+              com.google.protobuf.CodedInputStream input,
+              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws com.google.protobuf.InvalidProtocolBufferException {
+            return new ValidateAttestationOccurrenceResponse(input, extensionRegistry);
+          }
+        };
+
+    public static com.google.protobuf.Parser<ValidateAttestationOccurrenceResponse> parser() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Parser<ValidateAttestationOccurrenceResponse> getParserForType() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protos.google.cloud.binaryauthorization.v1.Service
+            .ValidateAttestationOccurrenceResponse
+        getDefaultInstanceForType() {
+      return DEFAULT_INSTANCE;
+    }
+  }
+
+  private static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_binaryauthorization_v1_GetPolicyRequest_descriptor;
+  private static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_binaryauthorization_v1_GetPolicyRequest_fieldAccessorTable;
+  private static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_binaryauthorization_v1_UpdatePolicyRequest_descriptor;
+  private static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_binaryauthorization_v1_UpdatePolicyRequest_fieldAccessorTable;
+  private static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_binaryauthorization_v1_CreateAttestorRequest_descriptor;
+  private static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_binaryauthorization_v1_CreateAttestorRequest_fieldAccessorTable;
+  private static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_binaryauthorization_v1_GetAttestorRequest_descriptor;
+  private static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_binaryauthorization_v1_GetAttestorRequest_fieldAccessorTable;
+  private static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_binaryauthorization_v1_UpdateAttestorRequest_descriptor;
+  private static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_binaryauthorization_v1_UpdateAttestorRequest_fieldAccessorTable;
+  private static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_binaryauthorization_v1_ListAttestorsRequest_descriptor;
+  private static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_binaryauthorization_v1_ListAttestorsRequest_fieldAccessorTable;
+  private static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_binaryauthorization_v1_ListAttestorsResponse_descriptor;
+  private static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_binaryauthorization_v1_ListAttestorsResponse_fieldAccessorTable;
+  private static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_binaryauthorization_v1_DeleteAttestorRequest_descriptor;
+  private static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_binaryauthorization_v1_DeleteAttestorRequest_fieldAccessorTable;
+  private static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_binaryauthorization_v1_GetSystemPolicyRequest_descriptor;
+  private static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_binaryauthorization_v1_GetSystemPolicyRequest_fieldAccessorTable;
+  private static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_binaryauthorization_v1_ValidateAttestationOccurrenceRequest_descriptor;
+  private static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_binaryauthorization_v1_ValidateAttestationOccurrenceRequest_fieldAccessorTable;
+  private static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_binaryauthorization_v1_ValidateAttestationOccurrenceResponse_descriptor;
+  private static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_binaryauthorization_v1_ValidateAttestationOccurrenceResponse_fieldAccessorTable;
+
+  public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
+    return descriptor;
+  }
+
+  private static com.google.protobuf.Descriptors.FileDescriptor descriptor;
+
+  static {
+    java.lang.String[] descriptorData = {
+      "\n1google/cloud/binaryauthorization/v1/se"
+          + "rvice.proto\022#google.cloud.binaryauthoriz"
+          + "ation.v1\032\034google/api/annotations.proto\032\027"
+          + "google/api/client.proto\032\037google/api/fiel"
+          + "d_behavior.proto\032\031google/api/resource.pr"
+          + "oto\0323google/cloud/binaryauthorization/v1"
+          + "/resources.proto\032\033google/protobuf/empty."
+          + "proto\032\034grafeas/v1/attestation.proto\"S\n\020G"
+          + "etPolicyRequest\022?\n\004name\030\001 \001(\tB1\340A\002\372A+\n)b"
+          + "inaryauthorization.googleapis.com/Policy"
+          + "\"W\n\023UpdatePolicyRequest\022@\n\006policy\030\001 \001(\0132"
+          + "+.google.cloud.binaryauthorization.v1.Po"
+          + "licyB\003\340A\002\"\274\001\n\025CreateAttestorRequest\022C\n\006p"
+          + "arent\030\001 \001(\tB3\340A\002\372A-\n+cloudresourcemanage"
+          + "r.googleapis.com/Project\022\030\n\013attestor_id\030"
+          + "\002 \001(\tB\003\340A\002\022D\n\010attestor\030\003 \001(\0132-.google.cl"
+          + "oud.binaryauthorization.v1.AttestorB\003\340A\002"
+          + "\"W\n\022GetAttestorRequest\022A\n\004name\030\001 \001(\tB3\340A"
+          + "\002\372A-\n+binaryauthorization.googleapis.com"
+          + "/Attestor\"]\n\025UpdateAttestorRequest\022D\n\010at"
+          + "testor\030\001 \001(\0132-.google.cloud.binaryauthor"
+          + "ization.v1.AttestorB\003\340A\002\"\202\001\n\024ListAttesto"
+          + "rsRequest\022C\n\006parent\030\001 \001(\tB3\340A\002\372A-\n+cloud"
+          + "resourcemanager.googleapis.com/Project\022\021"
+          + "\n\tpage_size\030\002 \001(\005\022\022\n\npage_token\030\003 \001(\t\"r\n"
+          + "\025ListAttestorsResponse\022@\n\tattestors\030\001 \003("
+          + "\0132-.google.cloud.binaryauthorization.v1."
+          + "Attestor\022\027\n\017next_page_token\030\002 \001(\t\"Z\n\025Del"
+          + "eteAttestorRequest\022A\n\004name\030\001 \001(\tB3\340A\002\372A-"
+          + "\n+binaryauthorization.googleapis.com/Att"
+          + "estor\"Y\n\026GetSystemPolicyRequest\022?\n\004name\030"
+          + "\001 \001(\tB1\340A\002\372A+\n)binaryauthorization.googl"
+          + "eapis.com/Policy\"\276\001\n$ValidateAttestation"
+          + "OccurrenceRequest\022\025\n\010attestor\030\001 \001(\tB\003\340A\002"
+          + "\022;\n\013attestation\030\002 \001(\0132!.grafeas.v1.Attes"
+          + "tationOccurrenceB\003\340A\002\022\034\n\017occurrence_note"
+          + "\030\003 \001(\tB\003\340A\002\022$\n\027occurrence_resource_uri\030\004"
+          + " \001(\tB\003\340A\002\"\361\001\n%ValidateAttestationOccurre"
+          + "nceResponse\022a\n\006result\030\001 \001(\0162Q.google.clo"
+          + "ud.binaryauthorization.v1.ValidateAttest"
+          + "ationOccurrenceResponse.Result\022\025\n\rdenial"
+          + "_reason\030\002 \001(\t\"N\n\006Result\022\026\n\022RESULT_UNSPEC"
+          + "IFIED\020\000\022\014\n\010VERIFIED\020\001\022\036\n\032ATTESTATION_NOT"
+          + "_VERIFIABLE\020\0022\342\n\n\033BinauthzManagementServ"
+          + "iceV1\022\234\001\n\tGetPolicy\0225.google.cloud.binar"
+          + "yauthorization.v1.GetPolicyRequest\032+.goo"
+          + "gle.cloud.binaryauthorization.v1.Policy\""
+          + "+\202\323\344\223\002\036\022\034/v1/{name=projects/*/policy}\332A\004"
+          + "name\022\263\001\n\014UpdatePolicy\0228.google.cloud.bin"
+          + "aryauthorization.v1.UpdatePolicyRequest\032"
+          + "+.google.cloud.binaryauthorization.v1.Po"
+          + "licy\"<\202\323\344\223\002-\032#/v1/{policy.name=projects/"
+          + "*/policy}:\006policy\332A\006policy\022\316\001\n\016CreateAtt"
+          + "estor\022:.google.cloud.binaryauthorization"
+          + ".v1.CreateAttestorRequest\032-.google.cloud"
+          + ".binaryauthorization.v1.Attestor\"Q\202\323\344\223\002-"
+          + "\"!/v1/{parent=projects/*}/attestors:\010att"
+          + "estor\332A\033parent,attestor_id,attestor\022\247\001\n\013"
+          + "GetAttestor\0227.google.cloud.binaryauthori"
+          + "zation.v1.GetAttestorRequest\032-.google.cl"
+          + "oud.binaryauthorization.v1.Attestor\"0\202\323\344"
+          + "\223\002#\022!/v1/{name=projects/*/attestors/*}\332A"
+          + "\004name\022\304\001\n\016UpdateAttestor\022:.google.cloud."
+          + "binaryauthorization.v1.UpdateAttestorReq"
+          + "uest\032-.google.cloud.binaryauthorization."
+          + "v1.Attestor\"G\202\323\344\223\0026\032*/v1/{attestor.name="
+          + "projects/*/attestors/*}:\010attestor\332A\010atte"
+          + "stor\022\272\001\n\rListAttestors\0229.google.cloud.bi"
+          + "naryauthorization.v1.ListAttestorsReques"
+          + "t\032:.google.cloud.binaryauthorization.v1."
+          + "ListAttestorsResponse\"2\202\323\344\223\002#\022!/v1/{pare"
+          + "nt=projects/*}/attestors\332A\006parent\022\226\001\n\016De"
+          + "leteAttestor\022:.google.cloud.binaryauthor"
+          + "ization.v1.DeleteAttestorRequest\032\026.googl"
+          + "e.protobuf.Empty\"0\202\323\344\223\002#*!/v1/{name=proj"
+          + "ects/*/attestors/*}\332A\004name\032V\312A\"binaryaut"
+          + "horization.googleapis.com\322A.https://www."
+          + "googleapis.com/auth/cloud-platform2\224\002\n\016S"
+          + "ystemPolicyV1\022\251\001\n\017GetSystemPolicy\022;.goog"
+          + "le.cloud.binaryauthorization.v1.GetSyste"
+          + "mPolicyRequest\032+.google.cloud.binaryauth"
+          + "orization.v1.Policy\",\202\323\344\223\002\037\022\035/v1/{name=l"
+          + "ocations/*/policy}\332A\004name\032V\312A\"binaryauth"
+          + "orization.googleapis.com\322A.https://www.g"
+          + "oogleapis.com/auth/cloud-platform2\365\002\n\022Va"
+          + "lidationHelperV1\022\206\002\n\035ValidateAttestation"
+          + "Occurrence\022I.google.cloud.binaryauthoriz"
+          + "ation.v1.ValidateAttestationOccurrenceRe"
+          + "quest\032J.google.cloud.binaryauthorization"
+          + ".v1.ValidateAttestationOccurrenceRespons"
+          + "e\"N\202\323\344\223\002H\"C/v1/{attestor=projects/*/atte"
+          + "stors/*}:validateAttestationOccurrence:\001"
+          + "*\032V\312A\"binaryauthorization.googleapis.com"
+          + "\322A.https://www.googleapis.com/auth/cloud"
+          + "-platformB\211\002\n5com.google.protos.google.c"
+          + "loud.binaryauthorization.v1P\000ZVgoogle.go"
+          + "lang.org/genproto/googleapis/cloud/binar"
+          + "yauthorization/v1;binaryauthorization\370\001\001"
+          + "\252\002#Google.Cloud.BinaryAuthorization.V1\312\002"
+          + "#Google\\Cloud\\BinaryAuthorization\\V1\352\002&G"
+          + "oogle::Cloud::BinaryAuthorization::V1b\006p"
+          + "roto3"
+    };
+    descriptor =
+        com.google.protobuf.Descriptors.FileDescriptor.internalBuildGeneratedFileFrom(
+            descriptorData,
+            new com.google.protobuf.Descriptors.FileDescriptor[] {
+              com.google.api.AnnotationsProto.getDescriptor(),
+              com.google.api.ClientProto.getDescriptor(),
+              com.google.api.FieldBehaviorProto.getDescriptor(),
+              com.google.api.ResourceProto.getDescriptor(),
+              com.google.protos.google.cloud.binaryauthorization.v1.Resources.getDescriptor(),
+              com.google.protobuf.EmptyProto.getDescriptor(),
+              io.grafeas.v1.Attestation.getDescriptor(),
+            });
+    internal_static_google_cloud_binaryauthorization_v1_GetPolicyRequest_descriptor =
+        getDescriptor().getMessageTypes().get(0);
+    internal_static_google_cloud_binaryauthorization_v1_GetPolicyRequest_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_binaryauthorization_v1_GetPolicyRequest_descriptor,
+            new java.lang.String[] {
+              "Name",
+            });
+    internal_static_google_cloud_binaryauthorization_v1_UpdatePolicyRequest_descriptor =
+        getDescriptor().getMessageTypes().get(1);
+    internal_static_google_cloud_binaryauthorization_v1_UpdatePolicyRequest_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_binaryauthorization_v1_UpdatePolicyRequest_descriptor,
+            new java.lang.String[] {
+              "Policy",
+            });
+    internal_static_google_cloud_binaryauthorization_v1_CreateAttestorRequest_descriptor =
+        getDescriptor().getMessageTypes().get(2);
+    internal_static_google_cloud_binaryauthorization_v1_CreateAttestorRequest_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_binaryauthorization_v1_CreateAttestorRequest_descriptor,
+            new java.lang.String[] {
+              "Parent", "AttestorId", "Attestor",
+            });
+    internal_static_google_cloud_binaryauthorization_v1_GetAttestorRequest_descriptor =
+        getDescriptor().getMessageTypes().get(3);
+    internal_static_google_cloud_binaryauthorization_v1_GetAttestorRequest_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_binaryauthorization_v1_GetAttestorRequest_descriptor,
+            new java.lang.String[] {
+              "Name",
+            });
+    internal_static_google_cloud_binaryauthorization_v1_UpdateAttestorRequest_descriptor =
+        getDescriptor().getMessageTypes().get(4);
+    internal_static_google_cloud_binaryauthorization_v1_UpdateAttestorRequest_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_binaryauthorization_v1_UpdateAttestorRequest_descriptor,
+            new java.lang.String[] {
+              "Attestor",
+            });
+    internal_static_google_cloud_binaryauthorization_v1_ListAttestorsRequest_descriptor =
+        getDescriptor().getMessageTypes().get(5);
+    internal_static_google_cloud_binaryauthorization_v1_ListAttestorsRequest_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_binaryauthorization_v1_ListAttestorsRequest_descriptor,
+            new java.lang.String[] {
+              "Parent", "PageSize", "PageToken",
+            });
+    internal_static_google_cloud_binaryauthorization_v1_ListAttestorsResponse_descriptor =
+        getDescriptor().getMessageTypes().get(6);
+    internal_static_google_cloud_binaryauthorization_v1_ListAttestorsResponse_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_binaryauthorization_v1_ListAttestorsResponse_descriptor,
+            new java.lang.String[] {
+              "Attestors", "NextPageToken",
+            });
+    internal_static_google_cloud_binaryauthorization_v1_DeleteAttestorRequest_descriptor =
+        getDescriptor().getMessageTypes().get(7);
+    internal_static_google_cloud_binaryauthorization_v1_DeleteAttestorRequest_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_binaryauthorization_v1_DeleteAttestorRequest_descriptor,
+            new java.lang.String[] {
+              "Name",
+            });
+    internal_static_google_cloud_binaryauthorization_v1_GetSystemPolicyRequest_descriptor =
+        getDescriptor().getMessageTypes().get(8);
+    internal_static_google_cloud_binaryauthorization_v1_GetSystemPolicyRequest_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_binaryauthorization_v1_GetSystemPolicyRequest_descriptor,
+            new java.lang.String[] {
+              "Name",
+            });
+    internal_static_google_cloud_binaryauthorization_v1_ValidateAttestationOccurrenceRequest_descriptor =
+        getDescriptor().getMessageTypes().get(9);
+    internal_static_google_cloud_binaryauthorization_v1_ValidateAttestationOccurrenceRequest_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_binaryauthorization_v1_ValidateAttestationOccurrenceRequest_descriptor,
+            new java.lang.String[] {
+              "Attestor", "Attestation", "OccurrenceNote", "OccurrenceResourceUri",
+            });
+    internal_static_google_cloud_binaryauthorization_v1_ValidateAttestationOccurrenceResponse_descriptor =
+        getDescriptor().getMessageTypes().get(10);
+    internal_static_google_cloud_binaryauthorization_v1_ValidateAttestationOccurrenceResponse_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_binaryauthorization_v1_ValidateAttestationOccurrenceResponse_descriptor,
+            new java.lang.String[] {
+              "Result", "DenialReason",
+            });
+    com.google.protobuf.ExtensionRegistry registry =
+        com.google.protobuf.ExtensionRegistry.newInstance();
+    registry.add(com.google.api.ClientProto.defaultHost);
+    registry.add(com.google.api.FieldBehaviorProto.fieldBehavior);
+    registry.add(com.google.api.AnnotationsProto.http);
+    registry.add(com.google.api.ClientProto.methodSignature);
+    registry.add(com.google.api.ClientProto.oauthScopes);
+    registry.add(com.google.api.ResourceProto.resourceReference);
+    com.google.protobuf.Descriptors.FileDescriptor.internalUpdateFileDescriptor(
+        descriptor, registry);
+    com.google.api.AnnotationsProto.getDescriptor();
+    com.google.api.ClientProto.getDescriptor();
+    com.google.api.FieldBehaviorProto.getDescriptor();
+    com.google.api.ResourceProto.getDescriptor();
+    com.google.protos.google.cloud.binaryauthorization.v1.Resources.getDescriptor();
+    com.google.protobuf.EmptyProto.getDescriptor();
+    io.grafeas.v1.Attestation.getDescriptor();
+  }
+
+  // @@protoc_insertion_point(outer_class_scope)
+}
diff --git a/proto-google-cloud-binary-authorization-v1/src/main/proto/google/cloud/binaryauthorization/v1/resources.proto b/proto-google-cloud-binary-authorization-v1/src/main/proto/google/cloud/binaryauthorization/v1/resources.proto
new file mode 100644
index 00000000..9d72a9f0
--- /dev/null
+++ b/proto-google-cloud-binary-authorization-v1/src/main/proto/google/cloud/binaryauthorization/v1/resources.proto
@@ -0,0 +1,334 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.cloud.binaryauthorization.v1;
+
+import "google/api/field_behavior.proto";
+import "google/api/resource.proto";
+import "google/protobuf/timestamp.proto";
+import "google/api/annotations.proto";
+
+option cc_enable_arenas = true;
+option csharp_namespace = "Google.Cloud.BinaryAuthorization.V1";
+option go_package = "google.golang.org/genproto/googleapis/cloud/binaryauthorization/v1;binaryauthorization";
+option java_multiple_files = false;
+option java_package = "com.google.protos.google.cloud.binaryauthorization.v1";
+option php_namespace = "Google\\Cloud\\BinaryAuthorization\\V1";
+option ruby_package = "Google::Cloud::BinaryAuthorization::V1";
+
+// A [policy][google.cloud.binaryauthorization.v1.Policy] for container image binary authorization.
+message Policy {
+  option (google.api.resource) = {
+    type: "binaryauthorization.googleapis.com/Policy"
+    pattern: "projects/{project}/policy"
+    pattern: "locations/{location}/policy"
+  };
+
+  enum GlobalPolicyEvaluationMode {
+    // Not specified: DISABLE is assumed.
+    GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED = 0;
+
+    // Enables system policy evaluation.
+    ENABLE = 1;
+
+    // Disables system policy evaluation.
+    DISABLE = 2;
+  }
+
+  // Output only. The resource name, in the format `projects/*/policy`. There is
+  // at most one policy per project.
+  string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Optional. A descriptive comment.
+  string description = 6 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. Controls the evaluation of a Google-maintained global admission
+  // policy for common system-level images. Images not covered by the global
+  // policy will be subject to the project admission policy. This setting
+  // has no effect when specified inside a global admission policy.
+  GlobalPolicyEvaluationMode global_policy_evaluation_mode = 7 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. Admission policy allowlisting. A matching admission request will
+  // always be permitted. This feature is typically used to exclude Google or
+  // third-party infrastructure images from Binary Authorization policies.
+  repeated AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. Per-cluster admission rules. Cluster spec format:
+  // `location.clusterId`. There can be at most one admission rule per cluster
+  // spec.
+  // A `location` is either a compute zone (e.g. us-central1-a) or a region
+  // (e.g. us-central1).
+  // For `clusterId` syntax restrictions see
+  // https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
+  map<string, AdmissionRule> cluster_admission_rules = 3 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
+  // [a-z.-]+, e.g. 'some-namespace'
+  map<string, AdmissionRule> kubernetes_namespace_admission_rules = 10 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. Per-kubernetes-service-account admission rules. Service account
+  // spec format: `namespace:serviceaccount`. e.g. 'test-ns:default'
+  map<string, AdmissionRule> kubernetes_service_account_admission_rules = 8 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. Per-istio-service-identity admission rules. Istio service
+  // identity spec format:
+  // spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or
+  // <domain>/ns/<namespace>/sa/<serviceaccount>
+  // e.g. spiffe://example.com/ns/test-ns/sa/default
+  map<string, AdmissionRule> istio_service_identity_admission_rules = 9 [(google.api.field_behavior) = OPTIONAL];
+
+  // Required. Default admission rule for a cluster without a per-cluster, per-
+  // kubernetes-service-account, or per-istio-service-identity admission rule.
+  AdmissionRule default_admission_rule = 4 [(google.api.field_behavior) = REQUIRED];
+
+  // Output only. Time when the policy was last updated.
+  google.protobuf.Timestamp update_time = 5 [(google.api.field_behavior) = OUTPUT_ONLY];
+}
+
+// An [admission allowlist pattern][google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern] exempts images
+// from checks by [admission rules][google.cloud.binaryauthorization.v1.AdmissionRule].
+message AdmissionWhitelistPattern {
+  // An image name pattern to allowlist, in the form `registry/path/to/image`.
+  // This supports a trailing `*` wildcard, but this is allowed only in
+  // text after the `registry/` part. This also supports a trailing `**`
+  // wildcard which matches subdirectories of a given entry.
+  string name_pattern = 1;
+}
+
+// An [admission rule][google.cloud.binaryauthorization.v1.AdmissionRule] specifies either that all container images
+// used in a pod creation request must be attested to by one or more
+// [attestors][google.cloud.binaryauthorization.v1.Attestor], that all pod creations will be allowed, or that all
+// pod creations will be denied.
+//
+// Images matching an [admission allowlist pattern][google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern]
+// are exempted from admission rules and will never block a pod creation.
+message AdmissionRule {
+  enum EvaluationMode {
+    // Do not use.
+    EVALUATION_MODE_UNSPECIFIED = 0;
+
+    // This rule allows all all pod creations.
+    ALWAYS_ALLOW = 1;
+
+    // This rule allows a pod creation if all the attestors listed in
+    // 'require_attestations_by' have valid attestations for all of the
+    // images in the pod spec.
+    REQUIRE_ATTESTATION = 2;
+
+    // This rule denies all pod creations.
+    ALWAYS_DENY = 3;
+  }
+
+  // Defines the possible actions when a pod creation is denied by an admission
+  // rule.
+  enum EnforcementMode {
+    // Do not use.
+    ENFORCEMENT_MODE_UNSPECIFIED = 0;
+
+    // Enforce the admission rule by blocking the pod creation.
+    ENFORCED_BLOCK_AND_AUDIT_LOG = 1;
+
+    // Dryrun mode: Audit logging only.  This will allow the pod creation as if
+    // the admission request had specified break-glass.
+    DRYRUN_AUDIT_LOG_ONLY = 2;
+  }
+
+  // Required. How this admission rule will be evaluated.
+  EvaluationMode evaluation_mode = 1 [(google.api.field_behavior) = REQUIRED];
+
+  // Optional. The resource names of the attestors that must attest to
+  // a container image, in the format `projects/*/attestors/*`. Each
+  // attestor must exist before a policy can reference it.  To add an attestor
+  // to a policy the principal issuing the policy change request must be able
+  // to read the attestor resource.
+  //
+  // Note: this field must be non-empty when the evaluation_mode field specifies
+  // REQUIRE_ATTESTATION, otherwise it must be empty.
+  repeated string require_attestations_by = 2 [(google.api.field_behavior) = OPTIONAL];
+
+  // Required. The action when a pod creation is denied by the admission rule.
+  EnforcementMode enforcement_mode = 3 [(google.api.field_behavior) = REQUIRED];
+}
+
+// An [attestor][google.cloud.binaryauthorization.v1.Attestor] that attests to container image
+// artifacts. An existing attestor cannot be modified except where
+// indicated.
+message Attestor {
+  option (google.api.resource) = {
+    type: "binaryauthorization.googleapis.com/Attestor"
+    pattern: "projects/{project}/attestors/{attestor}"
+  };
+
+  // Required. The resource name, in the format:
+  // `projects/*/attestors/*`. This field may not be updated.
+  string name = 1 [(google.api.field_behavior) = REQUIRED];
+
+  // Optional. A descriptive comment.  This field may be updated.
+  // The field may be displayed in chooser dialogs.
+  string description = 6 [(google.api.field_behavior) = OPTIONAL];
+
+  oneof attestor_type {
+    // This specifies how an attestation will be read, and how it will be used
+    // during policy enforcement.
+    UserOwnedGrafeasNote user_owned_grafeas_note = 3;
+  }
+
+  // Output only. Time when the attestor was last updated.
+  google.protobuf.Timestamp update_time = 4 [(google.api.field_behavior) = OUTPUT_ONLY];
+}
+
+// An [user owned Grafeas note][google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote] references a Grafeas
+// Attestation.Authority Note created by the user.
+message UserOwnedGrafeasNote {
+  // Required. The Grafeas resource name of a Attestation.Authority Note,
+  // created by the user, in the format: `projects/*/notes/*`. This field may
+  // not be updated.
+  //
+  // An attestation by this attestor is stored as a Grafeas
+  // Attestation.Authority Occurrence that names a container image and that
+  // links to this Note. Grafeas is an external dependency.
+  string note_reference = 1 [(google.api.field_behavior) = REQUIRED];
+
+  // Optional. Public keys that verify attestations signed by this
+  // attestor.  This field may be updated.
+  //
+  // If this field is non-empty, one of the specified public keys must
+  // verify that an attestation was signed by this attestor for the
+  // image specified in the admission request.
+  //
+  // If this field is empty, this attestor always returns that no
+  // valid attestations exist.
+  repeated AttestorPublicKey public_keys = 2 [(google.api.field_behavior) = OPTIONAL];
+
+  // Output only. This field will contain the service account email address
+  // that this Attestor will use as the principal when querying Container
+  // Analysis. Attestor administrators must grant this service account the
+  // IAM role needed to read attestations from the [note_reference][Note] in
+  // Container Analysis (`containeranalysis.notes.occurrences.viewer`).
+  //
+  // This email address is fixed for the lifetime of the Attestor, but callers
+  // should not make any other assumptions about the service account email;
+  // future versions may use an email based on a different naming pattern.
+  string delegation_service_account_email = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
+}
+
+// A public key in the PkixPublicKey format (see
+// https://tools.ietf.org/html/rfc5280#section-4.1.2.7 for details).
+// Public keys of this type are typically textually encoded using the PEM
+// format.
+message PkixPublicKey {
+  // Represents a signature algorithm and other information necessary to verify
+  // signatures with a given public key.
+  // This is based primarily on the public key types supported by Tink's
+  // PemKeyType, which is in turn based on KMS's supported signing algorithms.
+  // See https://cloud.google.com/kms/docs/algorithms. In the future, BinAuthz
+  // might support additional public key types independently of Tink and/or KMS.
+  enum SignatureAlgorithm {
+    option allow_alias = true;
+
+    // Not specified.
+    SIGNATURE_ALGORITHM_UNSPECIFIED = 0;
+
+    // RSASSA-PSS 2048 bit key with a SHA256 digest.
+    RSA_PSS_2048_SHA256 = 1;
+
+    // RSASSA-PSS 3072 bit key with a SHA256 digest.
+    RSA_PSS_3072_SHA256 = 2;
+
+    // RSASSA-PSS 4096 bit key with a SHA256 digest.
+    RSA_PSS_4096_SHA256 = 3;
+
+    // RSASSA-PSS 4096 bit key with a SHA512 digest.
+    RSA_PSS_4096_SHA512 = 4;
+
+    // RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
+    RSA_SIGN_PKCS1_2048_SHA256 = 5;
+
+    // RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
+    RSA_SIGN_PKCS1_3072_SHA256 = 6;
+
+    // RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
+    RSA_SIGN_PKCS1_4096_SHA256 = 7;
+
+    // RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
+    RSA_SIGN_PKCS1_4096_SHA512 = 8;
+
+    // ECDSA on the NIST P-256 curve with a SHA256 digest.
+    ECDSA_P256_SHA256 = 9;
+
+    // ECDSA on the NIST P-256 curve with a SHA256 digest.
+    EC_SIGN_P256_SHA256 = 9;
+
+    // ECDSA on the NIST P-384 curve with a SHA384 digest.
+    ECDSA_P384_SHA384 = 10;
+
+    // ECDSA on the NIST P-384 curve with a SHA384 digest.
+    EC_SIGN_P384_SHA384 = 10;
+
+    // ECDSA on the NIST P-521 curve with a SHA512 digest.
+    ECDSA_P521_SHA512 = 11;
+
+    // ECDSA on the NIST P-521 curve with a SHA512 digest.
+    EC_SIGN_P521_SHA512 = 11;
+  }
+
+  // A PEM-encoded public key, as described in
+  // https://tools.ietf.org/html/rfc7468#section-13
+  string public_key_pem = 1;
+
+  // The signature algorithm used to verify a message against a signature using
+  // this key.
+  // These signature algorithm must match the structure and any object
+  // identifiers encoded in `public_key_pem` (i.e. this algorithm must match
+  // that of the public key).
+  SignatureAlgorithm signature_algorithm = 2;
+}
+
+// An [attestor public key][google.cloud.binaryauthorization.v1.AttestorPublicKey] that will be used to verify
+// attestations signed by this attestor.
+message AttestorPublicKey {
+  // Optional. A descriptive comment. This field may be updated.
+  string comment = 1 [(google.api.field_behavior) = OPTIONAL];
+
+  // The ID of this public key.
+  // Signatures verified by BinAuthz must include the ID of the public key that
+  // can be used to verify them, and that ID must match the contents of this
+  // field exactly.
+  // Additional restrictions on this field can be imposed based on which public
+  // key type is encapsulated. See the documentation on `public_key` cases below
+  // for details.
+  string id = 2;
+
+  oneof public_key {
+    // ASCII-armored representation of a PGP public key, as the entire output by
+    // the command `gpg --export --armor foo@example.com` (either LF or CRLF
+    // line endings).
+    // When using this field, `id` should be left blank.  The BinAuthz API
+    // handlers will calculate the ID and fill it in automatically.  BinAuthz
+    // computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as
+    // upper-case hex.  If `id` is provided by the caller, it will be
+    // overwritten by the API-calculated ID.
+    string ascii_armored_pgp_public_key = 3;
+
+    // A raw PKIX SubjectPublicKeyInfo format public key.
+    //
+    // NOTE: `id` may be explicitly provided by the caller when using this
+    // type of public key, but it MUST be a valid RFC3986 URI. If `id` is left
+    // blank, a default one will be computed based on the digest of the DER
+    // encoding of the public key.
+    PkixPublicKey pkix_public_key = 5;
+  }
+}
diff --git a/proto-google-cloud-binary-authorization-v1/src/main/proto/google/cloud/binaryauthorization/v1/service.proto b/proto-google-cloud-binary-authorization-v1/src/main/proto/google/cloud/binaryauthorization/v1/service.proto
new file mode 100644
index 00000000..e063aacc
--- /dev/null
+++ b/proto-google-cloud-binary-authorization-v1/src/main/proto/google/cloud/binaryauthorization/v1/service.proto
@@ -0,0 +1,312 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.cloud.binaryauthorization.v1;
+
+import "google/api/annotations.proto";
+import "google/api/client.proto";
+import "google/api/field_behavior.proto";
+import "google/api/resource.proto";
+import "google/cloud/binaryauthorization/v1/resources.proto";
+import "google/protobuf/empty.proto";
+import "grafeas/v1/attestation.proto";
+
+option cc_enable_arenas = true;
+option csharp_namespace = "Google.Cloud.BinaryAuthorization.V1";
+option go_package = "google.golang.org/genproto/googleapis/cloud/binaryauthorization/v1;binaryauthorization";
+option java_multiple_files = false;
+option java_package = "com.google.protos.google.cloud.binaryauthorization.v1";
+option php_namespace = "Google\\Cloud\\BinaryAuthorization\\V1";
+option ruby_package = "Google::Cloud::BinaryAuthorization::V1";
+
+// Customer-facing API for Cloud Binary Authorization.
+
+// Google Cloud Management Service for Binary Authorization admission policies
+// and attestation authorities.
+//
+// This API implements a REST model with the following objects:
+//
+// * [Policy][google.cloud.binaryauthorization.v1.Policy]
+// * [Attestor][google.cloud.binaryauthorization.v1.Attestor]
+service BinauthzManagementServiceV1 {
+  option (google.api.default_host) = "binaryauthorization.googleapis.com";
+  option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";
+
+  // A [policy][google.cloud.binaryauthorization.v1.Policy] specifies the [attestors][google.cloud.binaryauthorization.v1.Attestor] that must attest to
+  // a container image, before the project is allowed to deploy that
+  // image. There is at most one policy per project. All image admission
+  // requests are permitted if a project has no policy.
+  //
+  // Gets the [policy][google.cloud.binaryauthorization.v1.Policy] for this project. Returns a default
+  // [policy][google.cloud.binaryauthorization.v1.Policy] if the project does not have one.
+  rpc GetPolicy(GetPolicyRequest) returns (Policy) {
+    option (google.api.http) = {
+      get: "/v1/{name=projects/*/policy}"
+    };
+    option (google.api.method_signature) = "name";
+  }
+
+  // Creates or updates a project's [policy][google.cloud.binaryauthorization.v1.Policy], and returns a copy of the
+  // new [policy][google.cloud.binaryauthorization.v1.Policy]. A policy is always updated as a whole, to avoid race
+  // conditions with concurrent policy enforcement (or management!)
+  // requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT
+  // if the request is malformed.
+  rpc UpdatePolicy(UpdatePolicyRequest) returns (Policy) {
+    option (google.api.http) = {
+      put: "/v1/{policy.name=projects/*/policy}"
+      body: "policy"
+    };
+    option (google.api.method_signature) = "policy";
+  }
+
+  // Creates an [attestor][google.cloud.binaryauthorization.v1.Attestor], and returns a copy of the new
+  // [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the project does not exist,
+  // INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the
+  // [attestor][google.cloud.binaryauthorization.v1.Attestor] already exists.
+  rpc CreateAttestor(CreateAttestorRequest) returns (Attestor) {
+    option (google.api.http) = {
+      post: "/v1/{parent=projects/*}/attestors"
+      body: "attestor"
+    };
+    option (google.api.method_signature) = "parent,attestor_id,attestor";
+  }
+
+  // Gets an [attestor][google.cloud.binaryauthorization.v1.Attestor].
+  // Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
+  rpc GetAttestor(GetAttestorRequest) returns (Attestor) {
+    option (google.api.http) = {
+      get: "/v1/{name=projects/*/attestors/*}"
+    };
+    option (google.api.method_signature) = "name";
+  }
+
+  // Updates an [attestor][google.cloud.binaryauthorization.v1.Attestor].
+  // Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
+  rpc UpdateAttestor(UpdateAttestorRequest) returns (Attestor) {
+    option (google.api.http) = {
+      put: "/v1/{attestor.name=projects/*/attestors/*}"
+      body: "attestor"
+    };
+    option (google.api.method_signature) = "attestor";
+  }
+
+  // Lists [attestors][google.cloud.binaryauthorization.v1.Attestor].
+  // Returns INVALID_ARGUMENT if the project does not exist.
+  rpc ListAttestors(ListAttestorsRequest) returns (ListAttestorsResponse) {
+    option (google.api.http) = {
+      get: "/v1/{parent=projects/*}/attestors"
+    };
+    option (google.api.method_signature) = "parent";
+  }
+
+  // Deletes an [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the
+  // [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
+  rpc DeleteAttestor(DeleteAttestorRequest) returns (google.protobuf.Empty) {
+    option (google.api.http) = {
+      delete: "/v1/{name=projects/*/attestors/*}"
+    };
+    option (google.api.method_signature) = "name";
+  }
+}
+
+// API for working with the system policy.
+service SystemPolicyV1 {
+  option (google.api.default_host) = "binaryauthorization.googleapis.com";
+  option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";
+
+  // Gets the current system policy in the specified location.
+  rpc GetSystemPolicy(GetSystemPolicyRequest) returns (Policy) {
+    option (google.api.http) = {
+      get: "/v1/{name=locations/*/policy}"
+    };
+    option (google.api.method_signature) = "name";
+  }
+}
+
+// BinAuthz Attestor verification
+service ValidationHelperV1 {
+  option (google.api.default_host) = "binaryauthorization.googleapis.com";
+  option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";
+
+  // Returns whether the given Attestation for the given image URI
+  // was signed by the given Attestor
+  rpc ValidateAttestationOccurrence(ValidateAttestationOccurrenceRequest) returns (ValidateAttestationOccurrenceResponse) {
+    option (google.api.http) = {
+      post: "/v1/{attestor=projects/*/attestors/*}:validateAttestationOccurrence"
+      body: "*"
+    };
+  }
+}
+
+// Request message for [BinauthzManagementService.GetPolicy][].
+message GetPolicyRequest {
+  // Required. The resource name of the [policy][google.cloud.binaryauthorization.v1.Policy] to retrieve,
+  // in the format `projects/*/policy`.
+  string name = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "binaryauthorization.googleapis.com/Policy"
+    }
+  ];
+}
+
+// Request message for [BinauthzManagementService.UpdatePolicy][].
+message UpdatePolicyRequest {
+  // Required. A new or updated [policy][google.cloud.binaryauthorization.v1.Policy] value. The service will
+  // overwrite the [policy name][google.cloud.binaryauthorization.v1.Policy.name] field with the resource name in
+  // the request URL, in the format `projects/*/policy`.
+  Policy policy = 1 [(google.api.field_behavior) = REQUIRED];
+}
+
+// Request message for [BinauthzManagementService.CreateAttestor][].
+message CreateAttestorRequest {
+  // Required. The parent of this [attestor][google.cloud.binaryauthorization.v1.Attestor].
+  string parent = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "cloudresourcemanager.googleapis.com/Project"
+    }
+  ];
+
+  // Required. The [attestors][google.cloud.binaryauthorization.v1.Attestor] ID.
+  string attestor_id = 2 [(google.api.field_behavior) = REQUIRED];
+
+  // Required. The initial [attestor][google.cloud.binaryauthorization.v1.Attestor] value. The service will
+  // overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name,
+  // in the format `projects/*/attestors/*`.
+  Attestor attestor = 3 [(google.api.field_behavior) = REQUIRED];
+}
+
+// Request message for [BinauthzManagementService.GetAttestor][].
+message GetAttestorRequest {
+  // Required. The name of the [attestor][google.cloud.binaryauthorization.v1.Attestor] to retrieve, in the format
+  // `projects/*/attestors/*`.
+  string name = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "binaryauthorization.googleapis.com/Attestor"
+    }
+  ];
+}
+
+// Request message for [BinauthzManagementService.UpdateAttestor][].
+message UpdateAttestorRequest {
+  // Required. The updated [attestor][google.cloud.binaryauthorization.v1.Attestor] value. The service will
+  // overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name
+  // in the request URL, in the format `projects/*/attestors/*`.
+  Attestor attestor = 1 [(google.api.field_behavior) = REQUIRED];
+}
+
+// Request message for [BinauthzManagementService.ListAttestors][].
+message ListAttestorsRequest {
+  // Required. The resource name of the project associated with the
+  // [attestors][google.cloud.binaryauthorization.v1.Attestor], in the format `projects/*`.
+  string parent = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "cloudresourcemanager.googleapis.com/Project"
+    }
+  ];
+
+  // Requested page size. The server may return fewer results than requested. If
+  // unspecified, the server will pick an appropriate default.
+  int32 page_size = 2;
+
+  // A token identifying a page of results the server should return. Typically,
+  // this is the value of [ListAttestorsResponse.next_page_token][google.cloud.binaryauthorization.v1.ListAttestorsResponse.next_page_token] returned
+  // from the previous call to the `ListAttestors` method.
+  string page_token = 3;
+}
+
+// Response message for [BinauthzManagementService.ListAttestors][].
+message ListAttestorsResponse {
+  // The list of [attestors][google.cloud.binaryauthorization.v1.Attestor].
+  repeated Attestor attestors = 1;
+
+  // A token to retrieve the next page of results. Pass this value in the
+  // [ListAttestorsRequest.page_token][google.cloud.binaryauthorization.v1.ListAttestorsRequest.page_token] field in the subsequent call to the
+  // `ListAttestors` method to retrieve the next page of results.
+  string next_page_token = 2;
+}
+
+// Request message for [BinauthzManagementService.DeleteAttestor][].
+message DeleteAttestorRequest {
+  // Required. The name of the [attestors][google.cloud.binaryauthorization.v1.Attestor] to delete, in the format
+  // `projects/*/attestors/*`.
+  string name = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "binaryauthorization.googleapis.com/Attestor"
+    }
+  ];
+}
+
+// Request to read the current system policy.
+message GetSystemPolicyRequest {
+  // Required. The resource name, in the format `locations/*/policy`.
+  // Note that the system policy is not associated with a project.
+  string name = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "binaryauthorization.googleapis.com/Policy"
+    }
+  ];
+}
+
+// Request message for
+// [ValidationHelperV1.ValidateAttestationOccurrence][google.cloud.binaryauthorization.v1.ValidationHelperV1.ValidateAttestationOccurrence].
+message ValidateAttestationOccurrenceRequest {
+  // Required. The resource name of the [Attestor][google.cloud.binaryauthorization.v1.Attestor] of the
+  // [occurrence][grafeas.v1.Occurrence], in the format
+  // `projects/*/attestors/*`.
+  string attestor = 1 [(google.api.field_behavior) = REQUIRED];
+
+  // Required. An [AttestationOccurrence][grafeas.v1.AttestationOccurrence] to
+  // be checked that it can be verified by the Attestor. It does not have to be
+  // an existing entity in Container Analysis. It must otherwise be a valid
+  // AttestationOccurrence.
+  grafeas.v1.AttestationOccurrence attestation = 2 [(google.api.field_behavior) = REQUIRED];
+
+  // Required. The resource name of the [Note][grafeas.v1.Note] to which the
+  // containing [Occurrence][grafeas.v1.Occurrence] is associated.
+  string occurrence_note = 3 [(google.api.field_behavior) = REQUIRED];
+
+  // Required. The URI of the artifact (e.g. container image) that is the
+  // subject of the containing [Occurrence][grafeas.v1.Occurrence].
+  string occurrence_resource_uri = 4 [(google.api.field_behavior) = REQUIRED];
+}
+
+// Response message for
+// [ValidationHelperV1.ValidateAttestationOccurrence][google.cloud.binaryauthorization.v1.ValidationHelperV1.ValidateAttestationOccurrence].
+message ValidateAttestationOccurrenceResponse {
+  // The enum returned in the "result" field.
+  enum Result {
+    // Unspecified.
+    RESULT_UNSPECIFIED = 0;
+
+    // The Attestation was able to verified by the Attestor.
+    VERIFIED = 1;
+
+    // The Attestation was not able to verified by the Attestor.
+    ATTESTATION_NOT_VERIFIABLE = 2;
+  }
+
+  // The result of the Attestation validation.
+  Result result = 1;
+
+  // The reason for denial if the Attestation couldn't be validated.
+  string denial_reason = 2;
+}
diff --git a/versions.txt b/versions.txt
index 487ce4eb..6608cb0e 100644
--- a/versions.txt
+++ b/versions.txt
@@ -3,4 +3,6 @@
 
 google-cloud-binary-authorization:0.3.3:0.3.4-SNAPSHOT
 grpc-google-cloud-binary-authorization-v1beta1:0.3.3:0.3.4-SNAPSHOT
+grpc-google-cloud-binary-authorization-v1:0.3.3:0.3.4-SNAPSHOT
 proto-google-cloud-binary-authorization-v1beta1:0.3.3:0.3.4-SNAPSHOT
+proto-google-cloud-binary-authorization-v1:0.3.3:0.3.4-SNAPSHOT